LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Ethernet] Replace internal connectivity checks permission

Browse Source 
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permissions
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
the permission to NETWORK_STACK.

Bug: 32963470
Test: atest EthernetServiceTests
Change-Id: I2a88d04bbdcd7e7e624b9065372a6603d2bb45a2
This commit is contained in:
paulhu
2019-08-22 16:03:59 +08:00
parent b95be5972e
commit 6957e3a35a
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
View File

@@ -21,6 +21,7 @@ import android.content.pm.PackageManager;
import android.net.IEthernetManager;
import android.net.IEthernetServiceListener;
import android.net.IpConfiguration;
import android.net.NetworkStack;
import android.os.Binder;
import android.os.Handler;
import android.os.HandlerThread;
@@ -57,12 +58,6 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
"EthernetService");
}
private void enforceConnectivityInternalPermission() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.CONNECTIVITY_INTERNAL,
"ConnectivityService");
}
private void enforceUseRestrictedNetworksPermission() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS,
@@ -117,7 +112,7 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
Log.w(TAG, "System isn't ready enough to change ethernet configuration");
}
enforceConnectivityInternalPermission();
NetworkStack.checkNetworkStackPermission(mContext);
if (mTracker.isRestrictedInterface(iface)) {
enforceUseRestrictedNetworksPermission();