LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Make requestRouteToHost a no-op for system callers."

Browse Source
This commit is contained in:
Treehugger Robot
2018-10-01 05:36:28 +00:00
committed by Gerrit Code Review
parent b28fee1994 2386291f56
commit 6b6feb8ff8
2 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
core/java/android/net/ConnectivityManager.java
View File

@@ -26,7 +26,6 @@ import android.annotation.UnsupportedAppUsage;
import android.app.PendingIntent; import android.app.PendingIntent;
import android.content.Context; import android.content.Context;
import android.content.Intent; import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.Binder; import android.os.Binder;
import android.os.Build.VERSION_CODES; import android.os.Build.VERSION_CODES;
import android.os.Bundle; import android.os.Bundle;
@@ -3801,8 +3800,9 @@ public class ConnectivityManager {
private void unsupportedStartingFrom(int version) { private void unsupportedStartingFrom(int version) {
if (Process.myUid() == Process.SYSTEM_UID) { if (Process.myUid() == Process.SYSTEM_UID) {
// The getApplicationInfo() call we make below is not supported in system context, and // The getApplicationInfo() call we make below is not supported in system context. Let
// we want to allow the system to use these APIs anyway. // the call through here, and rely on the fact that ConnectivityService will refuse to
// allow the system to use these APIs anyway.
return; return;
} }
@@ -3819,11 +3819,6 @@ public class ConnectivityManager {
// functions by accessing ConnectivityService directly. However, it should be clear that doing // functions by accessing ConnectivityService directly. However, it should be clear that doing
// so is unsupported and may break in the future. http://b/22728205 // so is unsupported and may break in the future. http://b/22728205
private void checkLegacyRoutingApiAccess() { private void checkLegacyRoutingApiAccess() {
if (mContext.checkCallingOrSelfPermission("com.android.permission.INJECT_OMADM_SETTINGS")
== PackageManager.PERMISSION_GRANTED) {
return;
}
unsupportedStartingFrom(VERSION_CODES.M); unsupportedStartingFrom(VERSION_CODES.M);
} }

17
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -1475,6 +1475,20 @@ public class ConnectivityService extends IConnectivityManager.Stub
} }
}; };
/**
* Ensures that the system cannot call a particular method.
*/
private boolean disallowedBecauseSystemCaller() {
// TODO: start throwing a SecurityException when GnssLocationProvider stops calling
// requestRouteToHost.
if (isSystem(Binder.getCallingUid())) {
log("This method exists only for app backwards compatibility"
+ " and must not be called by system services.");
return true;
}
return false;
}
/** /**
* Ensure that a network route exists to deliver traffic to the specified * Ensure that a network route exists to deliver traffic to the specified
* host via the specified network interface. * host via the specified network interface.
@@ -1486,6 +1500,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
*/ */
@Override @Override
public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) { public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) {
if (disallowedBecauseSystemCaller()) {
return false;
}
enforceChangePermission(); enforceChangePermission();
if (mProtectedNetworks.contains(networkType)) { if (mProtectedNetworks.contains(networkType)) {
enforceConnectivityInternalPermission(); enforceConnectivityInternalPermission();