From bc7ff5d89f5c37f0cf003c391fa2706f71bd3111 Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Fri, 27 Mar 2020 09:06:27 +0000 Subject: [PATCH] Fix querying Ethernet availability for unprivileged callers. Both EthernetManager#getAvailableInterfaces() and the no-arg version of EthernetManager#isAvailable() end up calling EthernetServiceImpl#getAvailableInterfaces. This method attempts to filter out restricted interfaces if the caller does not have the CONNECTIVITY_USE_RESTRICTED_NETWORKS permission. Unfortunately EthernetNetworkFactory's notion of a restricted interface is the opposite of what it should be. This means that while privileged callers can see all interfaces, unprivileged callers can only see restricted interfaces which they cannot use. Fix this by correcting NetworkInterfaceState#isRestricted(), so that unprivileged callers can see only unrestricted interfaces. Privileged callers are unaffected. This bug probably went unnoticed because restricted Ethernet interfaces are rare (likely used only on auto devices) and because the callers that care about those restricted interfaces are generally privileged. Bug: 148824036 Test: atest android.net.EthernetTetheringTest#testPhysicalEthernet Merged-In: Idff3b05a193a80c581d80d0e4fe9c2d3fc0d8a25 Change-Id: Idff3b05a193a80c581d80d0e4fe9c2d3fc0d8a25 --- .../src/com/android/server/ethernet/EthernetNetworkFactory.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java index 1c835062ba..f5ab8b7692 100644 --- a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java +++ b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java @@ -391,7 +391,7 @@ public class EthernetNetworkFactory extends NetworkFactory { } boolean isRestricted() { - return mCapabilities.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED); + return !mCapabilities.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED); } /**