Check MAINLINE_NETWORK_STACK in ConnectivityService
Treat NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK as equivalent to
NETWORK_STACK, CONNECTIVITY_INTERNAL and NETWORK_SETTINGS combined.
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK is defined as signature
permission in NetworkStackPermissionStub, which is signed with the
platform certificate, so requirements are the same for both permissions.
The permission is defined by NetworkStackPermissionStub and only used by
NetworkStack, which must be signed with the same key as the stub.
Test: flashed, booted, WiFi works, also with changes on top removing
CONNECTIVITY_INTERNAL and NETWORK_SETTINGS
Bug: 112869080
Change-Id: I9d0ea8fc99eadf7e902421efdba9b8bf535658b8
This commit is contained in:
Remi NGUYEN VAN
@@ -1832,14 +1832,20 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
"ConnectivityService");
|
||||
}
|
||||
|
||||
private void enforceAnyPermissionOf(String... permissions) {
|
||||
private boolean checkAnyPermissionOf(String... permissions) {
|
||||
for (String permission : permissions) {
|
||||
if (mContext.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED) {
|
||||
return;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
throw new SecurityException(
|
||||
"Requires one of the following permissions: " + String.join(", ", permissions) + ".");
|
||||
return false;
|
||||
}
|
||||
|
||||
private void enforceAnyPermissionOf(String... permissions) {
|
||||
if (!checkAnyPermissionOf(permissions)) {
|
||||
throw new SecurityException("Requires one of the following permissions: "
|
||||
+ String.join(", ", permissions) + ".");
|
||||
}
|
||||
}
|
||||
|
||||
private void enforceInternetPermission() {
|
||||
@@ -1859,19 +1865,22 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
}
|
||||
|
||||
private void enforceSettingsPermission() {
|
||||
mContext.enforceCallingOrSelfPermission(
|
||||
enforceAnyPermissionOf(
|
||||
android.Manifest.permission.NETWORK_SETTINGS,
|
||||
"ConnectivityService");
|
||||
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
|
||||
}
|
||||
|
||||
private boolean checkSettingsPermission() {
|
||||
return PERMISSION_GRANTED == mContext.checkCallingOrSelfPermission(
|
||||
android.Manifest.permission.NETWORK_SETTINGS);
|
||||
return checkAnyPermissionOf(
|
||||
android.Manifest.permission.NETWORK_SETTINGS,
|
||||
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
|
||||
}
|
||||
|
||||
private boolean checkSettingsPermission(int pid, int uid) {
|
||||
return PERMISSION_GRANTED == mContext.checkPermission(
|
||||
android.Manifest.permission.NETWORK_SETTINGS, pid, uid);
|
||||
android.Manifest.permission.NETWORK_SETTINGS, pid, uid)
|
||||
|| PERMISSION_GRANTED == mContext.checkPermission(
|
||||
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, pid, uid);
|
||||
}
|
||||
|
||||
private void enforceTetherAccessPermission() {
|
||||
@@ -1881,9 +1890,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
}
|
||||
|
||||
private void enforceConnectivityInternalPermission() {
|
||||
mContext.enforceCallingOrSelfPermission(
|
||||
enforceAnyPermissionOf(
|
||||
android.Manifest.permission.CONNECTIVITY_INTERNAL,
|
||||
"ConnectivityService");
|
||||
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
|
||||
}
|
||||
|
||||
private void enforceControlAlwaysOnVpnPermission() {
|
||||
@@ -1894,20 +1903,16 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
||||
|
||||
private void enforceNetworkStackSettingsOrSetup() {
|
||||
enforceAnyPermissionOf(
|
||||
android.Manifest.permission.NETWORK_SETTINGS,
|
||||
android.Manifest.permission.NETWORK_SETUP_WIZARD,
|
||||
android.Manifest.permission.NETWORK_STACK);
|
||||
}
|
||||
|
||||
private void enforceNetworkStackPermission() {
|
||||
mContext.enforceCallingOrSelfPermission(
|
||||
android.Manifest.permission.NETWORK_SETTINGS,
|
||||
android.Manifest.permission.NETWORK_SETUP_WIZARD,
|
||||
android.Manifest.permission.NETWORK_STACK,
|
||||
"ConnectivityService");
|
||||
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
|
||||
}
|
||||
|
||||
private boolean checkNetworkStackPermission() {
|
||||
return PERMISSION_GRANTED == mContext.checkCallingOrSelfPermission(
|
||||
android.Manifest.permission.NETWORK_STACK);
|
||||
return checkAnyPermissionOf(
|
||||
android.Manifest.permission.NETWORK_STACK,
|
||||
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
|
||||
}
|
||||
|
||||
private void enforceConnectivityRestrictedNetworksPermission() {
|
||||
|
||||
Reference in New Issue
Block a user