Add accessUids to NetworkCapabilities.

For now, all entry points reject this. Followup changes will allow the supported use cases. Test: new unit tests and CTS for this in this patch Change-Id: I7262811a2e46336d3bb63c80886fc0578a36da94
2021-12-13 22:53:51 +09:00
parent 1522857564
commit 9a30acf744
6 changed files with 269 additions and 18 deletions
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -2099,6 +2099,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
        newNc.setAdministratorUids(new int[0]);
        if (!checkAnyPermissionOf(
                callerPid, callerUid, android.Manifest.permission.NETWORK_FACTORY)) {
+            newNc.setAccessUids(new ArraySet<>());
            newNc.setSubscriptionIds(Collections.emptySet());
        }

@@ -6210,6 +6211,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
        if (nc.isPrivateDnsBroken()) {
            throw new IllegalArgumentException("Can't request broken private DNS");
        }
+        if (nc.hasAccessUids()) {
+            throw new IllegalArgumentException("Can't request access UIDs");
+        }
    }

    // TODO: Set the mini sdk to 31 and remove @TargetApi annotation when b/205923322 is addressed.
--- a/service/src/com/android/server/connectivity/NetworkAgentInfo.java
+++ b/service/src/com/android/server/connectivity/NetworkAgentInfo.java
@@ -53,6 +53,7 @@ import android.os.RemoteException;
 import android.os.SystemClock;
 import android.telephony.data.EpsBearerQosSessionAttributes;
 import android.telephony.data.NrQosSessionAttributes;
+import android.util.ArraySet;
 import android.util.Log;
 import android.util.Pair;
 import android.util.SparseArray;
@@ -1200,6 +1201,19 @@ public class NetworkAgentInfo implements Comparable<NetworkAgentInfo>, NetworkRa
        if (nc.hasTransport(TRANSPORT_TEST)) {
            nc.restrictCapabilitiesForTestNetwork(creatorUid);
        }
+        if (!areAccessUidsAcceptableFromNetworkAgent(nc)) {
+            nc.setAccessUids(new ArraySet<>());
+        }
+    }
+
+    private static boolean areAccessUidsAcceptableFromNetworkAgent(
+            @NonNull final NetworkCapabilities nc) {
+        if (nc.hasAccessUids()) {
+            Log.w(TAG, "Capabilities from network agent must not contain access UIDs");
+            // TODO : accept the supported cases
+            return false;
+        }
+        return true;
    }

    // TODO: Print shorter members first and only print the boolean variable which value is true