LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow sending of Administrator UIDs for *NETWORK_STACK

Browse Source 
This change allows callers with the NETWORK_STACK or
PERMISSION_NETWORK_STACK to receive administrator UIDs. This will be
used by the VCN to ensure that administrator UIDs are accurately
populated, ensuring that the ConnectivityDiagnostics are triggered for
the VCN.

Bug: 193204385
Test: atest ConnectivityServiceTest
Change-Id: I3ecfbef6847dcc78adac05d0229719c97e3a220c
This commit is contained in:
Benedict Wong
2021-07-09 00:13:45 -07:00
parent b643f2a356
commit a5604ea50f
2 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
service/src/com/android/server/ConnectivityService.java
View File

@@ -2253,7 +2253,10 @@ public class ConnectivityService extends IConnectivityManager.Stub
if (newNc.getNetworkSpecifier() != null) { if (newNc.getNetworkSpecifier() != null) {
newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact()); newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact());
} }
if (!checkAnyPermissionOf(callerPid, callerUid, android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)) {
newNc.setAdministratorUids(new int[0]); newNc.setAdministratorUids(new int[0]);
}
if (!checkAnyPermissionOf( if (!checkAnyPermissionOf(
callerPid, callerUid, android.Manifest.permission.NETWORK_FACTORY)) { callerPid, callerUid, android.Manifest.permission.NETWORK_FACTORY)) {
newNc.setAllowedUids(new ArraySet<>()); newNc.setAllowedUids(new ArraySet<>());

30
tests/unit/java/com/android/server/ConnectivityServiceTest.java
View File

@@ -7081,6 +7081,36 @@ public class ConnectivityServiceTest {
reset(mStatsManager); reset(mStatsManager);
} }
@Test
public void testAdminUidsRedacted() throws Exception {
final int[] adminUids = new int[] {Process.myUid() + 1};
final NetworkCapabilities ncTemplate = new NetworkCapabilities();
ncTemplate.setAdministratorUids(adminUids);
mCellNetworkAgent =
new TestNetworkAgentWrapper(TRANSPORT_CELLULAR, new LinkProperties(), ncTemplate);
mCellNetworkAgent.connect(false /* validated */);
// Verify case where caller has permission
mServiceContext.setPermission(
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, PERMISSION_GRANTED);
TestNetworkCallback callback = new TestNetworkCallback();
mCm.registerDefaultNetworkCallback(callback);
callback.expectCallback(CallbackEntry.AVAILABLE, mCellNetworkAgent);
callback.expectCapabilitiesThat(
mCellNetworkAgent, nc -> Arrays.equals(adminUids, nc.getAdministratorUids()));
mCm.unregisterNetworkCallback(callback);
// Verify case where caller does NOT have permission
mServiceContext.setPermission(
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
callback = new TestNetworkCallback();
mCm.registerDefaultNetworkCallback(callback);
callback.expectCallback(CallbackEntry.AVAILABLE, mCellNetworkAgent);
callback.expectCapabilitiesThat(
mCellNetworkAgent, nc -> nc.getAdministratorUids().length == 0);
}
@Test @Test
public void testNonVpnUnderlyingNetworks() throws Exception { public void testNonVpnUnderlyingNetworks() throws Exception {
// Ensure wifi and cellular are not torn down. // Ensure wifi and cellular are not torn down.