diff --git a/service/src/com/android/server/connectivity/NetworkAgentInfo.java b/service/src/com/android/server/connectivity/NetworkAgentInfo.java index 654d195934..d7be421c99 100644 --- a/service/src/com/android/server/connectivity/NetworkAgentInfo.java +++ b/service/src/com/android/server/connectivity/NetworkAgentInfo.java @@ -392,6 +392,9 @@ public class NetworkAgentInfo implements NetworkRanker.Scoreable { // URL, Terms & Conditions URL, and network friendly name. public CaptivePortalData networkAgentPortalData; + // Indicate whether this device has the automotive feature. + private final boolean mHasAutomotiveFeature; + /** * Sets the capabilities sent by the agent for later retrieval. * @@ -433,9 +436,8 @@ public class NetworkAgentInfo implements NetworkRanker.Scoreable { + networkCapabilities.getOwnerUid() + " to " + nc.getOwnerUid()); nc.setOwnerUid(networkCapabilities.getOwnerUid()); } - restrictCapabilitiesFromNetworkAgent(nc, creatorUid, - mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE), - carrierPrivilegeAuthenticator); + restrictCapabilitiesFromNetworkAgent( + nc, creatorUid, mHasAutomotiveFeature, carrierPrivilegeAuthenticator); return nc; } @@ -604,6 +606,8 @@ public class NetworkAgentInfo implements NetworkRanker.Scoreable { ? nc.getUnderlyingNetworks().toArray(new Network[0]) : null; mCreationTime = System.currentTimeMillis(); + mHasAutomotiveFeature = + mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE); } private class AgentDeathMonitor implements IBinder.DeathRecipient { diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java index e23e72d49d..85aec56679 100755 --- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java +++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java @@ -15594,11 +15594,19 @@ public class ConnectivityServiceTest { mServiceContext.setPermission(NETWORK_FACTORY, PERMISSION_GRANTED); mServiceContext.setPermission(MANAGE_TEST_NETWORKS, PERMISSION_GRANTED); - // In this test the automotive feature will be enabled. - mockHasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE, true); + // Has automotive feature. + validateAutomotiveEthernetAllowedUids(true); + + // No automotive feature. + validateAutomotiveEthernetAllowedUids(false); + } + + private void validateAutomotiveEthernetAllowedUids(final boolean hasAutomotiveFeature) + throws Exception { + mockHasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE, hasAutomotiveFeature); // Simulate a restricted ethernet network. - final NetworkCapabilities.Builder agentNetCaps = new NetworkCapabilities.Builder() + final NetworkCapabilities.Builder ncb = new NetworkCapabilities.Builder() .addTransportType(TRANSPORT_ETHERNET) .addCapability(NET_CAPABILITY_INTERNET) .addCapability(NET_CAPABILITY_NOT_SUSPENDED) @@ -15606,8 +15614,34 @@ public class ConnectivityServiceTest { .removeCapability(NET_CAPABILITY_NOT_RESTRICTED); mEthernetNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_ETHERNET, - new LinkProperties(), agentNetCaps.build()); - validateAllowedUids(mEthernetNetworkAgent, TRANSPORT_ETHERNET, agentNetCaps, true); + new LinkProperties(), ncb.build()); + + final ArraySet serviceUidSet = new ArraySet<>(); + serviceUidSet.add(TEST_PACKAGE_UID); + + final TestNetworkCallback cb = new TestNetworkCallback(); + + mCm.requestNetwork(new NetworkRequest.Builder() + .addTransportType(TRANSPORT_ETHERNET) + .removeCapability(NET_CAPABILITY_NOT_RESTRICTED) + .build(), cb); + mEthernetNetworkAgent.connect(true); + cb.expectAvailableThenValidatedCallbacks(mEthernetNetworkAgent); + + // Cell gets to set the service UID as access UID + ncb.setAllowedUids(serviceUidSet); + mEthernetNetworkAgent.setNetworkCapabilities(ncb.build(), true /* sendToCS */); + if (SdkLevel.isAtLeastT() && hasAutomotiveFeature) { + cb.expectCapabilitiesThat(mEthernetNetworkAgent, + caps -> caps.getAllowedUids().equals(serviceUidSet)); + } else { + // S and no automotive feature must ignore access UIDs. + cb.assertNoCallback(TEST_CALLBACK_TIMEOUT_MS); + } + + mEthernetNetworkAgent.disconnect(); + cb.expectCallback(CallbackEntry.LOST, mEthernetNetworkAgent); + mCm.unregisterNetworkCallback(cb); } @Test @@ -15621,7 +15655,7 @@ public class ConnectivityServiceTest { // Simulate a restricted telephony network. The telephony factory is entitled to set // the access UID to the service package on any of its restricted networks. - final NetworkCapabilities.Builder agentNetCaps = new NetworkCapabilities.Builder() + final NetworkCapabilities.Builder ncb = new NetworkCapabilities.Builder() .addTransportType(TRANSPORT_CELLULAR) .addCapability(NET_CAPABILITY_INTERNET) .addCapability(NET_CAPABILITY_NOT_SUSPENDED) @@ -15630,13 +15664,8 @@ public class ConnectivityServiceTest { .setNetworkSpecifier(new TelephonyNetworkSpecifier(1 /* subid */)); mCellNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_CELLULAR, - new LinkProperties(), agentNetCaps.build()); - validateAllowedUids(mCellNetworkAgent, TRANSPORT_CELLULAR, agentNetCaps, false); - } + new LinkProperties(), ncb.build()); - private void validateAllowedUids(final TestNetworkAgentWrapper testAgent, - @NetworkCapabilities.Transport final int transportUnderTest, - final NetworkCapabilities.Builder ncb, final boolean forAutomotive) throws Exception { final ArraySet serviceUidSet = new ArraySet<>(); serviceUidSet.add(TEST_PACKAGE_UID); final ArraySet nonServiceUidSet = new ArraySet<>(); @@ -15647,34 +15676,28 @@ public class ConnectivityServiceTest { final TestNetworkCallback cb = new TestNetworkCallback(); - /* Test setting UIDs */ // Cell gets to set the service UID as access UID mCm.requestNetwork(new NetworkRequest.Builder() - .addTransportType(transportUnderTest) + .addTransportType(TRANSPORT_CELLULAR) .removeCapability(NET_CAPABILITY_NOT_RESTRICTED) .build(), cb); - testAgent.connect(true); - cb.expectAvailableThenValidatedCallbacks(testAgent); + mCellNetworkAgent.connect(true); + cb.expectAvailableThenValidatedCallbacks(mCellNetworkAgent); ncb.setAllowedUids(serviceUidSet); - testAgent.setNetworkCapabilities(ncb.build(), true /* sendToCS */); + mCellNetworkAgent.setNetworkCapabilities(ncb.build(), true /* sendToCS */); if (SdkLevel.isAtLeastT()) { - cb.expectCapabilitiesThat(testAgent, + cb.expectCapabilitiesThat(mCellNetworkAgent, caps -> caps.getAllowedUids().equals(serviceUidSet)); } else { // S must ignore access UIDs. cb.assertNoCallback(TEST_CALLBACK_TIMEOUT_MS); } - /* Test setting UIDs is rejected when expected */ - if (forAutomotive) { - mockHasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE, false); - } - // ...but not to some other UID. Rejection sets UIDs to the empty set ncb.setAllowedUids(nonServiceUidSet); - testAgent.setNetworkCapabilities(ncb.build(), true /* sendToCS */); + mCellNetworkAgent.setNetworkCapabilities(ncb.build(), true /* sendToCS */); if (SdkLevel.isAtLeastT()) { - cb.expectCapabilitiesThat(testAgent, + cb.expectCapabilitiesThat(mCellNetworkAgent, caps -> caps.getAllowedUids().isEmpty()); } else { // S must ignore access UIDs. @@ -15683,18 +15706,18 @@ public class ConnectivityServiceTest { // ...and also not to multiple UIDs even including the service UID ncb.setAllowedUids(serviceUidSetPlus); - testAgent.setNetworkCapabilities(ncb.build(), true /* sendToCS */); + mCellNetworkAgent.setNetworkCapabilities(ncb.build(), true /* sendToCS */); cb.assertNoCallback(TEST_CALLBACK_TIMEOUT_MS); - testAgent.disconnect(); - cb.expectCallback(CallbackEntry.LOST, testAgent); + mCellNetworkAgent.disconnect(); + cb.expectCallback(CallbackEntry.LOST, mCellNetworkAgent); mCm.unregisterNetworkCallback(cb); // Must be unset before touching the transports, because remove and add transport types // check the specifier on the builder immediately, contradicting normal builder semantics // TODO : fix the builder ncb.setNetworkSpecifier(null); - ncb.removeTransportType(transportUnderTest); + ncb.removeTransportType(TRANSPORT_CELLULAR); ncb.addTransportType(TRANSPORT_WIFI); // Wifi does not get to set access UID, even to the correct UID mCm.requestNetwork(new NetworkRequest.Builder() diff --git a/tests/unit/java/com/android/server/connectivity/LingerMonitorTest.java b/tests/unit/java/com/android/server/connectivity/LingerMonitorTest.java index 01249a11cd..0d371facc0 100644 --- a/tests/unit/java/com/android/server/connectivity/LingerMonitorTest.java +++ b/tests/unit/java/com/android/server/connectivity/LingerMonitorTest.java @@ -21,6 +21,7 @@ import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.any; import static org.mockito.Mockito.anyBoolean; import static org.mockito.Mockito.anyInt; +import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.eq; import static org.mockito.Mockito.never; import static org.mockito.Mockito.reset; @@ -30,6 +31,7 @@ import static org.mockito.Mockito.when; import android.app.PendingIntent; import android.content.Context; +import android.content.pm.PackageManager; import android.content.res.Resources; import android.net.ConnectivityManager; import android.net.ConnectivityResources; @@ -85,12 +87,14 @@ public class LingerMonitorTest { @Mock NetworkNotificationManager mNotifier; @Mock Resources mResources; @Mock QosCallbackTracker mQosCallbackTracker; + @Mock PackageManager mPackageManager; @Before public void setUp() { MockitoAnnotations.initMocks(this); when(mCtx.getResources()).thenReturn(mResources); when(mCtx.getPackageName()).thenReturn("com.android.server.connectivity"); + doReturn(mPackageManager).when(mCtx).getPackageManager(); ConnectivityResources.setResourcesContextForTest(mCtx); mMonitor = new TestableLingerMonitor(mCtx, mNotifier, HIGH_DAILY_LIMIT, HIGH_RATE_LIMIT);