LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up permission validation in EthernetServiceImpl

Browse Source 
Test: atest EthernetServiceImplTest
Change-Id: I0ca54e09dd98cab348fc855e8a0bf70a703fffed
This commit is contained in:
Patrick Rohr
2022-03-09 21:37:14 +01:00
parent 6a77e5d15b
commit ac8977acad
1 changed files with 25 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
View File

@@ -215,14 +215,31 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
"EthernetServiceImpl"); "EthernetServiceImpl");
} }
private void validateTestCapabilities(@Nullable final NetworkCapabilities nc) { private void maybeValidateTestCapabilities(final String iface,
// For test capabilities, only null or capabilities that include TRANSPORT_TEST are allowed. @Nullable final NetworkCapabilities nc) {
if (!mTracker.isValidTestInterface(iface)) {
return;
}
// For test interfaces, only null or capabilities that include TRANSPORT_TEST are
// allowed.
if (nc != null && !nc.hasTransport(TRANSPORT_TEST)) { if (nc != null && !nc.hasTransport(TRANSPORT_TEST)) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
"Updates to test interfaces must have NetworkCapabilities.TRANSPORT_TEST."); "Updates to test interfaces must have NetworkCapabilities.TRANSPORT_TEST.");
} }
} }
private void enforceAdminPermission(final String iface, boolean enforceAutomotive,
final String logMessage) {
if (mTracker.isValidTestInterface(iface)) {
enforceManageTestNetworksPermission();
} else {
enforceNetworkManagementPermission();
if (enforceAutomotive) {
enforceAutomotiveDevice(logMessage);
}
}
}
@Override @Override
public void updateConfiguration(@NonNull final String iface, public void updateConfiguration(@NonNull final String iface,
@NonNull final EthernetNetworkUpdateRequest request, @NonNull final EthernetNetworkUpdateRequest request,
@@ -231,19 +248,11 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
Objects.requireNonNull(request); Objects.requireNonNull(request);
throwIfEthernetNotStarted(); throwIfEthernetNotStarted();
if (mTracker.isValidTestInterface(iface)) {
enforceManageTestNetworksPermission();
validateTestCapabilities(request.getNetworkCapabilities());
// TODO: use NetworkCapabilities#restrictCapabilitiesForTestNetwork when available on a
// local NetworkCapabilities copy to pass to mTracker.updateConfiguration.
} else {
enforceNetworkManagementPermission();
if (request.getNetworkCapabilities() != null) {
// only automotive devices are allowed to set the NetworkCapabilities using this API
enforceAutomotiveDevice("updateConfiguration() with non-null capabilities");
}
}
// TODO: validate that iface is listed in overlay config_ethernet_interfaces // TODO: validate that iface is listed in overlay config_ethernet_interfaces
// only automotive devices are allowed to set the NetworkCapabilities using this API
enforceAdminPermission(iface, request.getNetworkCapabilities() != null,
"updateConfiguration() with non-null capabilities");
maybeValidateTestCapabilities(iface, request.getNetworkCapabilities());
mTracker.updateConfiguration( mTracker.updateConfiguration(
iface, request.getIpConfiguration(), request.getNetworkCapabilities(), listener); iface, request.getIpConfiguration(), request.getNetworkCapabilities(), listener);
@@ -256,13 +265,7 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
Objects.requireNonNull(iface); Objects.requireNonNull(iface);
throwIfEthernetNotStarted(); throwIfEthernetNotStarted();
if (mTracker.isValidTestInterface(iface)) { enforceAdminPermission(iface, true, "connectNetwork()");
enforceManageTestNetworksPermission();
} else {
// only automotive devices are allowed to use this API.
enforceNetworkManagementPermission();
enforceAutomotiveDevice("connectNetwork()");
}
mTracker.connectNetwork(iface, listener); mTracker.connectNetwork(iface, listener);
} }
@@ -274,13 +277,7 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
Objects.requireNonNull(iface); Objects.requireNonNull(iface);
throwIfEthernetNotStarted(); throwIfEthernetNotStarted();
if (mTracker.isValidTestInterface(iface)) { enforceAdminPermission(iface, true, "connectNetwork()");
enforceManageTestNetworksPermission();
} else {
// only automotive devices are allowed to use this API.
enforceNetworkManagementPermission();
enforceAutomotiveDevice("disconnectNetwork()");
}
mTracker.disconnectNetwork(iface, listener); mTracker.disconnectNetwork(iface, listener);
} }