LocationPermissionChecker: Exempt privileged components from location check
This is a port of the exemption that exists in WifiPermissionsUtil. Settings, sysui, network stack needs to be able to access all network state regardless of location toggle. If we want to move sysui, etc to retrieve WifiInfo via NetworkCapabilities (which is the current plan), this exemption is essential since UI should reflect wifi state regardless of location toggle state. Bug: 162602799 Test: atest LocationPermissionCheckerTest Change-Id: I49ce465eccce27bb7a860d882360436fd9ec19c6
This commit is contained in:
Roshan Pius
@@ -2074,10 +2074,6 @@ public class ConnectivityServiceTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOwnerUidCannotChange() throws Exception {
|
public void testOwnerUidCannotChange() throws Exception {
|
||||||
// Owner UIDs are not visible without location permission.
|
|
||||||
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
|
|
||||||
Manifest.permission.ACCESS_FINE_LOCATION);
|
|
||||||
|
|
||||||
final NetworkCapabilities ncTemplate = new NetworkCapabilities();
|
final NetworkCapabilities ncTemplate = new NetworkCapabilities();
|
||||||
final int originalOwnerUid = Process.myUid();
|
final int originalOwnerUid = Process.myUid();
|
||||||
ncTemplate.setOwnerUid(originalOwnerUid);
|
ncTemplate.setOwnerUid(originalOwnerUid);
|
||||||
@@ -2097,6 +2093,10 @@ public class ConnectivityServiceTest {
|
|||||||
mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true);
|
mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true);
|
||||||
waitForIdle();
|
waitForIdle();
|
||||||
|
|
||||||
|
// Owner UIDs are not visible without location permission.
|
||||||
|
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
|
||||||
|
Manifest.permission.ACCESS_FINE_LOCATION);
|
||||||
|
|
||||||
// Check that the capability change has been applied but the owner UID is not modified.
|
// Check that the capability change has been applied but the owner UID is not modified.
|
||||||
NetworkCapabilities nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork());
|
NetworkCapabilities nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork());
|
||||||
assertEquals(originalOwnerUid, nc.getOwnerUid());
|
assertEquals(originalOwnerUid, nc.getOwnerUid());
|
||||||
@@ -7781,8 +7781,22 @@ public class ConnectivityServiceTest {
|
|||||||
naExtraInfo.unregister();
|
naExtraInfo.unregister();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// To avoid granting location permission bypass.
|
||||||
|
private void denyAllLocationPrivilegedPermissions() {
|
||||||
|
mServiceContext.setPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
|
||||||
|
PERMISSION_DENIED);
|
||||||
|
mServiceContext.setPermission(Manifest.permission.NETWORK_SETTINGS,
|
||||||
|
PERMISSION_DENIED);
|
||||||
|
mServiceContext.setPermission(Manifest.permission.NETWORK_STACK,
|
||||||
|
PERMISSION_DENIED);
|
||||||
|
mServiceContext.setPermission(Manifest.permission.NETWORK_SETUP_WIZARD,
|
||||||
|
PERMISSION_DENIED);
|
||||||
|
}
|
||||||
|
|
||||||
private void setupLocationPermissions(
|
private void setupLocationPermissions(
|
||||||
int targetSdk, boolean locationToggle, String op, String perm) throws Exception {
|
int targetSdk, boolean locationToggle, String op, String perm) throws Exception {
|
||||||
|
denyAllLocationPrivilegedPermissions();
|
||||||
|
|
||||||
final ApplicationInfo applicationInfo = new ApplicationInfo();
|
final ApplicationInfo applicationInfo = new ApplicationInfo();
|
||||||
applicationInfo.targetSdkVersion = targetSdk;
|
applicationInfo.targetSdkVersion = targetSdk;
|
||||||
when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))
|
when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))
|
||||||
@@ -8156,15 +8170,13 @@ public class ConnectivityServiceTest {
|
|||||||
new NetworkAgentInfo(null, network, null, null, new NetworkCapabilities(), 0,
|
new NetworkAgentInfo(null, network, null, null, new NetworkCapabilities(), 0,
|
||||||
mServiceContext, null, null, mService, null, null, null, 0, INVALID_UID);
|
mServiceContext, null, null, mService, null, null, null, 0, INVALID_UID);
|
||||||
|
|
||||||
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
|
|
||||||
Manifest.permission.ACCESS_FINE_LOCATION);
|
|
||||||
|
|
||||||
mMockVpn.establishForMyUid();
|
mMockVpn.establishForMyUid();
|
||||||
assertUidRangesUpdatedForMyUid(true);
|
assertUidRangesUpdatedForMyUid(true);
|
||||||
|
|
||||||
// Wait for networks to connect and broadcasts to be sent before removing permissions.
|
// Wait for networks to connect and broadcasts to be sent before removing permissions.
|
||||||
waitForIdle();
|
waitForIdle();
|
||||||
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
|
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
|
||||||
|
Manifest.permission.ACCESS_FINE_LOCATION);
|
||||||
|
|
||||||
assertTrue(mService.setUnderlyingNetworksForVpn(new Network[] {network}));
|
assertTrue(mService.setUnderlyingNetworksForVpn(new Network[] {network}));
|
||||||
waitForIdle();
|
waitForIdle();
|
||||||
|
|||||||
Reference in New Issue
Block a user