Snap for 6554163 from 734934aa6352311694f103c24ae9c8ae3ef48bb4 to mainline-release

Change-Id: Ibd563a89b7edf28ac2fb0d3a46d27061829710f9
2020-06-03 07:09:22 +00:00
parent 721236b395 36ff42e508
commit cc604b975c
7 changed files with 37 additions and 23 deletions
--- a/Tethering/Android.bp
+++ b/Tethering/Android.bp
@@ -34,7 +34,7 @@ java_defaults {
    ],
    libs: [
        "framework-tethering.impl",
-        "framework-wifi-stubs-systemapi",
+        "framework-wifi",
        "unsupportedappusage",
    ],
    plugins: ["java_api_finder"],
--- a/Tethering/common/TetheringLib/Android.bp
+++ b/Tethering/common/TetheringLib/Android.bp
@@ -30,11 +30,6 @@ java_sdk_library {
        ":framework-tethering-srcs",
    ],

-    // TODO(b/155480189) - Remove naming_scheme once references have been resolved.
-    // Temporary java_sdk_library component naming scheme to use to ease the transition from separate
-    // modules to java_sdk_library.
-    naming_scheme: "framework-modules",
-
    jarjar_rules: "jarjar-rules.txt",
    installable: true,

--- a/Tethering/src/android/net/ip/IpServer.java
+++ b/Tethering/src/android/net/ip/IpServer.java
@@ -730,12 +730,7 @@ public class IpServer extends StateMachine {
            final String upstreamIface = v6only.getInterfaceName();

            params = new RaParams();
-            // When BPF offload is enabled, we advertise an mtu lower by 16, which is the closest
-            // multiple of 8 >= 14, the ethernet header size. This makes kernel ebpf tethering
-            // offload happy. This hack should be reverted once we have the kernel fixed up.
-            // Note: this will automatically clamp to at least 1280 (ipv6 minimum mtu)
-            // see RouterAdvertisementDaemon.java putMtu()
-            params.mtu = mUsingBpfOffload ? v6only.getMtu() - 16 : v6only.getMtu();
+            params.mtu = v6only.getMtu();
            params.hasDefaultRoute = v6only.hasIpv6DefaultRoute();

            if (params.hasDefaultRoute) params.hopLimit = getHopLimit(upstreamIface, ttlAdjustment);
--- a/Tethering/src/com/android/networkstack/tethering/TetheringService.java
+++ b/Tethering/src/com/android/networkstack/tethering/TetheringService.java
@@ -17,8 +17,10 @@
 package com.android.networkstack.tethering;

 import static android.Manifest.permission.ACCESS_NETWORK_STATE;
+import static android.Manifest.permission.NETWORK_STACK;
 import static android.Manifest.permission.TETHER_PRIVILEGED;
 import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
 import static android.net.TetheringManager.TETHER_ERROR_NO_ACCESS_TETHERING_PERMISSION;
 import static android.net.TetheringManager.TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION;
 import static android.net.TetheringManager.TETHER_ERROR_NO_ERROR;
@@ -240,15 +242,26 @@ public class TetheringService extends Service {
            return false;
        }

+        private boolean hasNetworkStackPermission() {
+            return checkCallingOrSelfPermission(NETWORK_STACK)
+                    || checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK);
+        }
+
        private boolean hasTetherPrivilegedPermission() {
-            return mService.checkCallingOrSelfPermission(TETHER_PRIVILEGED) == PERMISSION_GRANTED;
+            return checkCallingOrSelfPermission(TETHER_PRIVILEGED);
+        }
+
+        private boolean checkCallingOrSelfPermission(final String permission) {
+            return mService.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED;
        }

        private boolean hasTetherChangePermission(final String callerPkg,
                final boolean onlyAllowPrivileged) {
+            if (onlyAllowPrivileged && !hasNetworkStackPermission()) return false;
+
            if (hasTetherPrivilegedPermission()) return true;

-            if (onlyAllowPrivileged || mTethering.isTetherProvisioningRequired()) return false;
+            if (mTethering.isTetherProvisioningRequired()) return false;

            int uid = Binder.getCallingUid();
            // If callerPkg's uid is not same as Binder.getCallingUid(),
--- a/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java
+++ b/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java
@@ -339,7 +339,7 @@ public class EthernetTetheringTest {
    private MyTetheringEventCallback enableEthernetTethering(String iface) throws Exception {
        return enableEthernetTethering(iface,
                new TetheringRequest.Builder(TETHERING_ETHERNET)
-                .setExemptFromEntitlementCheck(true).build());
+                .setShouldShowEntitlementUi(false).build());
    }

    private int getMTU(TestNetworkInterface iface) throws SocketException {
@@ -510,7 +510,7 @@ public class EthernetTetheringTest {
        LinkAddress clientAddr = client == null ? null : new LinkAddress(client);
        return new TetheringRequest.Builder(TETHERING_ETHERNET)
                .setStaticIpv4Addresses(localAddr, clientAddr)
-                .setExemptFromEntitlementCheck(true).build();
+                .setShouldShowEntitlementUi(false).build();
    }

    private void assertInvalidStaticIpv4Request(String iface, String local, String client)
--- a/Tethering/tests/unit/Android.bp
+++ b/Tethering/tests/unit/Android.bp
@@ -60,7 +60,7 @@ java_defaults {
        "framework-minus-apex",
        "framework-res",
        "framework-tethering.impl",
-        "framework-wifi-stubs-module_libs_api",
+        "framework-wifi.stubs.module_lib",
    ],
    jni_libs: [
        // For mockito extended
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java
@@ -274,21 +274,32 @@ public final class TetheringServiceTest {
        });
    }

+    private void runStartTetheringAndVerifyNoPermission(final TestTetheringResult result)
+            throws Exception {
+        final TetheringRequestParcel request = new TetheringRequestParcel();
+        request.tetheringType = TETHERING_WIFI;
+        request.exemptFromEntitlementCheck = true;
+        mTetheringConnector.startTethering(request, TEST_CALLER_PKG, result);
+        result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
+        verifyNoMoreInteractionsForTethering();
+    }
+
    @Test
-    public void testStartTetheringWithExemptFromEntitlementCheck() throws Exception {
+    public void testFailToBypassEntitlementWithoutNeworkStackPermission() throws Exception {
        final TetheringRequestParcel request = new TetheringRequestParcel();
        request.tetheringType = TETHERING_WIFI;
        request.exemptFromEntitlementCheck = true;

+        runAsNoPermission((result) -> {
+            runStartTetheringAndVerifyNoPermission(result);
+        });
+
        runAsTetherPrivileged((result) -> {
-            runStartTethering(result, request);
-            verifyNoMoreInteractionsForTethering();
+            runStartTetheringAndVerifyNoPermission(result);
        });

        runAsWriteSettings((result) -> {
-            mTetheringConnector.startTethering(request, TEST_CALLER_PKG, result);
-            result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
-            verifyNoMoreInteractionsForTethering();
+            runStartTetheringAndVerifyNoPermission(result);
        });
    }