diff --git a/Tethering/Android.bp b/Tethering/Android.bp index 8ae30a5c6f..d07a70c1af 100644 --- a/Tethering/Android.bp +++ b/Tethering/Android.bp @@ -34,7 +34,7 @@ java_defaults { ], libs: [ "framework-tethering.impl", - "framework-wifi-stubs-systemapi", + "framework-wifi", "unsupportedappusage", ], plugins: ["java_api_finder"], diff --git a/Tethering/common/TetheringLib/Android.bp b/Tethering/common/TetheringLib/Android.bp index 6c05b11258..c8becce7be 100644 --- a/Tethering/common/TetheringLib/Android.bp +++ b/Tethering/common/TetheringLib/Android.bp @@ -30,11 +30,6 @@ java_sdk_library { ":framework-tethering-srcs", ], - // TODO(b/155480189) - Remove naming_scheme once references have been resolved. - // Temporary java_sdk_library component naming scheme to use to ease the transition from separate - // modules to java_sdk_library. - naming_scheme: "framework-modules", - jarjar_rules: "jarjar-rules.txt", installable: true, diff --git a/Tethering/src/android/net/ip/IpServer.java b/Tethering/src/android/net/ip/IpServer.java index f08429bb06..3fd9ee9a33 100644 --- a/Tethering/src/android/net/ip/IpServer.java +++ b/Tethering/src/android/net/ip/IpServer.java @@ -730,12 +730,7 @@ public class IpServer extends StateMachine { final String upstreamIface = v6only.getInterfaceName(); params = new RaParams(); - // When BPF offload is enabled, we advertise an mtu lower by 16, which is the closest - // multiple of 8 >= 14, the ethernet header size. This makes kernel ebpf tethering - // offload happy. This hack should be reverted once we have the kernel fixed up. - // Note: this will automatically clamp to at least 1280 (ipv6 minimum mtu) - // see RouterAdvertisementDaemon.java putMtu() - params.mtu = mUsingBpfOffload ? v6only.getMtu() - 16 : v6only.getMtu(); + params.mtu = v6only.getMtu(); params.hasDefaultRoute = v6only.hasIpv6DefaultRoute(); if (params.hasDefaultRoute) params.hopLimit = getHopLimit(upstreamIface, ttlAdjustment); diff --git a/Tethering/src/com/android/networkstack/tethering/TetheringService.java b/Tethering/src/com/android/networkstack/tethering/TetheringService.java index e095afea52..d084ca0966 100644 --- a/Tethering/src/com/android/networkstack/tethering/TetheringService.java +++ b/Tethering/src/com/android/networkstack/tethering/TetheringService.java @@ -17,8 +17,10 @@ package com.android.networkstack.tethering; import static android.Manifest.permission.ACCESS_NETWORK_STATE; +import static android.Manifest.permission.NETWORK_STACK; import static android.Manifest.permission.TETHER_PRIVILEGED; import static android.content.pm.PackageManager.PERMISSION_GRANTED; +import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK; import static android.net.TetheringManager.TETHER_ERROR_NO_ACCESS_TETHERING_PERMISSION; import static android.net.TetheringManager.TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION; import static android.net.TetheringManager.TETHER_ERROR_NO_ERROR; @@ -240,15 +242,26 @@ public class TetheringService extends Service { return false; } + private boolean hasNetworkStackPermission() { + return checkCallingOrSelfPermission(NETWORK_STACK) + || checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK); + } + private boolean hasTetherPrivilegedPermission() { - return mService.checkCallingOrSelfPermission(TETHER_PRIVILEGED) == PERMISSION_GRANTED; + return checkCallingOrSelfPermission(TETHER_PRIVILEGED); + } + + private boolean checkCallingOrSelfPermission(final String permission) { + return mService.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED; } private boolean hasTetherChangePermission(final String callerPkg, final boolean onlyAllowPrivileged) { + if (onlyAllowPrivileged && !hasNetworkStackPermission()) return false; + if (hasTetherPrivilegedPermission()) return true; - if (onlyAllowPrivileged || mTethering.isTetherProvisioningRequired()) return false; + if (mTethering.isTetherProvisioningRequired()) return false; int uid = Binder.getCallingUid(); // If callerPkg's uid is not same as Binder.getCallingUid(), diff --git a/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java b/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java index 2fb7e607d0..74df11370e 100644 --- a/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java +++ b/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java @@ -339,7 +339,7 @@ public class EthernetTetheringTest { private MyTetheringEventCallback enableEthernetTethering(String iface) throws Exception { return enableEthernetTethering(iface, new TetheringRequest.Builder(TETHERING_ETHERNET) - .setExemptFromEntitlementCheck(true).build()); + .setShouldShowEntitlementUi(false).build()); } private int getMTU(TestNetworkInterface iface) throws SocketException { @@ -510,7 +510,7 @@ public class EthernetTetheringTest { LinkAddress clientAddr = client == null ? null : new LinkAddress(client); return new TetheringRequest.Builder(TETHERING_ETHERNET) .setStaticIpv4Addresses(localAddr, clientAddr) - .setExemptFromEntitlementCheck(true).build(); + .setShouldShowEntitlementUi(false).build(); } private void assertInvalidStaticIpv4Request(String iface, String local, String client) diff --git a/Tethering/tests/unit/Android.bp b/Tethering/tests/unit/Android.bp index fccc6902e3..45c7b656e2 100644 --- a/Tethering/tests/unit/Android.bp +++ b/Tethering/tests/unit/Android.bp @@ -60,7 +60,7 @@ java_defaults { "framework-minus-apex", "framework-res", "framework-tethering.impl", - "framework-wifi-stubs-module_libs_api", + "framework-wifi.stubs.module_lib", ], jni_libs: [ // For mockito extended diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java index f4a5666598..22d894bf47 100644 --- a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java +++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java @@ -274,21 +274,32 @@ public final class TetheringServiceTest { }); } + private void runStartTetheringAndVerifyNoPermission(final TestTetheringResult result) + throws Exception { + final TetheringRequestParcel request = new TetheringRequestParcel(); + request.tetheringType = TETHERING_WIFI; + request.exemptFromEntitlementCheck = true; + mTetheringConnector.startTethering(request, TEST_CALLER_PKG, result); + result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION); + verifyNoMoreInteractionsForTethering(); + } + @Test - public void testStartTetheringWithExemptFromEntitlementCheck() throws Exception { + public void testFailToBypassEntitlementWithoutNeworkStackPermission() throws Exception { final TetheringRequestParcel request = new TetheringRequestParcel(); request.tetheringType = TETHERING_WIFI; request.exemptFromEntitlementCheck = true; + runAsNoPermission((result) -> { + runStartTetheringAndVerifyNoPermission(result); + }); + runAsTetherPrivileged((result) -> { - runStartTethering(result, request); - verifyNoMoreInteractionsForTethering(); + runStartTetheringAndVerifyNoPermission(result); }); runAsWriteSettings((result) -> { - mTetheringConnector.startTethering(request, TEST_CALLER_PKG, result); - result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION); - verifyNoMoreInteractionsForTethering(); + runStartTetheringAndVerifyNoPermission(result); }); }