From 6957e3a35ae1472956bd9d6ee27cdc2ad154dc91 Mon Sep 17 00:00:00 2001
From: paulhu <paulhu@google.com>
Date: Thu, 22 Aug 2019 16:03:59 +0800
Subject: [PATCH] [Ethernet] Replace internal connectivity checks permission

A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permissions
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
the permission to NETWORK_STACK.

Bug: 32963470
Test: atest EthernetServiceTests
Change-Id: I2a88d04bbdcd7e7e624b9065372a6603d2bb45a2
---
 .../com/android/server/ethernet/EthernetServiceImpl.java | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java b/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
index d5beec1cb4..fda3c3c2f9 100644
--- a/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
+++ b/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
@@ -21,6 +21,7 @@ import android.content.pm.PackageManager;
 import android.net.IEthernetManager;
 import android.net.IEthernetServiceListener;
 import android.net.IpConfiguration;
+import android.net.NetworkStack;
 import android.os.Binder;
 import android.os.Handler;
 import android.os.HandlerThread;
@@ -57,12 +58,6 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
                 "EthernetService");
     }
 
-    private void enforceConnectivityInternalPermission() {
-        mContext.enforceCallingOrSelfPermission(
-                android.Manifest.permission.CONNECTIVITY_INTERNAL,
-                "ConnectivityService");
-    }
-
     private void enforceUseRestrictedNetworksPermission() {
         mContext.enforceCallingOrSelfPermission(
                 android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS,
@@ -117,7 +112,7 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
             Log.w(TAG, "System isn't ready enough to change ethernet configuration");
         }
 
-        enforceConnectivityInternalPermission();
+        NetworkStack.checkNetworkStackPermission(mContext);
 
         if (mTracker.isRestrictedInterface(iface)) {
             enforceUseRestrictedNetworksPermission();