LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Stop setting net.dns{1234} system properties.

Browse Source 
Nothing in the system consumes these properties, they were never part
of an official public API, and they can leak information about the
current network to applications without networking prvileges.

Specifically, these properites allow applications to access network state
(and detect network changes, etc.) without having the ACCESS_NETWORK_STATE
permission.

Test: runtest ConnectivityServiceTest passes
Bug: 33308258
Change-Id: I85abc52bc11aee33940fd0af2397478a9a5c3b8f
This commit is contained in:
Erik Kline
2016-12-06 11:53:25 +09:00
parent 69e6a108a5
commit d19cf15010
1 changed files with 0 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -4615,28 +4615,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
} catch (Exception e) {
loge("Exception in setDnsConfigurationForNetwork: " + e);
}
final NetworkAgentInfo defaultNai = getDefaultNetwork();
if (defaultNai != null && defaultNai.network.netId == netId) {
setDefaultDnsSystemProperties(dnses);
}
flushVmDnsCache();
}
private void setDefaultDnsSystemProperties(Collection<InetAddress> dnses) {
int last = 0;
for (InetAddress dns : dnses) {
++last;
String key = "net.dns" + last;
String value = dns.getHostAddress();
SystemProperties.set(key, value);
}
for (int i = last + 1; i <= mNumDnsEntries; ++i) {
String key = "net.dns" + i;
SystemProperties.set(key, "");
}
mNumDnsEntries = last;
}
private String getNetworkPermission(NetworkCapabilities nc) {
// TODO: make these permission strings AIDL constants instead.
if (!nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) {
@@ -4853,7 +4834,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
notifyLockdownVpn(newNetwork);
handleApplyDefaultProxy(newNetwork.linkProperties.getHttpProxy());
updateTcpBufferSizes(newNetwork);
setDefaultDnsSystemProperties(newNetwork.linkProperties.getDnsServers());
}
private void processListenRequests(NetworkAgentInfo nai, boolean capabilitiesChanged) {