Merge "Partially enforce permission when calling getNetworkInfoForUid"
This commit is contained in:
Treehugger Robot
@@ -1608,9 +1608,9 @@ public class ConnectivityServiceTest {
|
||||
mMockVpn = new MockVpn(userId);
|
||||
}
|
||||
|
||||
private void mockUidNetworkingBlocked() {
|
||||
private void mockUidNetworkingBlocked(int uid) {
|
||||
doAnswer(i -> isUidBlocked(mBlockedReasons, i.getArgument(1))
|
||||
).when(mNetworkPolicyManager).isUidNetworkingBlocked(anyInt(), anyBoolean());
|
||||
).when(mNetworkPolicyManager).isUidNetworkingBlocked(eq(uid), anyBoolean());
|
||||
}
|
||||
|
||||
private boolean isUidBlocked(int blockedReasons, boolean meteredNetwork) {
|
||||
@@ -8997,7 +8997,7 @@ public class ConnectivityServiceTest {
|
||||
final DetailedBlockedStatusCallback detailedCallback = new DetailedBlockedStatusCallback();
|
||||
mCm.registerNetworkCallback(cellRequest, detailedCallback);
|
||||
|
||||
mockUidNetworkingBlocked();
|
||||
mockUidNetworkingBlocked(Process.myUid());
|
||||
|
||||
mCellNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_CELLULAR);
|
||||
mCellNetworkAgent.connect(true);
|
||||
@@ -9112,7 +9112,7 @@ public class ConnectivityServiceTest {
|
||||
public void testNetworkBlockedStatusBeforeAndAfterConnect() throws Exception {
|
||||
final TestNetworkCallback defaultCallback = new TestNetworkCallback();
|
||||
mCm.registerDefaultNetworkCallback(defaultCallback);
|
||||
mockUidNetworkingBlocked();
|
||||
mockUidNetworkingBlocked(Process.myUid());
|
||||
|
||||
// No Networkcallbacks invoked before any network is active.
|
||||
setBlockedReasonChanged(BLOCKED_REASON_BATTERY_SAVER);
|
||||
@@ -16881,4 +16881,43 @@ public class ConnectivityServiceTest {
|
||||
verify(mTetheringManager).getTetherableWifiRegexs();
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetNetworkInfoForUid() throws Exception {
|
||||
// Setup and verify getNetworkInfoForUid cannot be called without Network Stack permission,
|
||||
// when querying NetworkInfo for other uid.
|
||||
verifyNoNetwork();
|
||||
mWiFiNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_WIFI);
|
||||
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
|
||||
mServiceContext.setPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
|
||||
PERMISSION_DENIED);
|
||||
|
||||
final int otherUid = Process.myUid() + 1;
|
||||
assertNull(mCm.getActiveNetwork());
|
||||
assertNull(mCm.getNetworkInfoForUid(mCm.getActiveNetwork(),
|
||||
Process.myUid(), false /* ignoreBlocked */));
|
||||
assertThrows(SecurityException.class, () -> mCm.getNetworkInfoForUid(
|
||||
mCm.getActiveNetwork(), otherUid, false /* ignoreBlocked */));
|
||||
withPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, () ->
|
||||
assertNull(mCm.getNetworkInfoForUid(mCm.getActiveNetwork(),
|
||||
otherUid, false /* ignoreBlocked */)));
|
||||
|
||||
// Bringing up validated wifi and verify again. Make the other uid be blocked,
|
||||
// verify the method returns result accordingly.
|
||||
mWiFiNetworkAgent.connect(true);
|
||||
setBlockedReasonChanged(BLOCKED_REASON_BATTERY_SAVER);
|
||||
mockUidNetworkingBlocked(otherUid);
|
||||
withPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, () ->
|
||||
verifyActiveNetwork(TRANSPORT_WIFI));
|
||||
checkNetworkInfo(mCm.getNetworkInfoForUid(mCm.getActiveNetwork(),
|
||||
Process.myUid(), false /* ignoreBlocked */), TYPE_WIFI, DetailedState.CONNECTED);
|
||||
assertThrows(SecurityException.class, () -> mCm.getNetworkInfoForUid(
|
||||
mCm.getActiveNetwork(), otherUid, false /* ignoreBlocked */));
|
||||
withPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, () ->
|
||||
checkNetworkInfo(mCm.getNetworkInfoForUid(mCm.getActiveNetwork(),
|
||||
otherUid, false /* ignoreBlocked */), TYPE_WIFI, DetailedState.BLOCKED));
|
||||
withPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, () ->
|
||||
checkNetworkInfo(mCm.getNetworkInfoForUid(mCm.getActiveNetwork(),
|
||||
otherUid, true /* ignoreBlocked */), TYPE_WIFI, DetailedState.CONNECTED));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user