Snap for 6334680 from d170e878d0b27bf753d5ed8b91c57bf93b672317 to mainline-release
Change-Id: Icb29a46574f2440df1b266dbb94844f42b1bba0e
This commit is contained in:
android-build-team Robot
@@ -27,7 +27,7 @@ import java.lang.annotation.RetentionPolicy;
|
|||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
@SystemApi
|
@SystemApi
|
||||||
public class InvalidPacketException extends Exception {
|
public final class InvalidPacketException extends Exception {
|
||||||
private final int mError;
|
private final int mError;
|
||||||
|
|
||||||
// Must match SocketKeepalive#ERROR_INVALID_IP_ADDRESS.
|
// Must match SocketKeepalive#ERROR_INVALID_IP_ADDRESS.
|
||||||
|
|||||||
@@ -414,6 +414,20 @@ public final class NetworkCapabilities implements Parcelable {
|
|||||||
| (1 << NET_CAPABILITY_FOREGROUND)
|
| (1 << NET_CAPABILITY_FOREGROUND)
|
||||||
| (1 << NET_CAPABILITY_PARTIAL_CONNECTIVITY);
|
| (1 << NET_CAPABILITY_PARTIAL_CONNECTIVITY);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Capabilities that are allowed for test networks. This list must be set so that it is safe
|
||||||
|
* for an unprivileged user to create a network with these capabilities via shell. As such,
|
||||||
|
* it must never contain capabilities that are generally useful to the system, such as
|
||||||
|
* INTERNET, IMS, SUPL, etc.
|
||||||
|
*/
|
||||||
|
private static final long TEST_NETWORKS_ALLOWED_CAPABILITIES =
|
||||||
|
(1 << NET_CAPABILITY_NOT_METERED)
|
||||||
|
| (1 << NET_CAPABILITY_NOT_RESTRICTED)
|
||||||
|
| (1 << NET_CAPABILITY_NOT_VPN)
|
||||||
|
| (1 << NET_CAPABILITY_NOT_ROAMING)
|
||||||
|
| (1 << NET_CAPABILITY_NOT_CONGESTED)
|
||||||
|
| (1 << NET_CAPABILITY_NOT_SUSPENDED);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds the given capability to this {@code NetworkCapability} instance.
|
* Adds the given capability to this {@code NetworkCapability} instance.
|
||||||
* Note that when searching for a network to satisfy a request, all capabilities
|
* Note that when searching for a network to satisfy a request, all capabilities
|
||||||
@@ -645,6 +659,21 @@ public final class NetworkCapabilities implements Parcelable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test networks have strong restrictions on what capabilities they can have. Enforce these
|
||||||
|
* restrictions.
|
||||||
|
* @hide
|
||||||
|
*/
|
||||||
|
public void restrictCapabilitesForTestNetwork() {
|
||||||
|
final long originalCapabilities = mNetworkCapabilities;
|
||||||
|
final NetworkSpecifier originalSpecifier = mNetworkSpecifier;
|
||||||
|
clearAll();
|
||||||
|
// Reset the transports to only contain TRANSPORT_TEST.
|
||||||
|
mTransportTypes = (1 << TRANSPORT_TEST);
|
||||||
|
mNetworkCapabilities = originalCapabilities & TEST_NETWORKS_ALLOWED_CAPABILITIES;
|
||||||
|
mNetworkSpecifier = originalSpecifier;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Representing the transport type. Apps should generally not care about transport. A
|
* Representing the transport type. Apps should generally not care about transport. A
|
||||||
* request for a fast internet connection could be satisfied by a number of different
|
* request for a fast internet connection could be satisfied by a number of different
|
||||||
@@ -2000,7 +2029,7 @@ public final class NetworkCapabilities implements Parcelable {
|
|||||||
*/
|
*/
|
||||||
@SystemApi
|
@SystemApi
|
||||||
@TestApi
|
@TestApi
|
||||||
public static class Builder {
|
public static final class Builder {
|
||||||
private final NetworkCapabilities mCaps;
|
private final NetworkCapabilities mCaps;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -40,6 +40,7 @@ import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;
|
|||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY;
|
||||||
import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;
|
import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED;
|
||||||
import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
|
import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
|
||||||
|
import static android.net.NetworkCapabilities.TRANSPORT_TEST;
|
||||||
import static android.net.NetworkCapabilities.TRANSPORT_VPN;
|
import static android.net.NetworkCapabilities.TRANSPORT_VPN;
|
||||||
import static android.net.NetworkPolicyManager.RULE_NONE;
|
import static android.net.NetworkPolicyManager.RULE_NONE;
|
||||||
import static android.net.NetworkPolicyManager.uidRulesToString;
|
import static android.net.NetworkPolicyManager.uidRulesToString;
|
||||||
@@ -50,6 +51,7 @@ import static android.system.OsConstants.IPPROTO_UDP;
|
|||||||
|
|
||||||
import static java.util.Map.Entry;
|
import static java.util.Map.Entry;
|
||||||
|
|
||||||
|
import android.Manifest;
|
||||||
import android.annotation.NonNull;
|
import android.annotation.NonNull;
|
||||||
import android.annotation.Nullable;
|
import android.annotation.Nullable;
|
||||||
import android.app.AppOpsManager;
|
import android.app.AppOpsManager;
|
||||||
@@ -2702,10 +2704,18 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
|
|
||||||
switch (msg.what) {
|
switch (msg.what) {
|
||||||
case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: {
|
case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: {
|
||||||
final NetworkCapabilities networkCapabilities = (NetworkCapabilities) msg.obj;
|
NetworkCapabilities networkCapabilities = (NetworkCapabilities) msg.obj;
|
||||||
if (networkCapabilities.hasConnectivityManagedCapability()) {
|
if (networkCapabilities.hasConnectivityManagedCapability()) {
|
||||||
Slog.wtf(TAG, "BUG: " + nai + " has CS-managed capability.");
|
Slog.wtf(TAG, "BUG: " + nai + " has CS-managed capability.");
|
||||||
}
|
}
|
||||||
|
if (networkCapabilities.hasTransport(TRANSPORT_TEST)) {
|
||||||
|
// Make sure the original object is not mutated. NetworkAgent normally
|
||||||
|
// makes a copy of the capabilities when sending the message through
|
||||||
|
// the Messenger, but if this ever changes, not making a defensive copy
|
||||||
|
// here will give attack vectors to clients using this code path.
|
||||||
|
networkCapabilities = new NetworkCapabilities(networkCapabilities);
|
||||||
|
networkCapabilities.restrictCapabilitesForTestNetwork();
|
||||||
|
}
|
||||||
updateCapabilities(nai.getCurrentScore(), nai, networkCapabilities);
|
updateCapabilities(nai.getCurrentScore(), nai, networkCapabilities);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -5778,7 +5788,16 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
public Network registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo,
|
public Network registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo,
|
||||||
LinkProperties linkProperties, NetworkCapabilities networkCapabilities,
|
LinkProperties linkProperties, NetworkCapabilities networkCapabilities,
|
||||||
int currentScore, NetworkAgentConfig networkAgentConfig, int providerId) {
|
int currentScore, NetworkAgentConfig networkAgentConfig, int providerId) {
|
||||||
enforceNetworkFactoryPermission();
|
if (networkCapabilities.hasTransport(TRANSPORT_TEST)) {
|
||||||
|
enforceAnyPermissionOf(Manifest.permission.MANAGE_TEST_NETWORKS);
|
||||||
|
// Strictly, sanitizing here is unnecessary as the capabilities will be sanitized in
|
||||||
|
// the call to mixInCapabilities below anyway, but sanitizing here means the NAI never
|
||||||
|
// sees capabilities that may be malicious, which might prevent mistakes in the future.
|
||||||
|
networkCapabilities = new NetworkCapabilities(networkCapabilities);
|
||||||
|
networkCapabilities.restrictCapabilitesForTestNetwork();
|
||||||
|
} else {
|
||||||
|
enforceNetworkFactoryPermission();
|
||||||
|
}
|
||||||
|
|
||||||
LinkProperties lp = new LinkProperties(linkProperties);
|
LinkProperties lp = new LinkProperties(linkProperties);
|
||||||
lp.ensureDirectlyConnectedRoutes();
|
lp.ensureDirectlyConnectedRoutes();
|
||||||
|
|||||||
Reference in New Issue
Block a user