From dd397f58c7716c96843c35b40ba7ff30c60826e7 Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Thu, 26 Mar 2020 22:38:21 +0900 Subject: [PATCH] Fix querying Ethernet availability for unprivileged callers. Both EthernetManager#getAvailableInterfaces() and the no-arg version of EthernetManager#isAvailable() end up calling EthernetServiceImpl#getAvailableInterfaces. This method attempts to filter out restricted interfaces if the caller does not have the CONNECTIVITY_USE_RESTRICTED_NETWORKS permission. Unfortunately EthernetNetworkFactory's notion of a restricted interface is the opposite of what it should be. This means that while privileged callers can see all interfaces, unprivileged callers can only see restricted interfaces which they cannot use. Fix this by correcting NetworkInterfaceState#isRestricted(), so that unprivileged callers can see only unrestricted interfaces. Privileged callers are unaffected. This bug probably went unnoticed because restricted Ethernet interfaces are rare (likely used only on auto devices) and because the callers that care about those restricted interfaces are generally privileged. Bug: 148824036 Test: atest android.net.EthernetTetheringTest#testPhysicalEthernet Change-Id: Idff3b05a193a80c581d80d0e4fe9c2d3fc0d8a25 --- .../src/com/android/server/ethernet/EthernetNetworkFactory.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java index 28f46061af..ab2cfc772d 100644 --- a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java +++ b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java @@ -396,7 +396,7 @@ public class EthernetNetworkFactory extends NetworkFactory { } boolean isRestricted() { - return mCapabilities.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED); + return !mCapabilities.hasCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED); } /**