LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace the permission of internal connectivity checks

Browse Source 
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.

Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
This commit is contained in:
paulhu
2019-08-12 16:25:11 +08:00
parent a5b0d0bbab
commit e031948c1a
4 changed files with 63 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
core/java/android/net/ConnectivityManager.java
View File

@@ -1006,7 +1006,7 @@ public class ConnectivityManager {
* *
* @hide * @hide
*/ */
@RequiresPermission(android.Manifest.permission.CONNECTIVITY_INTERNAL) @RequiresPermission(android.Manifest.permission.NETWORK_STACK)
@Nullable @Nullable
public Network getActiveNetworkForUid(int uid) { public Network getActiveNetworkForUid(int uid) {
return getActiveNetworkForUid(uid, false); return getActiveNetworkForUid(uid, false);
@@ -1135,7 +1135,7 @@ public class ConnectivityManager {
* *
* {@hide} * {@hide}
*/ */
@RequiresPermission(android.Manifest.permission.CONNECTIVITY_INTERNAL) @RequiresPermission(android.Manifest.permission.NETWORK_STACK)
@UnsupportedAppUsage @UnsupportedAppUsage
public NetworkInfo getActiveNetworkInfoForUid(int uid) { public NetworkInfo getActiveNetworkInfoForUid(int uid) {
return getActiveNetworkInfoForUid(uid, false); return getActiveNetworkInfoForUid(uid, false);
@@ -1370,10 +1370,14 @@ public class ConnectivityManager {
* The system network validation may be using different strategies to detect captive portals, * The system network validation may be using different strategies to detect captive portals,
* so this method does not necessarily return a URL used by the system. It only returns a URL * so this method does not necessarily return a URL used by the system. It only returns a URL
* that may be relevant for other components trying to detect captive portals. * that may be relevant for other components trying to detect captive portals.
*
* @hide * @hide
* @deprecated This API returns URL which is not guaranteed to be one of the URLs used by the
* system.
*/ */
@Deprecated
@SystemApi @SystemApi
@RequiresPermission(android.Manifest.permission.LOCAL_MAC_ADDRESS) @RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS)
public String getCaptivePortalServerUrl() { public String getCaptivePortalServerUrl() {
try { try {
return mService.getCaptivePortalServerUrl(); return mService.getCaptivePortalServerUrl();
@@ -2399,6 +2403,7 @@ public class ConnectivityManager {
* @return an array of 0 or more {@code String} of tethered dhcp ranges. * @return an array of 0 or more {@code String} of tethered dhcp ranges.
* {@hide} * {@hide}
*/ */
@RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS)
public String[] getTetheredDhcpRanges() { public String[] getTetheredDhcpRanges() {
try { try {
return mService.getTetheredDhcpRanges(); return mService.getTetheredDhcpRanges();
@@ -2978,7 +2983,7 @@ public class ConnectivityManager {
* HTTP proxy. A {@code null} value will clear the global HTTP proxy. * HTTP proxy. A {@code null} value will clear the global HTTP proxy.
* @hide * @hide
*/ */
@RequiresPermission(android.Manifest.permission.CONNECTIVITY_INTERNAL) @RequiresPermission(android.Manifest.permission.NETWORK_STACK)
public void setGlobalProxy(ProxyInfo p) { public void setGlobalProxy(ProxyInfo p) {
try { try {
mService.setGlobalProxy(p); mService.setGlobalProxy(p);
@@ -3123,6 +3128,7 @@ public class ConnectivityManager {
* Get the mobile provisioning url. * Get the mobile provisioning url.
* {@hide} * {@hide}
*/ */
@RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS)
public String getMobileProvisioningUrl() { public String getMobileProvisioningUrl() {
try { try {
return mService.getMobileProvisioningUrl(); return mService.getMobileProvisioningUrl();
@@ -3169,6 +3175,7 @@ public class ConnectivityManager {
/** {@hide} - returns the factory serial number */ /** {@hide} - returns the factory serial number */
@UnsupportedAppUsage @UnsupportedAppUsage
@RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
public int registerNetworkFactory(Messenger messenger, String name) { public int registerNetworkFactory(Messenger messenger, String name) {
try { try {
return mService.registerNetworkFactory(messenger, name); return mService.registerNetworkFactory(messenger, name);
@@ -3179,6 +3186,7 @@ public class ConnectivityManager {
/** {@hide} */ /** {@hide} */
@UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023) @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023)
@RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
public void unregisterNetworkFactory(Messenger messenger) { public void unregisterNetworkFactory(Messenger messenger) {
try { try {
mService.unregisterNetworkFactory(messenger); mService.unregisterNetworkFactory(messenger);
@@ -3196,6 +3204,7 @@ public class ConnectivityManager {
* Register a NetworkAgent with ConnectivityService. * Register a NetworkAgent with ConnectivityService.
* @return NetID corresponding to NetworkAgent. * @return NetID corresponding to NetworkAgent.
*/ */
@RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
public int registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp, public int registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp,
NetworkCapabilities nc, int score, NetworkMisc misc) { NetworkCapabilities nc, int score, NetworkMisc misc) {
return registerNetworkAgent(messenger, ni, lp, nc, score, misc, return registerNetworkAgent(messenger, ni, lp, nc, score, misc,
@@ -3207,6 +3216,7 @@ public class ConnectivityManager {
* Register a NetworkAgent with ConnectivityService. * Register a NetworkAgent with ConnectivityService.
* @return NetID corresponding to NetworkAgent. * @return NetID corresponding to NetworkAgent.
*/ */
@RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
public int registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp, public int registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp,
NetworkCapabilities nc, int score, NetworkMisc misc, int factorySerialNumber) { NetworkCapabilities nc, int score, NetworkMisc misc, int factorySerialNumber) {
try { try {
@@ -4201,7 +4211,7 @@ public class ConnectivityManager {
* *
* @hide * @hide
*/ */
@RequiresPermission(android.Manifest.permission.CONNECTIVITY_INTERNAL) @RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS)
public void startCaptivePortalApp(Network network) { public void startCaptivePortalApp(Network network) {
try { try {
mService.startCaptivePortalApp(network); mService.startCaptivePortalApp(network);
@@ -4317,6 +4327,7 @@ public class ConnectivityManager {
* Resets all connectivity manager settings back to factory defaults. * Resets all connectivity manager settings back to factory defaults.
* @hide * @hide
*/ */
@RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS)
public void factoryReset() { public void factoryReset() {
try { try {
mService.factoryReset(); mService.factoryReset();

57
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -1395,7 +1395,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public Network getActiveNetworkForUid(int uid, boolean ignoreBlocked) { public Network getActiveNetworkForUid(int uid, boolean ignoreBlocked) {
enforceConnectivityInternalPermission(); NetworkStack.checkNetworkStackPermission(mContext);
return getActiveNetworkForUidInternal(uid, ignoreBlocked); return getActiveNetworkForUidInternal(uid, ignoreBlocked);
} }
@@ -1437,7 +1437,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public NetworkInfo getActiveNetworkInfoForUid(int uid, boolean ignoreBlocked) { public NetworkInfo getActiveNetworkInfoForUid(int uid, boolean ignoreBlocked) {
enforceConnectivityInternalPermission(); NetworkStack.checkNetworkStackPermission(mContext);
final NetworkState state = getUnfilteredActiveNetworkState(uid); final NetworkState state = getUnfilteredActiveNetworkState(uid);
filterNetworkStateForUid(state, uid, ignoreBlocked); filterNetworkStateForUid(state, uid, ignoreBlocked);
return state.networkInfo; return state.networkInfo;
@@ -1656,8 +1656,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public NetworkState[] getAllNetworkState() { public NetworkState[] getAllNetworkState() {
// Require internal since we're handing out IMSI details // This contains IMSI details, so make sure the caller is privileged.
enforceConnectivityInternalPermission(); NetworkStack.checkNetworkStackPermission(mContext);
final ArrayList<NetworkState> result = Lists.newArrayList(); final ArrayList<NetworkState> result = Lists.newArrayList();
for (Network network : getAllNetworks()) { for (Network network : getAllNetworks()) {
@@ -1735,7 +1735,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
} }
enforceChangePermission(); enforceChangePermission();
if (mProtectedNetworks.contains(networkType)) { if (mProtectedNetworks.contains(networkType)) {
enforceConnectivityInternalPermission(); enforceConnectivityRestrictedNetworksPermission();
} }
InetAddress addr; InetAddress addr;
@@ -2005,6 +2005,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK); NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
} }
private void enforceNetworkFactoryPermission() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.NETWORK_FACTORY,
"ConnectivityService");
}
private boolean checkSettingsPermission() { private boolean checkSettingsPermission() {
return checkAnyPermissionOf( return checkAnyPermissionOf(
android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_SETTINGS,
@@ -2024,18 +2030,19 @@ public class ConnectivityService extends IConnectivityManager.Stub
"ConnectivityService"); "ConnectivityService");
} }
private void enforceConnectivityInternalPermission() {
enforceAnyPermissionOf(
android.Manifest.permission.CONNECTIVITY_INTERNAL,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
private void enforceControlAlwaysOnVpnPermission() { private void enforceControlAlwaysOnVpnPermission() {
mContext.enforceCallingOrSelfPermission( mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.CONTROL_ALWAYS_ON_VPN, android.Manifest.permission.CONTROL_ALWAYS_ON_VPN,
"ConnectivityService"); "ConnectivityService");
} }
private void enforceNetworkStackOrSettingsPermission() {
enforceAnyPermissionOf(
android.Manifest.permission.NETWORK_SETTINGS,
android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
private void enforceNetworkStackSettingsOrSetup() { private void enforceNetworkStackSettingsOrSetup() {
enforceAnyPermissionOf( enforceAnyPermissionOf(
android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_SETTINGS,
@@ -2063,7 +2070,11 @@ public class ConnectivityService extends IConnectivityManager.Stub
"ConnectivityService"); "ConnectivityService");
return; return;
} catch (SecurityException e) { /* fallback to ConnectivityInternalPermission */ } } catch (SecurityException e) { /* fallback to ConnectivityInternalPermission */ }
enforceConnectivityInternalPermission(); // TODO: Remove this fallback check after all apps have declared
// CONNECTIVITY_USE_RESTRICTED_NETWORKS.
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.CONNECTIVITY_INTERNAL,
"ConnectivityService");
} }
private void enforceKeepalivePermission() { private void enforceKeepalivePermission() {
@@ -2072,7 +2083,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
// Public because it's used by mLockdownTracker. // Public because it's used by mLockdownTracker.
public void sendConnectedBroadcast(NetworkInfo info) { public void sendConnectedBroadcast(NetworkInfo info) {
enforceConnectivityInternalPermission(); NetworkStack.checkNetworkStackPermission(mContext);
sendGeneralBroadcast(info, CONNECTIVITY_ACTION); sendGeneralBroadcast(info, CONNECTIVITY_ACTION);
} }
@@ -3589,7 +3600,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public void startCaptivePortalApp(Network network) { public void startCaptivePortalApp(Network network) {
enforceConnectivityInternalPermission(); enforceNetworkStackOrSettingsPermission();
mHandler.post(() -> { mHandler.post(() -> {
NetworkAgentInfo nai = getNetworkAgentInfoForNetwork(network); NetworkAgentInfo nai = getNetworkAgentInfoForNetwork(network);
if (nai == null) return; if (nai == null) return;
@@ -4080,7 +4091,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public String[] getTetheredDhcpRanges() { public String[] getTetheredDhcpRanges() {
enforceConnectivityInternalPermission(); enforceSettingsPermission();
return mTetheringManager.getTetheredDhcpRanges(); return mTetheringManager.getTetheredDhcpRanges();
} }
@@ -4304,7 +4315,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public void setGlobalProxy(final ProxyInfo proxyProperties) { public void setGlobalProxy(final ProxyInfo proxyProperties) {
enforceConnectivityInternalPermission(); NetworkStack.checkNetworkStackPermission(mContext);
mProxyTracker.setGlobalProxy(proxyProperties); mProxyTracker.setGlobalProxy(proxyProperties);
} }
@@ -4843,7 +4854,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public String getMobileProvisioningUrl() { public String getMobileProvisioningUrl() {
enforceConnectivityInternalPermission(); enforceSettingsPermission();
String url = getProvisioningUrlBaseFromFile(); String url = getProvisioningUrlBaseFromFile();
if (TextUtils.isEmpty(url)) { if (TextUtils.isEmpty(url)) {
url = mContext.getResources().getString(R.string.mobile_provisioning_url); url = mContext.getResources().getString(R.string.mobile_provisioning_url);
@@ -4869,7 +4880,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public void setProvisioningNotificationVisible(boolean visible, int networkType, public void setProvisioningNotificationVisible(boolean visible, int networkType,
String action) { String action) {
enforceConnectivityInternalPermission(); enforceSettingsPermission();
if (!ConnectivityManager.isNetworkTypeValid(networkType)) { if (!ConnectivityManager.isNetworkTypeValid(networkType)) {
return; return;
} }
@@ -5457,7 +5468,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public int registerNetworkFactory(Messenger messenger, String name) { public int registerNetworkFactory(Messenger messenger, String name) {
enforceConnectivityInternalPermission(); enforceNetworkFactoryPermission();
NetworkFactoryInfo nfi = new NetworkFactoryInfo(name, messenger, new AsyncChannel(), NetworkFactoryInfo nfi = new NetworkFactoryInfo(name, messenger, new AsyncChannel(),
NetworkFactory.SerialNumber.nextSerialNumber()); NetworkFactory.SerialNumber.nextSerialNumber());
mHandler.sendMessage(mHandler.obtainMessage(EVENT_REGISTER_NETWORK_FACTORY, nfi)); mHandler.sendMessage(mHandler.obtainMessage(EVENT_REGISTER_NETWORK_FACTORY, nfi));
@@ -5472,7 +5483,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public void unregisterNetworkFactory(Messenger messenger) { public void unregisterNetworkFactory(Messenger messenger) {
enforceConnectivityInternalPermission(); enforceNetworkFactoryPermission();
mHandler.sendMessage(mHandler.obtainMessage(EVENT_UNREGISTER_NETWORK_FACTORY, messenger)); mHandler.sendMessage(mHandler.obtainMessage(EVENT_UNREGISTER_NETWORK_FACTORY, messenger));
} }
@@ -5571,7 +5582,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
public int registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo, public int registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo,
LinkProperties linkProperties, NetworkCapabilities networkCapabilities, LinkProperties linkProperties, NetworkCapabilities networkCapabilities,
int currentScore, NetworkMisc networkMisc, int factorySerialNumber) { int currentScore, NetworkMisc networkMisc, int factorySerialNumber) {
enforceConnectivityInternalPermission(); enforceNetworkFactoryPermission();
LinkProperties lp = new LinkProperties(linkProperties); LinkProperties lp = new LinkProperties(linkProperties);
lp.ensureDirectlyConnectedRoutes(); lp.ensureDirectlyConnectedRoutes();
@@ -6935,7 +6946,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public String getCaptivePortalServerUrl() { public String getCaptivePortalServerUrl() {
enforceConnectivityInternalPermission(); enforceNetworkStackOrSettingsPermission();
String settingUrl = mContext.getResources().getString( String settingUrl = mContext.getResources().getString(
R.string.config_networkCaptivePortalServerUrl); R.string.config_networkCaptivePortalServerUrl);
@@ -6988,7 +6999,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override @Override
public void factoryReset() { public void factoryReset() {
enforceConnectivityInternalPermission(); enforceSettingsPermission();
if (mUserManager.hasUserRestriction(UserManager.DISALLOW_NETWORK_RESET)) { if (mUserManager.hasUserRestriction(UserManager.DISALLOW_NETWORK_RESET)) {
return; return;

5
services/core/java/com/android/server/connectivity/PermissionMonitor.java
View File

@@ -17,7 +17,6 @@
package com.android.server.connectivity; package com.android.server.connectivity;
import static android.Manifest.permission.CHANGE_NETWORK_STATE; import static android.Manifest.permission.CHANGE_NETWORK_STATE;
import static android.Manifest.permission.CONNECTIVITY_INTERNAL;
import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS; import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS;
import static android.Manifest.permission.INTERNET; import static android.Manifest.permission.INTERNET;
import static android.Manifest.permission.NETWORK_STACK; import static android.Manifest.permission.NETWORK_STACK;
@@ -25,6 +24,7 @@ import static android.Manifest.permission.UPDATE_DEVICE_STATS;
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED; import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
import static android.content.pm.PackageManager.GET_PERMISSIONS; import static android.content.pm.PackageManager.GET_PERMISSIONS;
import static android.content.pm.PackageManager.MATCH_ANY_USER; import static android.content.pm.PackageManager.MATCH_ANY_USER;
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
import static android.os.Process.INVALID_UID; import static android.os.Process.INVALID_UID;
import static android.os.Process.SYSTEM_UID; import static android.os.Process.SYSTEM_UID;
@@ -259,7 +259,8 @@ public class PermissionMonitor {
return true; return true;
} }
} }
return hasPermission(app, CONNECTIVITY_INTERNAL)
return hasPermission(app, PERMISSION_MAINLINE_NETWORK_STACK)
|| hasPermission(app, NETWORK_STACK) || hasPermission(app, NETWORK_STACK)
|| hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS); || hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS);
} }

17
tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
View File

@@ -265,6 +265,8 @@ public class PermissionMonitorTest {
assertFalse(mPermissionMonitor.hasNetworkPermission(app)); assertFalse(mPermissionMonitor.hasNetworkPermission(app));
app = systemPackageInfoWithPermissions(CONNECTIVITY_USE_RESTRICTED_NETWORKS); app = systemPackageInfoWithPermissions(CONNECTIVITY_USE_RESTRICTED_NETWORKS);
assertFalse(mPermissionMonitor.hasNetworkPermission(app)); assertFalse(mPermissionMonitor.hasNetworkPermission(app));
app = systemPackageInfoWithPermissions(CONNECTIVITY_INTERNAL);
assertFalse(mPermissionMonitor.hasNetworkPermission(app));
} }
@Test @Test
@@ -274,7 +276,7 @@ public class PermissionMonitorTest {
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE)); PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
assertTrue(hasRestrictedNetworkPermission( assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK)); PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK));
assertTrue(hasRestrictedNetworkPermission( assertFalse(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL)); PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
assertTrue(hasRestrictedNetworkPermission( assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
@@ -283,7 +285,7 @@ public class PermissionMonitorTest {
assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1)); assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1));
assertFalse(hasRestrictedNetworkPermission( assertFalse(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE)); PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CONNECTIVITY_INTERNAL));
} }
@Test @Test
@@ -291,14 +293,14 @@ public class PermissionMonitorTest {
doReturn(VERSION_P).when(mPermissionMonitor).getDeviceFirstSdkInt(); doReturn(VERSION_P).when(mPermissionMonitor).getDeviceFirstSdkInt();
assertTrue(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID)); assertTrue(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID));
assertTrue(hasRestrictedNetworkPermission( assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CHANGE_WIFI_STATE)); PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CONNECTIVITY_INTERNAL));
assertTrue(hasRestrictedNetworkPermission( assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
doReturn(VERSION_Q).when(mPermissionMonitor).getDeviceFirstSdkInt(); doReturn(VERSION_Q).when(mPermissionMonitor).getDeviceFirstSdkInt();
assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID)); assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID));
assertFalse(hasRestrictedNetworkPermission( assertFalse(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CHANGE_WIFI_STATE)); PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CONNECTIVITY_INTERNAL));
assertTrue(hasRestrictedNetworkPermission( assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
} }
@@ -319,7 +321,7 @@ public class PermissionMonitorTest {
assertFalse(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1)); assertFalse(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1));
assertFalse(hasRestrictedNetworkPermission( assertFalse(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE)); PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CONNECTIVITY_INTERNAL));
assertFalse(hasRestrictedNetworkPermission( assertFalse(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_NETWORK_STATE)); PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_NETWORK_STATE));
} }
@@ -337,7 +339,7 @@ public class PermissionMonitorTest {
public void testHasUseBackgroundNetworksPermission() throws Exception { public void testHasUseBackgroundNetworksPermission() throws Exception {
assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(SYSTEM_UID)); assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(SYSTEM_UID));
assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID); assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID);
assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_WIFI_STATE); assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID, CONNECTIVITY_INTERNAL);
assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_NETWORK_STATE); assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_NETWORK_STATE);
assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, NETWORK_STACK); assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, NETWORK_STACK);
@@ -348,8 +350,9 @@ public class PermissionMonitorTest {
assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID2)); assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID2));
assertBackgroundPermission(false, MOCK_PACKAGE2, MOCK_UID2); assertBackgroundPermission(false, MOCK_PACKAGE2, MOCK_UID2);
assertBackgroundPermission(true, MOCK_PACKAGE2, MOCK_UID2, assertBackgroundPermission(false, MOCK_PACKAGE2, MOCK_UID2,
CONNECTIVITY_INTERNAL); CONNECTIVITY_INTERNAL);
assertBackgroundPermission(true, MOCK_PACKAGE2, MOCK_UID2, NETWORK_STACK);
} }
private class NetdMonitor { private class NetdMonitor {