From 1c7f159f4427f3dcae63109f539ca6c966fefb17 Mon Sep 17 00:00:00 2001 From: Automerger Merge Worker Date: Mon, 16 Mar 2020 15:48:50 +0000 Subject: [PATCH] Protect ConnectivityService from SecurityException in permission check. ConnectivityService currently calls LocationPermissionChecker#checkLocationPermission. This method call throws a SecurityException if the given package name and UID do not match. This permission check is made from the ConnectivityService Thread, so any Exception being thrown will crash the SystemServer. This is not acceptable, so surround the permission check in a try-catch in case any SecurityExceptions are thrown. Bug: 149119324 Test: atest ConnectivityServiceTest Change-Id: Ibe2874f2a5249432270aa1b9eb7d004bbba35ac2 Merged-In: Ibe2874f2a5249432270aa1b9eb7d004bbba35ac2 (cherry picked from commit 9eacc855b63b36f5b937e703b20d4b0bb077ab75) --- .../android/server/ConnectivityService.java | 11 ++++++++-- .../server/ConnectivityServiceTest.java | 20 +++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 62ea862835..deae459e39 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -7892,8 +7892,15 @@ public class ConnectivityService extends IConnectivityManager.Stub return true; } - if (!mLocationPermissionChecker.checkLocationPermission( - callbackPackageName, null /* featureId */, callbackUid, null /* message */)) { + // LocationPermissionChecker#checkLocationPermission can throw SecurityException if the uid + // and package name don't match. Throwing on the CS thread is not acceptable, so wrap the + // call in a try-catch. + try { + if (!mLocationPermissionChecker.checkLocationPermission( + callbackPackageName, null /* featureId */, callbackUid, null /* message */)) { + return false; + } + } catch (SecurityException e) { return false; } diff --git a/tests/net/java/com/android/server/ConnectivityServiceTest.java b/tests/net/java/com/android/server/ConnectivityServiceTest.java index de8bf3c560..c21772a5d1 100644 --- a/tests/net/java/com/android/server/ConnectivityServiceTest.java +++ b/tests/net/java/com/android/server/ConnectivityServiceTest.java @@ -6788,6 +6788,26 @@ public class ConnectivityServiceTest { mContext.getOpPackageName())); } + @Test + public void testCheckConnectivityDiagnosticsPermissionsWrongUidPackageName() throws Exception { + final NetworkAgentInfo naiWithoutUid = + new NetworkAgentInfo( + null, null, null, null, null, new NetworkCapabilities(), 0, + mServiceContext, null, null, mService, null, null, null, 0); + + mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED); + + try { + assertFalse( + "Mismatched uid/package name should not pass the location permission check", + mService.checkConnectivityDiagnosticsPermissions( + Process.myPid() + 1, Process.myUid() + 1, naiWithoutUid, + mContext.getOpPackageName())); + } catch (SecurityException e) { + fail("checkConnectivityDiagnosticsPermissions shouldn't surface a SecurityException"); + } + } + @Test public void testCheckConnectivityDiagnosticsPermissionsNoLocationPermission() throws Exception { final NetworkAgentInfo naiWithoutUid =