Adjust permission of NetworkProvider related API

- Allow an app holds NETWORK_SETTINGS to acess registerNetworkProvier() and unregisterNetworkProvider(). - To access declareNetworkRequestUnfulfillable(), allow an app holds MANAGE_TEST_NETWORKS to declare a unfulfillable request that contains TRANSPORT_TEST transport. This makes easier to write cts to test. Bug: 153612373 Bug: 153614605 Test: atest FrameworksNetTests atest CtsNetTestCases:android.net.NetworkProviderTest Change-Id: Ic9809e731aa811a51c2f82d189372169d99a5ed9
2020-04-14 13:43:49 +08:00
parent 836df36aee
commit ebbfd3ccb9
1 changed files with 21 additions and 3 deletions
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -2093,6 +2093,20 @@ public class ConnectivityService extends IConnectivityManager.Stub
                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
    }

+    private void enforceNetworkFactoryOrSettingsPermission() {
+        enforceAnyPermissionOf(
+                android.Manifest.permission.NETWORK_SETTINGS,
+                android.Manifest.permission.NETWORK_FACTORY,
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
+    }
+
+    private void enforceNetworkFactoryOrTestNetworksPermission() {
+        enforceAnyPermissionOf(
+                android.Manifest.permission.MANAGE_TEST_NETWORKS,
+                android.Manifest.permission.NETWORK_FACTORY,
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
+    }
+
    private boolean checkSettingsPermission() {
        return checkAnyPermissionOf(
                android.Manifest.permission.NETWORK_SETTINGS,
@@ -5672,7 +5686,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

    @Override
    public int registerNetworkProvider(Messenger messenger, String name) {
-        enforceNetworkFactoryPermission();
+        enforceNetworkFactoryOrSettingsPermission();
        NetworkProviderInfo npi = new NetworkProviderInfo(name, messenger,
                null /* asyncChannel */, nextNetworkProviderId(),
                () -> unregisterNetworkProvider(messenger));
@@ -5682,7 +5696,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

    @Override
    public void unregisterNetworkProvider(Messenger messenger) {
-        enforceNetworkFactoryPermission();
+        enforceNetworkFactoryOrSettingsPermission();
        mHandler.sendMessage(mHandler.obtainMessage(EVENT_UNREGISTER_NETWORK_PROVIDER, messenger));
    }

@@ -5702,7 +5716,11 @@ public class ConnectivityService extends IConnectivityManager.Stub

    @Override
    public void declareNetworkRequestUnfulfillable(NetworkRequest request) {
-        enforceNetworkFactoryPermission();
+        if (request.hasTransport(TRANSPORT_TEST)) {
+            enforceNetworkFactoryOrTestNetworksPermission();
+        } else {
+            enforceNetworkFactoryPermission();
+        }
        mHandler.post(() -> handleReleaseNetworkRequest(request, Binder.getCallingUid(), true));
    }