From f04137e99ed59ead11954e0b70a7fc425799c727 Mon Sep 17 00:00:00 2001 From: Chiachang Wang Date: Tue, 9 Apr 2019 19:42:52 +0800 Subject: [PATCH] Enforce NETWORK_STACK permission for calling NSS#forceUpdateIfaces ConnectivityManager and its usages are removed from NetworkStatsService. After that, forceUpdateIfaces requires information that only ConnectivityService has, hence restricting the calling permission to NETWORK_STACK or MAINLINE_NETWORK_STACK permission. The required permission will be changed from READ_NETWORK_USAGE_HISTORY to NETWORK_STACK or MAINLINE_NETWORK_STACK. This change would make it impossible to call outside the system. Bug: 126830974 Test: atest FrameworksNetTests Change-Id: I776484921b2dbb6735d7940c558fb5e4baed6d1e --- .../core/java/com/android/server/net/NetworkStatsService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index f237c4bca5..484efd6bfd 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -25,6 +25,7 @@ import static android.content.Intent.ACTION_USER_REMOVED; import static android.content.Intent.EXTRA_UID; import static android.net.ConnectivityManager.ACTION_TETHER_STATE_CHANGED; import static android.net.ConnectivityManager.isNetworkTypeMobile; +import static android.net.NetworkStack.checkNetworkStackPermission; import static android.net.NetworkStats.DEFAULT_NETWORK_ALL; import static android.net.NetworkStats.IFACE_ALL; import static android.net.NetworkStats.INTERFACES_ALL; @@ -899,7 +900,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { VpnInfo[] vpnArray, NetworkState[] networkStates, String activeIface) { - mContext.enforceCallingOrSelfPermission(READ_NETWORK_USAGE_HISTORY, TAG); + checkNetworkStackPermission(mContext); assertBandwidthControlEnabled(); final long token = Binder.clearCallingIdentity();