LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce NETWORK_STACK permission for calling NSS#forceUpdateIfaces

Browse Source 
ConnectivityManager and its usages are removed from
NetworkStatsService. After that, forceUpdateIfaces requires
information that only ConnectivityService has, hence
restricting the calling permission to NETWORK_STACK or
MAINLINE_NETWORK_STACK permission. The required permission
will be changed from READ_NETWORK_USAGE_HISTORY to
NETWORK_STACK or MAINLINE_NETWORK_STACK. This change would make
it impossible to call outside the system.

Bug: 126830974
Test: atest FrameworksNetTests
Change-Id: I776484921b2dbb6735d7940c558fb5e4baed6d1e
This commit is contained in:
Chiachang Wang
2019-04-09 19:42:52 +08:00
parent c452cbf496
commit f04137e99e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
services/core/java/com/android/server/net/NetworkStatsService.java
View File

@@ -25,6 +25,7 @@ import static android.content.Intent.ACTION_USER_REMOVED;
import static android.content.Intent.EXTRA_UID;
import static android.net.ConnectivityManager.ACTION_TETHER_STATE_CHANGED;
import static android.net.ConnectivityManager.isNetworkTypeMobile;
import static android.net.NetworkStack.checkNetworkStackPermission;
import static android.net.NetworkStats.DEFAULT_NETWORK_ALL;
import static android.net.NetworkStats.IFACE_ALL;
import static android.net.NetworkStats.INTERFACES_ALL;
@@ -899,7 +900,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
VpnInfo[] vpnArray,
NetworkState[] networkStates,
String activeIface) {
mContext.enforceCallingOrSelfPermission(READ_NETWORK_USAGE_HISTORY, TAG);
checkNetworkStackPermission(mContext);
assertBandwidthControlEnabled();
final long token = Binder.clearCallingIdentity();