LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Disable sockets and DNS if process lacks INTERNET permission." into rvc-dev am: bbcd3b326b

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11881939

Change-Id: I7c285a848ac947e0acf1acc8bc32f3ece3456412
This commit is contained in:
Luke Huang
2020-06-18 03:23:46 +00:00
committed by Automerger Merge Worker
parent 3f7a4b9254 bbcd3b326b
commit f12eff79db
3 changed files with 76 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/java/android/net/NetworkUtils.java
View File

@@ -154,6 +154,14 @@ public class NetworkUtils {
*/ */
public static native Network getDnsNetwork() throws ErrnoException; public static native Network getDnsNetwork() throws ErrnoException;
/**
* Allow/Disallow creating AF_INET/AF_INET6 sockets and DNS lookups for current process.
*
* @param allowNetworking whether to allow or disallow creating AF_INET/AF_INET6 sockets
* and DNS lookups.
*/
public static native void setAllowNetworkingForProcess(boolean allowNetworking);
/** /**
* Get the tcp repair window associated with the {@code fd}. * Get the tcp repair window associated with the {@code fd}.
* *

8
core/jni/android_net_NetUtils.cpp
View File

@@ -226,6 +226,11 @@ static jobject android_net_utils_getDnsNetwork(JNIEnv *env, jobject thiz) {
class_Network, ctor, dnsNetId & ~NETID_USE_LOCAL_NAMESERVERS, privateDnsBypass); class_Network, ctor, dnsNetId & ~NETID_USE_LOCAL_NAMESERVERS, privateDnsBypass);
} }
static void android_net_utils_setAllowNetworkingForProcess(JNIEnv *env, jobject thiz,
jboolean hasConnectivity) {
setAllowNetworkingForProcess(hasConnectivity == JNI_TRUE);
}
static jobject android_net_utils_getTcpRepairWindow(JNIEnv *env, jobject thiz, jobject javaFd) { static jobject android_net_utils_getTcpRepairWindow(JNIEnv *env, jobject thiz, jobject javaFd) {
if (javaFd == NULL) { if (javaFd == NULL) {
jniThrowNullPointerException(env, NULL); jniThrowNullPointerException(env, NULL);
@@ -266,6 +271,7 @@ static jobject android_net_utils_getTcpRepairWindow(JNIEnv *env, jobject thiz, j
/* /*
* JNI registration. * JNI registration.
*/ */
// clang-format off
static const JNINativeMethod gNetworkUtilMethods[] = { static const JNINativeMethod gNetworkUtilMethods[] = {
/* name, signature, funcPtr */ /* name, signature, funcPtr */
{ "bindProcessToNetwork", "(I)Z", (void*) android_net_utils_bindProcessToNetwork }, { "bindProcessToNetwork", "(I)Z", (void*) android_net_utils_bindProcessToNetwork },
@@ -282,7 +288,9 @@ static const JNINativeMethod gNetworkUtilMethods[] = {
{ "resNetworkResult", "(Ljava/io/FileDescriptor;)Landroid/net/DnsResolver$DnsResponse;", (void*) android_net_utils_resNetworkResult }, { "resNetworkResult", "(Ljava/io/FileDescriptor;)Landroid/net/DnsResolver$DnsResponse;", (void*) android_net_utils_resNetworkResult },
{ "resNetworkCancel", "(Ljava/io/FileDescriptor;)V", (void*) android_net_utils_resNetworkCancel }, { "resNetworkCancel", "(Ljava/io/FileDescriptor;)V", (void*) android_net_utils_resNetworkCancel },
{ "getDnsNetwork", "()Landroid/net/Network;", (void*) android_net_utils_getDnsNetwork }, { "getDnsNetwork", "()Landroid/net/Network;", (void*) android_net_utils_getDnsNetwork },
{ "setAllowNetworkingForProcess", "(Z)V", (void *)android_net_utils_setAllowNetworkingForProcess },
}; };
// clang-format on
int register_android_net_NetworkUtils(JNIEnv* env) int register_android_net_NetworkUtils(JNIEnv* env)
{ {

60
tests/net/java/android/net/NetworkUtilsTest.java
View File

@@ -16,10 +16,24 @@
package android.net; package android.net;
import static android.system.OsConstants.AF_INET;
import static android.system.OsConstants.AF_INET6;
import static android.system.OsConstants.AF_UNIX;
import static android.system.OsConstants.EPERM;
import static android.system.OsConstants.SOCK_DGRAM;
import static android.system.OsConstants.SOCK_STREAM;
import static junit.framework.Assert.assertEquals; import static junit.framework.Assert.assertEquals;
import static org.junit.Assert.fail;
import android.system.ErrnoException;
import android.system.Os;
import androidx.test.runner.AndroidJUnit4; import androidx.test.runner.AndroidJUnit4;
import libcore.io.IoUtils;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
@@ -125,4 +139,50 @@ public class NetworkUtilsTest {
assertEquals(BigInteger.valueOf(7l - 4 + 4 + 16 + 65536), assertEquals(BigInteger.valueOf(7l - 4 + 4 + 16 + 65536),
NetworkUtils.routedIPv6AddressCount(set)); NetworkUtils.routedIPv6AddressCount(set));
} }
private static void expectSocketSuccess(String msg, int domain, int type) {
try {
IoUtils.closeQuietly(Os.socket(domain, type, 0));
} catch (ErrnoException e) {
fail(msg + e.getMessage());
}
}
private static void expectSocketPemissionError(String msg, int domain, int type) {
try {
IoUtils.closeQuietly(Os.socket(domain, type, 0));
fail(msg);
} catch (ErrnoException e) {
assertEquals(msg, e.errno, EPERM);
}
}
private static void expectHasNetworking() {
expectSocketSuccess("Creating a UNIX socket should not have thrown ErrnoException",
AF_UNIX, SOCK_STREAM);
expectSocketSuccess("Creating a AF_INET socket shouldn't have thrown ErrnoException",
AF_INET, SOCK_DGRAM);
expectSocketSuccess("Creating a AF_INET6 socket shouldn't have thrown ErrnoException",
AF_INET6, SOCK_DGRAM);
}
private static void expectNoNetworking() {
expectSocketSuccess("Creating a UNIX socket should not have thrown ErrnoException",
AF_UNIX, SOCK_STREAM);
expectSocketPemissionError(
"Creating a AF_INET socket should have thrown ErrnoException(EPERM)",
AF_INET, SOCK_DGRAM);
expectSocketPemissionError(
"Creating a AF_INET6 socket should have thrown ErrnoException(EPERM)",
AF_INET6, SOCK_DGRAM);
}
@Test
public void testSetAllowNetworkingForProcess() {
expectHasNetworking();
NetworkUtils.setAllowNetworkingForProcess(false);
expectNoNetworking();
NetworkUtils.setAllowNetworkingForProcess(true);
expectHasNetworking();
}
} }