LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "LocationPermissionChecker: Exempt privileged components from location check"

Browse Source
This commit is contained in:
Roshan Pius
2021-01-18 01:33:31 +00:00
committed by Gerrit Code Review
parent 3157c3642a 854f6a6269
commit fdc3167044
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/net/java/com/android/server/ConnectivityServiceTest.java
View File

@@ -2074,10 +2074,6 @@ public class ConnectivityServiceTest {
@Test @Test
public void testOwnerUidCannotChange() throws Exception { public void testOwnerUidCannotChange() throws Exception {
// Owner UIDs are not visible without location permission.
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
Manifest.permission.ACCESS_FINE_LOCATION);
final NetworkCapabilities ncTemplate = new NetworkCapabilities(); final NetworkCapabilities ncTemplate = new NetworkCapabilities();
final int originalOwnerUid = Process.myUid(); final int originalOwnerUid = Process.myUid();
ncTemplate.setOwnerUid(originalOwnerUid); ncTemplate.setOwnerUid(originalOwnerUid);
@@ -2097,6 +2093,10 @@ public class ConnectivityServiceTest {
mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true); mWiFiNetworkAgent.setNetworkCapabilities(agentCapabilities, true);
waitForIdle(); waitForIdle();
// Owner UIDs are not visible without location permission.
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
Manifest.permission.ACCESS_FINE_LOCATION);
// Check that the capability change has been applied but the owner UID is not modified. // Check that the capability change has been applied but the owner UID is not modified.
NetworkCapabilities nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork()); NetworkCapabilities nc = mCm.getNetworkCapabilities(mWiFiNetworkAgent.getNetwork());
assertEquals(originalOwnerUid, nc.getOwnerUid()); assertEquals(originalOwnerUid, nc.getOwnerUid());
@@ -7781,8 +7781,22 @@ public class ConnectivityServiceTest {
naExtraInfo.unregister(); naExtraInfo.unregister();
} }
// To avoid granting location permission bypass.
private void denyAllLocationPrivilegedPermissions() {
mServiceContext.setPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
PERMISSION_DENIED);
mServiceContext.setPermission(Manifest.permission.NETWORK_SETTINGS,
PERMISSION_DENIED);
mServiceContext.setPermission(Manifest.permission.NETWORK_STACK,
PERMISSION_DENIED);
mServiceContext.setPermission(Manifest.permission.NETWORK_SETUP_WIZARD,
PERMISSION_DENIED);
}
private void setupLocationPermissions( private void setupLocationPermissions(
int targetSdk, boolean locationToggle, String op, String perm) throws Exception { int targetSdk, boolean locationToggle, String op, String perm) throws Exception {
denyAllLocationPrivilegedPermissions();
final ApplicationInfo applicationInfo = new ApplicationInfo(); final ApplicationInfo applicationInfo = new ApplicationInfo();
applicationInfo.targetSdkVersion = targetSdk; applicationInfo.targetSdkVersion = targetSdk;
when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any())) when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))
@@ -8156,15 +8170,13 @@ public class ConnectivityServiceTest {
new NetworkAgentInfo(null, network, null, null, new NetworkCapabilities(), 0, new NetworkAgentInfo(null, network, null, null, new NetworkCapabilities(), 0,
mServiceContext, null, null, mService, null, null, null, 0, INVALID_UID); mServiceContext, null, null, mService, null, null, null, 0, INVALID_UID);
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
Manifest.permission.ACCESS_FINE_LOCATION);
mMockVpn.establishForMyUid(); mMockVpn.establishForMyUid();
assertUidRangesUpdatedForMyUid(true); assertUidRangesUpdatedForMyUid(true);
// Wait for networks to connect and broadcasts to be sent before removing permissions. // Wait for networks to connect and broadcasts to be sent before removing permissions.
waitForIdle(); waitForIdle();
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED); setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
Manifest.permission.ACCESS_FINE_LOCATION);
assertTrue(mService.setUnderlyingNetworksForVpn(new Network[] {network})); assertTrue(mService.setUnderlyingNetworksForVpn(new Network[] {network}));
waitForIdle(); waitForIdle();