Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 103e78ed authored by Lorenzo Colitti's avatar Lorenzo Colitti
Browse files

Don't expose raw IBinder APIs. 

APIs should not expose raw IBinder objects.

Fix: 184735751
Test: builds, boots
Test: atest CtsNetTestCases:android.net.cts.ConnectivityManagerTest
Test: atest CtsNetTestCases:android.net.cts.DnsResolverTest
Change-Id: Ia0c4170def31123f0b79318fec2cfe02e4fcd3bf
parent fb7f36b3

core/api/system-current.txt

+0 −4
Original line number Diff line number Diff line
@@ -6092,10 +6092,6 @@ package android.metrics { 














package android.net {



























  public class DnsResolverServiceManager {













    method @NonNull @RequiresPermission(android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK) public static android.os.IBinder getService(@NonNull android.content.Context);













  }



























  public class EthernetManager {















    method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.NETWORK_STACK, android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK}) public android.net.EthernetManager.TetheredInterfaceRequest requestTetheredInterface(@NonNull java.util.concurrent.Executor, @NonNull android.net.EthernetManager.TetheredInterfaceCallback);















  }

































packages/Connectivity/framework/src/android/net/ConnectivityFrameworkInitializer.java



+6
−0




























Original line number
Diff line number
Diff line








@@ -68,5 +68,11 @@ public final class ConnectivityFrameworkInitializer {













                    return cm.startOrGetTestNetworkManager();















                }















        );



























        SystemServiceRegistry.registerContextAwareService(













                DnsResolverServiceManager.DNS_RESOLVER_SERVICE,













                DnsResolverServiceManager.class,













                (context, serviceBinder) -> new DnsResolverServiceManager(serviceBinder)













        );















    }















}
























core/java/android/net/DnsResolverServiceManager.javapackages/Connectivity/framework/src/android/net/DnsResolverServiceManager.java



+45
−0




























Original line number
Diff line number
Diff line








@@ -16,48 +16,30 @@













package android.net;































import android.annotation.NonNull;













import android.annotation.RequiresPermission;













import android.annotation.SystemApi;













import android.content.Context;















import android.os.IBinder;













import android.os.ServiceManager;



























import java.util.Objects;































/**















 * Provides a way to obtain the DnsResolver binder objects.















 *















 * @hide















 */













@SystemApi















public class DnsResolverServiceManager {













    /**













     * Name to retrieve a {@link android.net.IDnsResolver} IBinder.













     */













    private static final String DNS_RESOLVER_SERVICE = "dnsresolver";













    /** Service name for the DNS resolver. Keep in sync with DnsResolverService.h */













    public static final String DNS_RESOLVER_SERVICE = "dnsresolver";





























    private DnsResolverServiceManager() {}













    private final IBinder mResolver;



























    DnsResolverServiceManager(IBinder resolver) {













        mResolver = resolver;













    }































    /**















     * Get an {@link IBinder} representing the DnsResolver stable AIDL interface















     *













     * @param context the context for permission check.















     * @return {@link android.net.IDnsResolver} IBinder.















     */















    @NonNull













    @RequiresPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)













    public static IBinder getService(@NonNull final Context context) {













        Objects.requireNonNull(context);













        context.enforceCallingOrSelfPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,













                "DnsResolverServiceManager");













        try {













            return ServiceManager.getServiceOrThrow(DNS_RESOLVER_SERVICE);













        } catch (ServiceManager.ServiceNotFoundException e) {













            // Catch ServiceManager#ServiceNotFoundException and rethrow IllegalStateException













            // because ServiceManager#ServiceNotFoundException is @hide so that it can't be listed













            // on the system api. Thus, rethrow IllegalStateException if dns resolver service cannot













            // be found.













            throw new IllegalStateException("Cannot find dns resolver service.");













        }













    public IBinder getService() {













        return mResolver;















    }















}
























services/core/java/com/android/server/ConnectivityService.java



+3
−1




























Original line number
Diff line number
Diff line








@@ -616,7 +616,9 @@ public class ConnectivityService extends IConnectivityManager.Stub













    }































    private static IDnsResolver getDnsResolver(Context context) {













        return IDnsResolver.Stub.asInterface(DnsResolverServiceManager.getService(context));













        final DnsResolverServiceManager dsm = context.getSystemService(













                DnsResolverServiceManager.class);













        return IDnsResolver.Stub.asInterface(dsm.getService());















    }































    /** Handler thread used for all of the handlers below. */