Loading services/core/java/com/android/server/connectivity/PermissionMonitor.java +14 −15 Original line number Diff line number Diff line Loading @@ -42,10 +42,10 @@ import android.net.UidRange; import android.os.Build; import android.os.RemoteException; import android.os.ServiceSpecificException; import android.os.SystemConfigManager; import android.os.UserHandle; import android.os.UserManager; import android.system.OsConstants; import android.util.ArraySet; import android.util.Log; import android.util.SparseArray; import android.util.SparseIntArray; Loading @@ -55,7 +55,6 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.IndentingPrintWriter; import com.android.net.module.util.CollectionUtils; import com.android.server.LocalServices; import com.android.server.SystemConfig; import java.util.ArrayList; import java.util.HashMap; Loading @@ -81,6 +80,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse private final PackageManager mPackageManager; private final UserManager mUserManager; private final SystemConfigManager mSystemConfigManager; private final INetd mNetd; private final Dependencies mDeps; Loading Loading @@ -124,6 +124,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse @NonNull final Dependencies deps) { mPackageManager = context.getPackageManager(); mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE); mSystemConfigManager = context.getSystemService(SystemConfigManager.class); mNetd = netd; mDeps = deps; } Loading Loading @@ -175,21 +176,19 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */)); final SparseArray<ArraySet<String>> systemPermission = SystemConfig.getInstance().getSystemPermissions(); for (int i = 0; i < systemPermission.size(); i++) { ArraySet<String> perms = systemPermission.valueAt(i); int uid = systemPermission.keyAt(i); int netdPermission = 0; // Get the uids of native services that have UPDATE_DEVICE_STATS or INTERNET permission. if (perms != null) { netdPermission |= perms.contains(UPDATE_DEVICE_STATS) ? INetd.PERMISSION_UPDATE_DEVICE_STATS : 0; netdPermission |= perms.contains(INTERNET) ? INetd.PERMISSION_INTERNET : 0; } final SparseArray<String> netdPermToSystemPerm = new SparseArray<>(); netdPermToSystemPerm.put(INetd.PERMISSION_INTERNET, INTERNET); netdPermToSystemPerm.put(INetd.PERMISSION_UPDATE_DEVICE_STATS, UPDATE_DEVICE_STATS); for (int i = 0; i < netdPermToSystemPerm.size(); i++) { final int netdPermission = netdPermToSystemPerm.keyAt(i); final String systemPermission = netdPermToSystemPerm.valueAt(i); final int[] hasPermissionUids = mSystemConfigManager.getSystemPermissionUids(systemPermission); for (int j = 0; j < hasPermissionUids.length; j++) { final int uid = hasPermissionUids[j]; netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission); } } log("Users: " + mUsers.size() + ", Apps: " + mApps.size()); update(mUsers, mApps, true); sendPackagePermissionsToNetd(netdPermsUids); Loading tests/net/integration/src/com/android/server/net/integrationtests/ConnectivityServiceIntegrationTest.kt +9 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,7 @@ import android.net.metrics.IpConnectivityLog import android.os.ConditionVariable import android.os.IBinder import android.os.INetworkManagementService import android.os.SystemConfigManager import android.os.UserHandle import android.testing.TestableContext import android.util.Log Loading @@ -57,6 +58,7 @@ import org.junit.BeforeClass import org.junit.Test import org.junit.runner.RunWith import org.mockito.AdditionalAnswers import org.mockito.ArgumentMatchers.anyString import org.mockito.Mock import org.mockito.Mockito.any import org.mockito.Mockito.anyInt Loading Loading @@ -94,6 +96,8 @@ class ConnectivityServiceIntegrationTest { private lateinit var netd: INetd @Mock private lateinit var dnsResolver: IDnsResolver @Mock private lateinit var systemConfigManager: SystemConfigManager @Spy private var context = TestableContext(realContext) Loading Loading @@ -151,6 +155,11 @@ class ConnectivityServiceIntegrationTest { doReturn(UserHandle.ALL).`when`(asUserCtx).user doReturn(asUserCtx).`when`(context).createContextAsUser(eq(UserHandle.ALL), anyInt()) doNothing().`when`(context).sendStickyBroadcast(any(), any()) doReturn(Context.SYSTEM_CONFIG_SERVICE).`when`(context) .getSystemServiceName(SystemConfigManager::class.java) doReturn(systemConfigManager).`when`(context) .getSystemService(Context.SYSTEM_CONFIG_SERVICE) doReturn(IntArray(0)).`when`(systemConfigManager).getSystemPermissionUids(anyString()) networkStackClient = TestNetworkStackClient(realContext) networkStackClient.init() Loading tests/net/java/com/android/server/ConnectivityServiceTest.java +4 −0 Original line number Diff line number Diff line Loading @@ -238,6 +238,7 @@ import android.os.Process; import android.os.RemoteException; import android.os.ServiceSpecificException; import android.os.SystemClock; import android.os.SystemConfigManager; import android.os.UserHandle; import android.os.UserManager; import android.provider.Settings; Loading Loading @@ -430,6 +431,7 @@ public class ConnectivityServiceTest { @Mock EthernetManager mEthernetManager; @Mock NetworkPolicyManager mNetworkPolicyManager; @Mock KeyStore mKeyStore; @Mock SystemConfigManager mSystemConfigManager; private ArgumentCaptor<ResolverParamsParcel> mResolverParamsParcelCaptor = ArgumentCaptor.forClass(ResolverParamsParcel.class); Loading Loading @@ -526,6 +528,7 @@ public class ConnectivityServiceTest { if (Context.TELEPHONY_SERVICE.equals(name)) return mTelephonyManager; if (Context.ETHERNET_SERVICE.equals(name)) return mEthernetManager; if (Context.NETWORK_POLICY_SERVICE.equals(name)) return mNetworkPolicyManager; if (Context.SYSTEM_CONFIG_SERVICE.equals(name)) return mSystemConfigManager; return super.getSystemService(name); } Loading Loading @@ -1432,6 +1435,7 @@ public class ConnectivityServiceTest { applicationInfo.targetSdkVersion = Build.VERSION_CODES.Q; when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any())) .thenReturn(applicationInfo); when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]); // InstrumentationTestRunner prepares a looper, but AndroidJUnitRunner does not. // http://b/25897652 . Loading tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java +23 −0 Original line number Diff line number Diff line Loading @@ -61,6 +61,7 @@ import android.content.pm.PackageManagerInternal; import android.net.INetd; import android.net.UidRange; import android.os.Build; import android.os.SystemConfigManager; import android.os.UserHandle; import android.os.UserManager; import android.util.SparseIntArray; Loading Loading @@ -114,6 +115,7 @@ public class PermissionMonitorTest { @Mock private PackageManagerInternal mMockPmi; @Mock private UserManager mUserManager; @Mock private PermissionMonitor.Dependencies mDeps; @Mock private SystemConfigManager mSystemConfigManager; private PermissionMonitor mPermissionMonitor; Loading @@ -124,6 +126,11 @@ public class PermissionMonitorTest { when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager); when(mUserManager.getUserHandles(eq(true))).thenReturn( Arrays.asList(new UserHandle[] { MOCK_USER1, MOCK_USER2 })); when(mContext.getSystemServiceName(SystemConfigManager.class)) .thenReturn(Context.SYSTEM_CONFIG_SERVICE); when(mContext.getSystemService(Context.SYSTEM_CONFIG_SERVICE)) .thenReturn(mSystemConfigManager); when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]); mPermissionMonitor = spy(new PermissionMonitor(mContext, mNetdService, mDeps)); Loading Loading @@ -747,4 +754,20 @@ public class PermissionMonitorTest { GET_PERMISSIONS | MATCH_ANY_USER); assertTrue(monitor.hasPermission(systemInfo, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); } @Test public void testUpdateUidPermissionsFromSystemConfig() throws Exception { final NetdServiceMonitor mNetdServiceMonitor = new NetdServiceMonitor(mNetdService); when(mPackageManager.getInstalledPackages(anyInt())).thenReturn(new ArrayList<>()); when(mSystemConfigManager.getSystemPermissionUids(eq(INTERNET))) .thenReturn(new int[]{ MOCK_UID1, MOCK_UID2 }); when(mSystemConfigManager.getSystemPermissionUids(eq(UPDATE_DEVICE_STATS))) .thenReturn(new int[]{ MOCK_UID2 }); mPermissionMonitor.startMonitoring(); mNetdServiceMonitor.expectPermission(INetd.PERMISSION_INTERNET, new int[]{ MOCK_UID1 }); mNetdServiceMonitor.expectPermission( INetd.PERMISSION_INTERNET | INetd.PERMISSION_UPDATE_DEVICE_STATS, new int[]{ MOCK_UID2 }); } } Loading
services/core/java/com/android/server/connectivity/PermissionMonitor.java +14 −15 Original line number Diff line number Diff line Loading @@ -42,10 +42,10 @@ import android.net.UidRange; import android.os.Build; import android.os.RemoteException; import android.os.ServiceSpecificException; import android.os.SystemConfigManager; import android.os.UserHandle; import android.os.UserManager; import android.system.OsConstants; import android.util.ArraySet; import android.util.Log; import android.util.SparseArray; import android.util.SparseIntArray; Loading @@ -55,7 +55,6 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.IndentingPrintWriter; import com.android.net.module.util.CollectionUtils; import com.android.server.LocalServices; import com.android.server.SystemConfig; import java.util.ArrayList; import java.util.HashMap; Loading @@ -81,6 +80,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse private final PackageManager mPackageManager; private final UserManager mUserManager; private final SystemConfigManager mSystemConfigManager; private final INetd mNetd; private final Dependencies mDeps; Loading Loading @@ -124,6 +124,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse @NonNull final Dependencies deps) { mPackageManager = context.getPackageManager(); mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE); mSystemConfigManager = context.getSystemService(SystemConfigManager.class); mNetd = netd; mDeps = deps; } Loading Loading @@ -175,21 +176,19 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */)); final SparseArray<ArraySet<String>> systemPermission = SystemConfig.getInstance().getSystemPermissions(); for (int i = 0; i < systemPermission.size(); i++) { ArraySet<String> perms = systemPermission.valueAt(i); int uid = systemPermission.keyAt(i); int netdPermission = 0; // Get the uids of native services that have UPDATE_DEVICE_STATS or INTERNET permission. if (perms != null) { netdPermission |= perms.contains(UPDATE_DEVICE_STATS) ? INetd.PERMISSION_UPDATE_DEVICE_STATS : 0; netdPermission |= perms.contains(INTERNET) ? INetd.PERMISSION_INTERNET : 0; } final SparseArray<String> netdPermToSystemPerm = new SparseArray<>(); netdPermToSystemPerm.put(INetd.PERMISSION_INTERNET, INTERNET); netdPermToSystemPerm.put(INetd.PERMISSION_UPDATE_DEVICE_STATS, UPDATE_DEVICE_STATS); for (int i = 0; i < netdPermToSystemPerm.size(); i++) { final int netdPermission = netdPermToSystemPerm.keyAt(i); final String systemPermission = netdPermToSystemPerm.valueAt(i); final int[] hasPermissionUids = mSystemConfigManager.getSystemPermissionUids(systemPermission); for (int j = 0; j < hasPermissionUids.length; j++) { final int uid = hasPermissionUids[j]; netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission); } } log("Users: " + mUsers.size() + ", Apps: " + mApps.size()); update(mUsers, mApps, true); sendPackagePermissionsToNetd(netdPermsUids); Loading
tests/net/integration/src/com/android/server/net/integrationtests/ConnectivityServiceIntegrationTest.kt +9 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,7 @@ import android.net.metrics.IpConnectivityLog import android.os.ConditionVariable import android.os.IBinder import android.os.INetworkManagementService import android.os.SystemConfigManager import android.os.UserHandle import android.testing.TestableContext import android.util.Log Loading @@ -57,6 +58,7 @@ import org.junit.BeforeClass import org.junit.Test import org.junit.runner.RunWith import org.mockito.AdditionalAnswers import org.mockito.ArgumentMatchers.anyString import org.mockito.Mock import org.mockito.Mockito.any import org.mockito.Mockito.anyInt Loading Loading @@ -94,6 +96,8 @@ class ConnectivityServiceIntegrationTest { private lateinit var netd: INetd @Mock private lateinit var dnsResolver: IDnsResolver @Mock private lateinit var systemConfigManager: SystemConfigManager @Spy private var context = TestableContext(realContext) Loading Loading @@ -151,6 +155,11 @@ class ConnectivityServiceIntegrationTest { doReturn(UserHandle.ALL).`when`(asUserCtx).user doReturn(asUserCtx).`when`(context).createContextAsUser(eq(UserHandle.ALL), anyInt()) doNothing().`when`(context).sendStickyBroadcast(any(), any()) doReturn(Context.SYSTEM_CONFIG_SERVICE).`when`(context) .getSystemServiceName(SystemConfigManager::class.java) doReturn(systemConfigManager).`when`(context) .getSystemService(Context.SYSTEM_CONFIG_SERVICE) doReturn(IntArray(0)).`when`(systemConfigManager).getSystemPermissionUids(anyString()) networkStackClient = TestNetworkStackClient(realContext) networkStackClient.init() Loading
tests/net/java/com/android/server/ConnectivityServiceTest.java +4 −0 Original line number Diff line number Diff line Loading @@ -238,6 +238,7 @@ import android.os.Process; import android.os.RemoteException; import android.os.ServiceSpecificException; import android.os.SystemClock; import android.os.SystemConfigManager; import android.os.UserHandle; import android.os.UserManager; import android.provider.Settings; Loading Loading @@ -430,6 +431,7 @@ public class ConnectivityServiceTest { @Mock EthernetManager mEthernetManager; @Mock NetworkPolicyManager mNetworkPolicyManager; @Mock KeyStore mKeyStore; @Mock SystemConfigManager mSystemConfigManager; private ArgumentCaptor<ResolverParamsParcel> mResolverParamsParcelCaptor = ArgumentCaptor.forClass(ResolverParamsParcel.class); Loading Loading @@ -526,6 +528,7 @@ public class ConnectivityServiceTest { if (Context.TELEPHONY_SERVICE.equals(name)) return mTelephonyManager; if (Context.ETHERNET_SERVICE.equals(name)) return mEthernetManager; if (Context.NETWORK_POLICY_SERVICE.equals(name)) return mNetworkPolicyManager; if (Context.SYSTEM_CONFIG_SERVICE.equals(name)) return mSystemConfigManager; return super.getSystemService(name); } Loading Loading @@ -1432,6 +1435,7 @@ public class ConnectivityServiceTest { applicationInfo.targetSdkVersion = Build.VERSION_CODES.Q; when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any())) .thenReturn(applicationInfo); when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]); // InstrumentationTestRunner prepares a looper, but AndroidJUnitRunner does not. // http://b/25897652 . Loading
tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java +23 −0 Original line number Diff line number Diff line Loading @@ -61,6 +61,7 @@ import android.content.pm.PackageManagerInternal; import android.net.INetd; import android.net.UidRange; import android.os.Build; import android.os.SystemConfigManager; import android.os.UserHandle; import android.os.UserManager; import android.util.SparseIntArray; Loading Loading @@ -114,6 +115,7 @@ public class PermissionMonitorTest { @Mock private PackageManagerInternal mMockPmi; @Mock private UserManager mUserManager; @Mock private PermissionMonitor.Dependencies mDeps; @Mock private SystemConfigManager mSystemConfigManager; private PermissionMonitor mPermissionMonitor; Loading @@ -124,6 +126,11 @@ public class PermissionMonitorTest { when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager); when(mUserManager.getUserHandles(eq(true))).thenReturn( Arrays.asList(new UserHandle[] { MOCK_USER1, MOCK_USER2 })); when(mContext.getSystemServiceName(SystemConfigManager.class)) .thenReturn(Context.SYSTEM_CONFIG_SERVICE); when(mContext.getSystemService(Context.SYSTEM_CONFIG_SERVICE)) .thenReturn(mSystemConfigManager); when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]); mPermissionMonitor = spy(new PermissionMonitor(mContext, mNetdService, mDeps)); Loading Loading @@ -747,4 +754,20 @@ public class PermissionMonitorTest { GET_PERMISSIONS | MATCH_ANY_USER); assertTrue(monitor.hasPermission(systemInfo, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); } @Test public void testUpdateUidPermissionsFromSystemConfig() throws Exception { final NetdServiceMonitor mNetdServiceMonitor = new NetdServiceMonitor(mNetdService); when(mPackageManager.getInstalledPackages(anyInt())).thenReturn(new ArrayList<>()); when(mSystemConfigManager.getSystemPermissionUids(eq(INTERNET))) .thenReturn(new int[]{ MOCK_UID1, MOCK_UID2 }); when(mSystemConfigManager.getSystemPermissionUids(eq(UPDATE_DEVICE_STATS))) .thenReturn(new int[]{ MOCK_UID2 }); mPermissionMonitor.startMonitoring(); mNetdServiceMonitor.expectPermission(INetd.PERMISSION_INTERNET, new int[]{ MOCK_UID1 }); mNetdServiceMonitor.expectPermission( INetd.PERMISSION_INTERNET | INetd.PERMISSION_UPDATE_DEVICE_STATS, new int[]{ MOCK_UID2 }); } }
