Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 201fc13e authored by Cody Kesting's avatar Cody Kesting
Browse files

Add list of Administrator UIDs to NetworkCapabilities. 

Adds a list of administrator UIDs to NetworkCapabilties. The carrier
privilege permission model allows multiple uids to be granted
network-management privileges via certificates stored on a SIM card or
in CarrierConfigManager. The current NetworkCapabilities only allows a
single uid to be stored to track the owner of the network - this change
remedies that discrepancy.

Bug: 147903575
Test: atest FrameworksNetTests
Change-Id: I3169d31e0270c976a720e80363cb268cbafd0455
parent a538107a

api/system-current.txt

+2 −0
Original line number Diff line number Diff line
@@ -4533,9 +4533,11 @@ package android.net { 














  public final class NetworkCapabilities implements android.os.Parcelable {















    method public boolean deduceRestrictedCapability();













    method @NonNull public java.util.List<java.lang.Integer> getAdministratorUids();















    method @Nullable public String getSSID();















    method @NonNull public int[] getTransportTypes();















    method public boolean satisfiedByNetworkCapabilities(@Nullable android.net.NetworkCapabilities);













    method public void setAdministratorUids(@NonNull java.util.List<java.lang.Integer>);















    method @NonNull public android.net.NetworkCapabilities setSSID(@Nullable String);















    method @NonNull public android.net.NetworkCapabilities setTransportInfo(@NonNull android.net.TransportInfo);















    field public static final int NET_CAPABILITY_OEM_PAID = 22; // 0x16

































core/java/android/net/NetworkCapabilities.java



+62
−0




























Original line number
Diff line number
Diff line








@@ -35,6 +35,9 @@ import com.android.internal.util.Preconditions;





























import java.lang.annotation.Retention;















import java.lang.annotation.RetentionPolicy;













import java.util.ArrayList;













import java.util.Collections;













import java.util.List;















import java.util.Objects;















import java.util.Set;















import java.util.StringJoiner;










@@ -83,6 +86,7 @@ public final class NetworkCapabilities implements Parcelable {













        mSignalStrength = SIGNAL_STRENGTH_UNSPECIFIED;















        mUids = null;















        mEstablishingVpnAppUid = INVALID_UID;













        mAdministratorUids.clear();















        mSSID = null;















        mPrivateDnsBroken = false;















    }









@@ -101,6 +105,7 @@ public final class NetworkCapabilities implements Parcelable {













        mSignalStrength = nc.mSignalStrength;















        setUids(nc.mUids); // Will make the defensive copy















        mEstablishingVpnAppUid = nc.mEstablishingVpnAppUid;













        setAdministratorUids(nc.mAdministratorUids);















        mUnwantedNetworkCapabilities = nc.mUnwantedNetworkCapabilities;















        mSSID = nc.mSSID;















        mPrivateDnsBroken = nc.mPrivateDnsBroken;










@@ -832,6 +837,56 @@ public final class NetworkCapabilities implements Parcelable {













        return mEstablishingVpnAppUid;















    }





























    /**













     * UIDs of packages that are administrators of this network, or empty if none.













     *













     * <p>This field tracks the UIDs of packages that have permission to manage this network.













     *













     * <p>Network owners will also be listed as administrators.













     *













     * <p>For NetworkCapability instances being sent from the System Server, this value MUST be













     * empty unless the destination is 1) the System Server, or 2) Telephony. In either case, the













     * receiving entity must have the ACCESS_FINE_LOCATION permission and target R+.













     */













    private final List<Integer> mAdministratorUids = new ArrayList<>();



























    /**













     * Sets the list of UIDs that are administrators of this network.













     *













     * <p>UIDs included in administratorUids gain administrator privileges over this Network.













     * Examples of UIDs that should be included in administratorUids are:













     * <ul>













     *     <li>Carrier apps with privileges for the relevant subscription













     *     <li>Active VPN apps













     *     <li>Other application groups with a particular Network-related role













     * </ul>













     *













     * <p>In general, user-supplied networks (such as WiFi networks) do not have an administrator.













     *













     * <p>An app is granted owner privileges over Networks that it supplies. Owner privileges













     * implicitly include administrator privileges.













     *













     * @param administratorUids the UIDs to be set as administrators of this Network.













     * @hide













     */













    @SystemApi













    public void setAdministratorUids(@NonNull final List<Integer> administratorUids) {













        mAdministratorUids.clear();













        mAdministratorUids.addAll(administratorUids);













    }



























    /**













     * Retrieves the list of UIDs that are administrators of this Network.













     *













     * @return the List of UIDs that are administrators of this Network













     * @hide













     */













    @NonNull













    @SystemApi













    public List<Integer> getAdministratorUids() {













        return Collections.unmodifiableList(mAdministratorUids);













    }





























    /**















     * Value indicating that link bandwidth is unspecified.















     * @hide










@@ -1471,6 +1526,7 @@ public final class NetworkCapabilities implements Parcelable {













    public int describeContents() {















        return 0;















    }





























    @Override















    public void writeToParcel(Parcel dest, int flags) {















        dest.writeLong(mNetworkCapabilities);









@@ -1484,6 +1540,7 @@ public final class NetworkCapabilities implements Parcelable {













        dest.writeArraySet(mUids);















        dest.writeString(mSSID);















        dest.writeBoolean(mPrivateDnsBroken);













        dest.writeList(mAdministratorUids);















    }































    public static final @android.annotation.NonNull Creator<NetworkCapabilities> CREATOR =









@@ -1504,6 +1561,7 @@ public final class NetworkCapabilities implements Parcelable {













                        null /* ClassLoader, null for default */);















                netCap.mSSID = in.readString();















                netCap.mPrivateDnsBroken = in.readBoolean();













                netCap.setAdministratorUids(in.readArrayList(null));















                return netCap;















            }















            @Override










@@ -1557,6 +1615,10 @@ public final class NetworkCapabilities implements Parcelable {













            sb.append(" EstablishingAppUid: ").append(mEstablishingVpnAppUid);















        }





























        if (!mAdministratorUids.isEmpty()) {













            sb.append(" AdministratorUids: ").append(mAdministratorUids);













        }





























        if (null != mSSID) {















            sb.append(" SSID: ").append(mSSID);















        }

































services/core/java/com/android/server/ConnectivityService.java



+3
−0




























Original line number
Diff line number
Diff line








@@ -212,6 +212,7 @@ import java.net.UnknownHostException;













import java.util.ArrayList;















import java.util.Arrays;















import java.util.Collection;













import java.util.Collections;















import java.util.Comparator;















import java.util.ConcurrentModificationException;















import java.util.HashMap;










@@ -1634,6 +1635,7 @@ public class ConnectivityService extends IConnectivityManager.Stub













        if (newNc.getNetworkSpecifier() != null) {















            newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact());















        }













        newNc.setAdministratorUids(Collections.EMPTY_LIST);















        return newNc;















    }


























@@ -1664,6 +1666,7 @@ public class ConnectivityService extends IConnectivityManager.Stub













        if (!checkSettingsPermission()) {















            nc.setSingleUid(Binder.getCallingUid());















        }













        nc.setAdministratorUids(Collections.EMPTY_LIST);















    }































    private void restrictBackgroundRequestForCaller(NetworkCapabilities nc) {

































tests/net/common/java/android/net/NetworkCapabilitiesTest.java



+1
−1




























Original line number
Diff line number
Diff line








@@ -271,7 +271,7 @@ public class NetworkCapabilitiesTest {













            .addCapability(NET_CAPABILITY_NOT_METERED);















        assertParcelingIsLossless(netCap);















        netCap.setSSID(TEST_SSID);













        assertParcelSane(netCap, 12);













        assertParcelSane(netCap, 13);















    }































    @Test