Merge changes Ie0b32460,I21028457,I82754375 am: 29e5346c24 am: e8c002d842 am: 71f05fff22 (302b4758) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/ConnectivityService.java

+52 −48

Original line number	Original line	Diff line number	Diff line
	@@ -876,6 +876,10 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@VisibleForTesting		@VisibleForTesting
	public static class Dependencies {		public static class Dependencies {
			public int getCallingUid() {
			return Binder.getCallingUid();
			}

	/**		/**
	* Get system properties to use in ConnectivityService.		* Get system properties to use in ConnectivityService.
	*/		*/
	@@ -1408,7 +1412,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	@Override		@Override
	public NetworkInfo getActiveNetworkInfo() {		public NetworkInfo getActiveNetworkInfo() {
	enforceAccessPermission();		enforceAccessPermission();
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	final NetworkState state = getUnfilteredActiveNetworkState(uid);		final NetworkState state = getUnfilteredActiveNetworkState(uid);
	filterNetworkStateForUid(state, uid, false);		filterNetworkStateForUid(state, uid, false);
	maybeLogBlockedNetworkInfo(state.networkInfo, uid);		maybeLogBlockedNetworkInfo(state.networkInfo, uid);
	@@ -1418,7 +1422,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	@Override		@Override
	public Network getActiveNetwork() {		public Network getActiveNetwork() {
	enforceAccessPermission();		enforceAccessPermission();
	return getActiveNetworkForUidInternal(Binder.getCallingUid(), false);		return getActiveNetworkForUidInternal(mDeps.getCallingUid(), false);
	}		}

	@Override		@Override
	@@ -1458,7 +1462,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	// Public because it's used by mLockdownTracker.		// Public because it's used by mLockdownTracker.
	public NetworkInfo getActiveNetworkInfoUnfiltered() {		public NetworkInfo getActiveNetworkInfoUnfiltered() {
	enforceAccessPermission();		enforceAccessPermission();
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	NetworkState state = getUnfilteredActiveNetworkState(uid);		NetworkState state = getUnfilteredActiveNetworkState(uid);
	return state.networkInfo;		return state.networkInfo;
	}		}
	@@ -1474,7 +1478,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	@Override		@Override
	public NetworkInfo getNetworkInfo(int networkType) {		public NetworkInfo getNetworkInfo(int networkType) {
	enforceAccessPermission();		enforceAccessPermission();
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	if (getVpnUnderlyingNetworks(uid) != null) {		if (getVpnUnderlyingNetworks(uid) != null) {
	// A VPN is active, so we may need to return one of its underlying networks. This		// A VPN is active, so we may need to return one of its underlying networks. This
	// information is not available in LegacyTypeTracker, so we have to get it from		// information is not available in LegacyTypeTracker, so we have to get it from
	@@ -1519,7 +1523,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	@Override		@Override
	public Network getNetworkForType(int networkType) {		public Network getNetworkForType(int networkType) {
	enforceAccessPermission();		enforceAccessPermission();
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	NetworkState state = getFilteredNetworkState(networkType, uid);		NetworkState state = getFilteredNetworkState(networkType, uid);
	if (!isNetworkWithLinkPropertiesBlocked(state.linkProperties, uid, false)) {		if (!isNetworkWithLinkPropertiesBlocked(state.linkProperties, uid, false)) {
	return state.network;		return state.network;
	@@ -1566,7 +1570,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	result.put(		result.put(
	nai.network,		nai.network,
	maybeSanitizeLocationInfoForCaller(		maybeSanitizeLocationInfoForCaller(
	nc, Binder.getCallingUid(), callingPackageName));		nc, mDeps.getCallingUid(), callingPackageName));
	}		}

	synchronized (mVpns) {		synchronized (mVpns) {
	@@ -1581,7 +1585,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	result.put(		result.put(
	network,		network,
	maybeSanitizeLocationInfoForCaller(		maybeSanitizeLocationInfoForCaller(
	nc, Binder.getCallingUid(), callingPackageName));		nc, mDeps.getCallingUid(), callingPackageName));
	}		}
	}		}
	}		}
	@@ -1611,7 +1615,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	@Override		@Override
	public LinkProperties getActiveLinkProperties() {		public LinkProperties getActiveLinkProperties() {
	enforceAccessPermission();		enforceAccessPermission();
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	NetworkState state = getUnfilteredActiveNetworkState(uid);		NetworkState state = getUnfilteredActiveNetworkState(uid);
	if (state.linkProperties == null) return null;		if (state.linkProperties == null) return null;
	return linkPropertiesRestrictedForCallerPermissions(state.linkProperties,		return linkPropertiesRestrictedForCallerPermissions(state.linkProperties,
	@@ -1625,7 +1629,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	final LinkProperties lp = getLinkProperties(nai);		final LinkProperties lp = getLinkProperties(nai);
	if (lp == null) return null;		if (lp == null) return null;
	return linkPropertiesRestrictedForCallerPermissions(		return linkPropertiesRestrictedForCallerPermissions(
	lp, Binder.getCallingPid(), Binder.getCallingUid());		lp, Binder.getCallingPid(), mDeps.getCallingUid());
	}		}

	// TODO - this should be ALL networks		// TODO - this should be ALL networks
	@@ -1635,7 +1639,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	final LinkProperties lp = getLinkProperties(getNetworkAgentInfoForNetwork(network));		final LinkProperties lp = getLinkProperties(getNetworkAgentInfoForNetwork(network));
	if (lp == null) return null;		if (lp == null) return null;
	return linkPropertiesRestrictedForCallerPermissions(		return linkPropertiesRestrictedForCallerPermissions(
	lp, Binder.getCallingPid(), Binder.getCallingUid());		lp, Binder.getCallingPid(), mDeps.getCallingUid());
	}		}

	@Nullable		@Nullable
	@@ -1657,17 +1661,17 @@ public class ConnectivityService extends IConnectivityManager.Stub
	synchronized (nai) {		synchronized (nai) {
	if (nai.networkCapabilities == null) return null;		if (nai.networkCapabilities == null) return null;
	return networkCapabilitiesRestrictedForCallerPermissions(		return networkCapabilitiesRestrictedForCallerPermissions(
	nai.networkCapabilities, Binder.getCallingPid(), Binder.getCallingUid());		nai.networkCapabilities, Binder.getCallingPid(), mDeps.getCallingUid());
	}		}
	}		}

	@Override		@Override
	public NetworkCapabilities getNetworkCapabilities(Network network, String callingPackageName) {		public NetworkCapabilities getNetworkCapabilities(Network network, String callingPackageName) {
	mAppOpsManager.checkPackage(Binder.getCallingUid(), callingPackageName);		mAppOpsManager.checkPackage(mDeps.getCallingUid(), callingPackageName);
	enforceAccessPermission();		enforceAccessPermission();
	return maybeSanitizeLocationInfoForCaller(		return maybeSanitizeLocationInfoForCaller(
	getNetworkCapabilitiesInternal(network),		getNetworkCapabilitiesInternal(network),
	Binder.getCallingUid(), callingPackageName);		mDeps.getCallingUid(), callingPackageName);
	}		}

	@VisibleForTesting		@VisibleForTesting
	@@ -1755,7 +1759,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	}		}

	private void restrictBackgroundRequestForCaller(NetworkCapabilities nc) {		private void restrictBackgroundRequestForCaller(NetworkCapabilities nc) {
	if (!mPermissionMonitor.hasUseBackgroundNetworksPermission(Binder.getCallingUid())) {		if (!mPermissionMonitor.hasUseBackgroundNetworksPermission(mDeps.getCallingUid())) {
	nc.addCapability(NET_CAPABILITY_FOREGROUND);		nc.addCapability(NET_CAPABILITY_FOREGROUND);
	}		}
	}		}
	@@ -1808,7 +1812,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	// requestRouteToHost. In Q, GnssLocationProvider is changed to not call requestRouteToHost		// requestRouteToHost. In Q, GnssLocationProvider is changed to not call requestRouteToHost
	// for devices launched with Q and above. However, existing devices upgrading to Q and		// for devices launched with Q and above. However, existing devices upgrading to Q and
	// above must continued to be supported for few more releases.		// above must continued to be supported for few more releases.
	if (isSystem(Binder.getCallingUid()) && SystemProperties.getInt(		if (isSystem(mDeps.getCallingUid()) && SystemProperties.getInt(
	"ro.product.first_api_level", 0) > Build.VERSION_CODES.P) {		"ro.product.first_api_level", 0) > Build.VERSION_CODES.P) {
	log("This method exists only for app backwards compatibility"		log("This method exists only for app backwards compatibility"
	+ " and must not be called by system services.");		+ " and must not be called by system services.");
	@@ -1874,7 +1878,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	return false;		return false;
	}		}

	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	final long token = Binder.clearCallingIdentity();		final long token = Binder.clearCallingIdentity();
	try {		try {
	LinkProperties lp;		LinkProperties lp;
	@@ -2294,7 +2298,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@Override		@Override
	public void systemReady() {		public void systemReady() {
	if (Binder.getCallingUid() != Process.SYSTEM_UID) {		if (mDeps.getCallingUid() != Process.SYSTEM_UID) {
	throw new SecurityException("Calling Uid is not system uid.");		throw new SecurityException("Calling Uid is not system uid.");
	}		}
	systemReadyInternal();		systemReadyInternal();
	@@ -2520,7 +2524,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	if (context.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)		if (context.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
	!= PackageManager.PERMISSION_GRANTED) {		!= PackageManager.PERMISSION_GRANTED) {
	pw.println("Permission Denial: can't dump " + tag + " from from pid="		pw.println("Permission Denial: can't dump " + tag + " from from pid="
	+ Binder.getCallingPid() + ", uid=" + Binder.getCallingUid()		+ Binder.getCallingPid() + ", uid=" + mDeps.getCallingUid()
	+ " due to missing android.permission.DUMP permission");		+ " due to missing android.permission.DUMP permission");
	return false;		return false;
	} else {		} else {
	@@ -3900,7 +3904,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

	if (request == CaptivePortal.APP_REQUEST_REEVALUATION_REQUIRED) {		if (request == CaptivePortal.APP_REQUEST_REEVALUATION_REQUIRED) {
	checkNetworkStackPermission();		checkNetworkStackPermission();
	nm.forceReevaluation(Binder.getCallingUid());		nm.forceReevaluation(mDeps.getCallingUid());
	}		}
	}		}

	@@ -4367,7 +4371,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	public void reportNetworkConnectivity(Network network, boolean hasConnectivity) {		public void reportNetworkConnectivity(Network network, boolean hasConnectivity) {
	enforceAccessPermission();		enforceAccessPermission();
	enforceInternetPermission();		enforceInternetPermission();
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	final int connectivityInfo = encodeBool(hasConnectivity);		final int connectivityInfo = encodeBool(hasConnectivity);

	// Handle ConnectivityDiagnostics event before attempting to revalidate the network. This		// Handle ConnectivityDiagnostics event before attempting to revalidate the network. This
	@@ -4437,13 +4441,13 @@ public class ConnectivityService extends IConnectivityManager.Stub
	if (globalProxy != null) return globalProxy;		if (globalProxy != null) return globalProxy;
	if (network == null) {		if (network == null) {
	// Get the network associated with the calling UID.		// Get the network associated with the calling UID.
	final Network activeNetwork = getActiveNetworkForUidInternal(Binder.getCallingUid(),		final Network activeNetwork = getActiveNetworkForUidInternal(mDeps.getCallingUid(),
	true);		true);
	if (activeNetwork == null) {		if (activeNetwork == null) {
	return null;		return null;
	}		}
	return getLinkPropertiesProxyInfo(activeNetwork);		return getLinkPropertiesProxyInfo(activeNetwork);
	} else if (mDeps.queryUserAccess(Binder.getCallingUid(), network.getNetId())) {		} else if (mDeps.queryUserAccess(mDeps.getCallingUid(), network.getNetId())) {
	// Don't call getLinkProperties() as it requires ACCESS_NETWORK_STATE permission, which		// Don't call getLinkProperties() as it requires ACCESS_NETWORK_STATE permission, which
	// caller may not have.		// caller may not have.
	return getLinkPropertiesProxyInfo(network);		return getLinkPropertiesProxyInfo(network);
	@@ -4612,7 +4616,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@Override		@Override
	public ParcelFileDescriptor establishVpn(VpnConfig config) {		public ParcelFileDescriptor establishVpn(VpnConfig config) {
	int user = UserHandle.getUserId(Binder.getCallingUid());		int user = UserHandle.getUserId(mDeps.getCallingUid());
	synchronized (mVpns) {		synchronized (mVpns) {
	throwIfLockdownEnabled();		throwIfLockdownEnabled();
	return mVpns.get(user).establish(config);		return mVpns.get(user).establish(config);
	@@ -4633,7 +4637,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@Override		@Override
	public boolean provisionVpnProfile(@NonNull VpnProfile profile, @NonNull String packageName) {		public boolean provisionVpnProfile(@NonNull VpnProfile profile, @NonNull String packageName) {
	final int user = UserHandle.getUserId(Binder.getCallingUid());		final int user = UserHandle.getUserId(mDeps.getCallingUid());
	synchronized (mVpns) {		synchronized (mVpns) {
	return mVpns.get(user).provisionVpnProfile(packageName, profile, mKeyStore);		return mVpns.get(user).provisionVpnProfile(packageName, profile, mKeyStore);
	}		}
	@@ -4651,7 +4655,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@Override		@Override
	public void deleteVpnProfile(@NonNull String packageName) {		public void deleteVpnProfile(@NonNull String packageName) {
	final int user = UserHandle.getUserId(Binder.getCallingUid());		final int user = UserHandle.getUserId(mDeps.getCallingUid());
	synchronized (mVpns) {		synchronized (mVpns) {
	mVpns.get(user).deleteVpnProfile(packageName, mKeyStore);		mVpns.get(user).deleteVpnProfile(packageName, mKeyStore);
	}		}
	@@ -4668,7 +4672,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@Override		@Override
	public void startVpnProfile(@NonNull String packageName) {		public void startVpnProfile(@NonNull String packageName) {
	final int user = UserHandle.getUserId(Binder.getCallingUid());		final int user = UserHandle.getUserId(mDeps.getCallingUid());
	synchronized (mVpns) {		synchronized (mVpns) {
	throwIfLockdownEnabled();		throwIfLockdownEnabled();
	mVpns.get(user).startVpnProfile(packageName, mKeyStore);		mVpns.get(user).startVpnProfile(packageName, mKeyStore);
	@@ -4685,7 +4689,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@Override		@Override
	public void stopVpnProfile(@NonNull String packageName) {		public void stopVpnProfile(@NonNull String packageName) {
	final int user = UserHandle.getUserId(Binder.getCallingUid());		final int user = UserHandle.getUserId(mDeps.getCallingUid());
	synchronized (mVpns) {		synchronized (mVpns) {
	mVpns.get(user).stopVpnProfile(packageName);		mVpns.get(user).stopVpnProfile(packageName);
	}		}
	@@ -4697,7 +4701,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	*/		*/
	@Override		@Override
	public void startLegacyVpn(VpnProfile profile) {		public void startLegacyVpn(VpnProfile profile) {
	int user = UserHandle.getUserId(Binder.getCallingUid());		int user = UserHandle.getUserId(mDeps.getCallingUid());
	final LinkProperties egress = getActiveLinkProperties();		final LinkProperties egress = getActiveLinkProperties();
	if (egress == null) {		if (egress == null) {
	throw new IllegalStateException("Missing active network connection");		throw new IllegalStateException("Missing active network connection");
	@@ -4846,7 +4850,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

	@Override		@Override
	public boolean updateLockdownVpn() {		public boolean updateLockdownVpn() {
	if (Binder.getCallingUid() != Process.SYSTEM_UID) {		if (mDeps.getCallingUid() != Process.SYSTEM_UID) {
	logw("Lockdown VPN only available to AID_SYSTEM");		logw("Lockdown VPN only available to AID_SYSTEM");
	return false;		return false;
	}		}
	@@ -4868,7 +4872,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	setLockdownTracker(null);		setLockdownTracker(null);
	return true;		return true;
	}		}
	int user = UserHandle.getUserId(Binder.getCallingUid());		int user = UserHandle.getUserId(mDeps.getCallingUid());
	Vpn vpn = mVpns.get(user);		Vpn vpn = mVpns.get(user);
	if (vpn == null) {		if (vpn == null) {
	logw("VPN for user " + user + " not ready yet. Skipping lockdown");		logw("VPN for user " + user + " not ready yet. Skipping lockdown");
	@@ -5433,7 +5437,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	messenger = null;		messenger = null;
	mBinder = null;		mBinder = null;
	mPid = getCallingPid();		mPid = getCallingPid();
	mUid = getCallingUid();		mUid = mDeps.getCallingUid();
	enforceRequestCountLimit();		enforceRequestCountLimit();
	}		}

	@@ -5445,7 +5449,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	ensureAllNetworkRequestsHaveType(mRequests);		ensureAllNetworkRequestsHaveType(mRequests);
	mBinder = binder;		mBinder = binder;
	mPid = getCallingPid();		mPid = getCallingPid();
	mUid = getCallingUid();		mUid = mDeps.getCallingUid();
	mPendingIntent = null;		mPendingIntent = null;
	enforceRequestCountLimit();		enforceRequestCountLimit();

	@@ -5588,7 +5592,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	}		}

	private boolean checkUnsupportedStartingFrom(int version, String callingPackageName) {		private boolean checkUnsupportedStartingFrom(int version, String callingPackageName) {
	final UserHandle user = UserHandle.getUserHandleForUid(Binder.getCallingUid());		final UserHandle user = UserHandle.getUserHandleForUid(mDeps.getCallingUid());
	final PackageManager pm =		final PackageManager pm =
	mContext.createContextAsUser(user, 0 /* flags */).getPackageManager();		mContext.createContextAsUser(user, 0 /* flags */).getPackageManager();
	try {		try {
	@@ -5608,7 +5612,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	throw new SecurityException("Insufficient permissions to specify legacy type");		throw new SecurityException("Insufficient permissions to specify legacy type");
	}		}
	}		}
	final int callingUid = Binder.getCallingUid();		final int callingUid = mDeps.getCallingUid();
	final NetworkRequest.Type type = (networkCapabilities == null)		final NetworkRequest.Type type = (networkCapabilities == null)
	? NetworkRequest.Type.TRACK_DEFAULT		? NetworkRequest.Type.TRACK_DEFAULT
	: NetworkRequest.Type.REQUEST;		: NetworkRequest.Type.REQUEST;
	@@ -5678,7 +5682,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	if (nai != null) {		if (nai != null) {
	nai.asyncChannel.sendMessage(android.net.NetworkAgent.CMD_REQUEST_BANDWIDTH_UPDATE);		nai.asyncChannel.sendMessage(android.net.NetworkAgent.CMD_REQUEST_BANDWIDTH_UPDATE);
	synchronized (mBandwidthRequests) {		synchronized (mBandwidthRequests) {
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	Integer uidReqs = mBandwidthRequests.get(uid);		Integer uidReqs = mBandwidthRequests.get(uid);
	if (uidReqs == null) {		if (uidReqs == null) {
	uidReqs = 0;		uidReqs = 0;
	@@ -5695,7 +5699,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	}		}

	private void enforceMeteredApnPolicy(NetworkCapabilities networkCapabilities) {		private void enforceMeteredApnPolicy(NetworkCapabilities networkCapabilities) {
	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	if (isSystem(uid)) {		if (isSystem(uid)) {
	// Exemption for system uid.		// Exemption for system uid.
	return;		return;
	@@ -5715,7 +5719,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	PendingIntent operation, @NonNull String callingPackageName,		PendingIntent operation, @NonNull String callingPackageName,
	@Nullable String callingAttributionTag) {		@Nullable String callingAttributionTag) {
	Objects.requireNonNull(operation, "PendingIntent cannot be null.");		Objects.requireNonNull(operation, "PendingIntent cannot be null.");
	final int callingUid = Binder.getCallingUid();		final int callingUid = mDeps.getCallingUid();
	networkCapabilities = new NetworkCapabilities(networkCapabilities);		networkCapabilities = new NetworkCapabilities(networkCapabilities);
	enforceNetworkRequestPermissions(networkCapabilities, callingPackageName,		enforceNetworkRequestPermissions(networkCapabilities, callingPackageName,
	callingAttributionTag);		callingAttributionTag);
	@@ -5774,7 +5778,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	@Override		@Override
	public NetworkRequest listenForNetwork(NetworkCapabilities networkCapabilities,		public NetworkRequest listenForNetwork(NetworkCapabilities networkCapabilities,
	Messenger messenger, IBinder binder, @NonNull String callingPackageName) {		Messenger messenger, IBinder binder, @NonNull String callingPackageName) {
	final int callingUid = Binder.getCallingUid();		final int callingUid = mDeps.getCallingUid();
	if (!hasWifiNetworkListenPermission(networkCapabilities)) {		if (!hasWifiNetworkListenPermission(networkCapabilities)) {
	enforceAccessPermission();		enforceAccessPermission();
	}		}
	@@ -5804,7 +5808,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	public void pendingListenForNetwork(NetworkCapabilities networkCapabilities,		public void pendingListenForNetwork(NetworkCapabilities networkCapabilities,
	PendingIntent operation, @NonNull String callingPackageName) {		PendingIntent operation, @NonNull String callingPackageName) {
	Objects.requireNonNull(operation, "PendingIntent cannot be null.");		Objects.requireNonNull(operation, "PendingIntent cannot be null.");
	final int callingUid = Binder.getCallingUid();		final int callingUid = mDeps.getCallingUid();
	if (!hasWifiNetworkListenPermission(networkCapabilities)) {		if (!hasWifiNetworkListenPermission(networkCapabilities)) {
	enforceAccessPermission();		enforceAccessPermission();
	}		}
	@@ -5905,7 +5909,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	} else {		} else {
	enforceNetworkFactoryPermission();		enforceNetworkFactoryPermission();
	}		}
	mHandler.post(() -> handleReleaseNetworkRequest(request, Binder.getCallingUid(), true));		mHandler.post(() -> handleReleaseNetworkRequest(request, mDeps.getCallingUid(), true));
	}		}

	// NOTE: Accessed on multiple threads, must be synchronized on itself.		// NOTE: Accessed on multiple threads, must be synchronized on itself.
	@@ -5999,7 +6003,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	enforceNetworkFactoryPermission();		enforceNetworkFactoryPermission();
	}		}

	final int uid = Binder.getCallingUid();		final int uid = mDeps.getCallingUid();
	final long token = Binder.clearCallingIdentity();		final long token = Binder.clearCallingIdentity();
	try {		try {
	return registerNetworkAgentInternal(messenger, networkInfo, linkProperties,		return registerNetworkAgentInternal(messenger, networkInfo, linkProperties,
	@@ -7653,7 +7657,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

	@Override		@Override
	public boolean addVpnAddress(String address, int prefixLength) {		public boolean addVpnAddress(String address, int prefixLength) {
	int user = UserHandle.getUserId(Binder.getCallingUid());		int user = UserHandle.getUserId(mDeps.getCallingUid());
	synchronized (mVpns) {		synchronized (mVpns) {
	throwIfLockdownEnabled();		throwIfLockdownEnabled();
	return mVpns.get(user).addAddress(address, prefixLength);		return mVpns.get(user).addAddress(address, prefixLength);
	@@ -7662,7 +7666,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

	@Override		@Override
	public boolean removeVpnAddress(String address, int prefixLength) {		public boolean removeVpnAddress(String address, int prefixLength) {
	int user = UserHandle.getUserId(Binder.getCallingUid());		int user = UserHandle.getUserId(mDeps.getCallingUid());
	synchronized (mVpns) {		synchronized (mVpns) {
	throwIfLockdownEnabled();		throwIfLockdownEnabled();
	return mVpns.get(user).removeAddress(address, prefixLength);		return mVpns.get(user).removeAddress(address, prefixLength);
	@@ -7671,7 +7675,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

	@Override		@Override
	public boolean setUnderlyingNetworksForVpn(Network[] networks) {		public boolean setUnderlyingNetworksForVpn(Network[] networks) {
	int user = UserHandle.getUserId(Binder.getCallingUid());		int user = UserHandle.getUserId(mDeps.getCallingUid());
	final boolean success;		final boolean success;
	synchronized (mVpns) {		synchronized (mVpns) {
	throwIfLockdownEnabled();		throwIfLockdownEnabled();
	@@ -7898,7 +7902,7 @@ public class ConnectivityService extends IConnectivityManager.Stub

	@GuardedBy("mVpns")		@GuardedBy("mVpns")
	private Vpn getVpnIfOwner() {		private Vpn getVpnIfOwner() {
	return getVpnIfOwner(Binder.getCallingUid());		return getVpnIfOwner(mDeps.getCallingUid());
	}		}

	@GuardedBy("mVpns")		@GuardedBy("mVpns")
	@@ -8376,7 +8380,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	throw new IllegalArgumentException("ConnectivityManager.TYPE_* are deprecated."		throw new IllegalArgumentException("ConnectivityManager.TYPE_* are deprecated."
	+ " Please use NetworkCapabilities instead.");		+ " Please use NetworkCapabilities instead.");
	}		}
	final int callingUid = Binder.getCallingUid();		final int callingUid = mDeps.getCallingUid();
	mAppOpsManager.checkPackage(callingUid, callingPackageName);		mAppOpsManager.checkPackage(callingUid, callingPackageName);

	// This NetworkCapabilities is only used for matching to Networks. Clear out its owner uid		// This NetworkCapabilities is only used for matching to Networks. Clear out its owner uid
	@@ -8411,7 +8415,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	mConnectivityDiagnosticsHandler.obtainMessage(		mConnectivityDiagnosticsHandler.obtainMessage(
	ConnectivityDiagnosticsHandler		ConnectivityDiagnosticsHandler
	.EVENT_UNREGISTER_CONNECTIVITY_DIAGNOSTICS_CALLBACK,		.EVENT_UNREGISTER_CONNECTIVITY_DIAGNOSTICS_CALLBACK,
	Binder.getCallingUid(),		mDeps.getCallingUid(),
	0,		0,
	callback));		callback));
	}		}
	@@ -8427,7 +8431,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	}		}

	final NetworkAgentInfo nai = getNetworkAgentInfoForNetwork(network);		final NetworkAgentInfo nai = getNetworkAgentInfoForNetwork(network);
	if (nai == null \|\| nai.creatorUid != Binder.getCallingUid()) {		if (nai == null \|\| nai.creatorUid != mDeps.getCallingUid()) {
	throw new SecurityException("Data Stall simulation is only possible for network "		throw new SecurityException("Data Stall simulation is only possible for network "
	+ "creators");		+ "creators");
	}		}

services/core/java/com/android/server/connectivity/Vpn.java

+20 −8

Original line number	Original line	Diff line number	Diff line
	@@ -246,7 +246,12 @@ public class Vpn {
	void checkInterruptAndDelay(boolean sleepLonger) throws InterruptedException;		void checkInterruptAndDelay(boolean sleepLonger) throws InterruptedException;
	}		}

	static class Dependencies {		@VisibleForTesting
			public static class Dependencies {
			public boolean isCallerSystem() {
			return Binder.getCallingUid() == Process.SYSTEM_UID;
			}

	public void startService(final String serviceName) {		public void startService(final String serviceName) {
	SystemService.start(serviceName);		SystemService.start(serviceName);
	}		}
	@@ -267,6 +272,10 @@ public class Vpn {
	return new File("/data/misc/vpn/state");		return new File("/data/misc/vpn/state");
	}		}

			public DeviceIdleInternal getDeviceIdleInternal() {
			return LocalServices.getService(DeviceIdleInternal.class);
			}

	public void sendArgumentsToDaemon(		public void sendArgumentsToDaemon(
	final String daemon, final LocalSocket socket, final String[] arguments,		final String daemon, final LocalSocket socket, final String[] arguments,
	final RetryScheduler retryScheduler) throws IOException, InterruptedException {		final RetryScheduler retryScheduler) throws IOException, InterruptedException {
	@@ -372,6 +381,14 @@ public class Vpn {
	new SystemServices(context), new Ikev2SessionCreator());		new SystemServices(context), new Ikev2SessionCreator());
	}		}

			@VisibleForTesting
			public Vpn(Looper looper, Context context, Dependencies deps,
			INetworkManagementService netService, INetd netd, @UserIdInt int userId,
			@NonNull KeyStore keyStore) {
			this(looper, context, deps, netService, netd, userId, keyStore,
			new SystemServices(context), new Ikev2SessionCreator());
			}

	@VisibleForTesting		@VisibleForTesting
	protected Vpn(Looper looper, Context context, Dependencies deps,		protected Vpn(Looper looper, Context context, Dependencies deps,
	INetworkManagementService netService, INetd netd,		INetworkManagementService netService, INetd netd,
	@@ -772,8 +789,7 @@ public class Vpn {

	// Tell the OS that background services in this app need to be allowed for		// Tell the OS that background services in this app need to be allowed for
	// a short time, so we can bootstrap the VPN service.		// a short time, so we can bootstrap the VPN service.
	DeviceIdleInternal idleController =		DeviceIdleInternal idleController = mDeps.getDeviceIdleInternal();
	LocalServices.getService(DeviceIdleInternal.class);
	idleController.addPowerSaveTempWhitelistApp(Process.myUid(), alwaysOnPackage,		idleController.addPowerSaveTempWhitelistApp(Process.myUid(), alwaysOnPackage,
	VPN_LAUNCH_IDLE_ALLOWLIST_DURATION_MS, mUserId, false, "vpn");		VPN_LAUNCH_IDLE_ALLOWLIST_DURATION_MS, mUserId, false, "vpn");

	@@ -1959,10 +1975,6 @@ public class Vpn {
	return mContext.createContextAsUser(		return mContext.createContextAsUser(
	UserHandle.of(userId), 0 /* flags */).getContentResolver();		UserHandle.of(userId), 0 /* flags */).getContentResolver();
	}		}

	public boolean isCallerSystem() {
	return Binder.getCallingUid() == Process.SYSTEM_UID;
	}
	}		}

	private native int jniCreate(int mtu);		private native int jniCreate(int mtu);
	@@ -3112,7 +3124,7 @@ public class Vpn {
	@VisibleForTesting		@VisibleForTesting
	@Nullable		@Nullable
	VpnProfile getVpnProfilePrivileged(@NonNull String packageName, @NonNull KeyStore keyStore) {		VpnProfile getVpnProfilePrivileged(@NonNull String packageName, @NonNull KeyStore keyStore) {
	if (!mSystemServices.isCallerSystem()) {		if (!mDeps.isCallerSystem()) {
	Log.wtf(TAG, "getVpnProfilePrivileged called as non-System UID ");		Log.wtf(TAG, "getVpnProfilePrivileged called as non-System UID ");
	return null;		return null;
	}		}

tests/net/java/com/android/server/ConnectivityServiceTest.java

+309 −22

File changed.

Preview size limit exceeded, changes collapsed.

tests/net/java/com/android/server/connectivity/VpnTest.java

+5 −1

Original line number	Original line	Diff line number	Diff line
	@@ -228,7 +228,6 @@ public class VpnTest {
	R.string.config_customVpnAlwaysOnDisconnectedDialogComponent));		R.string.config_customVpnAlwaysOnDisconnectedDialogComponent));
	when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))		when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
	.thenReturn(true);		.thenReturn(true);
	when(mSystemServices.isCallerSystem()).thenReturn(true);

	// Used by {@link Notification.Builder}		// Used by {@link Notification.Builder}
	ApplicationInfo applicationInfo = new ApplicationInfo();		ApplicationInfo applicationInfo = new ApplicationInfo();
	@@ -1101,6 +1100,11 @@ public class VpnTest {
	}		}
	}		}

			@Override
			public boolean isCallerSystem() {
			return true;
			}

	@Override		@Override
	public void startService(final String serviceName) {		public void startService(final String serviceName) {
	mRunningServices.put(serviceName, true);		mRunningServices.put(serviceName, true);