Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 50393202 authored by Robert Greenwalt's avatar Robert Greenwalt
Browse files

Restrict access to protected networks. 

Some networks should only be brought up and controlled by system apps.

bug: 4585677
Change-Id: I61b1ee3dcfca0ee54387cecffe5198a0b010d98b
parent e0da3f3b

core/res/res/values/config.xml

+8 −0
Original line number Diff line number Diff line
@@ -115,6 +115,14 @@ 
        <item>"mobile_cbs,12,0,2,60000,true"</item>

    </string-array>



    <!-- Array of ConnectivityManager.TYPE_xxxx constants for networks that may only

         be controlled by systemOrSignature apps.  -->

    <integer-array translatable="false" name="config_protectedNetworks">

        <item>10</item>

        <item>11</item>

        <item>12</item>

    </integer-array>



    <!-- This string array should be overridden by the device to present a list of radio

         attributes.  This is used by the connectivity manager to decide which networks can coexist

         based on the hardware -->

services/java/com/android/server/ConnectivityService.java

+25 −1
Original line number Diff line number Diff line
@@ -250,6 +250,9 @@ public class ConnectivityService extends IConnectivityManager.Stub { 
    }

    RadioAttributes[] mRadioAttributes;



    // the set of network types that can only be enabled by system/sig apps

    List mProtectedNetworks;



    public static synchronized ConnectivityService getInstance(Context context) {

        if (sServiceInstance == null) {

            sServiceInstance = new ConnectivityService(context);
@@ -349,6 +352,17 @@ public class ConnectivityService extends IConnectivityManager.Stub { 
            }

        }



        mProtectedNetworks = new ArrayList<Integer>();

        int[] protectedNetworks = context.getResources().getIntArray(

                com.android.internal.R.array.config_protectedNetworks);

        for (int p : protectedNetworks) {

            if ((mNetConfigs[p] != null) && (mProtectedNetworks.contains(p) == false)) {

                mProtectedNetworks.add(p);

            } else {

                if (DBG) loge("Ignoring protectedNetwork " + p);

            }

        }



        // high priority first

        mPriorityList = new int[mNetworksDefined];

        {
@@ -678,6 +692,11 @@ public class ConnectivityService extends IConnectivityManager.Stub { 
                usedNetworkType = networkType;

            }

        }



        if (mProtectedNetworks.contains(usedNetworkType)) {

            enforceConnectivityInternalPermission();

        }



        NetworkStateTracker network = mNetTrackers[usedNetworkType];

        if (network != null) {

            Integer currentPid = new Integer(getCallingPid());
@@ -888,6 +907,10 @@ public class ConnectivityService extends IConnectivityManager.Stub { 
     */

    public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) {

        enforceChangePermission();

        if (mProtectedNetworks.contains(networkType)) {

            enforceConnectivityInternalPermission();

        }



        if (!ConnectivityManager.isNetworkTypeValid(networkType)) {

            return false;

        }
@@ -1005,7 +1028,8 @@ public class ConnectivityService extends IConnectivityManager.Stub { 
    }



    public void setDataDependency(int networkType, boolean met) {

        enforceChangePermission();

        enforceConnectivityInternalPermission();



        if (DBG) {

            log("setDataDependency(" + networkType + ", " + met + ")");

        }