Loading api/current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -29139,6 +29139,7 @@ package android.net { method public int getLinkDownstreamBandwidthKbps(); method public int getLinkUpstreamBandwidthKbps(); method @Nullable public android.net.NetworkSpecifier getNetworkSpecifier(); method public int getOwnerUid(); method public int getSignalStrength(); method @Nullable public android.net.TransportInfo getTransportInfo(); method public boolean hasCapability(int); Loading @@ -29148,6 +29149,7 @@ package android.net { method @NonNull public android.net.NetworkCapabilities setLinkDownstreamBandwidthKbps(int); method @NonNull public android.net.NetworkCapabilities setLinkUpstreamBandwidthKbps(int); method @NonNull public android.net.NetworkCapabilities setNetworkSpecifier(@NonNull android.net.NetworkSpecifier); method public void setOwnerUid(int); method @NonNull public android.net.NetworkCapabilities setSignalStrength(int); method public void writeToParcel(android.os.Parcel, int); field @NonNull public static final android.os.Parcelable.Creator<android.net.NetworkCapabilities> CREATOR; core/java/android/net/NetworkCapabilities.java +23 −26 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.net.ConnectivityManager.NetworkCallback; import android.os.Build; import android.os.Parcel; import android.os.Parcelable; import android.os.Process; import android.util.ArraySet; import android.util.proto.ProtoOutputStream; Loading Loading @@ -58,7 +59,6 @@ import java.util.StringJoiner; */ public final class NetworkCapabilities implements Parcelable { private static final String TAG = "NetworkCapabilities"; private static final int INVALID_UID = -1; // Set to true when private DNS is broken. private boolean mPrivateDnsBroken; Loading @@ -85,8 +85,8 @@ public final class NetworkCapabilities implements Parcelable { mTransportInfo = null; mSignalStrength = SIGNAL_STRENGTH_UNSPECIFIED; mUids = null; mEstablishingVpnAppUid = INVALID_UID; mAdministratorUids.clear(); mOwnerUid = Process.INVALID_UID; mSSID = null; mPrivateDnsBroken = false; } Loading @@ -104,8 +104,8 @@ public final class NetworkCapabilities implements Parcelable { mTransportInfo = nc.mTransportInfo; mSignalStrength = nc.mSignalStrength; setUids(nc.mUids); // Will make the defensive copy mEstablishingVpnAppUid = nc.mEstablishingVpnAppUid; setAdministratorUids(nc.mAdministratorUids); mOwnerUid = nc.mOwnerUid; mUnwantedNetworkCapabilities = nc.mUnwantedNetworkCapabilities; mSSID = nc.mSSID; mPrivateDnsBroken = nc.mPrivateDnsBroken; Loading Loading @@ -810,31 +810,26 @@ public final class NetworkCapabilities implements Parcelable { } /** * UID of the app that manages this network, or INVALID_UID if none/unknown. * UID of the app that owns this network, or INVALID_UID if none/unknown. * * This field keeps track of the UID of the app that created this network and is in charge * of managing it. In the practice, it is used to store the UID of VPN apps so it is named * accordingly, but it may be renamed if other mechanisms are offered for third party apps * to create networks. * * Because this field is only used in the services side (and to avoid apps being able to * set this to whatever they want), this field is not parcelled and will not be conserved * across the IPC boundary. * @hide * <p>This field keeps track of the UID of the app that created this network and is in charge of * its lifecycle. This could be the UID of apps such as the Wifi network suggestor, the running * VPN, or Carrier Service app managing a cellular data connection. */ private int mEstablishingVpnAppUid = INVALID_UID; private int mOwnerUid = Process.INVALID_UID; /** * Set the UID of the managing app. * @hide * Set the UID of the owner app. */ public void setEstablishingVpnAppUid(final int uid) { mEstablishingVpnAppUid = uid; public void setOwnerUid(final int uid) { mOwnerUid = uid; } /** @hide */ public int getEstablishingVpnAppUid() { return mEstablishingVpnAppUid; /** * Retrieves the UID of the owner app. */ public int getOwnerUid() { return mOwnerUid; } /** Loading Loading @@ -1157,7 +1152,7 @@ public final class NetworkCapabilities implements Parcelable { * member is null, then the network is not restricted by app UID. If it's an empty list, then * it means nobody can use it. * As a special exception, the app managing this network (as identified by its UID stored in * mEstablishingVpnAppUid) can always see this network. This is embodied by a special check in * mOwnerUid) can always see this network. This is embodied by a special check in * satisfiedByUids. That still does not mean the network necessarily <strong>applies</strong> * to the app that manages it as determined by #appliesToUid. * <p> Loading Loading @@ -1264,7 +1259,7 @@ public final class NetworkCapabilities implements Parcelable { * in the passed nc (representing the UIDs that this network is available to). * <p> * As a special exception, the UID that created the passed network (as represented by its * mEstablishingVpnAppUid field) always satisfies a NetworkRequest requiring it (of LISTEN * mOwnerUid field) always satisfies a NetworkRequest requiring it (of LISTEN * or REQUEST types alike), even if the network does not apply to it. That is so a VPN app * can see its own network when it listens for it. * <p> Loading @@ -1275,7 +1270,7 @@ public final class NetworkCapabilities implements Parcelable { public boolean satisfiedByUids(@NonNull NetworkCapabilities nc) { if (null == nc.mUids || null == mUids) return true; // The network satisfies everything. for (UidRange requiredRange : mUids) { if (requiredRange.contains(nc.mEstablishingVpnAppUid)) return true; if (requiredRange.contains(nc.mOwnerUid)) return true; if (!nc.appliesToUidRange(requiredRange)) { return false; } Loading Loading @@ -1541,6 +1536,7 @@ public final class NetworkCapabilities implements Parcelable { dest.writeString(mSSID); dest.writeBoolean(mPrivateDnsBroken); dest.writeList(mAdministratorUids); dest.writeInt(mOwnerUid); } public static final @android.annotation.NonNull Creator<NetworkCapabilities> CREATOR = Loading @@ -1562,6 +1558,7 @@ public final class NetworkCapabilities implements Parcelable { netCap.mSSID = in.readString(); netCap.mPrivateDnsBroken = in.readBoolean(); netCap.setAdministratorUids(in.readArrayList(null)); netCap.mOwnerUid = in.readInt(); return netCap; } @Override Loading Loading @@ -1611,8 +1608,8 @@ public final class NetworkCapabilities implements Parcelable { sb.append(" Uids: <").append(mUids).append(">"); } } if (mEstablishingVpnAppUid != INVALID_UID) { sb.append(" EstablishingAppUid: ").append(mEstablishingVpnAppUid); if (mOwnerUid != Process.INVALID_UID) { sb.append(" OwnerUid: ").append(mOwnerUid); } if (!mAdministratorUids.isEmpty()) { Loading services/core/java/com/android/server/ConnectivityService.java +23 −7 Original line number Diff line number Diff line Loading @@ -1626,7 +1626,8 @@ public class ConnectivityService extends IConnectivityManager.Stub return getNetworkCapabilitiesInternal(getNetworkAgentInfoForNetwork(network)); } private NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( @VisibleForTesting NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( NetworkCapabilities nc, int callerPid, int callerUid) { final NetworkCapabilities newNc = new NetworkCapabilities(nc); if (!checkSettingsPermission(callerPid, callerUid)) { Loading @@ -1637,9 +1638,23 @@ public class ConnectivityService extends IConnectivityManager.Stub newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact()); } newNc.setAdministratorUids(Collections.EMPTY_LIST); maybeSanitizeLocationInfoForCaller(newNc, callerUid); return newNc; } private void maybeSanitizeLocationInfoForCaller( NetworkCapabilities nc, int callerUid) { // TODO(b/142072839): Conditionally reset the owner UID if the following // conditions are not met: // 1. The destination app is the network owner // 2. The destination app has the ACCESS_COARSE_LOCATION permission granted // if target SDK<29 or otherwise has the ACCESS_FINE_LOCATION permission granted // 3. The user's location toggle is on nc.setOwnerUid(INVALID_UID); } private LinkProperties linkPropertiesRestrictedForCallerPermissions( LinkProperties lp, int callerPid, int callerUid) { if (lp == null) return new LinkProperties(); Loading Loading @@ -1668,6 +1683,9 @@ public class ConnectivityService extends IConnectivityManager.Stub nc.setSingleUid(Binder.getCallingUid()); } nc.setAdministratorUids(Collections.EMPTY_LIST); // Clear owner UID; this can never come from an app. nc.setOwnerUid(INVALID_UID); } private void restrictBackgroundRequestForCaller(NetworkCapabilities nc) { Loading Loading @@ -5795,7 +5813,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } final Set<UidRange> ranges = nai.networkCapabilities.getUids(); final int vpnAppUid = nai.networkCapabilities.getEstablishingVpnAppUid(); final int vpnAppUid = nai.networkCapabilities.getOwnerUid(); // TODO: this create a window of opportunity for apps to receive traffic between the time // when the old rules are removed and the time when new rules are added. To fix this, // make eBPF support two whitelisted interfaces so here new rules can be added before the Loading Loading @@ -5994,7 +6012,7 @@ public class ConnectivityService extends IConnectivityManager.Stub if (nc == null || lp == null) return false; return nai.isVPN() && !nai.networkAgentConfig.allowBypass && nc.getEstablishingVpnAppUid() != Process.SYSTEM_UID && nc.getOwnerUid() != Process.SYSTEM_UID && lp.getInterfaceName() != null && (lp.hasIPv4DefaultRoute() || lp.hasIPv6DefaultRoute()); } Loading Loading @@ -6042,12 +6060,10 @@ public class ConnectivityService extends IConnectivityManager.Stub // TODO Fix this window by computing an accurate diff on Set<UidRange>, so the old range // to be removed will never overlap with the new range to be added. if (wasFiltering && !prevRanges.isEmpty()) { mPermissionMonitor.onVpnUidRangesRemoved(iface, prevRanges, prevNc.getEstablishingVpnAppUid()); mPermissionMonitor.onVpnUidRangesRemoved(iface, prevRanges, prevNc.getOwnerUid()); } if (shouldFilter && !newRanges.isEmpty()) { mPermissionMonitor.onVpnUidRangesAdded(iface, newRanges, newNc.getEstablishingVpnAppUid()); mPermissionMonitor.onVpnUidRangesAdded(iface, newRanges, newNc.getOwnerUid()); } } catch (Exception e) { // Never crash! Loading services/core/java/com/android/server/connectivity/Vpn.java +1 −1 Original line number Diff line number Diff line Loading @@ -950,7 +950,7 @@ public class Vpn { NetworkAgentConfig networkAgentConfig = new NetworkAgentConfig(); networkAgentConfig.allowBypass = mConfig.allowBypass && !mLockdown; mNetworkCapabilities.setEstablishingVpnAppUid(Binder.getCallingUid()); mNetworkCapabilities.setOwnerUid(Binder.getCallingUid()); mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(mUserHandle, mConfig.allowedApplications, mConfig.disallowedApplications)); long token = Binder.clearCallingIdentity(); Loading tests/net/common/java/android/net/NetworkCapabilitiesTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -269,6 +269,7 @@ public class NetworkCapabilitiesTest { .setUids(uids) .addCapability(NET_CAPABILITY_EIMS) .addCapability(NET_CAPABILITY_NOT_METERED); netCap.setOwnerUid(123); assertParcelingIsLossless(netCap); netCap.setSSID(TEST_SSID); assertParcelSane(netCap, 13); Loading Loading
api/current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -29139,6 +29139,7 @@ package android.net { method public int getLinkDownstreamBandwidthKbps(); method public int getLinkUpstreamBandwidthKbps(); method @Nullable public android.net.NetworkSpecifier getNetworkSpecifier(); method public int getOwnerUid(); method public int getSignalStrength(); method @Nullable public android.net.TransportInfo getTransportInfo(); method public boolean hasCapability(int); Loading @@ -29148,6 +29149,7 @@ package android.net { method @NonNull public android.net.NetworkCapabilities setLinkDownstreamBandwidthKbps(int); method @NonNull public android.net.NetworkCapabilities setLinkUpstreamBandwidthKbps(int); method @NonNull public android.net.NetworkCapabilities setNetworkSpecifier(@NonNull android.net.NetworkSpecifier); method public void setOwnerUid(int); method @NonNull public android.net.NetworkCapabilities setSignalStrength(int); method public void writeToParcel(android.os.Parcel, int); field @NonNull public static final android.os.Parcelable.Creator<android.net.NetworkCapabilities> CREATOR;
core/java/android/net/NetworkCapabilities.java +23 −26 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.net.ConnectivityManager.NetworkCallback; import android.os.Build; import android.os.Parcel; import android.os.Parcelable; import android.os.Process; import android.util.ArraySet; import android.util.proto.ProtoOutputStream; Loading Loading @@ -58,7 +59,6 @@ import java.util.StringJoiner; */ public final class NetworkCapabilities implements Parcelable { private static final String TAG = "NetworkCapabilities"; private static final int INVALID_UID = -1; // Set to true when private DNS is broken. private boolean mPrivateDnsBroken; Loading @@ -85,8 +85,8 @@ public final class NetworkCapabilities implements Parcelable { mTransportInfo = null; mSignalStrength = SIGNAL_STRENGTH_UNSPECIFIED; mUids = null; mEstablishingVpnAppUid = INVALID_UID; mAdministratorUids.clear(); mOwnerUid = Process.INVALID_UID; mSSID = null; mPrivateDnsBroken = false; } Loading @@ -104,8 +104,8 @@ public final class NetworkCapabilities implements Parcelable { mTransportInfo = nc.mTransportInfo; mSignalStrength = nc.mSignalStrength; setUids(nc.mUids); // Will make the defensive copy mEstablishingVpnAppUid = nc.mEstablishingVpnAppUid; setAdministratorUids(nc.mAdministratorUids); mOwnerUid = nc.mOwnerUid; mUnwantedNetworkCapabilities = nc.mUnwantedNetworkCapabilities; mSSID = nc.mSSID; mPrivateDnsBroken = nc.mPrivateDnsBroken; Loading Loading @@ -810,31 +810,26 @@ public final class NetworkCapabilities implements Parcelable { } /** * UID of the app that manages this network, or INVALID_UID if none/unknown. * UID of the app that owns this network, or INVALID_UID if none/unknown. * * This field keeps track of the UID of the app that created this network and is in charge * of managing it. In the practice, it is used to store the UID of VPN apps so it is named * accordingly, but it may be renamed if other mechanisms are offered for third party apps * to create networks. * * Because this field is only used in the services side (and to avoid apps being able to * set this to whatever they want), this field is not parcelled and will not be conserved * across the IPC boundary. * @hide * <p>This field keeps track of the UID of the app that created this network and is in charge of * its lifecycle. This could be the UID of apps such as the Wifi network suggestor, the running * VPN, or Carrier Service app managing a cellular data connection. */ private int mEstablishingVpnAppUid = INVALID_UID; private int mOwnerUid = Process.INVALID_UID; /** * Set the UID of the managing app. * @hide * Set the UID of the owner app. */ public void setEstablishingVpnAppUid(final int uid) { mEstablishingVpnAppUid = uid; public void setOwnerUid(final int uid) { mOwnerUid = uid; } /** @hide */ public int getEstablishingVpnAppUid() { return mEstablishingVpnAppUid; /** * Retrieves the UID of the owner app. */ public int getOwnerUid() { return mOwnerUid; } /** Loading Loading @@ -1157,7 +1152,7 @@ public final class NetworkCapabilities implements Parcelable { * member is null, then the network is not restricted by app UID. If it's an empty list, then * it means nobody can use it. * As a special exception, the app managing this network (as identified by its UID stored in * mEstablishingVpnAppUid) can always see this network. This is embodied by a special check in * mOwnerUid) can always see this network. This is embodied by a special check in * satisfiedByUids. That still does not mean the network necessarily <strong>applies</strong> * to the app that manages it as determined by #appliesToUid. * <p> Loading Loading @@ -1264,7 +1259,7 @@ public final class NetworkCapabilities implements Parcelable { * in the passed nc (representing the UIDs that this network is available to). * <p> * As a special exception, the UID that created the passed network (as represented by its * mEstablishingVpnAppUid field) always satisfies a NetworkRequest requiring it (of LISTEN * mOwnerUid field) always satisfies a NetworkRequest requiring it (of LISTEN * or REQUEST types alike), even if the network does not apply to it. That is so a VPN app * can see its own network when it listens for it. * <p> Loading @@ -1275,7 +1270,7 @@ public final class NetworkCapabilities implements Parcelable { public boolean satisfiedByUids(@NonNull NetworkCapabilities nc) { if (null == nc.mUids || null == mUids) return true; // The network satisfies everything. for (UidRange requiredRange : mUids) { if (requiredRange.contains(nc.mEstablishingVpnAppUid)) return true; if (requiredRange.contains(nc.mOwnerUid)) return true; if (!nc.appliesToUidRange(requiredRange)) { return false; } Loading Loading @@ -1541,6 +1536,7 @@ public final class NetworkCapabilities implements Parcelable { dest.writeString(mSSID); dest.writeBoolean(mPrivateDnsBroken); dest.writeList(mAdministratorUids); dest.writeInt(mOwnerUid); } public static final @android.annotation.NonNull Creator<NetworkCapabilities> CREATOR = Loading @@ -1562,6 +1558,7 @@ public final class NetworkCapabilities implements Parcelable { netCap.mSSID = in.readString(); netCap.mPrivateDnsBroken = in.readBoolean(); netCap.setAdministratorUids(in.readArrayList(null)); netCap.mOwnerUid = in.readInt(); return netCap; } @Override Loading Loading @@ -1611,8 +1608,8 @@ public final class NetworkCapabilities implements Parcelable { sb.append(" Uids: <").append(mUids).append(">"); } } if (mEstablishingVpnAppUid != INVALID_UID) { sb.append(" EstablishingAppUid: ").append(mEstablishingVpnAppUid); if (mOwnerUid != Process.INVALID_UID) { sb.append(" OwnerUid: ").append(mOwnerUid); } if (!mAdministratorUids.isEmpty()) { Loading
services/core/java/com/android/server/ConnectivityService.java +23 −7 Original line number Diff line number Diff line Loading @@ -1626,7 +1626,8 @@ public class ConnectivityService extends IConnectivityManager.Stub return getNetworkCapabilitiesInternal(getNetworkAgentInfoForNetwork(network)); } private NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( @VisibleForTesting NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( NetworkCapabilities nc, int callerPid, int callerUid) { final NetworkCapabilities newNc = new NetworkCapabilities(nc); if (!checkSettingsPermission(callerPid, callerUid)) { Loading @@ -1637,9 +1638,23 @@ public class ConnectivityService extends IConnectivityManager.Stub newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact()); } newNc.setAdministratorUids(Collections.EMPTY_LIST); maybeSanitizeLocationInfoForCaller(newNc, callerUid); return newNc; } private void maybeSanitizeLocationInfoForCaller( NetworkCapabilities nc, int callerUid) { // TODO(b/142072839): Conditionally reset the owner UID if the following // conditions are not met: // 1. The destination app is the network owner // 2. The destination app has the ACCESS_COARSE_LOCATION permission granted // if target SDK<29 or otherwise has the ACCESS_FINE_LOCATION permission granted // 3. The user's location toggle is on nc.setOwnerUid(INVALID_UID); } private LinkProperties linkPropertiesRestrictedForCallerPermissions( LinkProperties lp, int callerPid, int callerUid) { if (lp == null) return new LinkProperties(); Loading Loading @@ -1668,6 +1683,9 @@ public class ConnectivityService extends IConnectivityManager.Stub nc.setSingleUid(Binder.getCallingUid()); } nc.setAdministratorUids(Collections.EMPTY_LIST); // Clear owner UID; this can never come from an app. nc.setOwnerUid(INVALID_UID); } private void restrictBackgroundRequestForCaller(NetworkCapabilities nc) { Loading Loading @@ -5795,7 +5813,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } final Set<UidRange> ranges = nai.networkCapabilities.getUids(); final int vpnAppUid = nai.networkCapabilities.getEstablishingVpnAppUid(); final int vpnAppUid = nai.networkCapabilities.getOwnerUid(); // TODO: this create a window of opportunity for apps to receive traffic between the time // when the old rules are removed and the time when new rules are added. To fix this, // make eBPF support two whitelisted interfaces so here new rules can be added before the Loading Loading @@ -5994,7 +6012,7 @@ public class ConnectivityService extends IConnectivityManager.Stub if (nc == null || lp == null) return false; return nai.isVPN() && !nai.networkAgentConfig.allowBypass && nc.getEstablishingVpnAppUid() != Process.SYSTEM_UID && nc.getOwnerUid() != Process.SYSTEM_UID && lp.getInterfaceName() != null && (lp.hasIPv4DefaultRoute() || lp.hasIPv6DefaultRoute()); } Loading Loading @@ -6042,12 +6060,10 @@ public class ConnectivityService extends IConnectivityManager.Stub // TODO Fix this window by computing an accurate diff on Set<UidRange>, so the old range // to be removed will never overlap with the new range to be added. if (wasFiltering && !prevRanges.isEmpty()) { mPermissionMonitor.onVpnUidRangesRemoved(iface, prevRanges, prevNc.getEstablishingVpnAppUid()); mPermissionMonitor.onVpnUidRangesRemoved(iface, prevRanges, prevNc.getOwnerUid()); } if (shouldFilter && !newRanges.isEmpty()) { mPermissionMonitor.onVpnUidRangesAdded(iface, newRanges, newNc.getEstablishingVpnAppUid()); mPermissionMonitor.onVpnUidRangesAdded(iface, newRanges, newNc.getOwnerUid()); } } catch (Exception e) { // Never crash! Loading
services/core/java/com/android/server/connectivity/Vpn.java +1 −1 Original line number Diff line number Diff line Loading @@ -950,7 +950,7 @@ public class Vpn { NetworkAgentConfig networkAgentConfig = new NetworkAgentConfig(); networkAgentConfig.allowBypass = mConfig.allowBypass && !mLockdown; mNetworkCapabilities.setEstablishingVpnAppUid(Binder.getCallingUid()); mNetworkCapabilities.setOwnerUid(Binder.getCallingUid()); mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(mUserHandle, mConfig.allowedApplications, mConfig.disallowedApplications)); long token = Binder.clearCallingIdentity(); Loading
tests/net/common/java/android/net/NetworkCapabilitiesTest.java +1 −0 Original line number Diff line number Diff line Loading @@ -269,6 +269,7 @@ public class NetworkCapabilitiesTest { .setUids(uids) .addCapability(NET_CAPABILITY_EIMS) .addCapability(NET_CAPABILITY_NOT_METERED); netCap.setOwnerUid(123); assertParcelingIsLossless(netCap); netCap.setSSID(TEST_SSID); assertParcelSane(netCap, 13); Loading
