Loading core/java/android/net/NetworkStack.java +13 −29 Original line number Diff line number Diff line Loading @@ -15,9 +15,6 @@ */ package android.net; import static android.Manifest.permission.NETWORK_STACK; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.SystemApi; Loading @@ -26,8 +23,7 @@ import android.content.Context; import android.os.IBinder; import android.os.ServiceManager; import java.util.ArrayList; import java.util.Arrays; import com.android.net.module.util.PermissionUtils; /** * Constants and utilities for client code communicating with the network stack service. * @hide Loading Loading @@ -79,9 +75,14 @@ public class NetworkStack { * @param context {@link android.content.Context} for the process. * * @hide * * @deprecated Use {@link PermissionUtils#enforceNetworkStackPermission} instead. * * TODO: remove this method and let the users call to PermissionUtils directly. */ @Deprecated public static void checkNetworkStackPermission(final @NonNull Context context) { checkNetworkStackPermissionOr(context); PermissionUtils.enforceNetworkStackPermission(context); } /** Loading @@ -92,31 +93,14 @@ public class NetworkStack { * @param otherPermissions The set of permissions that could be the candidate permissions , or * empty string if none of other permissions needed. * @hide * * @deprecated Use {@link PermissionUtils#enforceNetworkStackPermissionOr} instead. * * TODO: remove this method and let the users call to PermissionUtils directly. */ @Deprecated public static void checkNetworkStackPermissionOr(final @NonNull Context context, final @NonNull String... otherPermissions) { ArrayList<String> permissions = new ArrayList<String>(Arrays.asList(otherPermissions)); permissions.add(NETWORK_STACK); permissions.add(PERMISSION_MAINLINE_NETWORK_STACK); enforceAnyPermissionOf(context, permissions.toArray(new String[0])); } private static void enforceAnyPermissionOf(final @NonNull Context context, final @NonNull String... permissions) { if (!checkAnyPermissionOf(context, permissions)) { throw new SecurityException("Requires one of the following permissions: " + String.join(", ", permissions) + "."); PermissionUtils.enforceNetworkStackPermissionOr(context, otherPermissions); } } private static boolean checkAnyPermissionOf(final @NonNull Context context, final @NonNull String... permissions) { for (String permission : permissions) { if (context.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED) { return true; } } return false; } } services/core/java/com/android/server/ConnectivityService.java +7 −6 Original line number Diff line number Diff line Loading @@ -197,6 +197,7 @@ import com.android.modules.utils.BasicShellCommandHandler; import com.android.net.module.util.CollectionUtils; import com.android.net.module.util.LinkPropertiesUtils.CompareOrUpdateResult; import com.android.net.module.util.LinkPropertiesUtils.CompareResult; import com.android.net.module.util.PermissionUtils; import com.android.server.am.BatteryStatsService; import com.android.server.connectivity.AutodestructReference; import com.android.server.connectivity.DataConnectionStats; Loading Loading @@ -1511,7 +1512,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public Network getActiveNetworkForUid(int uid, boolean ignoreBlocked) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); return getActiveNetworkForUidInternal(uid, ignoreBlocked); } Loading @@ -1534,7 +1535,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public NetworkInfo getActiveNetworkInfoForUid(int uid, boolean ignoreBlocked) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); final NetworkState state = getUnfilteredActiveNetworkState(uid); filterNetworkStateForUid(state, uid, ignoreBlocked); return state.networkInfo; Loading Loading @@ -1878,7 +1879,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public NetworkState[] getAllNetworkState() { // This contains IMSI details, so make sure the caller is privileged. NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); final ArrayList<NetworkState> result = new ArrayList<>(); for (Network network : getAllNetworks()) { Loading Loading @@ -2302,7 +2303,7 @@ public class ConnectivityService extends IConnectivityManager.Stub // Public because it's used by mLockdownTracker. public void sendConnectedBroadcast(NetworkInfo info) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); sendGeneralBroadcast(info, CONNECTIVITY_ACTION); } Loading Loading @@ -4685,7 +4686,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public void setGlobalProxy(final ProxyInfo proxyProperties) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); mProxyTracker.setGlobalProxy(proxyProperties); } Loading Loading @@ -4887,7 +4888,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public void setRequireVpnForUids(boolean requireVpn, UidRange[] ranges) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); mHandler.sendMessage(mHandler.obtainMessage(EVENT_SET_REQUIRE_VPN_FOR_UIDS, encodeBool(requireVpn), 0 /* arg2 */, ranges)); } Loading tests/net/common/java/android/net/NetworkStackTest.java +0 −41 Original line number Diff line number Diff line Loading @@ -15,20 +15,8 @@ */ package android.net; import static android.Manifest.permission.NETWORK_STACK; import static android.content.pm.PackageManager.PERMISSION_DENIED; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK; import static android.net.NetworkStack.checkNetworkStackPermission; import static android.net.NetworkStack.checkNetworkStackPermissionOr; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.any; import static org.mockito.Mockito.when; import android.content.Context; import android.os.Build; import android.os.IBinder; Loading @@ -46,44 +34,15 @@ import org.mockito.MockitoAnnotations; @RunWith(AndroidJUnit4.class) public class NetworkStackTest { private static final String [] OTHER_PERMISSION = {"otherpermission1", "otherpermission2"}; @Rule public DevSdkIgnoreRule mDevSdkIgnoreRule = new DevSdkIgnoreRule(); @Mock Context mCtx; @Mock private IBinder mConnectorBinder; @Before public void setUp() throws Exception { MockitoAnnotations.initMocks(this); } @Test public void testCheckNetworkStackPermission() throws Exception { when(mCtx.checkCallingOrSelfPermission(eq(NETWORK_STACK))).thenReturn(PERMISSION_GRANTED); when(mCtx.checkCallingOrSelfPermission(eq(PERMISSION_MAINLINE_NETWORK_STACK))) .thenReturn(PERMISSION_DENIED); checkNetworkStackPermission(mCtx); checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION); when(mCtx.checkCallingOrSelfPermission(eq(NETWORK_STACK))).thenReturn(PERMISSION_DENIED); when(mCtx.checkCallingOrSelfPermission(eq(PERMISSION_MAINLINE_NETWORK_STACK))) .thenReturn(PERMISSION_GRANTED); checkNetworkStackPermission(mCtx); checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION); when(mCtx.checkCallingOrSelfPermission(any())).thenReturn(PERMISSION_DENIED); try { checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION); } catch (SecurityException e) { // Expect to get a SecurityException return; } fail("Expect fail but permission granted."); } @Test @IgnoreUpTo(Build.VERSION_CODES.Q) public void testGetService() { NetworkStack.setServiceForTest(mConnectorBinder); Loading Loading
core/java/android/net/NetworkStack.java +13 −29 Original line number Diff line number Diff line Loading @@ -15,9 +15,6 @@ */ package android.net; import static android.Manifest.permission.NETWORK_STACK; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.SystemApi; Loading @@ -26,8 +23,7 @@ import android.content.Context; import android.os.IBinder; import android.os.ServiceManager; import java.util.ArrayList; import java.util.Arrays; import com.android.net.module.util.PermissionUtils; /** * Constants and utilities for client code communicating with the network stack service. * @hide Loading Loading @@ -79,9 +75,14 @@ public class NetworkStack { * @param context {@link android.content.Context} for the process. * * @hide * * @deprecated Use {@link PermissionUtils#enforceNetworkStackPermission} instead. * * TODO: remove this method and let the users call to PermissionUtils directly. */ @Deprecated public static void checkNetworkStackPermission(final @NonNull Context context) { checkNetworkStackPermissionOr(context); PermissionUtils.enforceNetworkStackPermission(context); } /** Loading @@ -92,31 +93,14 @@ public class NetworkStack { * @param otherPermissions The set of permissions that could be the candidate permissions , or * empty string if none of other permissions needed. * @hide * * @deprecated Use {@link PermissionUtils#enforceNetworkStackPermissionOr} instead. * * TODO: remove this method and let the users call to PermissionUtils directly. */ @Deprecated public static void checkNetworkStackPermissionOr(final @NonNull Context context, final @NonNull String... otherPermissions) { ArrayList<String> permissions = new ArrayList<String>(Arrays.asList(otherPermissions)); permissions.add(NETWORK_STACK); permissions.add(PERMISSION_MAINLINE_NETWORK_STACK); enforceAnyPermissionOf(context, permissions.toArray(new String[0])); } private static void enforceAnyPermissionOf(final @NonNull Context context, final @NonNull String... permissions) { if (!checkAnyPermissionOf(context, permissions)) { throw new SecurityException("Requires one of the following permissions: " + String.join(", ", permissions) + "."); PermissionUtils.enforceNetworkStackPermissionOr(context, otherPermissions); } } private static boolean checkAnyPermissionOf(final @NonNull Context context, final @NonNull String... permissions) { for (String permission : permissions) { if (context.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED) { return true; } } return false; } }
services/core/java/com/android/server/ConnectivityService.java +7 −6 Original line number Diff line number Diff line Loading @@ -197,6 +197,7 @@ import com.android.modules.utils.BasicShellCommandHandler; import com.android.net.module.util.CollectionUtils; import com.android.net.module.util.LinkPropertiesUtils.CompareOrUpdateResult; import com.android.net.module.util.LinkPropertiesUtils.CompareResult; import com.android.net.module.util.PermissionUtils; import com.android.server.am.BatteryStatsService; import com.android.server.connectivity.AutodestructReference; import com.android.server.connectivity.DataConnectionStats; Loading Loading @@ -1511,7 +1512,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public Network getActiveNetworkForUid(int uid, boolean ignoreBlocked) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); return getActiveNetworkForUidInternal(uid, ignoreBlocked); } Loading @@ -1534,7 +1535,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public NetworkInfo getActiveNetworkInfoForUid(int uid, boolean ignoreBlocked) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); final NetworkState state = getUnfilteredActiveNetworkState(uid); filterNetworkStateForUid(state, uid, ignoreBlocked); return state.networkInfo; Loading Loading @@ -1878,7 +1879,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public NetworkState[] getAllNetworkState() { // This contains IMSI details, so make sure the caller is privileged. NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); final ArrayList<NetworkState> result = new ArrayList<>(); for (Network network : getAllNetworks()) { Loading Loading @@ -2302,7 +2303,7 @@ public class ConnectivityService extends IConnectivityManager.Stub // Public because it's used by mLockdownTracker. public void sendConnectedBroadcast(NetworkInfo info) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); sendGeneralBroadcast(info, CONNECTIVITY_ACTION); } Loading Loading @@ -4685,7 +4686,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public void setGlobalProxy(final ProxyInfo proxyProperties) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); mProxyTracker.setGlobalProxy(proxyProperties); } Loading Loading @@ -4887,7 +4888,7 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override public void setRequireVpnForUids(boolean requireVpn, UidRange[] ranges) { NetworkStack.checkNetworkStackPermission(mContext); PermissionUtils.enforceNetworkStackPermission(mContext); mHandler.sendMessage(mHandler.obtainMessage(EVENT_SET_REQUIRE_VPN_FOR_UIDS, encodeBool(requireVpn), 0 /* arg2 */, ranges)); } Loading
tests/net/common/java/android/net/NetworkStackTest.java +0 −41 Original line number Diff line number Diff line Loading @@ -15,20 +15,8 @@ */ package android.net; import static android.Manifest.permission.NETWORK_STACK; import static android.content.pm.PackageManager.PERMISSION_DENIED; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK; import static android.net.NetworkStack.checkNetworkStackPermission; import static android.net.NetworkStack.checkNetworkStackPermissionOr; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.any; import static org.mockito.Mockito.when; import android.content.Context; import android.os.Build; import android.os.IBinder; Loading @@ -46,44 +34,15 @@ import org.mockito.MockitoAnnotations; @RunWith(AndroidJUnit4.class) public class NetworkStackTest { private static final String [] OTHER_PERMISSION = {"otherpermission1", "otherpermission2"}; @Rule public DevSdkIgnoreRule mDevSdkIgnoreRule = new DevSdkIgnoreRule(); @Mock Context mCtx; @Mock private IBinder mConnectorBinder; @Before public void setUp() throws Exception { MockitoAnnotations.initMocks(this); } @Test public void testCheckNetworkStackPermission() throws Exception { when(mCtx.checkCallingOrSelfPermission(eq(NETWORK_STACK))).thenReturn(PERMISSION_GRANTED); when(mCtx.checkCallingOrSelfPermission(eq(PERMISSION_MAINLINE_NETWORK_STACK))) .thenReturn(PERMISSION_DENIED); checkNetworkStackPermission(mCtx); checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION); when(mCtx.checkCallingOrSelfPermission(eq(NETWORK_STACK))).thenReturn(PERMISSION_DENIED); when(mCtx.checkCallingOrSelfPermission(eq(PERMISSION_MAINLINE_NETWORK_STACK))) .thenReturn(PERMISSION_GRANTED); checkNetworkStackPermission(mCtx); checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION); when(mCtx.checkCallingOrSelfPermission(any())).thenReturn(PERMISSION_DENIED); try { checkNetworkStackPermissionOr(mCtx, OTHER_PERMISSION); } catch (SecurityException e) { // Expect to get a SecurityException return; } fail("Expect fail but permission granted."); } @Test @IgnoreUpTo(Build.VERSION_CODES.Q) public void testGetService() { NetworkStack.setServiceForTest(mConnectorBinder); Loading
