Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5a1961ac authored by Cody Kesting's avatar Cody Kesting
Browse files

Allow MANAGE_TEST_NETWORKS to register and get VCN policies. 

This CL updates VcnManagementService to allow permission
MANAGE_TEST_NETWORKS to register/unregister VCN policy listers as
well as apply VCN policies. Previously, only permission
NETWORK_FACTORY was allowed to perform this operations.

Bug: 189125789
Test: atest FrameworksVcnTests CtsVcnTestCases
Change-Id: I6ad3a58f4ef87d931917fbd772a810af81b27da1
Merged-In: I6ad3a58f4ef87d931917fbd772a810af81b27da1
(cherry picked from commit f658c7f3)
parent 3b5e4d29

services/core/java/com/android/server/VcnManagementService.java

+22 −7
Original line number Original line Diff line number Diff line
@@ -18,6 +18,7 @@ package com.android.server; 




import static android.Manifest.permission.DUMP;

import static android.Manifest.permission.DUMP;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED;

import static android.net.NetworkCapabilities.TRANSPORT_TEST;

import static android.net.NetworkCapabilities.TRANSPORT_WIFI;

import static android.net.NetworkCapabilities.TRANSPORT_WIFI;

import static android.net.vcn.VcnManager.VCN_STATUS_CODE_ACTIVE;

import static android.net.vcn.VcnManager.VCN_STATUS_CODE_ACTIVE;

import static android.net.vcn.VcnManager.VCN_STATUS_CODE_INACTIVE;

import static android.net.vcn.VcnManager.VCN_STATUS_CODE_INACTIVE;
@@ -36,6 +37,7 @@ import android.content.BroadcastReceiver; 
import android.content.Context;

import android.content.Context;

import android.content.Intent;

import android.content.Intent;

import android.content.IntentFilter;

import android.content.IntentFilter;

import android.content.pm.PackageManager;

import android.net.ConnectivityManager;

import android.net.ConnectivityManager;

import android.net.LinkProperties;

import android.net.LinkProperties;

import android.net.Network;

import android.net.Network;
@@ -73,6 +75,7 @@ import com.android.internal.annotations.VisibleForTesting; 
import com.android.internal.annotations.VisibleForTesting.Visibility;

import com.android.internal.annotations.VisibleForTesting.Visibility;

import com.android.internal.util.IndentingPrintWriter;

import com.android.internal.util.IndentingPrintWriter;

import com.android.net.module.util.LocationPermissionChecker;

import com.android.net.module.util.LocationPermissionChecker;

import com.android.net.module.util.PermissionUtils;

import com.android.server.vcn.TelephonySubscriptionTracker;

import com.android.server.vcn.TelephonySubscriptionTracker;

import com.android.server.vcn.Vcn;

import com.android.server.vcn.Vcn;

import com.android.server.vcn.VcnContext;

import com.android.server.vcn.VcnContext;
@@ -739,9 +742,10 @@ public class VcnManagementService extends IVcnManagementService.Stub { 
            @NonNull IVcnUnderlyingNetworkPolicyListener listener) {

            @NonNull IVcnUnderlyingNetworkPolicyListener listener) {

        requireNonNull(listener, "listener was null");

        requireNonNull(listener, "listener was null");





        mContext.enforceCallingOrSelfPermission(

        PermissionUtils.enforceAnyPermissionOf(

                mContext,

                android.Manifest.permission.NETWORK_FACTORY,

                android.Manifest.permission.NETWORK_FACTORY,

                "Must have permission NETWORK_FACTORY to register a policy listener");

                android.Manifest.permission.MANAGE_TEST_NETWORKS);





        Binder.withCleanCallingIdentity(() -> {

        Binder.withCleanCallingIdentity(() -> {

            PolicyListenerBinderDeath listenerBinderDeath = new PolicyListenerBinderDeath(listener);

            PolicyListenerBinderDeath listenerBinderDeath = new PolicyListenerBinderDeath(listener);
@@ -766,9 +770,10 @@ public class VcnManagementService extends IVcnManagementService.Stub { 
            @NonNull IVcnUnderlyingNetworkPolicyListener listener) {

            @NonNull IVcnUnderlyingNetworkPolicyListener listener) {

        requireNonNull(listener, "listener was null");

        requireNonNull(listener, "listener was null");





        mContext.enforceCallingOrSelfPermission(

        PermissionUtils.enforceAnyPermissionOf(

                mContext,

                android.Manifest.permission.NETWORK_FACTORY,

                android.Manifest.permission.NETWORK_FACTORY,

                "Must have permission NETWORK_FACTORY to unregister a policy listener");

                android.Manifest.permission.MANAGE_TEST_NETWORKS);





        Binder.withCleanCallingIdentity(() -> {

        Binder.withCleanCallingIdentity(() -> {

            synchronized (mLock) {

            synchronized (mLock) {
@@ -819,10 +824,20 @@ public class VcnManagementService extends IVcnManagementService.Stub { 
        requireNonNull(networkCapabilities, "networkCapabilities was null");

        requireNonNull(networkCapabilities, "networkCapabilities was null");

        requireNonNull(linkProperties, "linkProperties was null");

        requireNonNull(linkProperties, "linkProperties was null");





        mContext.enforceCallingOrSelfPermission(

        PermissionUtils.enforceAnyPermissionOf(

                mContext,

                android.Manifest.permission.NETWORK_FACTORY,

                android.Manifest.permission.NETWORK_FACTORY,

                "Must have permission NETWORK_FACTORY or be the SystemServer to get underlying"

                android.Manifest.permission.MANAGE_TEST_NETWORKS);

                        + " Network policies");



        final boolean isUsingManageTestNetworks =

                mContext.checkCallingOrSelfPermission(android.Manifest.permission.NETWORK_FACTORY)

                        != PackageManager.PERMISSION_GRANTED;



        if (isUsingManageTestNetworks && !networkCapabilities.hasTransport(TRANSPORT_TEST)) {

            throw new IllegalStateException(

                    "NetworkCapabilities must be for Test Network if using permission"

                            + " MANAGE_TEST_NETWORKS");

        }





        return Binder.withCleanCallingIdentity(() -> {

        return Binder.withCleanCallingIdentity(() -> {

            // Defensive copy in case this call is in-process and the given NetworkCapabilities

            // Defensive copy in case this call is in-process and the given NetworkCapabilities

tests/vcn/java/com/android/server/VcnManagementServiceTest.java

+7 −9
Original line number Original line Diff line number Diff line
@@ -57,6 +57,7 @@ import android.app.AppOpsManager; 
import android.content.BroadcastReceiver;

import android.content.BroadcastReceiver;

import android.content.Context;

import android.content.Context;

import android.content.Intent;

import android.content.Intent;

import android.content.pm.PackageManager;

import android.net.ConnectivityManager;

import android.net.ConnectivityManager;

import android.net.LinkProperties;

import android.net.LinkProperties;

import android.net.Network;

import android.net.Network;
@@ -707,10 +708,9 @@ public class VcnManagementServiceTest { 




    @Test(expected = SecurityException.class)

    @Test(expected = SecurityException.class)

    public void testAddVcnUnderlyingNetworkPolicyListenerInvalidPermission() {

    public void testAddVcnUnderlyingNetworkPolicyListenerInvalidPermission() {

        doThrow(new SecurityException())

        doReturn(PackageManager.PERMISSION_DENIED)

                .when(mMockContext)

                .when(mMockContext)

                .enforceCallingOrSelfPermission(

                .checkCallingOrSelfPermission(any());

                        eq(android.Manifest.permission.NETWORK_FACTORY), any());





        mVcnMgmtSvc.addVcnUnderlyingNetworkPolicyListener(mMockPolicyListener);

        mVcnMgmtSvc.addVcnUnderlyingNetworkPolicyListener(mMockPolicyListener);

    }

    }
@@ -724,10 +724,9 @@ public class VcnManagementServiceTest { 




    @Test(expected = SecurityException.class)

    @Test(expected = SecurityException.class)

    public void testRemoveVcnUnderlyingNetworkPolicyListenerInvalidPermission() {

    public void testRemoveVcnUnderlyingNetworkPolicyListenerInvalidPermission() {

        doThrow(new SecurityException())

        doReturn(PackageManager.PERMISSION_DENIED)

                .when(mMockContext)

                .when(mMockContext)

                .enforceCallingOrSelfPermission(

                .checkCallingOrSelfPermission(any());

                        eq(android.Manifest.permission.NETWORK_FACTORY), any());





        mVcnMgmtSvc.removeVcnUnderlyingNetworkPolicyListener(mMockPolicyListener);

        mVcnMgmtSvc.removeVcnUnderlyingNetworkPolicyListener(mMockPolicyListener);

    }

    }
@@ -919,10 +918,9 @@ public class VcnManagementServiceTest { 




    @Test(expected = SecurityException.class)

    @Test(expected = SecurityException.class)

    public void testGetUnderlyingNetworkPolicyInvalidPermission() {

    public void testGetUnderlyingNetworkPolicyInvalidPermission() {

        doThrow(new SecurityException())

        doReturn(PackageManager.PERMISSION_DENIED)

                .when(mMockContext)

                .when(mMockContext)

                .enforceCallingOrSelfPermission(

                .checkCallingOrSelfPermission(any());

                        eq(android.Manifest.permission.NETWORK_FACTORY), any());





        mVcnMgmtSvc.getUnderlyingNetworkPolicy(new NetworkCapabilities(), new LinkProperties());

        mVcnMgmtSvc.getUnderlyingNetworkPolicy(new NetworkCapabilities(), new LinkProperties());

    }

    }