Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7713a108 authored by Treehugger Robot's avatar Treehugger Robot Committed by Android (Google) Code Review
Browse files

Merge "[network] add NetworkSpecifier#redact(long) and... 

Merge "[network] add NetworkSpecifier#redact(long) and NetworkSpecifier#getApplicableRedactions()" into main
parents 1e9b47d1 bdf264f7

AconfigFlags.bp

+12 −0
Original line number Diff line number Diff line
@@ -1312,6 +1312,18 @@ java_aconfig_library { 
    defaults: ["framework-minus-apex-aconfig-java-defaults"],

}



java_aconfig_library {

    name: "com.android.net.thread.platform.flags-aconfig-java-export",

    aconfig_declarations: "com.android.net.thread.platform.flags-aconfig",

    mode: "exported",

    min_sdk_version: "30",

    defaults: ["framework-minus-apex-aconfig-java-defaults"],

    apex_available: [

        "//apex_available:platform",

        "com.android.tethering",

    ],

}



// DevicePolicy

aconfig_declarations {

    name: "device_policy_aconfig_flags",

core/api/system-current.txt

+2 −0
Original line number Diff line number Diff line
@@ -10450,7 +10450,9 @@ package android.net { 














  public abstract class NetworkSpecifier {















    method public boolean canBeSatisfiedBy(@Nullable android.net.NetworkSpecifier);













    method @FlaggedApi("com.android.net.thread.platform.flags.thread_mobile_enabled") public long getApplicableRedactions();















    method @Nullable public android.net.NetworkSpecifier redact();













    method @FlaggedApi("com.android.net.thread.platform.flags.thread_mobile_enabled") @Nullable public android.net.NetworkSpecifier redact(long);















  }





























  public class NetworkStack {

























core/java/android/net/NetworkSpecifier.java



+70
−0




























Original line number
Diff line number
Diff line








@@ -16,8 +16,16 @@





























package android.net;





























import static android.annotation.SystemApi.Client.PRIVILEGED_APPS;



























import static com.android.net.thread.platform.flags.Flags.FLAG_THREAD_MOBILE_ENABLED;



























import android.annotation.FlaggedApi;













import android.annotation.NonNull;















import android.annotation.Nullable;















import android.annotation.SystemApi;













import android.content.Context;













import android.content.pm.PackageManager;































/**















 * Describes specific properties of a requested network for use in a {@link NetworkRequest}.










@@ -69,4 +77,66 @@ public abstract class NetworkSpecifier {













        // implement this method.















        return this;















    }



























    /**













     * Optional method which can be overridden by concrete implementations of NetworkSpecifier to













     * perform any redaction of information from the NetworkSpecifier, e.g. if it contains













     * sensitive information. The default implementation simply returns the object itself - i.e.













     * no information is redacted. A concrete implementation may return a modified (copy) of the













     * NetworkSpecifier, or even return a null to fully remove all information.













     * <p>













     * This method is relevant to NetworkSpecifier objects used by agents - those are shared with













     * apps by default. Some agents may store sensitive matching information in the specifier,













     * e.g. a Wi-Fi SSID (which should not be shared since it may leak location). Those classes













     * can redact to a null. Other agents use the Network Specifier to share public information













     * with apps - those should not be redacted.













     * <p>













     * When a NetworkSpecifier is used in the input of ConnectivityManager APIs (e.g. {@link













     * ConnectivityManager#requestNetwork} and {@link ConnectivityManager#registerNetworkCallback}),













     * this method will be used to check if the {@code NetworkRequest} contains sensitive













     * information that the requesting app doesn't have permission to use and throws {@link













     * SecurityException} on it. When the NetworkSpecifier is included in {@link













     * ConnectivityManager#NetworkCallback}, this method will be used to redact sensitive













     * information that the receiving app doesn't have permission to see it.













     * <p>













     * The default implementation will do nothing and return {@code this}.













     * <p>













     * Instead of overriding {@link #redact()}, a new subclass should override this method and













     * {@link #getApplicableRedactions()}.













     *













     * @param redactions see {@link NetworkCapabilities#REDACT_} for available redactions. For













     * example, if the bit {@link NetworkCapabilities#REDACT_FOR_ACCESS_FINE_LOCATION} is set in













     * this argument, the returned specifier should contain no information that should not be













     * shared with apps that do not hold the ACCESS_FINE_LOCATION permission.













     * @return a NetworkSpecifier object to be passed along to the requesting app













     * @see #getApplicableRedactions()













     * @hide













     */













    @FlaggedApi(FLAG_THREAD_MOBILE_ENABLED)













    @SystemApi(client = PRIVILEGED_APPS)













    @Nullable













    public NetworkSpecifier redact(long redactions) {













        return this;













    }



























    /**













     * Returns a bitmask of all the applicable redactions (based on the permissions held by the













     * receiving app) to be performed on this NetworkSpecifier.













     * <p>













     * The default implementation returns {@link NetworkCapabilities#REDACT_NONE}.













     * <p>













     * A subclass which is overriding this API MUST override {@link #redact(long)} as well..













     *













     * @return bitmask of redactions that this specifier is subject to. For example, if a specifier













     * has information that should only be shared with apps holding the ACCESS_FINE_LOCATION













     * permission and the WHATEVER permission, it should return {@code













     * REDACT_FOR_ACCESS_FINE_LOCATION|REDACT_FOR_WHATEVER}.













     * @see #redact(long)













     * @hide













     */













    @FlaggedApi(FLAG_THREAD_MOBILE_ENABLED)













    @SystemApi(client = PRIVILEGED_APPS)













    public long getApplicableRedactions() {













        return NetworkCapabilities.REDACT_NONE;













    }















}
























core/java/android/net/thread/flags.aconfig



+1
−0




























Original line number
Diff line number
Diff line








@@ -22,6 +22,7 @@ flag {





























flag {















    name: "thread_mobile_enabled"













    is_exported: true















    namespace: "thread_network"















    description: "Controls whether Thread support for mobile devices is enabled"















    bug: "363970206"