Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a2f9c06 authored by Lorenzo Colitti's avatar Lorenzo Colitti Committed by Gerrit Code Review
Browse files

Merge changes I90bf7957,If58524b0 

* changes:
  Fix privileged apps calling registerDefaultNetworkCallback.
  Test a bug with NETWORK_SETTINGS+registerDefaultNetworkCallback.
parents 9f1cd407 ae679887

services/core/java/com/android/server/ConnectivityService.java

+6 −1
Original line number Diff line number Diff line
@@ -6116,10 +6116,15 @@ public class ConnectivityService extends IConnectivityManager.Stub 
    private NetworkCapabilities copyDefaultNetworkCapabilitiesForUid(

            @NonNull final NetworkCapabilities netCapToCopy, @NonNull final int requestorUid,

            @NonNull final String requestorPackageName) {

        // These capabilities are for a TRACK_DEFAULT callback, so:

        // 1. Remove NET_CAPABILITY_VPN, because it's (currently!) the only difference between

        //    mDefaultRequest and a per-UID default request.

        //    TODO: stop depending on the fact that these two unrelated things happen to be the same

        // 2. Always set the UIDs to mAsUid. restrictRequestUidsForCallerAndSetRequestorInfo will

        //    not do this in the case of a privileged application.

        final NetworkCapabilities netCap = new NetworkCapabilities(netCapToCopy);

        netCap.removeCapability(NET_CAPABILITY_NOT_VPN);

        netCap.setSingleUid(requestorUid);

        netCap.setUids(new ArraySet<>());

        restrictRequestUidsForCallerAndSetRequestorInfo(

                netCap, requestorUid, requestorPackageName);

        return netCap;

tests/net/java/com/android/server/ConnectivityServiceTest.java

+16 −0
Original line number Diff line number Diff line
@@ -7487,6 +7487,9 @@ public class ConnectivityServiceTest { 
        final NetworkRequest vpnUidRequest = new NetworkRequest.Builder().build();

        registerNetworkCallbackAsUid(vpnUidRequest, vpnUidCallback, VPN_UID);













        final TestNetworkCallback vpnUidDefaultCallback = new TestNetworkCallback();













        registerDefaultNetworkCallbackAsUid(vpnUidDefaultCallback, VPN_UID);



























        final int uid = Process.myUid();















        final int userId = UserHandle.getUserId(uid);















        final ArrayList<String> allowList = new ArrayList<>();









@@ -7505,6 +7508,7 @@ public class ConnectivityServiceTest {













        callback.expectAvailableCallbacksUnvalidatedAndBlocked(mWiFiNetworkAgent);















        defaultCallback.expectAvailableCallbacksUnvalidatedAndBlocked(mWiFiNetworkAgent);















        vpnUidCallback.expectAvailableCallbacksUnvalidated(mWiFiNetworkAgent);













        vpnUidDefaultCallback.expectAvailableCallbacksUnvalidated(mWiFiNetworkAgent);















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertNull(mCm.getActiveNetwork());















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);









@@ -7517,6 +7521,7 @@ public class ConnectivityServiceTest {













        callback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);















        defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);















        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();















        expectNetworkRejectNonSecureVpn(inOrder, false, firstHalf, secondHalf);















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());









@@ -7531,6 +7536,7 @@ public class ConnectivityServiceTest {













        callback.assertNoCallback();















        defaultCallback.assertNoCallback();















        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();





























        // The following requires that the UID of this test package is greater than VPN_UID. This















        // is always true in practice because a plain AOSP build with no apps installed has almost









@@ -7551,6 +7557,7 @@ public class ConnectivityServiceTest {













        callback.expectAvailableCallbacksUnvalidated(mCellNetworkAgent);















        defaultCallback.assertNoCallback();















        vpnUidCallback.expectAvailableCallbacksUnvalidated(mCellNetworkAgent);













        vpnUidDefaultCallback.assertNoCallback();















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);









@@ -7571,6 +7578,7 @@ public class ConnectivityServiceTest {













        defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent);















        assertBlockedCallbackInAnyOrder(callback, true, mWiFiNetworkAgent, mCellNetworkAgent);















        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertNull(mCm.getActiveNetwork());















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);









@@ -7582,6 +7590,7 @@ public class ConnectivityServiceTest {













        defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);















        assertBlockedCallbackInAnyOrder(callback, false, mWiFiNetworkAgent, mCellNetworkAgent);















        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);









@@ -7596,6 +7605,7 @@ public class ConnectivityServiceTest {













        callback.assertNoCallback();















        defaultCallback.assertNoCallback();















        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);









@@ -7607,6 +7617,7 @@ public class ConnectivityServiceTest {













        callback.assertNoCallback();















        defaultCallback.assertNoCallback();















        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);









@@ -7619,6 +7630,7 @@ public class ConnectivityServiceTest {













        defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent);















        assertBlockedCallbackInAnyOrder(callback, true, mWiFiNetworkAgent, mCellNetworkAgent);















        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertNull(mCm.getActiveNetwork());















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);









@@ -7629,6 +7641,7 @@ public class ConnectivityServiceTest {













        assertUidRangesUpdatedForMyUid(true);















        defaultCallback.expectAvailableThenValidatedCallbacks(mMockVpn);















        vpnUidCallback.assertNoCallback();  // vpnUidCallback has NOT_VPN capability.













        vpnUidDefaultCallback.assertNoCallback();  // VPN does not apply to VPN_UID















        assertEquals(mMockVpn.getNetwork(), mCm.getActiveNetwork());















        assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(VPN_UID));















        assertActiveNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);









@@ -7639,11 +7652,14 @@ public class ConnectivityServiceTest {













        mMockVpn.disconnect();















        defaultCallback.expectCallback(CallbackEntry.LOST, mMockVpn);















        defaultCallback.expectAvailableCallbacksUnvalidatedAndBlocked(mWiFiNetworkAgent);













        vpnUidCallback.assertNoCallback();













        vpnUidDefaultCallback.assertNoCallback();















        assertNull(mCm.getActiveNetwork());





























        mCm.unregisterNetworkCallback(callback);















        mCm.unregisterNetworkCallback(defaultCallback);















        mCm.unregisterNetworkCallback(vpnUidCallback);













        mCm.unregisterNetworkCallback(vpnUidDefaultCallback);















    }





























    private void setupLegacyLockdownVpn() {