Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a635d85 authored by Chalard Jean's avatar Chalard Jean
Browse files

Guard the SSID with NETWORK_SETTINGS 

Clean cherry-pick of ag/3904260

Bug: 77865258
Test: manual
Change-Id: I2a2e236041797df495759dd4e07648545cad6c7c
Merged-In: Iba59e93875c28b8e30db0c013575bc2f117cb16c
Merged-In: I6cf364f0815a2eaab60f5de5e1d5ccc4908e9eca
parent 6bc18fbb

packages/CaptivePortalLogin/AndroidManifest.xml

+1 −1
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ 
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

    <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />

    <uses-permission android:name="android.permission.NETWORK_BYPASS_PRIVATE_DNS" />

    <uses-permission android:name="android.permission.NETWORK_STACK" />

    <uses-permission android:name="android.permission.NETWORK_SETTINGS" />



    <application android:label="@string/app_name"

                 android:usesCleartextTraffic="true">

services/core/java/com/android/server/ConnectivityService.java

+2 −7
Original line number Diff line number Diff line
@@ -1373,7 +1373,7 @@ public class ConnectivityService extends IConnectivityManager.Stub 
            NetworkCapabilities nc, int callerPid, int callerUid) {

        final NetworkCapabilities newNc = new NetworkCapabilities(nc);

        if (!checkSettingsPermission(callerPid, callerUid)) newNc.setUids(null);

        if (!checkNetworkStackPermission(callerPid, callerUid)) newNc.setSSID(null);

        if (!checkSettingsPermission(callerPid, callerUid)) newNc.setSSID(null);

        return newNc;

    }
@@ -1633,11 +1633,6 @@ public class ConnectivityService extends IConnectivityManager.Stub 
                android.Manifest.permission.NETWORK_SETTINGS, pid, uid);

    }



    private boolean checkNetworkStackPermission(int pid, int uid) {

        return PERMISSION_GRANTED == mContext.checkPermission(

                android.Manifest.permission.NETWORK_STACK, pid, uid);

    }



    private void enforceTetherAccessPermission() {

        mContext.enforceCallingOrSelfPermission(

                android.Manifest.permission.ACCESS_NETWORK_STATE,
@@ -4197,7 +4192,7 @@ public class ConnectivityService extends IConnectivityManager.Stub 
    // calling app has permission to do so.

    private void ensureSufficientPermissionsForRequest(NetworkCapabilities nc,

            int callerPid, int callerUid) {

        if (null != nc.getSSID() && !checkNetworkStackPermission(callerPid, callerUid)) {

        if (null != nc.getSSID() && !checkSettingsPermission(callerPid, callerUid)) {

            throw new SecurityException("Insufficient permissions to request a specific SSID");

        }

    }