Loading services/core/java/com/android/server/ConnectivityService.java +26 −7 Original line number Original line Diff line number Diff line Loading @@ -238,8 +238,9 @@ public class ConnectivityService extends IConnectivityManager.Stub private KeyStore mKeyStore; private KeyStore mKeyStore; @VisibleForTesting @GuardedBy("mVpns") @GuardedBy("mVpns") private final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); protected final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); // TODO: investigate if mLockdownEnabled can be removed and replaced everywhere by // TODO: investigate if mLockdownEnabled can be removed and replaced everywhere by // a direct call to LockdownVpnTracker.isEnabled(). // a direct call to LockdownVpnTracker.isEnabled(). Loading Loading @@ -929,6 +930,15 @@ public class ConnectivityService extends IConnectivityManager.Stub deps); deps); } } private static NetworkCapabilities createDefaultNetworkCapabilitiesForUid(int uid) { final NetworkCapabilities netCap = new NetworkCapabilities(); netCap.addCapability(NET_CAPABILITY_INTERNET); netCap.addCapability(NET_CAPABILITY_NOT_RESTRICTED); netCap.removeCapability(NET_CAPABILITY_NOT_VPN); netCap.setSingleUid(uid); return netCap; } private NetworkRequest createDefaultInternetRequestForTransport( private NetworkRequest createDefaultInternetRequestForTransport( int transportType, NetworkRequest.Type type) { int transportType, NetworkRequest.Type type) { NetworkCapabilities netCap = new NetworkCapabilities(); NetworkCapabilities netCap = new NetworkCapabilities(); Loading Loading @@ -1181,12 +1191,20 @@ public class ConnectivityService extends IConnectivityManager.Stub int vpnNetId = NETID_UNSET; int vpnNetId = NETID_UNSET; synchronized (mVpns) { synchronized (mVpns) { final Vpn vpn = mVpns.get(user); final Vpn vpn = mVpns.get(user); // TODO : now that capabilities contain the UID, the appliesToUid test should // be removed as the satisfying test below should be enough. if (vpn != null && vpn.appliesToUid(uid)) vpnNetId = vpn.getNetId(); if (vpn != null && vpn.appliesToUid(uid)) vpnNetId = vpn.getNetId(); } } NetworkAgentInfo nai; NetworkAgentInfo nai; if (vpnNetId != NETID_UNSET) { if (vpnNetId != NETID_UNSET) { nai = getNetworkAgentInfoForNetId(vpnNetId); nai = getNetworkAgentInfoForNetId(vpnNetId); if (nai != null) return nai.network; if (nai != null) { final NetworkCapabilities requiredCaps = createDefaultNetworkCapabilitiesForUid(uid); if (requiredCaps.satisfiedByNetworkCapabilities(nai.networkCapabilities)) { return nai.network; } } } } nai = getDefaultNetwork(); nai = getDefaultNetwork(); if (nai != null if (nai != null Loading Loading @@ -1401,8 +1419,10 @@ public class ConnectivityService extends IConnectivityManager.Stub private NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( private NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( NetworkCapabilities nc, int callerPid, int callerUid) { NetworkCapabilities nc, int callerPid, int callerUid) { final NetworkCapabilities newNc = new NetworkCapabilities(nc); final NetworkCapabilities newNc = new NetworkCapabilities(nc); if (!checkSettingsPermission(callerPid, callerUid)) newNc.setUids(null); if (!checkSettingsPermission(callerPid, callerUid)) { if (!checkSettingsPermission(callerPid, callerUid)) newNc.setSSID(null); newNc.setUids(null); newNc.setSSID(null); } return newNc; return newNc; } } Loading Loading @@ -4304,8 +4324,7 @@ public class ConnectivityService extends IConnectivityManager.Stub // the default network request. This allows callers to keep track of // the default network request. This allows callers to keep track of // the system default network. // the system default network. if (type == NetworkRequest.Type.TRACK_DEFAULT) { if (type == NetworkRequest.Type.TRACK_DEFAULT) { networkCapabilities = new NetworkCapabilities(mDefaultRequest.networkCapabilities); networkCapabilities = createDefaultNetworkCapabilitiesForUid(Binder.getCallingUid()); networkCapabilities.removeCapability(NET_CAPABILITY_NOT_VPN); enforceAccessPermission(); enforceAccessPermission(); } else { } else { networkCapabilities = new NetworkCapabilities(networkCapabilities); networkCapabilities = new NetworkCapabilities(networkCapabilities); Loading tests/net/java/com/android/server/ConnectivityServiceTest.java +137 −4 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
services/core/java/com/android/server/ConnectivityService.java +26 −7 Original line number Original line Diff line number Diff line Loading @@ -238,8 +238,9 @@ public class ConnectivityService extends IConnectivityManager.Stub private KeyStore mKeyStore; private KeyStore mKeyStore; @VisibleForTesting @GuardedBy("mVpns") @GuardedBy("mVpns") private final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); protected final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); // TODO: investigate if mLockdownEnabled can be removed and replaced everywhere by // TODO: investigate if mLockdownEnabled can be removed and replaced everywhere by // a direct call to LockdownVpnTracker.isEnabled(). // a direct call to LockdownVpnTracker.isEnabled(). Loading Loading @@ -929,6 +930,15 @@ public class ConnectivityService extends IConnectivityManager.Stub deps); deps); } } private static NetworkCapabilities createDefaultNetworkCapabilitiesForUid(int uid) { final NetworkCapabilities netCap = new NetworkCapabilities(); netCap.addCapability(NET_CAPABILITY_INTERNET); netCap.addCapability(NET_CAPABILITY_NOT_RESTRICTED); netCap.removeCapability(NET_CAPABILITY_NOT_VPN); netCap.setSingleUid(uid); return netCap; } private NetworkRequest createDefaultInternetRequestForTransport( private NetworkRequest createDefaultInternetRequestForTransport( int transportType, NetworkRequest.Type type) { int transportType, NetworkRequest.Type type) { NetworkCapabilities netCap = new NetworkCapabilities(); NetworkCapabilities netCap = new NetworkCapabilities(); Loading Loading @@ -1181,12 +1191,20 @@ public class ConnectivityService extends IConnectivityManager.Stub int vpnNetId = NETID_UNSET; int vpnNetId = NETID_UNSET; synchronized (mVpns) { synchronized (mVpns) { final Vpn vpn = mVpns.get(user); final Vpn vpn = mVpns.get(user); // TODO : now that capabilities contain the UID, the appliesToUid test should // be removed as the satisfying test below should be enough. if (vpn != null && vpn.appliesToUid(uid)) vpnNetId = vpn.getNetId(); if (vpn != null && vpn.appliesToUid(uid)) vpnNetId = vpn.getNetId(); } } NetworkAgentInfo nai; NetworkAgentInfo nai; if (vpnNetId != NETID_UNSET) { if (vpnNetId != NETID_UNSET) { nai = getNetworkAgentInfoForNetId(vpnNetId); nai = getNetworkAgentInfoForNetId(vpnNetId); if (nai != null) return nai.network; if (nai != null) { final NetworkCapabilities requiredCaps = createDefaultNetworkCapabilitiesForUid(uid); if (requiredCaps.satisfiedByNetworkCapabilities(nai.networkCapabilities)) { return nai.network; } } } } nai = getDefaultNetwork(); nai = getDefaultNetwork(); if (nai != null if (nai != null Loading Loading @@ -1401,8 +1419,10 @@ public class ConnectivityService extends IConnectivityManager.Stub private NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( private NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions( NetworkCapabilities nc, int callerPid, int callerUid) { NetworkCapabilities nc, int callerPid, int callerUid) { final NetworkCapabilities newNc = new NetworkCapabilities(nc); final NetworkCapabilities newNc = new NetworkCapabilities(nc); if (!checkSettingsPermission(callerPid, callerUid)) newNc.setUids(null); if (!checkSettingsPermission(callerPid, callerUid)) { if (!checkSettingsPermission(callerPid, callerUid)) newNc.setSSID(null); newNc.setUids(null); newNc.setSSID(null); } return newNc; return newNc; } } Loading Loading @@ -4304,8 +4324,7 @@ public class ConnectivityService extends IConnectivityManager.Stub // the default network request. This allows callers to keep track of // the default network request. This allows callers to keep track of // the system default network. // the system default network. if (type == NetworkRequest.Type.TRACK_DEFAULT) { if (type == NetworkRequest.Type.TRACK_DEFAULT) { networkCapabilities = new NetworkCapabilities(mDefaultRequest.networkCapabilities); networkCapabilities = createDefaultNetworkCapabilitiesForUid(Binder.getCallingUid()); networkCapabilities.removeCapability(NET_CAPABILITY_NOT_VPN); enforceAccessPermission(); enforceAccessPermission(); } else { } else { networkCapabilities = new NetworkCapabilities(networkCapabilities); networkCapabilities = new NetworkCapabilities(networkCapabilities); Loading
tests/net/java/com/android/server/ConnectivityServiceTest.java +137 −4 File changed.Preview size limit exceeded, changes collapsed. Show changes
