Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8e25bf20 authored by Roshan Pius's avatar Roshan Pius Committed by Automerger Merge Worker
Browse files

Merge "ConnectivityService: Plumb attribution tag for location permission... 

Merge "ConnectivityService: Plumb attribution tag for location permission checks" am: 482b2dda am: 74371a29 am: 94404471 am: c935fed6

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1534625

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I5ce4bd930090fb0b5222d78c8a73463b3da2755b
parents 529de498 c935fed6

packages/Connectivity/framework/src/android/net/ConnectivityManager.java

+7 −4
Original line number Diff line number Diff line
@@ -1368,7 +1368,7 @@ public class ConnectivityManager { 
    public NetworkCapabilities[] getDefaultNetworkCapabilitiesForUser(int userId) {

        try {

            return mService.getDefaultNetworkCapabilitiesForUser(

                    userId, mContext.getOpPackageName());

                    userId, mContext.getOpPackageName(), getAttributionTag());

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }
@@ -1450,7 +1450,8 @@ public class ConnectivityManager { 
    @Nullable

    public NetworkCapabilities getNetworkCapabilities(@Nullable Network network) {

        try {

            return mService.getNetworkCapabilities(network, mContext.getOpPackageName());

            return mService.getNetworkCapabilities(

                    network, mContext.getOpPackageName(), getAttributionTag());

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }
@@ -3735,7 +3736,8 @@ public class ConnectivityManager { 
                Binder binder = new Binder();

                if (reqType == LISTEN) {

                    request = mService.listenForNetwork(

                            need, messenger, binder, callingPackageName);

                            need, messenger, binder, callingPackageName,

                            getAttributionTag());

                } else {

                    request = mService.requestNetwork(

                            need, reqType.ordinal(), messenger, timeoutMs, binder, legacyType,
@@ -4180,7 +4182,8 @@ public class ConnectivityManager { 
        checkPendingIntentNotNull(operation);

        try {

            mService.pendingListenForNetwork(

                    request.networkCapabilities, operation, mContext.getOpPackageName());

                    request.networkCapabilities, operation, mContext.getOpPackageName(),

                    getAttributionTag());

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } catch (ServiceSpecificException e) {

packages/Connectivity/framework/src/android/net/IConnectivityManager.aidl

+7 −4
Original line number Diff line number Diff line
@@ -66,7 +66,7 @@ interface IConnectivityManager 
    Network getNetworkForType(int networkType);

    Network[] getAllNetworks();

    NetworkCapabilities[] getDefaultNetworkCapabilitiesForUser(

            int userId, String callingPackageName);

            int userId, String callingPackageName, String callingAttributionTag);



    boolean isNetworkSupported(int networkType);
@@ -75,7 +75,8 @@ interface IConnectivityManager 
    LinkProperties getLinkPropertiesForType(int networkType);

    LinkProperties getLinkProperties(in Network network);



    NetworkCapabilities getNetworkCapabilities(in Network network, String callingPackageName);

    NetworkCapabilities getNetworkCapabilities(in Network network, String callingPackageName,

            String callingAttributionTag);



    @UnsupportedAppUsage(maxTargetSdk = 30, trackingBug = 170729553)

    NetworkState[] getAllNetworkState();
@@ -176,10 +177,12 @@ interface IConnectivityManager 
    void releasePendingNetworkRequest(in PendingIntent operation);



    NetworkRequest listenForNetwork(in NetworkCapabilities networkCapabilities,

            in Messenger messenger, in IBinder binder, String callingPackageName);

            in Messenger messenger, in IBinder binder, String callingPackageName,

            String callingAttributionTag);



    void pendingListenForNetwork(in NetworkCapabilities networkCapabilities,

            in PendingIntent operation, String callingPackageName);

            in PendingIntent operation, String callingPackageName,

            String callingAttributionTag);



    void releaseNetworkRequest(in NetworkRequest networkRequest);

services/core/java/com/android/server/ConnectivityService.java

+45 −23
Original line number Diff line number Diff line
@@ -1038,7 +1038,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
        mNetworkRanker = new NetworkRanker();

        final NetworkRequest defaultInternetRequest = createDefaultInternetRequestForTransport(

                -1, NetworkRequest.Type.REQUEST);

        mDefaultRequest = new NetworkRequestInfo(null, defaultInternetRequest, new Binder());

        mDefaultRequest = new NetworkRequestInfo(null, defaultInternetRequest, new Binder(),

                null /* attributionTag */);

        mNetworkRequests.put(defaultInternetRequest, mDefaultRequest);

        mDefaultNetworkRequests.add(mDefaultRequest);

        mNetworkRequestInfoLogs.log("REGISTER " + mDefaultRequest);
@@ -1308,7 +1309,7 @@ public class ConnectivityService extends IConnectivityManager.Stub 


        if (enable) {

            handleRegisterNetworkRequest(new NetworkRequestInfo(

                    null, networkRequest, new Binder()));

                    null, networkRequest, new Binder(), null /* attributionTag */));

        } else {

            handleReleaseNetworkRequest(networkRequest, Process.SYSTEM_UID,

                    /* callOnUnavailable */ false);
@@ -1643,7 +1644,7 @@ public class ConnectivityService extends IConnectivityManager.Stub 


    @Override

    public NetworkCapabilities[] getDefaultNetworkCapabilitiesForUser(

                int userId, String callingPackageName) {

                int userId, String callingPackageName, @Nullable String callingAttributionTag) {

        // The basic principle is: if an app's traffic could possibly go over a

        // network, without the app doing anything multinetwork-specific,

        // (hence, by "default"), then include that network's capabilities in
@@ -1674,7 +1675,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
                result.put(

                        nai.network,

                        createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                nc, mDeps.getCallingUid(), callingPackageName));

                                nc, mDeps.getCallingUid(), callingPackageName,

                                callingAttributionTag));

            }

        }
@@ -1687,7 +1689,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
                    result.put(

                            network,

                            createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                    nc, mDeps.getCallingUid(), callingPackageName));

                                    nc, mDeps.getCallingUid(), callingPackageName,

                                    callingAttributionTag));

                }

            }

        }
@@ -1762,12 +1765,13 @@ public class ConnectivityService extends IConnectivityManager.Stub 
    }



    @Override

    public NetworkCapabilities getNetworkCapabilities(Network network, String callingPackageName) {

    public NetworkCapabilities getNetworkCapabilities(Network network, String callingPackageName,

            @Nullable String callingAttributionTag) {

        mAppOpsManager.checkPackage(mDeps.getCallingUid(), callingPackageName);

        enforceAccessPermission();

        return createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                getNetworkCapabilitiesInternal(network),

                mDeps.getCallingUid(), callingPackageName);

                mDeps.getCallingUid(), callingPackageName, callingAttributionTag);

    }



    @VisibleForTesting
@@ -1786,11 +1790,12 @@ public class ConnectivityService extends IConnectivityManager.Stub 
        return newNc;

    }



    private boolean hasLocationPermission(int callerUid, @NonNull String callerPkgName) {

    private boolean hasLocationPermission(int callerUid, @NonNull String callerPkgName,

            @Nullable String callingAttributionTag) {

        final long token = Binder.clearCallingIdentity();

        try {

            return mLocationPermissionChecker.checkLocationPermission(

                    callerPkgName, null /* featureId */, callerUid, null /* message */);

                    callerPkgName, callingAttributionTag, callerUid, null /* message */);

        } finally {

            Binder.restoreCallingIdentity(token);

        }
@@ -1799,7 +1804,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
    @VisibleForTesting

    @Nullable

    NetworkCapabilities createWithLocationInfoSanitizedIfNecessaryWhenParceled(

            @Nullable NetworkCapabilities nc, int callerUid, @NonNull String callerPkgName) {

            @Nullable NetworkCapabilities nc, int callerUid, @NonNull String callerPkgName,

            @Nullable String callingAttributionTag) {

        if (nc == null) {

            return null;

        }
@@ -1808,7 +1814,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
        // Avoid doing location permission check if the transport info has no location sensitive

        // data.

        if (nc.getTransportInfo() != null && nc.getTransportInfo().hasLocationSensitiveFields()) {

            hasLocationPermission = hasLocationPermission(callerUid, callerPkgName);

            hasLocationPermission =

                    hasLocationPermission(callerUid, callerPkgName, callingAttributionTag);

            newNc = new NetworkCapabilities(nc, hasLocationPermission);

        } else {

            newNc = new NetworkCapabilities(nc, false /* parcelLocationSensitiveFields */);
@@ -1825,7 +1832,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
        }

        if (hasLocationPermission == null) {

            // Location permission not checked yet, check now for masking owner UID.

            hasLocationPermission = hasLocationPermission(callerUid, callerPkgName);

            hasLocationPermission =

                    hasLocationPermission(callerUid, callerPkgName, callingAttributionTag);

        }

        // Reset owner uid if the app has no location permission.

        if (!hasLocationPermission) {
@@ -5541,6 +5549,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
        final int mPid;

        final int mUid;

        final Messenger messenger;

        @Nullable

        final String mCallingAttributionTag;



        /**

         * Get the list of UIDs this nri applies to.
@@ -5554,7 +5564,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
            return uids;

        }



        NetworkRequestInfo(NetworkRequest r, PendingIntent pi) {

        NetworkRequestInfo(NetworkRequest r, PendingIntent pi,

                @Nullable String callingAttributionTag) {

            mRequests = initializeRequests(r);

            ensureAllNetworkRequestsHaveType(mRequests);

            mPendingIntent = pi;
@@ -5563,9 +5574,11 @@ public class ConnectivityService extends IConnectivityManager.Stub 
            mPid = getCallingPid();

            mUid = mDeps.getCallingUid();

            mNetworkRequestCounter.incrementCountOrThrow(mUid);

            mCallingAttributionTag = callingAttributionTag;

        }



        NetworkRequestInfo(Messenger m, NetworkRequest r, IBinder binder) {

        NetworkRequestInfo(Messenger m, NetworkRequest r, IBinder binder,

                @Nullable String callingAttributionTag) {

            super();

            messenger = m;

            mRequests = initializeRequests(r);
@@ -5575,6 +5588,7 @@ public class ConnectivityService extends IConnectivityManager.Stub 
            mUid = mDeps.getCallingUid();

            mPendingIntent = null;

            mNetworkRequestCounter.incrementCountOrThrow(mUid);

            mCallingAttributionTag = callingAttributionTag;



            try {

                mBinder.linkToDeath(this, 0);
@@ -5584,7 +5598,7 @@ public class ConnectivityService extends IConnectivityManager.Stub 
        }



        NetworkRequestInfo(NetworkRequest r) {

            this(r, null);

            this(r, null /* pi */, null /* callingAttributionTag */);

        }



        // True if this NRI is being satisfied. It also accounts for if the nri has its satisifer
@@ -5777,7 +5791,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 


        NetworkRequest networkRequest = new NetworkRequest(networkCapabilities, legacyType,

                nextNetworkRequestId(), reqType);

        NetworkRequestInfo nri = new NetworkRequestInfo(messenger, networkRequest, binder);

        NetworkRequestInfo nri =

                new NetworkRequestInfo(messenger, networkRequest, binder, callingAttributionTag);

        if (DBG) log("requestNetwork for " + nri);



        mHandler.sendMessage(mHandler.obtainMessage(EVENT_REGISTER_NETWORK_REQUEST, nri));
@@ -5866,7 +5881,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 


        NetworkRequest networkRequest = new NetworkRequest(networkCapabilities, TYPE_NONE,

                nextNetworkRequestId(), NetworkRequest.Type.REQUEST);

        NetworkRequestInfo nri = new NetworkRequestInfo(networkRequest, operation);

        NetworkRequestInfo nri =

                new NetworkRequestInfo(networkRequest, operation, callingAttributionTag);

        if (DBG) log("pendingRequest for " + nri);

        mHandler.sendMessage(mHandler.obtainMessage(EVENT_REGISTER_NETWORK_REQUEST_WITH_INTENT,

                nri));
@@ -5910,7 +5926,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 


    @Override

    public NetworkRequest listenForNetwork(NetworkCapabilities networkCapabilities,

            Messenger messenger, IBinder binder, @NonNull String callingPackageName) {

            Messenger messenger, IBinder binder, @NonNull String callingPackageName,

            @Nullable String callingAttributionTag) {

        final int callingUid = mDeps.getCallingUid();

        if (!hasWifiNetworkListenPermission(networkCapabilities)) {

            enforceAccessPermission();
@@ -5930,7 +5947,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 


        NetworkRequest networkRequest = new NetworkRequest(nc, TYPE_NONE, nextNetworkRequestId(),

                NetworkRequest.Type.LISTEN);

        NetworkRequestInfo nri = new NetworkRequestInfo(messenger, networkRequest, binder);

        NetworkRequestInfo nri =

                new NetworkRequestInfo(messenger, networkRequest, binder, callingAttributionTag);

        if (VDBG) log("listenForNetwork for " + nri);



        mHandler.sendMessage(mHandler.obtainMessage(EVENT_REGISTER_NETWORK_LISTENER, nri));
@@ -5939,7 +5957,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 


    @Override

    public void pendingListenForNetwork(NetworkCapabilities networkCapabilities,

            PendingIntent operation, @NonNull String callingPackageName) {

            PendingIntent operation, @NonNull String callingPackageName,

            @Nullable String callingAttributionTag) {

        Objects.requireNonNull(operation, "PendingIntent cannot be null.");

        final int callingUid = mDeps.getCallingUid();

        if (!hasWifiNetworkListenPermission(networkCapabilities)) {
@@ -5953,7 +5972,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 


        NetworkRequest networkRequest = new NetworkRequest(nc, TYPE_NONE, nextNetworkRequestId(),

                NetworkRequest.Type.LISTEN);

        NetworkRequestInfo nri = new NetworkRequestInfo(networkRequest, operation);

        NetworkRequestInfo nri =

                new NetworkRequestInfo(networkRequest, operation, callingAttributionTag);

        if (VDBG) log("pendingListenForNetwork for " + nri);



        mHandler.sendMessage(mHandler.obtainMessage(EVENT_REGISTER_NETWORK_LISTENER, nri));
@@ -7168,7 +7188,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
                putParcelable(

                        bundle,

                        createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                nc, nri.mUid, nrForCallback.getRequestorPackageName()));

                                nc, nri.mUid, nrForCallback.getRequestorPackageName(),

                                nri.mCallingAttributionTag));

                putParcelable(bundle, linkPropertiesRestrictedForCallerPermissions(

                        networkAgent.linkProperties, nri.mPid, nri.mUid));

                // For this notification, arg1 contains the blocked status.
@@ -7187,7 +7208,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
                putParcelable(

                        bundle,

                        createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                                netCap, nri.mUid, nrForCallback.getRequestorPackageName()));

                                netCap, nri.mUid, nrForCallback.getRequestorPackageName(),

                                nri.mCallingAttributionTag));

                break;

            }

            case ConnectivityManager.CALLBACK_IP_CHANGED: {

tests/net/java/android/net/ConnectivityManagerTest.java

+6 −4
Original line number Diff line number Diff line
@@ -345,15 +345,17 @@ public class ConnectivityManagerTest { 
    @Test

    public void testRequestType() throws Exception {

        final String testPkgName = "MyPackage";

        final String testAttributionTag = "MyTag";

        final ConnectivityManager manager = new ConnectivityManager(mCtx, mService);

        when(mCtx.getOpPackageName()).thenReturn(testPkgName);

        when(mCtx.getAttributionTag()).thenReturn(testAttributionTag);

        final NetworkRequest request = makeRequest(1);

        final NetworkCallback callback = new ConnectivityManager.NetworkCallback();



        manager.requestNetwork(request, callback);

        verify(mService).requestNetwork(eq(request.networkCapabilities),

                eq(REQUEST.ordinal()), any(), anyInt(), any(), eq(TYPE_NONE),

                eq(testPkgName), eq(null));

                eq(testPkgName), eq(testAttributionTag));

        reset(mService);



        // Verify that register network callback does not calls requestNetwork at all.
@@ -361,19 +363,19 @@ public class ConnectivityManagerTest { 
        verify(mService, never()).requestNetwork(any(), anyInt(), any(), anyInt(), any(),

                anyInt(), any(), any());

        verify(mService).listenForNetwork(eq(request.networkCapabilities), any(), any(),

                eq(testPkgName));

                eq(testPkgName), eq(testAttributionTag));

        reset(mService);



        manager.registerDefaultNetworkCallback(callback);

        verify(mService).requestNetwork(eq(null),

                eq(TRACK_DEFAULT.ordinal()), any(), anyInt(), any(), eq(TYPE_NONE),

                eq(testPkgName), eq(null));

                eq(testPkgName), eq(testAttributionTag));

        reset(mService);



        manager.requestBackgroundNetwork(request, null, callback);

        verify(mService).requestNetwork(eq(request.networkCapabilities),

                eq(BACKGROUND_REQUEST.ordinal()), any(), anyInt(), any(), eq(TYPE_NONE),

                eq(testPkgName), eq(null));

                eq(testPkgName), eq(testAttributionTag));

        reset(mService);

    }

tests/net/java/com/android/server/ConnectivityServiceTest.java

+5 −4
Original line number Diff line number Diff line
@@ -6365,7 +6365,7 @@ public class ConnectivityServiceTest { 


    private void assertDefaultNetworkCapabilities(int userId, NetworkAgentWrapper... networks) {

        final NetworkCapabilities[] defaultCaps = mService.getDefaultNetworkCapabilitiesForUser(

                userId, "com.android.calling.package");

                userId, "com.android.calling.package", "com.test");

        final String defaultCapsString = Arrays.toString(defaultCaps);

        assertEquals(defaultCapsString, defaultCaps.length, networks.length);

        final Set<NetworkCapabilities> defaultCapsSet = new ArraySet<>(defaultCaps);
@@ -8377,7 +8377,8 @@ public class ConnectivityServiceTest { 
        when(mLocationManager.isLocationEnabledForUser(any())).thenReturn(locationToggle);



        if (op != null) {

            when(mAppOpsManager.noteOp(eq(op), eq(Process.myUid()), eq(mContext.getPackageName())))

            when(mAppOpsManager.noteOp(eq(op), eq(Process.myUid()),

                    eq(mContext.getPackageName()), eq(getAttributionTag()), anyString()))

                .thenReturn(AppOpsManager.MODE_ALLOWED);

        }
@@ -8390,7 +8391,7 @@ public class ConnectivityServiceTest { 
        final NetworkCapabilities netCap = new NetworkCapabilities().setOwnerUid(ownerUid);



        return mService.createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                netCap, callerUid, mContext.getPackageName()).getOwnerUid();

                netCap, callerUid, mContext.getPackageName(), getAttributionTag()).getOwnerUid();

    }



    private void verifyWifiInfoCopyNetCapsForCallerPermission(
@@ -8400,7 +8401,7 @@ public class ConnectivityServiceTest { 
        final NetworkCapabilities netCap = new NetworkCapabilities().setTransportInfo(wifiInfo);



        mService.createWithLocationInfoSanitizedIfNecessaryWhenParceled(

                netCap, callerUid, mContext.getPackageName());

                netCap, callerUid, mContext.getPackageName(), getAttributionTag());

        verify(wifiInfo).makeCopy(eq(shouldMakeCopyWithLocationSensitiveFieldsParcelable));

    }