Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a5333b95 authored by Automerger Merge Worker's avatar Automerger Merge Worker Committed by Cody Kesting
Browse files

Protect ConnectivityService from SecurityException in permission check. 

ConnectivityService currently calls
LocationPermissionChecker#checkLocationPermission. This method call
throws a SecurityException if the given package name and UID do not
match. This permission check is made from the ConnectivityService
Thread, so any Exception being thrown will crash the SystemServer. This
is not acceptable, so surround the permission check in a try-catch in
case any SecurityExceptions are thrown.

Bug: 149119324
Test: atest ConnectivityServiceTest
Change-Id: Ibe2874f2a5249432270aa1b9eb7d004bbba35ac2
Merged-In: Ibe2874f2a5249432270aa1b9eb7d004bbba35ac2
(cherry picked from commit 9eacc855)
parent 9347e335

services/core/java/com/android/server/ConnectivityService.java

+9 −2
Original line number Diff line number Diff line
@@ -7892,10 +7892,17 @@ public class ConnectivityService extends IConnectivityManager.Stub 
            return true;

        }



        // LocationPermissionChecker#checkLocationPermission can throw SecurityException if the uid

        // and package name don't match. Throwing on the CS thread is not acceptable, so wrap the

        // call in a try-catch.

        try {

            if (!mLocationPermissionChecker.checkLocationPermission(

                    callbackPackageName, null /* featureId */, callbackUid, null /* message */)) {

                return false;

            }

        } catch (SecurityException e) {

            return false;

        }



        synchronized (mVpns) {

            if (getVpnIfOwner(callbackUid) != null) {

tests/net/java/com/android/server/ConnectivityServiceTest.java

+20 −0
Original line number Diff line number Diff line
@@ -6788,6 +6788,26 @@ public class ConnectivityServiceTest { 
                        mContext.getOpPackageName()));

    }



    @Test

    public void testCheckConnectivityDiagnosticsPermissionsWrongUidPackageName() throws Exception {

        final NetworkAgentInfo naiWithoutUid =

                new NetworkAgentInfo(

                        null, null, null, null, null, new NetworkCapabilities(), 0,

                        mServiceContext, null, null, mService, null, null, null, 0);



        mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);



        try {

            assertFalse(

                    "Mismatched uid/package name should not pass the location permission check",

                    mService.checkConnectivityDiagnosticsPermissions(

                            Process.myPid() + 1, Process.myUid() + 1, naiWithoutUid,

                            mContext.getOpPackageName()));

        } catch (SecurityException e) {

            fail("checkConnectivityDiagnosticsPermissions shouldn't surface a SecurityException");

        }

    }



    @Test

    public void testCheckConnectivityDiagnosticsPermissionsNoLocationPermission() throws Exception {

        final NetworkAgentInfo naiWithoutUid =