Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aae613d9 authored by Paul Jensen's avatar Paul Jensen
Browse files

Don't mark NetworkRequests restricted when they don't have restricted caps 

Requests without NET_CAPABILITIES_INTERNET and just the default network
capabilities should not be marked restricted.  Without this fix apps
can hit permissions exceptions if they inadvertently make requests
without NET_CAPABILITIES_INTERNET.

Bug:23164917
Change-Id: I4c7136821315bcb05dfc42ffbc505a5d4f6109e6
parent 8b8fa3e9

core/java/android/net/NetworkCapabilities.java

+5 −1
Original line number Diff line number Diff line
@@ -299,9 +299,13 @@ public final class NetworkCapabilities implements Parcelable { 
    public void maybeMarkCapabilitiesRestricted() {

        // If all the capabilities are typically provided by restricted networks, conclude that this

        // network is restricted.

        if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0)

        if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0 &&

                // Must have at least some restricted capabilities, otherwise a request for an

                // internet-less network will get marked restricted.

                (mNetworkCapabilities & RESTRICTED_CAPABILITIES) != 0) {

            removeCapability(NET_CAPABILITY_NOT_RESTRICTED);

        }

    }



    /**

     * Representing the transport type.  Apps should generally not care about transport.  A

services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java

+1 −2
Original line number Diff line number Diff line
@@ -943,8 +943,7 @@ public class ConnectivityServiceTest extends AndroidTestCase { 
        if (capability == NET_CAPABILITY_CBS || capability == NET_CAPABILITY_DUN ||

                capability == NET_CAPABILITY_EIMS || capability == NET_CAPABILITY_FOTA ||

                capability == NET_CAPABILITY_IA || capability == NET_CAPABILITY_IMS ||

                capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP ||

                capability == NET_CAPABILITY_TRUSTED || capability == NET_CAPABILITY_NOT_VPN) {

                capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP) {

            assertFalse(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));

        } else {

            assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));