Loading services/core/java/com/android/server/ConnectivityService.java +9 −2 Original line number Original line Diff line number Diff line Loading @@ -7892,10 +7892,17 @@ public class ConnectivityService extends IConnectivityManager.Stub return true; return true; } } // LocationPermissionChecker#checkLocationPermission can throw SecurityException if the uid // and package name don't match. Throwing on the CS thread is not acceptable, so wrap the // call in a try-catch. try { if (!mLocationPermissionChecker.checkLocationPermission( if (!mLocationPermissionChecker.checkLocationPermission( callbackPackageName, null /* featureId */, callbackUid, null /* message */)) { callbackPackageName, null /* featureId */, callbackUid, null /* message */)) { return false; return false; } } } catch (SecurityException e) { return false; } synchronized (mVpns) { synchronized (mVpns) { if (getVpnIfOwner(callbackUid) != null) { if (getVpnIfOwner(callbackUid) != null) { Loading tests/net/java/com/android/server/ConnectivityServiceTest.java +20 −0 Original line number Original line Diff line number Diff line Loading @@ -6756,6 +6756,26 @@ public class ConnectivityServiceTest { mContext.getOpPackageName())); mContext.getOpPackageName())); } } @Test public void testCheckConnectivityDiagnosticsPermissionsWrongUidPackageName() throws Exception { final NetworkAgentInfo naiWithoutUid = new NetworkAgentInfo( null, null, null, null, null, new NetworkCapabilities(), 0, mServiceContext, null, null, mService, null, null, null, 0); mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED); try { assertFalse( "Mismatched uid/package name should not pass the location permission check", mService.checkConnectivityDiagnosticsPermissions( Process.myPid() + 1, Process.myUid() + 1, naiWithoutUid, mContext.getOpPackageName())); } catch (SecurityException e) { fail("checkConnectivityDiagnosticsPermissions shouldn't surface a SecurityException"); } } @Test @Test public void testCheckConnectivityDiagnosticsPermissionsNoLocationPermission() throws Exception { public void testCheckConnectivityDiagnosticsPermissionsNoLocationPermission() throws Exception { final NetworkAgentInfo naiWithoutUid = final NetworkAgentInfo naiWithoutUid = Loading Loading
services/core/java/com/android/server/ConnectivityService.java +9 −2 Original line number Original line Diff line number Diff line Loading @@ -7892,10 +7892,17 @@ public class ConnectivityService extends IConnectivityManager.Stub return true; return true; } } // LocationPermissionChecker#checkLocationPermission can throw SecurityException if the uid // and package name don't match. Throwing on the CS thread is not acceptable, so wrap the // call in a try-catch. try { if (!mLocationPermissionChecker.checkLocationPermission( if (!mLocationPermissionChecker.checkLocationPermission( callbackPackageName, null /* featureId */, callbackUid, null /* message */)) { callbackPackageName, null /* featureId */, callbackUid, null /* message */)) { return false; return false; } } } catch (SecurityException e) { return false; } synchronized (mVpns) { synchronized (mVpns) { if (getVpnIfOwner(callbackUid) != null) { if (getVpnIfOwner(callbackUid) != null) { Loading
tests/net/java/com/android/server/ConnectivityServiceTest.java +20 −0 Original line number Original line Diff line number Diff line Loading @@ -6756,6 +6756,26 @@ public class ConnectivityServiceTest { mContext.getOpPackageName())); mContext.getOpPackageName())); } } @Test public void testCheckConnectivityDiagnosticsPermissionsWrongUidPackageName() throws Exception { final NetworkAgentInfo naiWithoutUid = new NetworkAgentInfo( null, null, null, null, null, new NetworkCapabilities(), 0, mServiceContext, null, null, mService, null, null, null, 0); mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED); try { assertFalse( "Mismatched uid/package name should not pass the location permission check", mService.checkConnectivityDiagnosticsPermissions( Process.myPid() + 1, Process.myUid() + 1, naiWithoutUid, mContext.getOpPackageName())); } catch (SecurityException e) { fail("checkConnectivityDiagnosticsPermissions shouldn't surface a SecurityException"); } } @Test @Test public void testCheckConnectivityDiagnosticsPermissionsNoLocationPermission() throws Exception { public void testCheckConnectivityDiagnosticsPermissionsNoLocationPermission() throws Exception { final NetworkAgentInfo naiWithoutUid = final NetworkAgentInfo naiWithoutUid = Loading
