Use clean identity for all calls in/out of VcnMgmtSvc. (bf1139a9) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/VcnManagementService.java

+65 −50

Original line number	Diff line number	Diff line
		@@ -644,6 +644,7 @@ public class VcnManagementService extends IVcnManagementService.Stub {
		android.Manifest.permission.NETWORK_FACTORY,
		"Must have permission NETWORK_FACTORY to register a policy listener");

		Binder.withCleanCallingIdentity(() -> {
		PolicyListenerBinderDeath listenerBinderDeath = new PolicyListenerBinderDeath(listener);

		synchronized (mLock) {
		@@ -656,6 +657,7 @@ public class VcnManagementService extends IVcnManagementService.Stub {
		listenerBinderDeath.binderDied();
		}
		}
		});
		}

		/** Removes the provided listener from receiving VcnUnderlyingNetworkPolicy updates. */
		@@ -665,6 +667,7 @@ public class VcnManagementService extends IVcnManagementService.Stub {
		@NonNull IVcnUnderlyingNetworkPolicyListener listener) {
		requireNonNull(listener, "listener was null");

		Binder.withCleanCallingIdentity(() -> {
		synchronized (mLock) {
		PolicyListenerBinderDeath listenerBinderDeath =
		mRegisteredPolicyListeners.remove(listener.asBinder());
		@@ -673,6 +676,22 @@ public class VcnManagementService extends IVcnManagementService.Stub {
		listener.asBinder().unlinkToDeath(listenerBinderDeath, 0 /* flags */);
		}
		}
		});
		}

		private int getSubIdForNetworkCapabilities(@NonNull NetworkCapabilities networkCapabilities) {
		if (networkCapabilities.hasTransport(NetworkCapabilities.TRANSPORT_CELLULAR)
		&& networkCapabilities.getNetworkSpecifier() instanceof TelephonyNetworkSpecifier) {
		TelephonyNetworkSpecifier telephonyNetworkSpecifier =
		(TelephonyNetworkSpecifier) networkCapabilities.getNetworkSpecifier();
		return telephonyNetworkSpecifier.getSubscriptionId();
		} else if (networkCapabilities.hasTransport(NetworkCapabilities.TRANSPORT_WIFI)
		&& networkCapabilities.getTransportInfo() instanceof WifiInfo) {
		WifiInfo wifiInfo = (WifiInfo) networkCapabilities.getTransportInfo();
		return mDeps.getSubIdForWifiInfo(wifiInfo);
		}

		return SubscriptionManager.INVALID_SUBSCRIPTION_ID;
		}

		/**
		@@ -692,34 +711,25 @@ public class VcnManagementService extends IVcnManagementService.Stub {
		"Must have permission NETWORK_FACTORY or be the SystemServer to get underlying"
		+ " Network policies");

		// Defensive copy in case this call is in-process and the given NetworkCapabilities mutates
		networkCapabilities = new NetworkCapabilities(networkCapabilities);

		int subId = SubscriptionManager.INVALID_SUBSCRIPTION_ID;
		if (networkCapabilities.hasTransport(NetworkCapabilities.TRANSPORT_CELLULAR)
		&& networkCapabilities.getNetworkSpecifier() instanceof TelephonyNetworkSpecifier) {
		TelephonyNetworkSpecifier telephonyNetworkSpecifier =
		(TelephonyNetworkSpecifier) networkCapabilities.getNetworkSpecifier();
		subId = telephonyNetworkSpecifier.getSubscriptionId();
		} else if (networkCapabilities.hasTransport(NetworkCapabilities.TRANSPORT_WIFI)
		&& networkCapabilities.getTransportInfo() instanceof WifiInfo) {
		WifiInfo wifiInfo = (WifiInfo) networkCapabilities.getTransportInfo();
		subId = mDeps.getSubIdForWifiInfo(wifiInfo);
		}
		return Binder.withCleanCallingIdentity(() -> {
		// Defensive copy in case this call is in-process and the given NetworkCapabilities
		// mutates
		final NetworkCapabilities ncCopy = new NetworkCapabilities(networkCapabilities);

		final int subId = getSubIdForNetworkCapabilities(ncCopy);
		boolean isVcnManagedNetwork = false;
		boolean isRestrictedCarrierWifi = false;
		if (subId != SubscriptionManager.INVALID_SUBSCRIPTION_ID) {
		synchronized (mLock) {
		ParcelUuid subGroup = mLastSnapshot.getGroupForSubId(subId);

		Vcn vcn = mVcns.get(subGroup);
		final Vcn vcn = mVcns.get(subGroup);
		if (vcn != null) {
		if (vcn.isActive()) {
		isVcnManagedNetwork = true;
		}

		if (networkCapabilities.hasTransport(NetworkCapabilities.TRANSPORT_WIFI)) {
		if (ncCopy.hasTransport(NetworkCapabilities.TRANSPORT_WIFI)) {
		// Carrier WiFi always restricted if VCN exists (even in safe mode).
		isRestrictedCarrierWifi = true;
		}
		@@ -727,16 +737,21 @@ public class VcnManagementService extends IVcnManagementService.Stub {
		}
		}

		final NetworkCapabilities.Builder ncBuilder = new NetworkCapabilities.Builder(ncCopy);

		if (isVcnManagedNetwork) {
		networkCapabilities.removeCapability(
		ncBuilder.removeCapability(
		NetworkCapabilities.NET_CAPABILITY_NOT_VCN_MANAGED);
		}

		if (isRestrictedCarrierWifi) {
		networkCapabilities.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED);
		ncBuilder.removeCapability(
		NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED);
		}

		return new VcnUnderlyingNetworkPolicy(false /* isTearDownRequested */, networkCapabilities);
		return new VcnUnderlyingNetworkPolicy(
		false /* isTearDownRequested */, ncBuilder.build());
		});
		}

		/** Binder death recipient used to remove registered VcnStatusCallbacks. */