Loading core/java/android/net/NetworkCapabilities.java +29 −0 Original line number Original line Diff line number Diff line Loading @@ -414,6 +414,20 @@ public final class NetworkCapabilities implements Parcelable { | (1 << NET_CAPABILITY_FOREGROUND) | (1 << NET_CAPABILITY_FOREGROUND) | (1 << NET_CAPABILITY_PARTIAL_CONNECTIVITY); | (1 << NET_CAPABILITY_PARTIAL_CONNECTIVITY); /** * Capabilities that are allowed for test networks. This list must be set so that it is safe * for an unprivileged user to create a network with these capabilities via shell. As such, * it must never contain capabilities that are generally useful to the system, such as * INTERNET, IMS, SUPL, etc. */ private static final long TEST_NETWORKS_ALLOWED_CAPABILITIES = (1 << NET_CAPABILITY_NOT_METERED) | (1 << NET_CAPABILITY_NOT_RESTRICTED) | (1 << NET_CAPABILITY_NOT_VPN) | (1 << NET_CAPABILITY_NOT_ROAMING) | (1 << NET_CAPABILITY_NOT_CONGESTED) | (1 << NET_CAPABILITY_NOT_SUSPENDED); /** /** * Adds the given capability to this {@code NetworkCapability} instance. * Adds the given capability to this {@code NetworkCapability} instance. * Note that when searching for a network to satisfy a request, all capabilities * Note that when searching for a network to satisfy a request, all capabilities Loading Loading @@ -645,6 +659,21 @@ public final class NetworkCapabilities implements Parcelable { } } } } /** * Test networks have strong restrictions on what capabilities they can have. Enforce these * restrictions. * @hide */ public void restrictCapabilitesForTestNetwork() { final long originalCapabilities = mNetworkCapabilities; final NetworkSpecifier originalSpecifier = mNetworkSpecifier; clearAll(); // Reset the transports to only contain TRANSPORT_TEST. mTransportTypes = (1 << TRANSPORT_TEST); mNetworkCapabilities = originalCapabilities & TEST_NETWORKS_ALLOWED_CAPABILITIES; mNetworkSpecifier = originalSpecifier; } /** /** * Representing the transport type. Apps should generally not care about transport. A * Representing the transport type. Apps should generally not care about transport. A * request for a fast internet connection could be satisfied by a number of different * request for a fast internet connection could be satisfied by a number of different Loading services/core/java/com/android/server/ConnectivityService.java +21 −2 Original line number Original line Diff line number Diff line Loading @@ -40,6 +40,7 @@ import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN; import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY; import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY; import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED; import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED; import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; import static android.net.NetworkCapabilities.TRANSPORT_TEST; import static android.net.NetworkCapabilities.TRANSPORT_VPN; import static android.net.NetworkCapabilities.TRANSPORT_VPN; import static android.net.NetworkPolicyManager.RULE_NONE; import static android.net.NetworkPolicyManager.RULE_NONE; import static android.net.NetworkPolicyManager.uidRulesToString; import static android.net.NetworkPolicyManager.uidRulesToString; Loading @@ -50,6 +51,7 @@ import static android.system.OsConstants.IPPROTO_UDP; import static java.util.Map.Entry; import static java.util.Map.Entry; import android.Manifest; import android.annotation.NonNull; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.app.AppOpsManager; import android.app.AppOpsManager; Loading Loading @@ -2702,10 +2704,18 @@ public class ConnectivityService extends IConnectivityManager.Stub switch (msg.what) { switch (msg.what) { case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: { case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: { final NetworkCapabilities networkCapabilities = (NetworkCapabilities) msg.obj; NetworkCapabilities networkCapabilities = (NetworkCapabilities) msg.obj; if (networkCapabilities.hasConnectivityManagedCapability()) { if (networkCapabilities.hasConnectivityManagedCapability()) { Slog.wtf(TAG, "BUG: " + nai + " has CS-managed capability."); Slog.wtf(TAG, "BUG: " + nai + " has CS-managed capability."); } } if (networkCapabilities.hasTransport(TRANSPORT_TEST)) { // Make sure the original object is not mutated. NetworkAgent normally // makes a copy of the capabilities when sending the message through // the Messenger, but if this ever changes, not making a defensive copy // here will give attack vectors to clients using this code path. networkCapabilities = new NetworkCapabilities(networkCapabilities); networkCapabilities.restrictCapabilitesForTestNetwork(); } updateCapabilities(nai.getCurrentScore(), nai, networkCapabilities); updateCapabilities(nai.getCurrentScore(), nai, networkCapabilities); break; break; } } Loading Loading @@ -5778,7 +5788,16 @@ public class ConnectivityService extends IConnectivityManager.Stub public Network registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo, public Network registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo, LinkProperties linkProperties, NetworkCapabilities networkCapabilities, LinkProperties linkProperties, NetworkCapabilities networkCapabilities, int currentScore, NetworkAgentConfig networkAgentConfig, int providerId) { int currentScore, NetworkAgentConfig networkAgentConfig, int providerId) { if (networkCapabilities.hasTransport(TRANSPORT_TEST)) { enforceAnyPermissionOf(Manifest.permission.MANAGE_TEST_NETWORKS); // Strictly, sanitizing here is unnecessary as the capabilities will be sanitized in // the call to mixInCapabilities below anyway, but sanitizing here means the NAI never // sees capabilities that may be malicious, which might prevent mistakes in the future. networkCapabilities = new NetworkCapabilities(networkCapabilities); networkCapabilities.restrictCapabilitesForTestNetwork(); } else { enforceNetworkFactoryPermission(); enforceNetworkFactoryPermission(); } LinkProperties lp = new LinkProperties(linkProperties); LinkProperties lp = new LinkProperties(linkProperties); lp.ensureDirectlyConnectedRoutes(); lp.ensureDirectlyConnectedRoutes(); Loading Loading
core/java/android/net/NetworkCapabilities.java +29 −0 Original line number Original line Diff line number Diff line Loading @@ -414,6 +414,20 @@ public final class NetworkCapabilities implements Parcelable { | (1 << NET_CAPABILITY_FOREGROUND) | (1 << NET_CAPABILITY_FOREGROUND) | (1 << NET_CAPABILITY_PARTIAL_CONNECTIVITY); | (1 << NET_CAPABILITY_PARTIAL_CONNECTIVITY); /** * Capabilities that are allowed for test networks. This list must be set so that it is safe * for an unprivileged user to create a network with these capabilities via shell. As such, * it must never contain capabilities that are generally useful to the system, such as * INTERNET, IMS, SUPL, etc. */ private static final long TEST_NETWORKS_ALLOWED_CAPABILITIES = (1 << NET_CAPABILITY_NOT_METERED) | (1 << NET_CAPABILITY_NOT_RESTRICTED) | (1 << NET_CAPABILITY_NOT_VPN) | (1 << NET_CAPABILITY_NOT_ROAMING) | (1 << NET_CAPABILITY_NOT_CONGESTED) | (1 << NET_CAPABILITY_NOT_SUSPENDED); /** /** * Adds the given capability to this {@code NetworkCapability} instance. * Adds the given capability to this {@code NetworkCapability} instance. * Note that when searching for a network to satisfy a request, all capabilities * Note that when searching for a network to satisfy a request, all capabilities Loading Loading @@ -645,6 +659,21 @@ public final class NetworkCapabilities implements Parcelable { } } } } /** * Test networks have strong restrictions on what capabilities they can have. Enforce these * restrictions. * @hide */ public void restrictCapabilitesForTestNetwork() { final long originalCapabilities = mNetworkCapabilities; final NetworkSpecifier originalSpecifier = mNetworkSpecifier; clearAll(); // Reset the transports to only contain TRANSPORT_TEST. mTransportTypes = (1 << TRANSPORT_TEST); mNetworkCapabilities = originalCapabilities & TEST_NETWORKS_ALLOWED_CAPABILITIES; mNetworkSpecifier = originalSpecifier; } /** /** * Representing the transport type. Apps should generally not care about transport. A * Representing the transport type. Apps should generally not care about transport. A * request for a fast internet connection could be satisfied by a number of different * request for a fast internet connection could be satisfied by a number of different Loading
services/core/java/com/android/server/ConnectivityService.java +21 −2 Original line number Original line Diff line number Diff line Loading @@ -40,6 +40,7 @@ import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN; import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY; import static android.net.NetworkCapabilities.NET_CAPABILITY_PARTIAL_CONNECTIVITY; import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED; import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED; import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; import static android.net.NetworkCapabilities.TRANSPORT_TEST; import static android.net.NetworkCapabilities.TRANSPORT_VPN; import static android.net.NetworkCapabilities.TRANSPORT_VPN; import static android.net.NetworkPolicyManager.RULE_NONE; import static android.net.NetworkPolicyManager.RULE_NONE; import static android.net.NetworkPolicyManager.uidRulesToString; import static android.net.NetworkPolicyManager.uidRulesToString; Loading @@ -50,6 +51,7 @@ import static android.system.OsConstants.IPPROTO_UDP; import static java.util.Map.Entry; import static java.util.Map.Entry; import android.Manifest; import android.annotation.NonNull; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.Nullable; import android.app.AppOpsManager; import android.app.AppOpsManager; Loading Loading @@ -2702,10 +2704,18 @@ public class ConnectivityService extends IConnectivityManager.Stub switch (msg.what) { switch (msg.what) { case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: { case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: { final NetworkCapabilities networkCapabilities = (NetworkCapabilities) msg.obj; NetworkCapabilities networkCapabilities = (NetworkCapabilities) msg.obj; if (networkCapabilities.hasConnectivityManagedCapability()) { if (networkCapabilities.hasConnectivityManagedCapability()) { Slog.wtf(TAG, "BUG: " + nai + " has CS-managed capability."); Slog.wtf(TAG, "BUG: " + nai + " has CS-managed capability."); } } if (networkCapabilities.hasTransport(TRANSPORT_TEST)) { // Make sure the original object is not mutated. NetworkAgent normally // makes a copy of the capabilities when sending the message through // the Messenger, but if this ever changes, not making a defensive copy // here will give attack vectors to clients using this code path. networkCapabilities = new NetworkCapabilities(networkCapabilities); networkCapabilities.restrictCapabilitesForTestNetwork(); } updateCapabilities(nai.getCurrentScore(), nai, networkCapabilities); updateCapabilities(nai.getCurrentScore(), nai, networkCapabilities); break; break; } } Loading Loading @@ -5778,7 +5788,16 @@ public class ConnectivityService extends IConnectivityManager.Stub public Network registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo, public Network registerNetworkAgent(Messenger messenger, NetworkInfo networkInfo, LinkProperties linkProperties, NetworkCapabilities networkCapabilities, LinkProperties linkProperties, NetworkCapabilities networkCapabilities, int currentScore, NetworkAgentConfig networkAgentConfig, int providerId) { int currentScore, NetworkAgentConfig networkAgentConfig, int providerId) { if (networkCapabilities.hasTransport(TRANSPORT_TEST)) { enforceAnyPermissionOf(Manifest.permission.MANAGE_TEST_NETWORKS); // Strictly, sanitizing here is unnecessary as the capabilities will be sanitized in // the call to mixInCapabilities below anyway, but sanitizing here means the NAI never // sees capabilities that may be malicious, which might prevent mistakes in the future. networkCapabilities = new NetworkCapabilities(networkCapabilities); networkCapabilities.restrictCapabilitesForTestNetwork(); } else { enforceNetworkFactoryPermission(); enforceNetworkFactoryPermission(); } LinkProperties lp = new LinkProperties(linkProperties); LinkProperties lp = new LinkProperties(linkProperties); lp.ensureDirectlyConnectedRoutes(); lp.ensureDirectlyConnectedRoutes(); Loading
