Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d8c75a04 authored by Remi NGUYEN VAN's avatar Remi NGUYEN VAN
Browse files

Add NetworkStackPermissionStub definitions 

The NetworkStackPermissionStub package is used to enforce that
permissions used by the NetworkStack are only used in packages
sharing signature with NetworkStackPermissionStub.

Permissions defined in this package are intended to be used only by the
NetworkStack: both NetworkStack and the stub APK will be signed with
a dedicated certificate to ensure that, with permissions being signature
permissions.

This APK *must* be installed, even if the NetworkStack app is not
installed, because otherwise, any application will be able to define
this permission and the system will give that application full access
to the network stack.

Test: flashed, booted
Bug: 112869080
Change-Id: Ia13a9e6a703cb7b4403697a7f7bfff0f6f3b813e
parent 602df1aa

api/system-current.txt

+4 −0
Original line number Diff line number Diff line
@@ -3186,6 +3186,10 @@ package android.net { 
    field public static final String EXTRA_PACKAGE_NAME = "packageName";

  }













  public class NetworkStack {













    field public static final String PERMISSION_MAINLINE_NETWORK_STACK = "android.permission.MAINLINE_NETWORK_STACK";













  }



























  public final class RouteInfo implements android.os.Parcelable {















    ctor public RouteInfo(android.net.IpPrefix, java.net.InetAddress, String, int);















    method public int getType();

































api/test-current.txt



+4
−0




























Original line number
Diff line number
Diff line








@@ -669,6 +669,10 @@ package android.net {













    method public boolean satisfiedByNetworkCapabilities(android.net.NetworkCapabilities);















  }





























  public class NetworkStack {













    field public static final String PERMISSION_MAINLINE_NETWORK_STACK = "android.permission.MAINLINE_NETWORK_STACK";













  }





























  public final class RouteInfo implements android.os.Parcelable {















    ctor public RouteInfo(android.net.IpPrefix, java.net.InetAddress, String, int);















    method public int getType();

































core/java/android/net/NetworkStack.java



+20
−0




























Original line number
Diff line number
Diff line








@@ -20,7 +20,9 @@ import static android.os.IServiceManager.DUMP_FLAG_PRIORITY_NORMAL;





























import android.annotation.NonNull;















import android.annotation.Nullable;













import android.annotation.SystemApi;















import android.annotation.SystemService;













import android.annotation.TestApi;















import android.content.ComponentName;















import android.content.Context;















import android.content.Intent;









@@ -46,9 +48,22 @@ import java.util.ArrayList;













 * @hide















 */















@SystemService(Context.NETWORK_STACK_SERVICE)













@SystemApi













@TestApi















public class NetworkStack {















    private static final String TAG = NetworkStack.class.getSimpleName();





























    /**













     * Permission granted only to the NetworkStack APK, defined in NetworkStackStub with signature













     * protection level.













     * @hide













     */













    @SystemApi













    @TestApi













    public static final String PERMISSION_MAINLINE_NETWORK_STACK =













            "android.permission.MAINLINE_NETWORK_STACK";



























    /** @hide */















    public static final String NETWORKSTACK_PACKAGE_NAME = "com.android.mainline.networkstack";































    private static final int NETWORKSTACK_TIMEOUT_MS = 10_000;









@@ -66,12 +81,14 @@ public class NetworkStack {













        void onNetworkStackConnected(INetworkStackConnector connector);















    }





























    /** @hide */















    public NetworkStack() { }































    /**















     * Create a DHCP server according to the specified parameters.















     *















     * <p>The server will be returned asynchronously through the provided callbacks.













     * @hide















     */















    public void makeDhcpServer(final String ifName, final DhcpServingParamsParcel params,















            final IDhcpServerCallbacks cb) {









@@ -88,6 +105,7 @@ public class NetworkStack {













     * Create an IpClient on the specified interface.















     *















     * <p>The IpClient will be returned asynchronously through the provided callbacks.













     * @hide















     */















    public void makeIpClient(String ifName, IIpClientCallbacks cb) {















        requestConnector(connector -> {









@@ -103,6 +121,7 @@ public class NetworkStack {













     * Create a NetworkMonitor.















     *















     * <p>The INetworkMonitor will be returned asynchronously through the provided callbacks.













     * @hide















     */















    public void makeNetworkMonitor(















            NetworkParcelable network, String name, INetworkMonitorCallbacks cb) {










@@ -153,6 +172,7 @@ public class NetworkStack {













     * the system server on devices that do not support the network stack module. The network stack















     * connector will then be delivered asynchronously to clients that requested it before it was















     * started.













     * @hide















     */















    public void start(Context context) {















        mNetworkStackStartRequested = true;

































packages/NetworkStack/Android.bp



+1
−0




























Original line number
Diff line number
Diff line








@@ -41,4 +41,5 @@ android_app {













        "NetworkStackLib"















    ],















    manifest: "AndroidManifest.xml",













    required: ["NetworkStackPermissionStub"],















}










 No newline at end of file
























packages/NetworkStack/AndroidManifest.xml



+2
−0




























Original line number
Diff line number
Diff line








@@ -25,6 +25,8 @@













    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />















    <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />















    <uses-permission android:name="android.permission.NETWORK_SETTINGS" />













    <!-- Signature permission defined in NetworkStackStub -->













    <uses-permission android:name="android.permission.MAINLINE_NETWORK_STACK" />















    <!-- Launch captive portal app as specific user -->















    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />















    <uses-permission android:name="android.permission.NETWORK_STACK" />