Loading core/java/android/net/ConnectivityManager.java +65 −22 Original line number Diff line number Diff line Loading @@ -885,8 +885,12 @@ public class ConnectivityManager { * Tells the underlying networking system that the caller wants to * begin using the named feature. The interpretation of {@code feature} * is completely up to each networking implementation. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType specifies which network the request pertains to * @param feature the name of the feature to be used * @return an integer value representing the outcome of the request. Loading Loading @@ -936,8 +940,12 @@ public class ConnectivityManager { * Tells the underlying networking system that the caller is finished * using the named feature. The interpretation of {@code feature} * is completely up to each networking implementation. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType specifies which network the request pertains to * @param feature the name of the feature that is no longer needed * @return an integer value representing the outcome of the request. Loading Loading @@ -1183,8 +1191,12 @@ public class ConnectivityManager { * Ensure that a network route exists to deliver traffic to the specified * host via the specified network interface. An attempt to add a route that * already exists is ignored, but treated as successful. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType the type of the network over which traffic to the specified * host is to be routed * @param hostAddress the IP address of the host to which the route is desired Loading @@ -1204,8 +1216,12 @@ public class ConnectivityManager { * Ensure that a network route exists to deliver traffic to the specified * host via the specified network interface. An attempt to add a route that * already exists is ignored, but treated as successful. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType the type of the network over which traffic to the specified * host is to be routed * @param hostAddress the IP address of the host to which the route is desired Loading Loading @@ -1405,6 +1421,13 @@ public class ConnectivityManager { return (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE); } /** {@hide} */ public static final void enforceChangePermission(Context context) { int uid = Binder.getCallingUid(); Settings.checkAndNoteChangeNetworkStateOperation(context, uid, Settings .getPackageNameForUid(context, uid), true /* throwException */); } /** {@hide */ public static final void enforceTetherChangePermission(Context context) { if (context.getResources().getStringArray( Loading @@ -1415,8 +1438,8 @@ public class ConnectivityManager { android.Manifest.permission.CONNECTIVITY_INTERNAL, "ConnectivityService"); } else { int uid = Binder.getCallingUid(); Settings.checkAndNoteChangeNetworkStateOperation(context, uid, Settings .getPackageNameForUid(context, uid), true); Settings.checkAndNoteWriteSettingsOperation(context, uid, Settings .getPackageNameForUid(context, uid), true /* throwException */); } } Loading Loading @@ -1521,8 +1544,11 @@ public class ConnectivityManager { * allowed between the tethered devices and this device, though upstream net * access will of course fail until an upstream network interface becomes * active. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param iface the interface name to tether. * @return error a {@code TETHER_ERROR} value indicating success or failure type Loading @@ -1539,8 +1565,11 @@ public class ConnectivityManager { /** * Stop tethering the named interface. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param iface the interface name to untether. * @return error a {@code TETHER_ERROR} value indicating success or failure type Loading Loading @@ -1640,8 +1669,11 @@ public class ConnectivityManager { * attempt to switch to Rndis and subsequently tether the resulting * interface on {@code true} or turn off tethering and switch off * Rndis on {@code false}. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param enable a boolean - {@code true} to enable tethering * @return error a {@code TETHER_ERROR} value indicating success or failure type Loading Loading @@ -2310,8 +2342,11 @@ public class ConnectivityManager { * network may never attain, and whether a network will attain these states * is unknown prior to bringing up the network so the framework does not * know how to go about satisfing a request with these capabilities. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param request {@link NetworkRequest} describing this request. * @param networkCallback The {@link NetworkCallback} to be utilized for this Loading @@ -2333,8 +2368,12 @@ public class ConnectivityManager { * network is not found within the given time (in milliseconds) the * {@link NetworkCallback#unavailable} callback is called. The request must * still be released normally by calling {@link releaseNetworkRequest}. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param request {@link NetworkRequest} describing this request. * @param networkCallback The callbacks to be utilized for this request. Note * the callbacks must not be shared - they uniquely specify Loading Loading @@ -2407,8 +2446,12 @@ public class ConnectivityManager { * network may never attain, and whether a network will attain these states * is unknown prior to bringing up the network so the framework does not * know how to go about satisfing a request with these capabilities. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param request {@link NetworkRequest} describing this request. * @param operation Action to perform when the network is available (corresponds * to the {@link NetworkCallback#onAvailable} call. Typically Loading core/java/android/provider/Settings.java +12 −40 Original line number Diff line number Diff line Loading @@ -1435,25 +1435,6 @@ public final class Settings { .getPackageNameForUid(context, uid), false); } /** * An app can use this method to check if it is currently allowed to change the network * state. In order to be allowed to do so, an app must first declare either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} or * {@link android.Manifest.permission#WRITE_SETTINGS} permission in its manifest. If it * is currently disallowed, it can prompt the user to grant it this capability through a * management UI by sending an intent with action * {@link android.provider.Settings#ACTION_MANAGE_WRITE_SETTINGS}. * * @param context A context * @return true if the calling app can change the state of network, false otherwise. * @hide */ public static boolean canChangeNetworkState(Context context) { int uid = Binder.getCallingUid(); return Settings.isCallingPackageAllowedToChangeNetworkState(context, uid, Settings .getPackageNameForUid(context, uid), false); } /** * System settings, containing miscellaneous system preferences. This * table holds simple name/value pairs. There are convenience Loading Loading @@ -8331,7 +8312,7 @@ public final class Settings { * write/modify system settings, as the condition differs for pre-M, M+, and * privileged/preinstalled apps. If the provided uid does not match the * callingPackage, a negative result will be returned. The caller is expected to have * either WRITE_SETTINGS or CHANGE_NETWORK_STATE permission declared. * the WRITE_SETTINGS permission declared. * * Note: if the check is successful, the operation of this app will be updated to the * current time. Loading @@ -8347,31 +8328,22 @@ public final class Settings { /** * Performs a strict and comprehensive check of whether a calling package is allowed to * change the state of network, as the condition differs for pre-M, M+, and * privileged/preinstalled apps. If the provided uid does not match the * callingPackage, a negative result will be returned. The caller is expected to have * either of CHANGE_NETWORK_STATE or WRITE_SETTINGS permission declared. * @hide */ public static boolean isCallingPackageAllowedToChangeNetworkState(Context context, int uid, String callingPackage, boolean throwException) { return isCallingPackageAllowedToPerformAppOpsProtectedOperation(context, uid, callingPackage, throwException, AppOpsManager.OP_WRITE_SETTINGS, PM_CHANGE_NETWORK_STATE, false); } /** * Performs a strict and comprehensive check of whether a calling package is allowed to * change the state of network, as the condition differs for pre-M, M+, and * privileged/preinstalled apps. If the provided uid does not match the * callingPackage, a negative result will be returned. The caller is expected to have * either CHANGE_NETWORK_STATE or WRITE_SETTINGS permission declared. * privileged/preinstalled apps. The caller is expected to have either the * CHANGE_NETWORK_STATE or the WRITE_SETTINGS permission declared. Either of these * permissions allow changing network state; WRITE_SETTINGS is a runtime permission and * can be revoked, but (except in M, excluding M MRs), CHANGE_NETWORK_STATE is a normal * permission and cannot be revoked. See http://b/23597341 * * Note: if the check is successful, the operation of this app will be updated to the * current time. * Note: if the check succeeds because the application holds WRITE_SETTINGS, the operation * of this app will be updated to the current time. * @hide */ public static boolean checkAndNoteChangeNetworkStateOperation(Context context, int uid, String callingPackage, boolean throwException) { if (context.checkCallingOrSelfPermission(android.Manifest.permission.CHANGE_NETWORK_STATE) == PackageManager.PERMISSION_GRANTED) { return true; } return isCallingPackageAllowedToPerformAppOpsProtectedOperation(context, uid, callingPackage, throwException, AppOpsManager.OP_WRITE_SETTINGS, PM_CHANGE_NETWORK_STATE, true); Loading core/res/AndroidManifest.xml +2 −2 Original line number Diff line number Diff line Loading @@ -1682,12 +1682,12 @@ android:protectionLevel="signature|privileged" /> <!-- Allows applications to change network connectivity state. <p>Protection level: signature <p>Protection level: normal --> <permission android:name="android.permission.CHANGE_NETWORK_STATE" android:description="@string/permdesc_changeNetworkState" android:label="@string/permlab_changeNetworkState" android:protectionLevel="signature|preinstalled|appop|pre23" /> android:protectionLevel="normal" /> <!-- Allows an application to clear the caches of all installed applications on the device. Loading services/core/java/com/android/server/ConnectivityService.java +1 −4 Original line number Diff line number Diff line Loading @@ -1432,10 +1432,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } private void enforceChangePermission() { int uid = Binder.getCallingUid(); Settings.checkAndNoteChangeNetworkStateOperation(mContext, uid, Settings .getPackageNameForUid(mContext, uid), true); ConnectivityManager.enforceChangePermission(mContext); } private void enforceTetherAccessPermission() { Loading Loading
core/java/android/net/ConnectivityManager.java +65 −22 Original line number Diff line number Diff line Loading @@ -885,8 +885,12 @@ public class ConnectivityManager { * Tells the underlying networking system that the caller wants to * begin using the named feature. The interpretation of {@code feature} * is completely up to each networking implementation. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType specifies which network the request pertains to * @param feature the name of the feature to be used * @return an integer value representing the outcome of the request. Loading Loading @@ -936,8 +940,12 @@ public class ConnectivityManager { * Tells the underlying networking system that the caller is finished * using the named feature. The interpretation of {@code feature} * is completely up to each networking implementation. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType specifies which network the request pertains to * @param feature the name of the feature that is no longer needed * @return an integer value representing the outcome of the request. Loading Loading @@ -1183,8 +1191,12 @@ public class ConnectivityManager { * Ensure that a network route exists to deliver traffic to the specified * host via the specified network interface. An attempt to add a route that * already exists is ignored, but treated as successful. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType the type of the network over which traffic to the specified * host is to be routed * @param hostAddress the IP address of the host to which the route is desired Loading @@ -1204,8 +1216,12 @@ public class ConnectivityManager { * Ensure that a network route exists to deliver traffic to the specified * host via the specified network interface. An attempt to add a route that * already exists is ignored, but treated as successful. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param networkType the type of the network over which traffic to the specified * host is to be routed * @param hostAddress the IP address of the host to which the route is desired Loading Loading @@ -1405,6 +1421,13 @@ public class ConnectivityManager { return (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE); } /** {@hide} */ public static final void enforceChangePermission(Context context) { int uid = Binder.getCallingUid(); Settings.checkAndNoteChangeNetworkStateOperation(context, uid, Settings .getPackageNameForUid(context, uid), true /* throwException */); } /** {@hide */ public static final void enforceTetherChangePermission(Context context) { if (context.getResources().getStringArray( Loading @@ -1415,8 +1438,8 @@ public class ConnectivityManager { android.Manifest.permission.CONNECTIVITY_INTERNAL, "ConnectivityService"); } else { int uid = Binder.getCallingUid(); Settings.checkAndNoteChangeNetworkStateOperation(context, uid, Settings .getPackageNameForUid(context, uid), true); Settings.checkAndNoteWriteSettingsOperation(context, uid, Settings .getPackageNameForUid(context, uid), true /* throwException */); } } Loading Loading @@ -1521,8 +1544,11 @@ public class ConnectivityManager { * allowed between the tethered devices and this device, though upstream net * access will of course fail until an upstream network interface becomes * active. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param iface the interface name to tether. * @return error a {@code TETHER_ERROR} value indicating success or failure type Loading @@ -1539,8 +1565,11 @@ public class ConnectivityManager { /** * Stop tethering the named interface. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param iface the interface name to untether. * @return error a {@code TETHER_ERROR} value indicating success or failure type Loading Loading @@ -1640,8 +1669,11 @@ public class ConnectivityManager { * attempt to switch to Rndis and subsequently tether the resulting * interface on {@code true} or turn off tethering and switch off * Rndis on {@code false}. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param enable a boolean - {@code true} to enable tethering * @return error a {@code TETHER_ERROR} value indicating success or failure type Loading Loading @@ -2310,8 +2342,11 @@ public class ConnectivityManager { * network may never attain, and whether a network will attain these states * is unknown prior to bringing up the network so the framework does not * know how to go about satisfing a request with these capabilities. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param request {@link NetworkRequest} describing this request. * @param networkCallback The {@link NetworkCallback} to be utilized for this Loading @@ -2333,8 +2368,12 @@ public class ConnectivityManager { * network is not found within the given time (in milliseconds) the * {@link NetworkCallback#unavailable} callback is called. The request must * still be released normally by calling {@link releaseNetworkRequest}. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param request {@link NetworkRequest} describing this request. * @param networkCallback The callbacks to be utilized for this request. Note * the callbacks must not be shared - they uniquely specify Loading Loading @@ -2407,8 +2446,12 @@ public class ConnectivityManager { * network may never attain, and whether a network will attain these states * is unknown prior to bringing up the network so the framework does not * know how to go about satisfing a request with these capabilities. * <p>This method requires the caller to hold the permission * {@link android.Manifest.permission#CHANGE_NETWORK_STATE}. * * <p>This method requires the caller to hold either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} permission * or the ability to modify system settings as determined by * {@link android.provider.Settings.System#canWrite}.</p> * * @param request {@link NetworkRequest} describing this request. * @param operation Action to perform when the network is available (corresponds * to the {@link NetworkCallback#onAvailable} call. Typically Loading
core/java/android/provider/Settings.java +12 −40 Original line number Diff line number Diff line Loading @@ -1435,25 +1435,6 @@ public final class Settings { .getPackageNameForUid(context, uid), false); } /** * An app can use this method to check if it is currently allowed to change the network * state. In order to be allowed to do so, an app must first declare either the * {@link android.Manifest.permission#CHANGE_NETWORK_STATE} or * {@link android.Manifest.permission#WRITE_SETTINGS} permission in its manifest. If it * is currently disallowed, it can prompt the user to grant it this capability through a * management UI by sending an intent with action * {@link android.provider.Settings#ACTION_MANAGE_WRITE_SETTINGS}. * * @param context A context * @return true if the calling app can change the state of network, false otherwise. * @hide */ public static boolean canChangeNetworkState(Context context) { int uid = Binder.getCallingUid(); return Settings.isCallingPackageAllowedToChangeNetworkState(context, uid, Settings .getPackageNameForUid(context, uid), false); } /** * System settings, containing miscellaneous system preferences. This * table holds simple name/value pairs. There are convenience Loading Loading @@ -8331,7 +8312,7 @@ public final class Settings { * write/modify system settings, as the condition differs for pre-M, M+, and * privileged/preinstalled apps. If the provided uid does not match the * callingPackage, a negative result will be returned. The caller is expected to have * either WRITE_SETTINGS or CHANGE_NETWORK_STATE permission declared. * the WRITE_SETTINGS permission declared. * * Note: if the check is successful, the operation of this app will be updated to the * current time. Loading @@ -8347,31 +8328,22 @@ public final class Settings { /** * Performs a strict and comprehensive check of whether a calling package is allowed to * change the state of network, as the condition differs for pre-M, M+, and * privileged/preinstalled apps. If the provided uid does not match the * callingPackage, a negative result will be returned. The caller is expected to have * either of CHANGE_NETWORK_STATE or WRITE_SETTINGS permission declared. * @hide */ public static boolean isCallingPackageAllowedToChangeNetworkState(Context context, int uid, String callingPackage, boolean throwException) { return isCallingPackageAllowedToPerformAppOpsProtectedOperation(context, uid, callingPackage, throwException, AppOpsManager.OP_WRITE_SETTINGS, PM_CHANGE_NETWORK_STATE, false); } /** * Performs a strict and comprehensive check of whether a calling package is allowed to * change the state of network, as the condition differs for pre-M, M+, and * privileged/preinstalled apps. If the provided uid does not match the * callingPackage, a negative result will be returned. The caller is expected to have * either CHANGE_NETWORK_STATE or WRITE_SETTINGS permission declared. * privileged/preinstalled apps. The caller is expected to have either the * CHANGE_NETWORK_STATE or the WRITE_SETTINGS permission declared. Either of these * permissions allow changing network state; WRITE_SETTINGS is a runtime permission and * can be revoked, but (except in M, excluding M MRs), CHANGE_NETWORK_STATE is a normal * permission and cannot be revoked. See http://b/23597341 * * Note: if the check is successful, the operation of this app will be updated to the * current time. * Note: if the check succeeds because the application holds WRITE_SETTINGS, the operation * of this app will be updated to the current time. * @hide */ public static boolean checkAndNoteChangeNetworkStateOperation(Context context, int uid, String callingPackage, boolean throwException) { if (context.checkCallingOrSelfPermission(android.Manifest.permission.CHANGE_NETWORK_STATE) == PackageManager.PERMISSION_GRANTED) { return true; } return isCallingPackageAllowedToPerformAppOpsProtectedOperation(context, uid, callingPackage, throwException, AppOpsManager.OP_WRITE_SETTINGS, PM_CHANGE_NETWORK_STATE, true); Loading
core/res/AndroidManifest.xml +2 −2 Original line number Diff line number Diff line Loading @@ -1682,12 +1682,12 @@ android:protectionLevel="signature|privileged" /> <!-- Allows applications to change network connectivity state. <p>Protection level: signature <p>Protection level: normal --> <permission android:name="android.permission.CHANGE_NETWORK_STATE" android:description="@string/permdesc_changeNetworkState" android:label="@string/permlab_changeNetworkState" android:protectionLevel="signature|preinstalled|appop|pre23" /> android:protectionLevel="normal" /> <!-- Allows an application to clear the caches of all installed applications on the device. Loading
services/core/java/com/android/server/ConnectivityService.java +1 −4 Original line number Diff line number Diff line Loading @@ -1432,10 +1432,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } private void enforceChangePermission() { int uid = Binder.getCallingUid(); Settings.checkAndNoteChangeNetworkStateOperation(mContext, uid, Settings .getPackageNameForUid(mContext, uid), true); ConnectivityManager.enforceChangePermission(mContext); } private void enforceTetherAccessPermission() { Loading
