Send null UIDs to apps instead of single-uid lists.
Prior to this change ConnectivityManager used to patch in the UID of the requesting app inside the NetworkCapabilities sent to it. The rationale was that the app may not know what other apps may use the network, so the view it should have of the network should always say the network only applies to that app. But this has an unfortunate side effect : apps can't match the received network against a default NetworkCapabilities. Ostensibly this only applies to the system because all involved calls are @hide, but still : system code would get some NetworkCapabilities, for example using networkCapabilitiesForType, and then try to match the capabilities of an available network using satisfiedByNetworkCapabilities. Because the passed network is declared to only apply to one's own UID and the UIDs of the NetworkCapabilities are set to null meaning "I need this network to apply to all UIDs", the answer will be "false". While this is WAI in a sense, it is very counter-intuitive that code trying to match a network would be required to patch in its own UIDs. There are three ways of fixing this : 1. Require all apps to do the above. It's correct, but it's cumbersome and counterintuitive. Multiple places in existing code needs to be fixed, Tethering is an example. 2. Write the UIDs of the caller in any NetworkCapabilities object that is created. This is not very practical, because it imposes the converse requirement on all NetworkAgents, which would then have to clear the UIDs before they send the capabilities to ConnectivityService. All NetworkAgents need to be fixed. 3. Instead of sending an object with a list of one UID to apps, send a null list. The drawback is that the networks nominally look to apps like they apply to all apps. I argue this does not matter ; what matters is that the UID lists do not leak. Clients just see a null list of UIDs (and third party can't even access them without using reflection). No other changes are required besides this two-line patch. This patch implements 3. I believe it is the saner approach, with both the most intuitive behavior and the best backward compatibility characteristics, as well as the easiest change. This does not encroach on the future plans to make the actual UID list available to apps with NETWORK_SETTINGS. Test: runtest frameworks-net Change-Id: I978d91197668119e051c24e1d04aafe1644a41cf
Loading
Please register or sign in to comment
