Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10e0b710 authored by Remi NGUYEN VAN's avatar Remi NGUYEN VAN
Browse files

Allow NetworkStack permissions in netd 

The signature permission held by the NetworkStack is equivalent to all
of CONNECTIVITY_INTERNAL, NETWORK_STACK, USE_RESTRICTED_NETWORKS and
NETWORK_BYPASS_PRIVATE_DNS.

Test: Boots, WiFi working with NetworkStack not having platform
      signature perms

Change-Id: Ibd2be7eae9bbe851467be9be12177ca685a1bf23
parent 29efcd19

DnsProxyListener.cpp

+3 −7
Original line number Diff line number Diff line
@@ -48,6 +48,7 @@ 
// TODO: Considering moving ResponseCode.h Stopwatch.h thread_util.h to libnetdutils.

#include "DnsProxyListener.h"

#include "NetdClient.h"  // NETID_USE_LOCAL_NAMESERVERS

#include "NetdPermissions.h"

#include "ResolverEventReporter.h"

#include "ResponseCode.h"

#include "Stopwatch.h"
@@ -77,12 +78,6 @@ namespace net { 


namespace {



// TODO: move to a separate file (with other constants from FwmarkService and NetdNativeService)

constexpr const char CONNECTIVITY_USE_RESTRICTED_NETWORKS[] =

    "android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS";

constexpr const char NETWORK_BYPASS_PRIVATE_DNS[] =

    "android.permission.NETWORK_BYPASS_PRIVATE_DNS";



// Limits the number of outstanding DNS queries by client UID.

constexpr int MAX_QUERIES_PER_UID = 256;
@@ -154,7 +149,8 @@ bool hasPermissionToBypassPrivateDns(uid_t uid) { 
    }



    for (const char* const permission :

         {CONNECTIVITY_USE_RESTRICTED_NETWORKS, NETWORK_BYPASS_PRIVATE_DNS}) {

         {PERM_CONNECTIVITY_USE_RESTRICTED_NETWORKS, PERM_NETWORK_BYPASS_PRIVATE_DNS,

          PERM_MAINLINE_NETWORK_STACK}) {

        if (gDnsProxyListener.mCallbacks.check_calling_permission(permission)) {

            return true;

        }