Add permission to NetworkStackService (f3088e99) · Commits · e / os / android_packages_modules_NetworkStack

Require a permission to bind to NetworkStackService. INetworkStackConnector already has permission (UID) checks on all calls to the service, but callers should not even be able to bind to it. The MAINLINE_NETWORK_STACK permission is appropriate as it is only held by the network stack module. Only the system server (which is considered as holding all permissions) and other network stack components should be allowed to bind to the network stack service. Bluetooth gets the connector through the ServiceManager and does not need to bind to it. Bug: 139720667 Test: Flashed, booted, WiFi and bluetooth reverse tethering working. Test: Also the above with a Go target (InProcessNetworkStack) Test: atest FrameworksNetTests NetworkStackTests Test: atest NetworkStackIntegrationTests Change-Id: I5db6de782626e8ff2914e5840d3f8582e53ec9c2

AndroidManifest.xml

+2 −1

Original line number	Diff line number	Diff line
		@@ -40,7 +40,8 @@
		<application
		android:extractNativeLibs="false"
		android:persistent="true">
		<service android:name="com.android.server.NetworkStackService">
		<service android:name="com.android.server.NetworkStackService"
		android:permission="android.permission.MAINLINE_NETWORK_STACK">
		<intent-filter>
		<action android:name="android.net.INetworkStackConnector"/>
		</intent-filter>

AndroidManifest_InProcess.xml

+3 −1

Original line number	Diff line number	Diff line
		@@ -22,7 +22,9 @@
		android:process="system">
		<uses-sdk android:minSdkVersion="28" android:targetSdkVersion="28" />
		<application>
		<service android:name="com.android.server.NetworkStackService" android:process="system">
		<service android:name="com.android.server.NetworkStackService"
		android:process="system"
		android:permission="android.permission.MAINLINE_NETWORK_STACK">
		<intent-filter>
		<action android:name="android.net.INetworkStackConnector.InProcess"/>
		</intent-filter>