drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 41779e46: am 95297732: am 86e7d135: resolved conflicts for merge of dbc4edcc to mnc-dr-dev

Browse Source 
* commit '41779e467a478e11de2df10ad97542e6f2d57ca7':
  Fix NOT_RESTRICTED network capability and enforce it.
This commit is contained in:
Paul Jensen
2015-08-05 11:38:26 +00:00
committed by Android Git Automerger
parent 9d1d5b7ac6 41779e467a
commit abd27102f4
7 changed files with 111 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
core/java/android/net/ConnectivityManager.java
View File

@ -964,41 +964,6 @@ public class ConnectivityManager {
return 1;
}
/**
* Removes the NET_CAPABILITY_NOT_RESTRICTED capability from the given
* NetworkCapabilities object if all the capabilities it provides are
* typically provided by restricted networks.
*
* TODO: consider:
* - Moving to NetworkCapabilities
* - Renaming it to guessRestrictedCapability and make it set the
* restricted capability bit in addition to clearing it.
* @hide
*/
public static void maybeMarkCapabilitiesRestricted(NetworkCapabilities nc) {
for (int capability : nc.getCapabilities()) {
switch (capability) {
case NetworkCapabilities.NET_CAPABILITY_CBS:
case NetworkCapabilities.NET_CAPABILITY_DUN:
case NetworkCapabilities.NET_CAPABILITY_EIMS:
case NetworkCapabilities.NET_CAPABILITY_FOTA:
case NetworkCapabilities.NET_CAPABILITY_IA:
case NetworkCapabilities.NET_CAPABILITY_IMS:
case NetworkCapabilities.NET_CAPABILITY_RCS:
case NetworkCapabilities.NET_CAPABILITY_XCAP:
case NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED: //there by default
continue;
default:
// At least one capability usually provided by unrestricted
// networks. Conclude that this network is unrestricted.
return;
}
}
// All the capabilities are typically provided by restricted networks.
// Conclude that this network is restricted.
nc.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED);
}
private NetworkCapabilities networkCapabilitiesForFeature(int networkType, String feature) {
if (networkType == TYPE_MOBILE) {
int cap = -1;
@ -1021,14 +986,14 @@ public class ConnectivityManager {
}
NetworkCapabilities netCap = new NetworkCapabilities();
netCap.addTransportType(NetworkCapabilities.TRANSPORT_CELLULAR).addCapability(cap);
maybeMarkCapabilitiesRestricted(netCap);
netCap.maybeMarkCapabilitiesRestricted();
return netCap;
} else if (networkType == TYPE_WIFI) {
if ("p2p".equals(feature)) {
NetworkCapabilities netCap = new NetworkCapabilities();
netCap.addTransportType(NetworkCapabilities.TRANSPORT_WIFI);
netCap.addCapability(NetworkCapabilities.NET_CAPABILITY_WIFI_P2P);
maybeMarkCapabilitiesRestricted(netCap);
netCap.maybeMarkCapabilitiesRestricted();
return netCap;
}
}

30
core/java/android/net/NetworkCapabilities.java
View File

@ -215,6 +215,20 @@ public final class NetworkCapabilities implements Parcelable {
(1 << NET_CAPABILITY_TRUSTED) |
(1 << NET_CAPABILITY_NOT_VPN);
/**
* Capabilities that suggest that a network is restricted.
* {@see #maybeMarkCapabilitiesRestricted}.
*/
private static final long RESTRICTED_CAPABILITIES =
(1 << NET_CAPABILITY_CBS) |
(1 << NET_CAPABILITY_DUN) |
(1 << NET_CAPABILITY_EIMS) |
(1 << NET_CAPABILITY_FOTA) |
(1 << NET_CAPABILITY_IA) |
(1 << NET_CAPABILITY_IMS) |
(1 << NET_CAPABILITY_RCS) |
(1 << NET_CAPABILITY_XCAP);
/**
* Adds the given capability to this {@code NetworkCapability} instance.
* Multiple capabilities may be applied sequentially. Note that when searching
@ -325,6 +339,22 @@ public final class NetworkCapabilities implements Parcelable {
(that.mNetworkCapabilities & ~MUTABLE_CAPABILITIES));
}
/**
* Removes the NET_CAPABILITY_NOT_RESTRICTED capability if all the capabilities it provides are
* typically provided by restricted networks.
*
* TODO: consider:
* - Renaming it to guessRestrictedCapability and make it set the
* restricted capability bit in addition to clearing it.
* @hide
*/
public void maybeMarkCapabilitiesRestricted() {
// If all the capabilities are typically provided by restricted networks, conclude that this
// network is restricted.
if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0)
removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
}
/**
* Representing the transport type. Apps should generally not care about transport. A
* request for a fast internet connection could be satisfied by a number of different

8
core/java/android/net/NetworkRequest.java
View File

@ -83,7 +83,13 @@ public class NetworkRequest implements Parcelable {
* Build {@link NetworkRequest} give the current set of capabilities.
*/
public NetworkRequest build() {
return new NetworkRequest(mNetworkCapabilities, ConnectivityManager.TYPE_NONE,
// Make a copy of mNetworkCapabilities so we don't inadvertently remove NOT_RESTRICTED
// when later an unrestricted capability could be added to mNetworkCapabilities, in
// which case NOT_RESTRICTED should be returned to mNetworkCapabilities, which
// maybeMarkCapabilitiesRestricted() doesn't add back.
final NetworkCapabilities nc = new NetworkCapabilities(mNetworkCapabilities);
nc.maybeMarkCapabilitiesRestricted();
return new NetworkRequest(nc, ConnectivityManager.TYPE_NONE,
ConnectivityManager.REQUEST_ID_UNSET);
}

11
core/java/android/os/INetworkManagementService.aidl
View File

@ -388,8 +388,10 @@ interface INetworkManagementService
/**
* Setup a new physical network.
* @param permission null if no permissions required to access this network. PERMISSION_NETWORK
* or PERMISSION_SYSTEM to set respective permission.
*/
void createPhysicalNetwork(int netId);
void createPhysicalNetwork(int netId, String permission);
/**
* Setup a new VPN.
@ -416,6 +418,13 @@ interface INetworkManagementService
void setDefaultNetId(int netId);
void clearDefaultNetId();
/**
* Set permission for a network.
* @param permission null to clear permissions. PERMISSION_NETWORK or PERMISSION_SYSTEM to set
* permission.
*/
void setNetworkPermission(int netId, String permission);
void setPermission(String permission, in int[] uids);
void clearPermission(in int[] uids);

15
services/core/java/com/android/server/ConnectivityService.java
View File

@ -4097,6 +4097,16 @@ public class ConnectivityService extends IConnectivityManager.Stub
}
if (!Objects.equals(nai.networkCapabilities, networkCapabilities)) {
final int oldScore = nai.getCurrentScore();
if (nai.networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) !=
networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) {
try {
mNetd.setNetworkPermission(nai.network.netId,
networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) ?
null : NetworkManagementService.PERMISSION_SYSTEM);
} catch (RemoteException e) {
loge("Exception in setNetworkPermission: " + e);
}
}
synchronized (nai) {
nai.networkCapabilities = networkCapabilities;
}
@ -4564,7 +4574,10 @@ public class ConnectivityService extends IConnectivityManager.Stub
(networkAgent.networkMisc == null ||
!networkAgent.networkMisc.allowBypass));
} else {
mNetd.createPhysicalNetwork(networkAgent.network.netId);
mNetd.createPhysicalNetwork(networkAgent.network.netId,
networkAgent.networkCapabilities.hasCapability(
NET_CAPABILITY_NOT_RESTRICTED) ?
null : NetworkManagementService.PERMISSION_SYSTEM);
}
} catch (Exception e) {
loge("Error creating network " + networkAgent.network.netId + ": "

37
services/core/java/com/android/server/NetworkManagementService.java
View File

@ -131,6 +131,19 @@ public class NetworkManagementService extends INetworkManagementService.Stub
*/
public static final String LIMIT_GLOBAL_ALERT = "globalAlert";
/**
* String to pass to netd to indicate that a network is only accessible
* to apps that have the CHANGE_NETWORK_STATE permission.
*/
public static final String PERMISSION_NETWORK = "NETWORK";
/**
* String to pass to netd to indicate that a network is only
* accessible to system apps and those with the CONNECTIVITY_INTERNAL
* permission.
*/
public static final String PERMISSION_SYSTEM = "SYSTEM";
class NetdResponseCode {
/* Keep in sync with system/netd/server/ResponseCode.h */
public static final int InterfaceListResult = 110;
@ -2329,11 +2342,15 @@ public class NetworkManagementService extends INetworkManagementService.Stub
}
@Override
public void createPhysicalNetwork(int netId) {
public void createPhysicalNetwork(int netId, String permission) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
try {
mConnector.execute("network", "create", netId);
if (permission != null) {
mConnector.execute("network", "create", netId, permission);
} else {
mConnector.execute("network", "create", netId);
}
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
@ -2424,6 +2441,22 @@ public class NetworkManagementService extends INetworkManagementService.Stub
}
}
@Override
public void setNetworkPermission(int netId, String permission) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
try {
if (permission != null) {
mConnector.execute("network", "permission", "network", "set", permission, netId);
} else {
mConnector.execute("network", "permission", "network", "clear", netId);
}
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
}
@Override
public void setPermission(String permission, int[] uids) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);

13
services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java
View File

@ -937,6 +937,19 @@ public class ConnectivityServiceTest extends AndroidTestCase {
}
private void tryNetworkFactoryRequests(int capability) throws Exception {
// Verify NOT_RESTRICTED is set appropriately
final NetworkCapabilities nc = new NetworkRequest.Builder().addCapability(capability)
.build().networkCapabilities;
if (capability == NET_CAPABILITY_CBS || capability == NET_CAPABILITY_DUN ||
capability == NET_CAPABILITY_EIMS || capability == NET_CAPABILITY_FOTA ||
capability == NET_CAPABILITY_IA || capability == NET_CAPABILITY_IMS ||
capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP ||
capability == NET_CAPABILITY_TRUSTED || capability == NET_CAPABILITY_NOT_VPN) {
assertFalse(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
} else {
assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
}
NetworkCapabilities filter = new NetworkCapabilities();
filter.addCapability(capability);
final HandlerThread handlerThread = new HandlerThread("testNetworkFactoryRequests");