Using the system service identity to check the CHANGE_CONFIGURATION
permission isn't likely to catch a security violation. Changing
back to the original caller and then checking permissions is
preferred.
Cherry picked from lmp. Fixes bug 15989465.
Change-Id: Iff08d04422bcc052a487194154f1fd0d727d38f4
Various authenticator results such as getAuthToken and addAccount might
result in an Intent returned to the AccountManager caller. A malicious
authenticator could exploit the fact that the Settings are a system app,
lead the user to launch add account for their account type and thus get
Settings to use the intent to start some arbitrary third parties Activity.
The fix is to make sure that the UID of the app associated with Activity
to be launched by the supplied intent and the Authenticators UID share
the same signature. This means that an authenticator implementer can only
exploit apps they control.
Bug: 7699048
Change-Id: I34330454c341e6a8422ca1ed3b390466a0feedce
(cherry picked from commit 5bab9daf3cf66f4de19f8757e386030e8bef23ce)
Do this both on input from apps (giving error) and between wifi and
ConnectivityService (ignoring bad data). This means removing all
addresses beyond the first and all routes but the first default and
the implied direct-connect routes.
We do this because the user can't monitor the others (no UI), their
support wasn't intended, they allow redirection of all traffic
without user knowledge and they allow circumvention of legacy VPNs.
This should not move forward from JB as it breaks IPv6 and K has
a more resilient VPN.
Bug:12663469
Change-Id: I0d92db7efc30a1bb3e5b8c6e5595bdb9793a16f2
Conflicts:
core/java/android/net/LinkProperties.java
services/java/com/android/server/WifiService.java
wifi/java/android/net/wifi/WifiStateMachine.java
In particular, if a 3rd party app tries to define a permission that
turns out to be defined by system packages following an upgrade,
the system package gets ownership and grants are re-evaluated
on that basis.
Bug 11242510
(Cherry-pick backport to JB)
Change-Id: Iabf7b6280e6c6674a51af5624142bd19ea0750ed
I'd changed DetailedState to force ConnectivityService to treat
provisioning apn's specially. In particular so that they wouldn't
be identified they were fully connected until the provisioning
actually started. The problem is that DetailedState is a public enum
that has a CTS test and just changing the CTS to allow for the new
state (CONNECTED_TO_PROVISIONING_NETWORK) was inappropriate.
Instead I've added a new mIsConnectedToProvisioningNetwork variable
and used the DetailedState.SUSPENDED as the intermediate state.
Bug: 10620248
Change-Id: Id4a842398cad67455541ce629959351c27d83639
When a sim is new or it has expired it needs to be provisioned
with the carrier. Basically provisioning is associating a sim with
a user account. When a sim isn't provisioned then operators will
restrict access to the network and only allow certain addresses
or services to be used.
This set of changes allows two types of provisioning networks to be
recognized. The first is a network that causes all DNS lookups to be
redirected to a different address than was intended. This is exemplified
by how T-Mobile works.
The second technique uses a special apn for provisioning. An example is
AT&T where lwaactivate is the provisioning apn and broadband is the
normal apn. We first try broadband and if we are unable to connect we
try lwaactivate. When we see the activate we identify it as special and
the ApnContext.isProvisioningApn will return true.
In the future our plan is to create a new network type that can be added
to the apn list, but for now it identified by name.
Here is a list of significant changes:
- CaptivePortalTracker now only test WiFi networks instead of all networks
- checkMobileProvisioning checks for provisioning networks and doesn't
try to ping.
- IConnectivityManager.aidl changes:
* getProvisioningOrActiveNetworkInfo was added to and used by Manage
mobile plan in WirelessSettings so even when there is no active
network it will still allow provisioning. Otherwise it would report
no internet connection.
* setSignInErrorNotificationVisible is used by both
CaptiviePortalTracker and checkMobileProvisioning so they use the
same code for the notifications.
* checkMobileProvisioning was simplified to have only a timeout as
returning the result is now harder as we abort simultaneous call
otherwise we'd could get into loops because we now check every time
we connect to mobile.
- Enhanced MDST to handle the provisioning network.
- Added CONNECTED_TO_PROVISIONING_NETWORK to NetworkInfo to make a new
state so we don't announce to the world we're connected.
- TelephonyIntents.ACTION_DATA_CONNECTION_CONNECTED_TO_PROVISIONING_APN
is sent by the low level data connection code to notify Connectivity
Service that a provisioning apn has connected. This allows CS to
handle the connection differently than a normal connection.
Bug: 10328264
Change-Id: I3925004011bb1243793c4c1b963d923dc2b00cb5
When the system becomes loaded the PhoneApp can be delayed
significantly and a call to setEnableFailFastMobileData may not
occur because the channel between the MobileDataStateTracker (MDST)
and DcTracker (DCT) is not connected.
Solution: Add a isReady to MDST and isMobileDataStateTrackerReady to
ConnectivityService and call it from isMobileOk.
Bug: 10351868
Change-Id: I92f9d58121b88186b636cd71c2fd2ef9a28f7cf6
Move the early return outside the try {} finally so we don't call
setEnableFailFastMobileData(DctContants.DISABLED). Otherwise
referencing counting is wrong and an exception is thrown in DcTrackerBase.
Bug: 10304904
Change-Id: I5ba5121e473bada9f3daa8d6f3d3577cec8212fc
When captive portal checking completes pass back the result.
This is used to enable/disable failing fast for mobile. When
failing fast is enabled we don't check for data stalls and thus
won't be continually trying to do recovery operations, such as
restarting the radio.
Bug: 9462512
Change-Id: I0dea0eee519f8ee7f94e79d40e82c18f30d7fe2e
...to original but not all modified ones
Very stupid mistakes in messing up the iteration when pruning op
entries.
Change-Id: Ie536b9095f797fcd2b86c9a386a72746796430d1
I needed to test the result of startUsingNetworkFeature, otherwise
on mobile networks that are slow to come up, we won't detect
warm SIMs after booting.
Bug: 9962943
Change-Id: Ib638a4e43867ecaa85d6abff65643b77a63526b6
After detecting there is a captive portal the url used in the
notification for mobile networks should be updateable via gservices.
These urls will be the same as used by CheckMp and is needed for
carriers that have specific provisioning urls such as AT&T and Verizon.
Bug: 9622647
Change-Id: Idcf4dabc72ece1dbbe1d5e5a21e550dd06fe16c7
All old versions drop their modes except for the notification op
(which is the only one there is currently a user-visible control for).
Change-Id: I9e09cebe63e9ea81f2adc01aef7d1a5a59f57a56
Stepping carefully around the fix in change Idc788527, we
perform security (and AppOps, and therefore user block)
checks against the uid passed to enqueueNotificationInternal
rather than the Binder caller.
Bug: 9502541
Change-Id: I91745db92823381df75721c1b8f11013a7fa4ecc
...when clipboard listener attached
We need to clear the calling identity before dispatching change
notifications. Also make this more robust, so that in the face
of any failure we will clean up the broadcast state.
Integrated from master.
Change-Id: I05e1f76ffd486439535631fe4062dabe94bd2ccf
It used to be set at boot, but that was too quick to pick up carrier
specific resources. With this change even if you switch sims subequent
checks get the new values.
bug:9865616
Change-Id: I8c270c6b02fc6bdd3c3d76ceea58172df25e058d
A simple mechanism for doing this is to take advantage of the fact
that we require the device to reboot after a sim has been changed.
Thus when connectivity service is started we wait to get a connection
then call checkMobileProvisioning once. We also add a check that
the DEVICE_PROVISIONED is true, i.e. SetupWizard has been run.
Bug: 9784024
Change-Id: I5c1936744f6fc55a447ae44cd36eec3849d27e21
The display wake lock and other internal state could become
out of sync if we happened to execute the power manager's update
function concurrently due to the missing lock.
This bug can be trigged due to display state changes or proximity
sensor updated. Although it would be extremely rare, we have
some evidence of this happening on at least a few devices resulting
in rapid power drain with the screen off or a crash.
Bug: 9880044
Change-Id: I3c674ce429621a50cbb36c3a01883d5f388205b2
(cherry picked from commit d91e417b06388694db213257b4df6b4dd78e0d49)
Remove DisplayContentsIterator and AllWindowsIterator. These were cute
but they take up valuable resources. Iterate over ArrayList members
in their place.
Change-Id: Ie0c537608532cfb36f34d976cc6eacd21bad98cd
