diff options
| author | Robert Greenwalt <rgreenwalt@google.com> | 2011-06-21 17:26:14 -0700 |
|---|---|---|
| committer | Robert Greenwalt <rgreenwalt@google.com> | 2011-06-22 16:35:12 -0700 |
| commit | 50393202f3ae0ab9114075ecc5b4c92faaf96251 (patch) | |
| tree | bae0b1d232a126908b8daa594e03af4916df782f | |
| parent | e0da3f3bc9aaefbf3e3737b69e91b7823f639751 (diff) | |
| download | frameworks_base-50393202f3ae0ab9114075ecc5b4c92faaf96251.zip frameworks_base-50393202f3ae0ab9114075ecc5b4c92faaf96251.tar.gz frameworks_base-50393202f3ae0ab9114075ecc5b4c92faaf96251.tar.bz2 | |
Restrict access to protected networks.
Some networks should only be brought up and controlled by system apps.
bug: 4585677
Change-Id: I61b1ee3dcfca0ee54387cecffe5198a0b010d98b
| -rwxr-xr-x | core/res/res/values/config.xml | 8 | ||||
| -rw-r--r-- | services/java/com/android/server/ConnectivityService.java | 26 |
2 files changed, 33 insertions, 1 deletions
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 843259d..f49be42 100755 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -115,6 +115,14 @@ <item>"mobile_cbs,12,0,2,60000,true"</item> </string-array> + <!-- Array of ConnectivityManager.TYPE_xxxx constants for networks that may only + be controlled by systemOrSignature apps. --> + <integer-array translatable="false" name="config_protectedNetworks"> + <item>10</item> + <item>11</item> + <item>12</item> + </integer-array> + <!-- This string array should be overridden by the device to present a list of radio attributes. This is used by the connectivity manager to decide which networks can coexist based on the hardware --> diff --git a/services/java/com/android/server/ConnectivityService.java b/services/java/com/android/server/ConnectivityService.java index a8ddc15..e11190f 100644 --- a/services/java/com/android/server/ConnectivityService.java +++ b/services/java/com/android/server/ConnectivityService.java @@ -250,6 +250,9 @@ public class ConnectivityService extends IConnectivityManager.Stub { } RadioAttributes[] mRadioAttributes; + // the set of network types that can only be enabled by system/sig apps + List mProtectedNetworks; + public static synchronized ConnectivityService getInstance(Context context) { if (sServiceInstance == null) { sServiceInstance = new ConnectivityService(context); @@ -349,6 +352,17 @@ public class ConnectivityService extends IConnectivityManager.Stub { } } + mProtectedNetworks = new ArrayList<Integer>(); + int[] protectedNetworks = context.getResources().getIntArray( + com.android.internal.R.array.config_protectedNetworks); + for (int p : protectedNetworks) { + if ((mNetConfigs[p] != null) && (mProtectedNetworks.contains(p) == false)) { + mProtectedNetworks.add(p); + } else { + if (DBG) loge("Ignoring protectedNetwork " + p); + } + } + // high priority first mPriorityList = new int[mNetworksDefined]; { @@ -678,6 +692,11 @@ public class ConnectivityService extends IConnectivityManager.Stub { usedNetworkType = networkType; } } + + if (mProtectedNetworks.contains(usedNetworkType)) { + enforceConnectivityInternalPermission(); + } + NetworkStateTracker network = mNetTrackers[usedNetworkType]; if (network != null) { Integer currentPid = new Integer(getCallingPid()); @@ -888,6 +907,10 @@ public class ConnectivityService extends IConnectivityManager.Stub { */ public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) { enforceChangePermission(); + if (mProtectedNetworks.contains(networkType)) { + enforceConnectivityInternalPermission(); + } + if (!ConnectivityManager.isNetworkTypeValid(networkType)) { return false; } @@ -1005,7 +1028,8 @@ public class ConnectivityService extends IConnectivityManager.Stub { } public void setDataDependency(int networkType, boolean met) { - enforceChangePermission(); + enforceConnectivityInternalPermission(); + if (DBG) { log("setDataDependency(" + networkType + ", " + met + ")"); } |