diff options
author | Paul Jensen <pauljensen@google.com> | 2015-08-19 11:06:15 -0400 |
---|---|---|
committer | Paul Jensen <pauljensen@google.com> | 2015-08-19 11:08:38 -0400 |
commit | aae613d96134245af7c55976731a49fa59e77470 (patch) | |
tree | fecd59637ca65eeac8b93bedfeeba0305669118a | |
parent | 8b8fa3e934e3ddf01790e647b4401dc88b24bf67 (diff) | |
download | frameworks_base-aae613d96134245af7c55976731a49fa59e77470.zip frameworks_base-aae613d96134245af7c55976731a49fa59e77470.tar.gz frameworks_base-aae613d96134245af7c55976731a49fa59e77470.tar.bz2 |
Don't mark NetworkRequests restricted when they don't have restricted caps
Requests without NET_CAPABILITIES_INTERNET and just the default network
capabilities should not be marked restricted. Without this fix apps
can hit permissions exceptions if they inadvertently make requests
without NET_CAPABILITIES_INTERNET.
Bug:23164917
Change-Id: I4c7136821315bcb05dfc42ffbc505a5d4f6109e6
-rw-r--r-- | core/java/android/net/NetworkCapabilities.java | 6 | ||||
-rw-r--r-- | services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java | 3 |
2 files changed, 6 insertions, 3 deletions
diff --git a/core/java/android/net/NetworkCapabilities.java b/core/java/android/net/NetworkCapabilities.java index 29b063a..d0e0cbe 100644 --- a/core/java/android/net/NetworkCapabilities.java +++ b/core/java/android/net/NetworkCapabilities.java @@ -299,8 +299,12 @@ public final class NetworkCapabilities implements Parcelable { public void maybeMarkCapabilitiesRestricted() { // If all the capabilities are typically provided by restricted networks, conclude that this // network is restricted. - if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0) + if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0 && + // Must have at least some restricted capabilities, otherwise a request for an + // internet-less network will get marked restricted. + (mNetworkCapabilities & RESTRICTED_CAPABILITIES) != 0) { removeCapability(NET_CAPABILITY_NOT_RESTRICTED); + } } /** diff --git a/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java b/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java index 696f106..b4c76b7 100644 --- a/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java +++ b/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java @@ -943,8 +943,7 @@ public class ConnectivityServiceTest extends AndroidTestCase { if (capability == NET_CAPABILITY_CBS || capability == NET_CAPABILITY_DUN || capability == NET_CAPABILITY_EIMS || capability == NET_CAPABILITY_FOTA || capability == NET_CAPABILITY_IA || capability == NET_CAPABILITY_IMS || - capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP || - capability == NET_CAPABILITY_TRUSTED || capability == NET_CAPABILITY_NOT_VPN) { + capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP) { assertFalse(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)); } else { assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)); |