Fix NOT_RESTRICTED network capability and enforce it.

With this change: 1. NOT_RESTRICTED should be removed from NetworkRequests that bring up special restricted carrier networks (e.g. IMS, FOTA). 2. NetworkRequests without NOT_RESTRICTED require CONNECTIVITY_INTERNAL permission to register 3. Binding sockets to networks without NOT_RESTRICTED requires CONNECTIVITY_INTERNAL permission Bug:21637535 Change-Id: I5991d39facaa6b690e969fe15dcbeec52e918321
author: Paul Jensen <pauljensen@google.com> 2015-07-24 15:57:11 -0400
committer: Paul Jensen <pauljensen@google.com> 2015-08-04 07:24:24 -0400
commit: 487ffe7d3d84bf65212158f7098e8a84b5b55e09 (patch)
tree: 38057c7c55e92aaa1ccd9c2f74705fde6fb645b0 /services/core/java/com/android/server/ConnectivityService.java
parent: 532737df65330200dc55ae42d31140d19c4024be (diff)
download: frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.zip
frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.tar.gz
frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.tar.bz2
1 files changed, 14 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index eb74ab0..62e8532 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -4021,6 +4021,16 @@ public class ConnectivityService extends IConnectivityManager.Stub
         }
         if (!Objects.equals(nai.networkCapabilities, networkCapabilities)) {
             final int oldScore = nai.getCurrentScore();
+            if (nai.networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) !=
+                    networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) {
+                try {
+                    mNetd.setNetworkPermission(nai.network.netId,
+                            networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) ?
+                                    null : NetworkManagementService.PERMISSION_SYSTEM);
+                } catch (RemoteException e) {
+                    loge("Exception in setNetworkPermission: " + e);
+                }
+            }
             synchronized (nai) {
                 nai.networkCapabilities = networkCapabilities;
             }
@@ -4456,7 +4466,10 @@ public class ConnectivityService extends IConnectivityManager.Stub
                             (networkAgent.networkMisc == null ||
                                 !networkAgent.networkMisc.allowBypass));
                 } else {
-                    mNetd.createPhysicalNetwork(networkAgent.network.netId);
+                    mNetd.createPhysicalNetwork(networkAgent.network.netId,
+                            networkAgent.networkCapabilities.hasCapability(
+                                    NET_CAPABILITY_NOT_RESTRICTED) ?
+                                    null : NetworkManagementService.PERMISSION_SYSTEM);
                 }
             } catch (Exception e) {
                 loge("Error creating network " + networkAgent.network.netId + ": "
author	Paul Jensen <pauljensen@google.com>	2015-07-24 15:57:11 -0400
committer	Paul Jensen <pauljensen@google.com>	2015-08-04 07:24:24 -0400
commit	487ffe7d3d84bf65212158f7098e8a84b5b55e09 (patch)
tree	38057c7c55e92aaa1ccd9c2f74705fde6fb645b0 /services/core/java/com/android/server/ConnectivityService.java
parent	532737df65330200dc55ae42d31140d19c4024be (diff)
download	frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.zip frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.tar.gz frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.tar.bz2