diff options
author | Paul Jensen <pauljensen@google.com> | 2015-07-24 15:57:11 -0400 |
---|---|---|
committer | Paul Jensen <pauljensen@google.com> | 2015-08-04 07:24:24 -0400 |
commit | 487ffe7d3d84bf65212158f7098e8a84b5b55e09 (patch) | |
tree | 38057c7c55e92aaa1ccd9c2f74705fde6fb645b0 /services/core/java/com/android/server/ConnectivityService.java | |
parent | 532737df65330200dc55ae42d31140d19c4024be (diff) | |
download | frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.zip frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.tar.gz frameworks_base-487ffe7d3d84bf65212158f7098e8a84b5b55e09.tar.bz2 |
Fix NOT_RESTRICTED network capability and enforce it.
With this change:
1. NOT_RESTRICTED should be removed from NetworkRequests that bring up
special restricted carrier networks (e.g. IMS, FOTA).
2. NetworkRequests without NOT_RESTRICTED require CONNECTIVITY_INTERNAL
permission to register
3. Binding sockets to networks without NOT_RESTRICTED requires
CONNECTIVITY_INTERNAL permission
Bug:21637535
Change-Id: I5991d39facaa6b690e969fe15dcbeec52e918321
Diffstat (limited to 'services/core/java/com/android/server/ConnectivityService.java')
-rw-r--r-- | services/core/java/com/android/server/ConnectivityService.java | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index eb74ab0..62e8532 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -4021,6 +4021,16 @@ public class ConnectivityService extends IConnectivityManager.Stub } if (!Objects.equals(nai.networkCapabilities, networkCapabilities)) { final int oldScore = nai.getCurrentScore(); + if (nai.networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) != + networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) { + try { + mNetd.setNetworkPermission(nai.network.netId, + networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) ? + null : NetworkManagementService.PERMISSION_SYSTEM); + } catch (RemoteException e) { + loge("Exception in setNetworkPermission: " + e); + } + } synchronized (nai) { nai.networkCapabilities = networkCapabilities; } @@ -4456,7 +4466,10 @@ public class ConnectivityService extends IConnectivityManager.Stub (networkAgent.networkMisc == null || !networkAgent.networkMisc.allowBypass)); } else { - mNetd.createPhysicalNetwork(networkAgent.network.netId); + mNetd.createPhysicalNetwork(networkAgent.network.netId, + networkAgent.networkCapabilities.hasCapability( + NET_CAPABILITY_NOT_RESTRICTED) ? + null : NetworkManagementService.PERMISSION_SYSTEM); } } catch (Exception e) { loge("Error creating network " + networkAgent.network.netId + ": " |