diff options
| author | Paul Jensen <pauljensen@google.com> | 2015-08-05 07:07:24 -0400 |
|---|---|---|
| committer | Paul Jensen <pauljensen@google.com> | 2015-08-05 07:07:24 -0400 |
| commit | 86e7d135acbdb0055de6a687817d44ac60603c9f (patch) | |
| tree | 779b9f59252cf055c07e68e27ea86a1e520721c3 /services | |
| parent | 815a6b6bdf400413057c83fa0ee63db749785d85 (diff) | |
| parent | dbc4edccfced5cb739bae75e8cd15cecc39cf16e (diff) | |
| download | frameworks_base-86e7d135acbdb0055de6a687817d44ac60603c9f.zip frameworks_base-86e7d135acbdb0055de6a687817d44ac60603c9f.tar.gz frameworks_base-86e7d135acbdb0055de6a687817d44ac60603c9f.tar.bz2 | |
resolved conflicts for merge of dbc4edcc to mnc-dr-dev
Change-Id: I3a8624b2b375e0d174983d7690082e0e6932c4de
Diffstat (limited to 'services')
3 files changed, 62 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 8ca5ac1..028460c 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -4097,6 +4097,16 @@ public class ConnectivityService extends IConnectivityManager.Stub } if (!Objects.equals(nai.networkCapabilities, networkCapabilities)) { final int oldScore = nai.getCurrentScore(); + if (nai.networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) != + networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) { + try { + mNetd.setNetworkPermission(nai.network.netId, + networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) ? + null : NetworkManagementService.PERMISSION_SYSTEM); + } catch (RemoteException e) { + loge("Exception in setNetworkPermission: " + e); + } + } synchronized (nai) { nai.networkCapabilities = networkCapabilities; } @@ -4564,7 +4574,10 @@ public class ConnectivityService extends IConnectivityManager.Stub (networkAgent.networkMisc == null || !networkAgent.networkMisc.allowBypass)); } else { - mNetd.createPhysicalNetwork(networkAgent.network.netId); + mNetd.createPhysicalNetwork(networkAgent.network.netId, + networkAgent.networkCapabilities.hasCapability( + NET_CAPABILITY_NOT_RESTRICTED) ? + null : NetworkManagementService.PERMISSION_SYSTEM); } } catch (Exception e) { loge("Error creating network " + networkAgent.network.netId + ": " diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java index 0e3134d..433f707 100644 --- a/services/core/java/com/android/server/NetworkManagementService.java +++ b/services/core/java/com/android/server/NetworkManagementService.java @@ -131,6 +131,19 @@ public class NetworkManagementService extends INetworkManagementService.Stub */ public static final String LIMIT_GLOBAL_ALERT = "globalAlert"; + /** + * String to pass to netd to indicate that a network is only accessible + * to apps that have the CHANGE_NETWORK_STATE permission. + */ + public static final String PERMISSION_NETWORK = "NETWORK"; + + /** + * String to pass to netd to indicate that a network is only + * accessible to system apps and those with the CONNECTIVITY_INTERNAL + * permission. + */ + public static final String PERMISSION_SYSTEM = "SYSTEM"; + class NetdResponseCode { /* Keep in sync with system/netd/server/ResponseCode.h */ public static final int InterfaceListResult = 110; @@ -2329,11 +2342,15 @@ public class NetworkManagementService extends INetworkManagementService.Stub } @Override - public void createPhysicalNetwork(int netId) { + public void createPhysicalNetwork(int netId, String permission) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { - mConnector.execute("network", "create", netId); + if (permission != null) { + mConnector.execute("network", "create", netId, permission); + } else { + mConnector.execute("network", "create", netId); + } } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } @@ -2425,6 +2442,22 @@ public class NetworkManagementService extends INetworkManagementService.Stub } @Override + public void setNetworkPermission(int netId, String permission) { + mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); + + try { + if (permission != null) { + mConnector.execute("network", "permission", "network", "set", permission, netId); + } else { + mConnector.execute("network", "permission", "network", "clear", netId); + } + } catch (NativeDaemonConnectorException e) { + throw e.rethrowAsParcelableException(); + } + } + + + @Override public void setPermission(String permission, int[] uids) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); diff --git a/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java b/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java index 19d29f3..696f106 100644 --- a/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java +++ b/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java @@ -937,6 +937,19 @@ public class ConnectivityServiceTest extends AndroidTestCase { } private void tryNetworkFactoryRequests(int capability) throws Exception { + // Verify NOT_RESTRICTED is set appropriately + final NetworkCapabilities nc = new NetworkRequest.Builder().addCapability(capability) + .build().networkCapabilities; + if (capability == NET_CAPABILITY_CBS || capability == NET_CAPABILITY_DUN || + capability == NET_CAPABILITY_EIMS || capability == NET_CAPABILITY_FOTA || + capability == NET_CAPABILITY_IA || capability == NET_CAPABILITY_IMS || + capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP || + capability == NET_CAPABILITY_TRUSTED || capability == NET_CAPABILITY_NOT_VPN) { + assertFalse(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)); + } else { + assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)); + } + NetworkCapabilities filter = new NetworkCapabilities(); filter.addCapability(capability); final HandlerThread handlerThread = new HandlerThread("testNetworkFactoryRequests"); |