Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 28160b3141286f7b579696776fbce7eeeff00b6f^! / . / service / src / com
commit28160b3141286f7b579696776fbce7eeeff00b6f[log] [tgz]
authormarkchien <markchien@google.com>Wed Sep 29 22:57:31 2021 +0800
committermarkchien <markchien@google.com>Tue Apr 19 19:13:10 2022 +0800
treecd2d3d6707139b3b5f12e8580afce8509db100d9
parentfebcedef5a7cc21e14ec99147e5062f2897566cd [diff]
Fix permission bypass problem for Tethering deprecated APIs

Since the tethering functions in ConnectivityService is delegated
to TetheringManager instance and get caches informataion in
TetheringManager without checking ACCESS_NETWORK_STATE permission.
If application use reflection call getTetherXXX functions in
ConnectivityService, it can get tethering status with no additional
execution privileges needed.

Bug: 162952629
Test: manual
Ignore-AOSP-First: security fix
Change-Id: I5b897f216db19fead6ba6ac07915aa0f6ff5bf42

diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index a0e75ec..81bb4f5 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -5467,6 +5467,7 @@
     @Override
     @Deprecated
     public int getLastTetherError(String iface) {
+        enforceAccessPermission();
         final TetheringManager tm = (TetheringManager) mContext.getSystemService(
                 Context.TETHERING_SERVICE);
         return tm.getLastTetherError(iface);
@@ -5475,6 +5476,7 @@
     @Override
     @Deprecated
     public String[] getTetherableIfaces() {
+        enforceAccessPermission();
         final TetheringManager tm = (TetheringManager) mContext.getSystemService(
                 Context.TETHERING_SERVICE);
         return tm.getTetherableIfaces();
@@ -5483,6 +5485,7 @@
     @Override
     @Deprecated
     public String[] getTetheredIfaces() {
+        enforceAccessPermission();
         final TetheringManager tm = (TetheringManager) mContext.getSystemService(
                 Context.TETHERING_SERVICE);
         return tm.getTetheredIfaces();
@@ -5492,6 +5495,7 @@
     @Override
     @Deprecated
     public String[] getTetheringErroredIfaces() {
+        enforceAccessPermission();
         final TetheringManager tm = (TetheringManager) mContext.getSystemService(
                 Context.TETHERING_SERVICE);
 
@@ -5501,6 +5505,7 @@
     @Override
     @Deprecated
     public String[] getTetherableUsbRegexs() {
+        enforceAccessPermission();
         final TetheringManager tm = (TetheringManager) mContext.getSystemService(
                 Context.TETHERING_SERVICE);
 
@@ -5510,6 +5515,7 @@
     @Override
     @Deprecated
     public String[] getTetherableWifiRegexs() {
+        enforceAccessPermission();
         final TetheringManager tm = (TetheringManager) mContext.getSystemService(
                 Context.TETHERING_SERVICE);
         return tm.getTetherableWifiRegexs();