Deal with permission update on handler thread
To ensure that permission cannot change while CS is doing works,
scoring networks, sending callbacks, etc. So making all
permission update are running on handler thread.
Bug: 232048835
Test: FrameworksNetTests CtsNetTestCases
Change-Id: I5380ec8ff1282a1056d9063848e0fff8b3a570ec
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index dffe11d..9b23395 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -1451,7 +1451,11 @@
mCellularRadioTimesharingCapable =
mResources.get().getBoolean(R.bool.config_cellular_radio_timesharing_capable);
+ mNetd = netd;
+ mBpfNetMaps = mDeps.getBpfNetMaps(mContext, netd);
mHandlerThread = mDeps.makeHandlerThread();
+ mPermissionMonitor =
+ new PermissionMonitor(mContext, mNetd, mBpfNetMaps, mHandlerThread);
mHandlerThread.start();
mHandler = new InternalHandler(mHandlerThread.getLooper());
mTrackerHandler = new NetworkStateTrackerHandler(mHandlerThread.getLooper());
@@ -1466,8 +1470,6 @@
mDnsResolver = Objects.requireNonNull(dnsresolver, "missing IDnsResolver");
mProxyTracker = mDeps.makeProxyTracker(mContext, mHandler);
- mNetd = netd;
- mBpfNetMaps = mDeps.getBpfNetMaps(mContext, netd);
mTelephonyManager = (TelephonyManager) mContext.getSystemService(Context.TELEPHONY_SERVICE);
mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
mLocationPermissionChecker = mDeps.makeLocationPermissionChecker(mContext);
@@ -1497,8 +1499,6 @@
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
- mPermissionMonitor = new PermissionMonitor(mContext, mNetd, mBpfNetMaps);
-
mUserAllContext = mContext.createContextAsUser(UserHandle.ALL, 0 /* flags */);
// Listen for user add/removes to inform PermissionMonitor.
// Should run on mHandler to avoid any races.
diff --git a/service/src/com/android/server/connectivity/PermissionMonitor.java b/service/src/com/android/server/connectivity/PermissionMonitor.java
index eee7f3a..9f1613f 100755
--- a/service/src/com/android/server/connectivity/PermissionMonitor.java
+++ b/service/src/com/android/server/connectivity/PermissionMonitor.java
@@ -52,6 +52,8 @@
import android.net.UidRange;
import android.net.Uri;
import android.os.Build;
+import android.os.Handler;
+import android.os.HandlerThread;
import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
@@ -98,6 +100,7 @@
private final Dependencies mDeps;
private final Context mContext;
private final BpfNetMaps mBpfNetMaps;
+ private final HandlerThread mThread;
private static final ProcessShim sProcessShim = ProcessShimImpl.newInstance();
@@ -259,14 +262,15 @@
}
public PermissionMonitor(@NonNull final Context context, @NonNull final INetd netd,
- @NonNull final BpfNetMaps bpfNetMaps) {
- this(context, netd, bpfNetMaps, new Dependencies());
+ @NonNull final BpfNetMaps bpfNetMaps, @NonNull final HandlerThread thread) {
+ this(context, netd, bpfNetMaps, new Dependencies(), thread);
}
@VisibleForTesting
PermissionMonitor(@NonNull final Context context, @NonNull final INetd netd,
@NonNull final BpfNetMaps bpfNetMaps,
- @NonNull final Dependencies deps) {
+ @NonNull final Dependencies deps,
+ @NonNull final HandlerThread thread) {
mPackageManager = context.getPackageManager();
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
mSystemConfigManager = context.getSystemService(SystemConfigManager.class);
@@ -274,6 +278,14 @@
mDeps = deps;
mContext = context;
mBpfNetMaps = bpfNetMaps;
+ mThread = thread;
+ }
+
+ private void ensureRunningOnHandlerThread() {
+ if (mThread.getLooper().getThread() != Thread.currentThread()) {
+ throw new IllegalStateException(
+ "Not running on Handler thread: " + Thread.currentThread().getName());
+ }
}
private int getPackageNetdNetworkPermission(@NonNull final PackageInfo app) {
@@ -405,14 +417,14 @@
public synchronized void startMonitoring() {
log("Monitoring");
+ final Handler handler = new Handler(mThread.getLooper());
final Context userAllContext = mContext.createContextAsUser(UserHandle.ALL, 0 /* flags */);
final IntentFilter intentFilter = new IntentFilter();
intentFilter.addAction(Intent.ACTION_PACKAGE_ADDED);
intentFilter.addAction(Intent.ACTION_PACKAGE_REMOVED);
intentFilter.addDataScheme("package");
userAllContext.registerReceiver(
- mIntentReceiver, intentFilter, null /* broadcastPermission */,
- null /* scheduler */);
+ mIntentReceiver, intentFilter, null /* broadcastPermission */, handler);
// Listen to EXTERNAL_APPLICATIONS_AVAILABLE is that an app becoming available means it may
// need to gain a permission. But an app that becomes unavailable can neither gain nor lose
@@ -421,23 +433,21 @@
final IntentFilter externalIntentFilter =
new IntentFilter(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE);
userAllContext.registerReceiver(
- mIntentReceiver, externalIntentFilter, null /* broadcastPermission */,
- null /* scheduler */);
+ mIntentReceiver, externalIntentFilter, null /* broadcastPermission */, handler);
// Listen for user add/remove.
final IntentFilter userIntentFilter = new IntentFilter();
userIntentFilter.addAction(Intent.ACTION_USER_ADDED);
userIntentFilter.addAction(Intent.ACTION_USER_REMOVED);
userAllContext.registerReceiver(
- mIntentReceiver, userIntentFilter, null /* broadcastPermission */,
- null /* scheduler */);
+ mIntentReceiver, userIntentFilter, null /* broadcastPermission */, handler);
// Register UIDS_ALLOWED_ON_RESTRICTED_NETWORKS setting observer
mDeps.registerContentObserver(
userAllContext,
Settings.Global.getUriFor(UIDS_ALLOWED_ON_RESTRICTED_NETWORKS),
false /* notifyForDescendants */,
- new ContentObserver(null) {
+ new ContentObserver(handler) {
@Override
public void onChange(boolean selfChange) {
onSettingChanged();
@@ -541,6 +551,7 @@
}
private void sendUidsNetworkPermission(SparseIntArray uids, boolean add) {
+ ensureRunningOnHandlerThread();
List<Integer> network = new ArrayList<>();
List<Integer> system = new ArrayList<>();
for (int i = 0; i < uids.size(); i++) {
@@ -1143,6 +1154,7 @@
*/
@VisibleForTesting
void sendAppIdsTrafficPermission(SparseIntArray netdPermissionsAppIds) {
+ ensureRunningOnHandlerThread();
final ArrayList<Integer> allPermissionAppIds = new ArrayList<>();
final ArrayList<Integer> internetPermissionAppIds = new ArrayList<>();
final ArrayList<Integer> updateStatsPermissionAppIds = new ArrayList<>();