Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 5301778ad8d3b86d7475f1a0f3e1c831cba8acb6^! / . / service / src / com / android / server / ConnectivityService.java
commit5301778ad8d3b86d7475f1a0f3e1c831cba8acb6[log] [tgz]
authorChalard Jean <jchalard@google.com>Thu Nov 24 17:13:44 2022 +0900
committerChalard Jean <jchalard@google.com>Mon Nov 20 12:16:39 2023 +0900
treefaa74e0613f23a8deff9980165ea684bf1f55243
parentcc2e72735d4b5f1f328ea17155a49c112ad47cda [diff] [blame]
Add more powerful CTS for allowedUids

This tests that the network providers are subject to appropriate
limitations as to what they can set as allowedUids – both in the
positive (can do) case, and the negative (can't do) case.

Test: this
Change-Id: I115e2a4bc02ddcd03ecf2f35130fcb0378da22bd

diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index ea6d37e..6a41bc6 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -2649,6 +2649,13 @@
         }
     }
 
+    private boolean canSeeAllowedUids(final int pid, final int uid, final int netOwnerUid) {
+        return Process.SYSTEM_UID == uid
+                || netOwnerUid == uid
+                || checkAnyPermissionOf(mContext, pid, uid,
+                        android.Manifest.permission.NETWORK_FACTORY);
+    }
+
     @VisibleForTesting
     NetworkCapabilities networkCapabilitiesRestrictedForCallerPermissions(
             NetworkCapabilities nc, int callerPid, int callerUid) {
@@ -2670,8 +2677,7 @@
                 NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)) {
             newNc.setAdministratorUids(new int[0]);
         }
-        if (!checkAnyPermissionOf(mContext,
-                callerPid, callerUid, android.Manifest.permission.NETWORK_FACTORY)) {
+        if (!canSeeAllowedUids(callerPid, callerUid, newNc.getOwnerUid())) {
             newNc.setAllowedUids(new ArraySet<>());
             newNc.setSubscriptionIds(Collections.emptySet());
         }
@@ -3944,6 +3950,11 @@
         pw.println();
         dumpBpfProgramStatus(pw);
 
+        if (null != mCarrierPrivilegeAuthenticator) {
+            pw.println();
+            mCarrierPrivilegeAuthenticator.dump(pw);
+        }
+
         pw.println();
 
         if (!CollectionUtils.contains(args, SHORT_ARG)) {