Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 6cac07422e004b5292f410439425fcba8f7010b9^! / . / services / java / com
commit6cac07422e004b5292f410439425fcba8f7010b9[log] [tgz]
authorRobert Greenwalt <rgreenwalt@google.com>Tue Jun 21 17:26:14 2011 -0700
committerRobert Greenwalt <rgreenwalt@google.com>Wed Jun 22 16:35:12 2011 -0700
treefb47b301ca6d9333dd6de1456a28ab5607f699ec
parent33cdcdf2fac67a336d64baaf412522488618bac1 [diff]
Restrict access to protected networks.

Some networks should only be brought up and controlled by system apps.

bug: 4585677
Change-Id: I61b1ee3dcfca0ee54387cecffe5198a0b010d98b

diff --git a/services/java/com/android/server/ConnectivityService.java b/services/java/com/android/server/ConnectivityService.java
index a8ddc15..e11190f 100644
--- a/services/java/com/android/server/ConnectivityService.java
+++ b/services/java/com/android/server/ConnectivityService.java

@@ -250,6 +250,9 @@
     }
     RadioAttributes[] mRadioAttributes;
 
+    // the set of network types that can only be enabled by system/sig apps
+    List mProtectedNetworks;
+
     public static synchronized ConnectivityService getInstance(Context context) {
         if (sServiceInstance == null) {
             sServiceInstance = new ConnectivityService(context);
@@ -349,6 +352,17 @@
             }
         }
 
+        mProtectedNetworks = new ArrayList<Integer>();
+        int[] protectedNetworks = context.getResources().getIntArray(
+                com.android.internal.R.array.config_protectedNetworks);
+        for (int p : protectedNetworks) {
+            if ((mNetConfigs[p] != null) && (mProtectedNetworks.contains(p) == false)) {
+                mProtectedNetworks.add(p);
+            } else {
+                if (DBG) loge("Ignoring protectedNetwork " + p);
+            }
+        }
+
         // high priority first
         mPriorityList = new int[mNetworksDefined];
         {
@@ -678,6 +692,11 @@
                 usedNetworkType = networkType;
             }
         }
+
+        if (mProtectedNetworks.contains(usedNetworkType)) {
+            enforceConnectivityInternalPermission();
+        }
+
         NetworkStateTracker network = mNetTrackers[usedNetworkType];
         if (network != null) {
             Integer currentPid = new Integer(getCallingPid());
@@ -888,6 +907,10 @@
      */
     public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) {
         enforceChangePermission();
+        if (mProtectedNetworks.contains(networkType)) {
+            enforceConnectivityInternalPermission();
+        }
+
         if (!ConnectivityManager.isNetworkTypeValid(networkType)) {
             return false;
         }
@@ -1005,7 +1028,8 @@
     }
 
     public void setDataDependency(int networkType, boolean met) {
-        enforceChangePermission();
+        enforceConnectivityInternalPermission();
+
         if (DBG) {
             log("setDataDependency(" + networkType + ", " + met + ")");
         }