Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 86714b1fd20fc0161d7201b78f7402280e4e97b7^! / . / service / src / com / android / server
commit86714b1fd20fc0161d7201b78f7402280e4e97b7[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Mon May 17 20:31:21 2021 +0900
committerLorenzo Colitti <lorenzo@google.com>Tue May 18 12:24:07 2021 +0900
tree5e6ba2d7e170062cf85f2e9af5c79605414da2a5
parent1bbb7a75704a5cbf94db971c43ff54740df55799 [diff]
Allow unprivileged NetworkCallbacks to see other UIDs' networks.

Currently, unprivileged apps can call getAllNetworks() to see
all networks on the system, even networks that do not apply to
them. Allow them to do this via NetworkCallbacks as well.

This is the last piece of information that was only available
through getAllNetworks, so this CL deprecates that API.

Bug: 187921303
Test: new unit tests
Test: CTS test in other CL in topic
Change-Id: I30f1021927d3c8eae6525116c61ff4a4acecff6d

diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 197226a..aa0f058 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -2156,10 +2156,22 @@
 
     private void restrictRequestUidsForCallerAndSetRequestorInfo(NetworkCapabilities nc,
             int callerUid, String callerPackageName) {
+        // There is no need to track the effective UID of the request here. If the caller
+        // lacks the settings permission, the effective UID is the same as the calling ID.
         if (!checkSettingsPermission()) {
-            // There is no need to track the effective UID of the request here. If the caller lacks
-            // the settings permission, the effective UID is the same as the calling ID.
-            nc.setSingleUid(callerUid);
+            // Unprivileged apps can only pass in null or their own UID.
+            if (nc.getUids() == null) {
+                // If the caller passes in null, the callback will also match networks that do not
+                // apply to its UID, similarly to what it would see if it called getAllNetworks.
+                // In this case, redact everything in the request immediately. This ensures that the
+                // app is not able to get any redacted information by filing an unredacted request
+                // and observing whether the request matches something.
+                if (nc.getNetworkSpecifier() != null) {
+                    nc.setNetworkSpecifier(nc.getNetworkSpecifier().redact());
+                }
+            } else {
+                nc.setSingleUid(callerUid);
+            }
         }
         nc.setRequestorUidAndPackageName(callerUid, callerPackageName);
         nc.setAdministratorUids(new int[0]);