Check network slicing declaration for network request
When the application wants to request network with
NET_CAPABILITY_PRIORITIZE_BANDWIDTH or
NET_CAPABILITY_PRIORITIZE_LATENCY, it has to declare
PackageManager.PROPERTY_NETWORK_SLICE_DECLARATIONS property and also
adds the declaration in a separate XML files. Otherwise, the request
will fail with a SecurityException being thrown.
Test: atest FrameworksNetTests CtsNetTestCases
Bug: 266524688
Change-Id: I6affc857b803211517368da288e1b2fdc06a955b
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index e32ea8f..3a38f45 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -113,6 +113,7 @@
import android.app.BroadcastOptions;
import android.app.PendingIntent;
import android.app.admin.DevicePolicyManager;
+import android.app.compat.CompatChanges;
import android.app.usage.NetworkStatsManager;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
@@ -121,6 +122,7 @@
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.PackageManager;
+import android.content.res.XmlResourceParser;
import android.database.ContentObserver;
import android.net.CaptivePortal;
import android.net.CaptivePortalData;
@@ -195,6 +197,7 @@
import android.net.Uri;
import android.net.VpnManager;
import android.net.VpnTransportInfo;
+import android.net.connectivity.ConnectivityCompatChanges;
import android.net.metrics.IpConnectivityLog;
import android.net.metrics.NetworkEvent;
import android.net.netd.aidl.NativeUidRangeConfig;
@@ -269,6 +272,7 @@
import com.android.networkstack.apishim.ConstantsShim;
import com.android.networkstack.apishim.common.BroadcastOptionsShim;
import com.android.networkstack.apishim.common.UnsupportedApiLevelException;
+import com.android.server.connectivity.ApplicationSelfCertifiedNetworkCapabilities;
import com.android.server.connectivity.AutodestructReference;
import com.android.server.connectivity.AutomaticOnOffKeepaliveTracker;
import com.android.server.connectivity.AutomaticOnOffKeepaliveTracker.AutomaticOnOffKeepalive;
@@ -279,6 +283,7 @@
import com.android.server.connectivity.DnsManager.PrivateDnsValidationUpdate;
import com.android.server.connectivity.DscpPolicyTracker;
import com.android.server.connectivity.FullScore;
+import com.android.server.connectivity.InvalidTagException;
import com.android.server.connectivity.KeepaliveTracker;
import com.android.server.connectivity.LingerMonitor;
import com.android.server.connectivity.MockableSystemProperties;
@@ -300,6 +305,8 @@
import libcore.io.IoUtils;
+import org.xmlpull.v1.XmlPullParserException;
+
import java.io.FileDescriptor;
import java.io.IOException;
import java.io.PrintWriter;
@@ -902,6 +909,13 @@
// Only the handler thread is allowed to access this field.
private long mIngressRateLimit = -1;
+ // This is the cache for the packageName -> ApplicationSelfCertifiedNetworkCapabilities. This
+ // value can be accessed from both handler thread and any random binder thread. Therefore,
+ // accessing this value requires holding a lock.
+ @GuardedBy("mSelfCertifiedCapabilityCache")
+ private final Map<String, ApplicationSelfCertifiedNetworkCapabilities>
+ mSelfCertifiedCapabilityCache = new HashMap<>();
+
/**
* Implements support for the legacy "one network per network type" model.
*
@@ -1452,6 +1466,20 @@
public BroadcastOptionsShim makeBroadcastOptionsShim(BroadcastOptions options) {
return BroadcastOptionsShimImpl.newInstance(options);
}
+
+ /**
+ * Wrapper method for
+ * {@link android.app.compat.CompatChanges#isChangeEnabled(long, String, UserHandle)}.
+ *
+ * @param changeId The ID of the compatibility change in question.
+ * @param packageName The package name of the app in question.
+ * @param user The user that the operation is done for.
+ * @return {@code true} if the change is enabled for the specified package.
+ */
+ public boolean isChangeEnabled(long changeId, @NonNull final String packageName,
+ @NonNull final UserHandle user) {
+ return CompatChanges.isChangeEnabled(changeId, packageName, user);
+ }
}
public ConnectivityService(Context context) {
@@ -6319,6 +6347,11 @@
if (isMappedInOemNetworkPreference(packageName)) {
handleSetOemNetworkPreference(mOemNetworkPreferences, null);
}
+
+ // Invalidates cache entry when the package is updated.
+ synchronized (mSelfCertifiedCapabilityCache) {
+ mSelfCertifiedCapabilityCache.remove(packageName);
+ }
}
private final BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() {
@@ -6947,8 +6980,69 @@
asUid, requests, nr, msgr, binder, callbackFlags, callingAttributionTag);
}
+ private boolean shouldCheckCapabilitiesDeclaration(
+ @NonNull final NetworkCapabilities networkCapabilities, final int callingUid,
+ @NonNull final String callingPackageName) {
+ final UserHandle user = UserHandle.getUserHandleForUid(callingUid);
+ // Only run the check if the change is enabled.
+ if (!mDeps.isChangeEnabled(
+ ConnectivityCompatChanges.ENABLE_SELF_CERTIFIED_CAPABILITIES_DECLARATION,
+ callingPackageName, user)) {
+ return false;
+ }
+
+ return networkCapabilities.hasCapability(
+ NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_BANDWIDTH)
+ || networkCapabilities.hasCapability(
+ NetworkCapabilities.NET_CAPABILITY_PRIORITIZE_LATENCY);
+ }
+
+ private void enforceRequestCapabilitiesDeclaration(@NonNull final String callerPackageName,
+ @NonNull final NetworkCapabilities networkCapabilities) {
+ // This check is added to fix the linter error for "current min is 30", which is not going
+ // to happen because Connectivity service always run in S+.
+ if (!SdkLevel.isAtLeastS()) {
+ Log.wtf(TAG, "Connectivity service should always run in at least SDK S");
+ return;
+ }
+ ApplicationSelfCertifiedNetworkCapabilities applicationNetworkCapabilities;
+ try {
+ synchronized (mSelfCertifiedCapabilityCache) {
+ applicationNetworkCapabilities = mSelfCertifiedCapabilityCache.get(
+ callerPackageName);
+ if (applicationNetworkCapabilities == null) {
+ final PackageManager packageManager = mContext.getPackageManager();
+ final PackageManager.Property networkSliceProperty = packageManager.getProperty(
+ ConstantsShim.PROPERTY_SELF_CERTIFIED_NETWORK_CAPABILITIES,
+ callerPackageName
+ );
+ final XmlResourceParser parser = packageManager
+ .getResourcesForApplication(callerPackageName)
+ .getXml(networkSliceProperty.getResourceId());
+ applicationNetworkCapabilities =
+ ApplicationSelfCertifiedNetworkCapabilities.createFromXml(parser);
+ mSelfCertifiedCapabilityCache.put(callerPackageName,
+ applicationNetworkCapabilities);
+ }
+
+ }
+ } catch (PackageManager.NameNotFoundException ne) {
+ throw new SecurityException(
+ "Cannot find " + ConstantsShim.PROPERTY_SELF_CERTIFIED_NETWORK_CAPABILITIES
+ + " property");
+ } catch (XmlPullParserException | IOException | InvalidTagException e) {
+ throw new SecurityException(e.getMessage());
+ }
+
+ applicationNetworkCapabilities.enforceSelfCertifiedNetworkCapabilitiesDeclared(
+ networkCapabilities);
+ }
private void enforceNetworkRequestPermissions(NetworkCapabilities networkCapabilities,
String callingPackageName, String callingAttributionTag, final int callingUid) {
+ if (shouldCheckCapabilitiesDeclaration(networkCapabilities, callingUid,
+ callingPackageName)) {
+ enforceRequestCapabilitiesDeclaration(callingPackageName, networkCapabilities);
+ }
if (networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) == false) {
// For T+ devices, callers with carrier privilege could request with CBS capabilities.
if (networkCapabilities.hasCapability(NetworkCapabilities.NET_CAPABILITY_CBS)