Merge "Get the permission information for native services" am: 743a1c8001 am: cfe2cc942a
am: 875019ae5f
Change-Id: I798cf00caee4f505d45929ddf9ccd03e658c4c3c
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
index 30771eb..0c55934 100644
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
@@ -43,12 +43,15 @@
import android.os.RemoteException;
import android.os.UserHandle;
import android.os.UserManager;
+import android.util.ArraySet;
import android.util.Log;
+import android.util.SparseArray;
import android.util.SparseIntArray;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.ArrayUtils;
import com.android.server.LocalServices;
+import com.android.server.SystemConfig;
import java.util.ArrayList;
import java.util.HashMap;
@@ -170,6 +173,23 @@
}
}
+ final SparseArray<ArraySet<String>> systemPermission =
+ SystemConfig.getInstance().getSystemPermissions();
+ for (int i = 0; i < systemPermission.size(); i++) {
+ ArraySet<String> perms = systemPermission.valueAt(i);
+ int uid = systemPermission.keyAt(i);
+ int netdPermission = 0;
+ // Get the uids of native services that have UPDATE_DEVICE_STATS permission.
+ if (perms != null) {
+ netdPermission |= perms.contains(UPDATE_DEVICE_STATS)
+ ? INetd.PERMISSION_UPDATE_DEVICE_STATS : 0;
+ }
+ // For internet permission, the native services have their own selinux domains and
+ // sepolicy will control the socket creation during run time. netd cannot block the
+ // socket creation based on the permission information here.
+ netdPermission |= INetd.PERMISSION_INTERNET;
+ netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission);
+ }
log("Users: " + mUsers.size() + ", Apps: " + mApps.size());
update(mUsers, mApps, true);
sendPackagePermissionsToNetd(netdPermsUids);