Merge "Rename redactNetworkCapabilitiesForPackage and update its javadoc"
diff --git a/framework/api/module-lib-current.txt b/framework/api/module-lib-current.txt
index 9fe6505..7f50237 100644
--- a/framework/api/module-lib-current.txt
+++ b/framework/api/module-lib-current.txt
@@ -12,8 +12,8 @@
method @NonNull @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public java.util.List<android.net.NetworkStateSnapshot> getAllNetworkStateSnapshots();
method @Nullable public android.net.ProxyInfo getGlobalProxy();
method @NonNull public static android.util.Range<java.lang.Integer> getIpSecNetIdRange();
- method @Nullable @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public android.net.LinkProperties redactLinkPropertiesForPackage(@NonNull android.net.LinkProperties, int, @NonNull String);
- method @Nullable @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public android.net.NetworkCapabilities redactNetworkCapabilitiesForPackage(@NonNull android.net.NetworkCapabilities, int, @NonNull String);
+ method @Nullable @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public android.net.LinkProperties getRedactedLinkPropertiesForPackage(@NonNull android.net.LinkProperties, int, @NonNull String);
+ method @Nullable @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public android.net.NetworkCapabilities getRedactedNetworkCapabilitiesForPackage(@NonNull android.net.NetworkCapabilities, int, @NonNull String);
method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public void registerDefaultNetworkCallbackForUid(int, @NonNull android.net.ConnectivityManager.NetworkCallback, @NonNull android.os.Handler);
method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public void registerSystemDefaultNetworkCallback(@NonNull android.net.ConnectivityManager.NetworkCallback, @NonNull android.os.Handler);
method @RequiresPermission(anyOf={android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_STACK, android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK}) public void removeUidFromMeteredNetworkAllowList(int);
diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
index 68ca46d..a798f6e 100644
--- a/framework/src/android/net/ConnectivityManager.java
+++ b/framework/src/android/net/ConnectivityManager.java
@@ -1643,10 +1643,10 @@
android.Manifest.permission.NETWORK_SETTINGS})
@SystemApi(client = MODULE_LIBRARIES)
@Nullable
- public LinkProperties redactLinkPropertiesForPackage(@NonNull LinkProperties lp, int uid,
+ public LinkProperties getRedactedLinkPropertiesForPackage(@NonNull LinkProperties lp, int uid,
@NonNull String packageName) {
try {
- return mService.redactLinkPropertiesForPackage(
+ return mService.getRedactedLinkPropertiesForPackage(
lp, uid, packageName, getAttributionTag());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
@@ -1683,9 +1683,11 @@
* Redact {@link NetworkCapabilities} for a given package.
*
* Returns an instance of {@link NetworkCapabilities} that is appropriately redacted to send
- * to the given package, considering its permissions. Calling this method will blame the UID for
- * retrieving the device location if the passed capabilities contain location-sensitive
- * information.
+ * to the given package, considering its permissions. If the passed capabilities contain
+ * location-sensitive information, they will be redacted to the correct degree for the location
+ * permissions of the app (COARSE or FINE), and will blame the UID accordingly for retrieving
+ * that level of location. If the UID holds no location permission, the returned object will
+ * contain no location-sensitive information and the UID is not blamed.
*
* @param nc A {@link NetworkCapabilities} instance which will be redacted.
* @param uid The target uid.
@@ -1700,11 +1702,11 @@
android.Manifest.permission.NETWORK_SETTINGS})
@SystemApi(client = MODULE_LIBRARIES)
@Nullable
- public NetworkCapabilities redactNetworkCapabilitiesForPackage(
+ public NetworkCapabilities getRedactedNetworkCapabilitiesForPackage(
@NonNull NetworkCapabilities nc,
int uid, @NonNull String packageName) {
try {
- return mService.redactNetworkCapabilitiesForPackage(nc, uid, packageName,
+ return mService.getRedactedNetworkCapabilitiesForPackage(nc, uid, packageName,
getAttributionTag());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
diff --git a/framework/src/android/net/IConnectivityManager.aidl b/framework/src/android/net/IConnectivityManager.aidl
index 1e1f653..0988bf3 100644
--- a/framework/src/android/net/IConnectivityManager.aidl
+++ b/framework/src/android/net/IConnectivityManager.aidl
@@ -76,13 +76,13 @@
LinkProperties getActiveLinkProperties();
LinkProperties getLinkPropertiesForType(int networkType);
LinkProperties getLinkProperties(in Network network);
- LinkProperties redactLinkPropertiesForPackage(in LinkProperties lp, int uid, String packageName,
- String callingAttributionTag);
+ LinkProperties getRedactedLinkPropertiesForPackage(in LinkProperties lp, int uid,
+ String packageName, String callingAttributionTag);
NetworkCapabilities getNetworkCapabilities(in Network network, String callingPackageName,
String callingAttributionTag);
- NetworkCapabilities redactNetworkCapabilitiesForPackage(in NetworkCapabilities nc, int uid,
+ NetworkCapabilities getRedactedNetworkCapabilitiesForPackage(in NetworkCapabilities nc, int uid,
String callingPackageName, String callingAttributionTag);
@UnsupportedAppUsage(maxTargetSdk = 30, trackingBug = 170729553)
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index dd92a18..fa8f339 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -2172,7 +2172,7 @@
@Override
@Nullable
- public LinkProperties redactLinkPropertiesForPackage(@NonNull LinkProperties lp, int uid,
+ public LinkProperties getRedactedLinkPropertiesForPackage(@NonNull LinkProperties lp, int uid,
@NonNull String packageName, @Nullable String callingAttributionTag) {
Objects.requireNonNull(packageName);
Objects.requireNonNull(lp);
@@ -2207,8 +2207,9 @@
}
@Override
- public NetworkCapabilities redactNetworkCapabilitiesForPackage(@NonNull NetworkCapabilities nc,
- int uid, @NonNull String packageName, @Nullable String callingAttributionTag) {
+ public NetworkCapabilities getRedactedNetworkCapabilitiesForPackage(
+ @NonNull NetworkCapabilities nc, int uid, @NonNull String packageName,
+ @Nullable String callingAttributionTag) {
Objects.requireNonNull(nc);
Objects.requireNonNull(packageName);
enforceNetworkStackOrSettingsPermission();
diff --git a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
index 5e8bffa..d40bc9f 100644
--- a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
@@ -591,7 +591,7 @@
@DevSdkIgnoreRule.IgnoreUpTo(SC_V2)
@Test
- public void testRedactLinkPropertiesForPackage() throws Exception {
+ public void testGetRedactedLinkPropertiesForPackage() throws Exception {
final String groundedPkg = findPackageByPermissions(
List.of(), /* requiredPermissions */
List.of(ACCESS_NETWORK_STATE) /* forbiddenPermissions */);
@@ -628,54 +628,55 @@
// No matter what the given uid is, a SecurityException will be thrown if the caller
// doesn't hold the NETWORK_SETTINGS permission.
assertThrows(SecurityException.class,
- () -> mCm.redactLinkPropertiesForPackage(lp, groundedUid, groundedPkg));
+ () -> mCm.getRedactedLinkPropertiesForPackage(lp, groundedUid, groundedPkg));
assertThrows(SecurityException.class,
- () -> mCm.redactLinkPropertiesForPackage(lp, normalUid, normalPkg));
+ () -> mCm.getRedactedLinkPropertiesForPackage(lp, normalUid, normalPkg));
assertThrows(SecurityException.class,
- () -> mCm.redactLinkPropertiesForPackage(lp, privilegedUid, privilegedPkg));
+ () -> mCm.getRedactedLinkPropertiesForPackage(lp, privilegedUid, privilegedPkg));
runAsShell(NETWORK_SETTINGS, () -> {
// No matter what the given uid is, if the given LinkProperties is null, then
// NullPointerException will be thrown.
assertThrows(NullPointerException.class,
- () -> mCm.redactLinkPropertiesForPackage(null, groundedUid, groundedPkg));
+ () -> mCm.getRedactedLinkPropertiesForPackage(null, groundedUid, groundedPkg));
assertThrows(NullPointerException.class,
- () -> mCm.redactLinkPropertiesForPackage(null, normalUid, normalPkg));
+ () -> mCm.getRedactedLinkPropertiesForPackage(null, normalUid, normalPkg));
assertThrows(NullPointerException.class,
- () -> mCm.redactLinkPropertiesForPackage(null, privilegedUid, privilegedPkg));
+ () -> mCm.getRedactedLinkPropertiesForPackage(
+ null, privilegedUid, privilegedPkg));
// Make sure null is returned for a UID without ACCESS_NETWORK_STATE.
- assertNull(mCm.redactLinkPropertiesForPackage(lp, groundedUid, groundedPkg));
+ assertNull(mCm.getRedactedLinkPropertiesForPackage(lp, groundedUid, groundedPkg));
// CaptivePortalApiUrl & CaptivePortalData will be set to null if given uid doesn't hold
// the NETWORK_SETTINGS permission.
- assertNull(mCm.redactLinkPropertiesForPackage(lp, normalUid, normalPkg)
+ assertNull(mCm.getRedactedLinkPropertiesForPackage(lp, normalUid, normalPkg)
.getCaptivePortalApiUrl());
- assertNull(mCm.redactLinkPropertiesForPackage(lp, normalUid, normalPkg)
+ assertNull(mCm.getRedactedLinkPropertiesForPackage(lp, normalUid, normalPkg)
.getCaptivePortalData());
// MTU is not sensitive and is not redacted.
- assertEquals(mtu, mCm.redactLinkPropertiesForPackage(lp, normalUid, normalPkg)
+ assertEquals(mtu, mCm.getRedactedLinkPropertiesForPackage(lp, normalUid, normalPkg)
.getMtu());
// CaptivePortalApiUrl & CaptivePortalData will be preserved if the given uid holds the
// NETWORK_SETTINGS permission.
assertEquals(capportUrl,
- mCm.redactLinkPropertiesForPackage(lp, privilegedUid, privilegedPkg)
+ mCm.getRedactedLinkPropertiesForPackage(lp, privilegedUid, privilegedPkg)
.getCaptivePortalApiUrl());
assertEquals(capportData,
- mCm.redactLinkPropertiesForPackage(lp, privilegedUid, privilegedPkg)
+ mCm.getRedactedLinkPropertiesForPackage(lp, privilegedUid, privilegedPkg)
.getCaptivePortalData());
});
}
private NetworkCapabilities redactNc(@NonNull final NetworkCapabilities nc, int uid,
@NonNull String packageName) {
- return mCm.redactNetworkCapabilitiesForPackage(nc, uid, packageName);
+ return mCm.getRedactedNetworkCapabilitiesForPackage(nc, uid, packageName);
}
@DevSdkIgnoreRule.IgnoreUpTo(SC_V2)
@Test
- public void testRedactNetworkCapabilitiesForPackage() throws Exception {
+ public void testGetRedactedNetworkCapabilitiesForPackage() throws Exception {
final String groundedPkg = findPackageByPermissions(
List.of(), /* requiredPermissions */
List.of(ACCESS_NETWORK_STATE) /* forbiddenPermissions */);