commit 378fd10aa77131c2418150439830bceaef34cff3
author chiachangwang <chiachangwang@google.com> Fri Feb 17 02:48:47 2023 +0000
committer chiachangwang <chiachangwang@google.com> Mon Feb 20 02:33:35 2023 +0000
tree f6919f4f46bc4420b58813af2ed05a78df18feed
parent b5ebe944b57be8962a22e75cbb2a93846257f0e6

Update design to fix non-protected broadcast from system issue

ActivityManager checks if there is any non-protected broadcast
sent from the system to prevent malwares sending the fake intent.
This could be fixed with declaring it as a protected broadcast
which is the current implementation. However, the uid in the
AndroidManifest for tethering is networkstack uid. Though system
only check whether the intent is defined as protected broadcast
or not regardless of where the protected intent is defined, it
is confusing to define the protected intent in tethering
AndroidManifest. Thus, update to alternative way to fulfill
the protection in ActivityManager to declare the required
permission in the broadcast filter and specify the expected
package name of the intent.

Bug: 269383522
Bug: 259000745
Test: atest FrameworksNetTests
Test: manually check no am_wtf log complains sending non-protected
      broadcast from system
Change-Id: I04986aed4fb92f85adcbac8a61665f3f465e2eab

Tethering/AndroidManifest.xml

diff --git a/Tethering/AndroidManifest.xml b/Tethering/AndroidManifest.xml
index 23467e7..6a363b0 100644
--- a/Tethering/AndroidManifest.xml
+++ b/Tethering/AndroidManifest.xml
@@ -45,7 +45,6 @@
 
     <!-- Sending non-protected broadcast from system uid is not allowed. -->
     <protected-broadcast android:name="com.android.server.connectivity.tethering.DISABLE_TETHERING" />
-    <protected-broadcast android:name="com.android.server.connectivity.KeepaliveTracker.TCP_POLLING_ALARM" />
 
     <application
         android:process="com.android.networkstack.process"

service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java

diff --git a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
index b30f649..199010d 100644
--- a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
+++ b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
@@ -16,6 +16,8 @@
 
 package com.android.server.connectivity;
 
+import static android.Manifest.permission.NETWORK_STACK;
+import static android.content.Context.RECEIVER_NOT_EXPORTED;
 import static android.net.NetworkAgent.CMD_START_SOCKET_KEEPALIVE;
 import static android.net.SocketKeepalive.ERROR_INVALID_SOCKET;
 import static android.net.SocketKeepalive.SUCCESS_PAUSED;
@@ -235,6 +237,7 @@
         private PendingIntent createTcpPollingAlarmIntent(@NonNull Context context,
                 @NonNull IBinder token) {
             final Intent intent = new Intent(ACTION_TCP_POLLING_ALARM);
+            intent.setPackage(context.getPackageName());
             // Intent doesn't expose methods to put extra Binders, but Bundle does.
             final Bundle b = new Bundle();
             b.putBinder(EXTRA_BINDER_TOKEN, token);
@@ -272,7 +275,7 @@
 
         if (SdkLevel.isAtLeastU()) {
             mContext.registerReceiver(mReceiver, new IntentFilter(ACTION_TCP_POLLING_ALARM),
-                    null, handler);
+                    NETWORK_STACK, handler, RECEIVER_NOT_EXPORTED);
         }
         mAlarmManager = mContext.getSystemService(AlarmManager.class);
     }