Merge "Address format check issues" into main
diff --git a/framework-t/src/android/net/NetworkStatsAccess.java b/framework-t/src/android/net/NetworkStatsAccess.java
index 23902dc..7fe499b 100644
--- a/framework-t/src/android/net/NetworkStatsAccess.java
+++ b/framework-t/src/android/net/NetworkStatsAccess.java
@@ -23,6 +23,7 @@
import android.Manifest;
import android.annotation.IntDef;
+import android.annotation.Nullable;
import android.app.AppOpsManager;
import android.app.admin.DevicePolicyManager;
import android.content.Context;
@@ -109,7 +110,7 @@
/** Returns the {@link NetworkStatsAccess.Level} for the given caller. */
public static @NetworkStatsAccess.Level int checkAccessLevel(
- Context context, int callingPid, int callingUid, String callingPackage) {
+ Context context, int callingPid, int callingUid, @Nullable String callingPackage) {
final DevicePolicyManager mDpm = context.getSystemService(DevicePolicyManager.class);
final TelephonyManager tm = (TelephonyManager)
context.getSystemService(Context.TELEPHONY_SERVICE);
diff --git a/service-t/src/com/android/server/net/NetworkStatsService.java b/service-t/src/com/android/server/net/NetworkStatsService.java
index eb75461..7cf6293 100644
--- a/service-t/src/com/android/server/net/NetworkStatsService.java
+++ b/service-t/src/com/android/server/net/NetworkStatsService.java
@@ -492,9 +492,10 @@
*/
private static class OpenSessionKey {
public final int uid;
+ @Nullable
public final String packageName;
- OpenSessionKey(int uid, @NonNull String packageName) {
+ OpenSessionKey(int uid, @Nullable String packageName) {
this.uid = uid;
this.packageName = packageName;
}
@@ -1461,7 +1462,7 @@
return now - lastCallTime < POLL_RATE_LIMIT_MS;
}
- private int restrictFlagsForCaller(int flags, @NonNull String callingPackage) {
+ private int restrictFlagsForCaller(int flags, @Nullable String callingPackage) {
// All non-privileged callers are not allowed to turn off POLL_ON_OPEN.
final boolean isPrivileged = PermissionUtils.checkAnyPermissionOf(mContext,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
@@ -1478,7 +1479,8 @@
return flags;
}
- private INetworkStatsSession openSessionInternal(final int flags, final String callingPackage) {
+ private INetworkStatsSession openSessionInternal(
+ final int flags, @Nullable final String callingPackage) {
final int restrictedFlags = restrictFlagsForCaller(flags, callingPackage);
if ((restrictedFlags & (NetworkStatsManager.FLAG_POLL_ON_OPEN
| NetworkStatsManager.FLAG_POLL_FORCE)) != 0) {
@@ -1495,6 +1497,7 @@
return new INetworkStatsSession.Stub() {
private final int mCallingUid = Binder.getCallingUid();
+ @Nullable
private final String mCallingPackage = callingPackage;
private final @NetworkStatsAccess.Level int mAccessLevel = checkAccessLevel(
callingPackage);
@@ -1633,7 +1636,7 @@
}
private void enforceTemplatePermissions(@NonNull NetworkTemplate template,
- @NonNull String callingPackage) {
+ @Nullable String callingPackage) {
// For a template with wifi network keys, it is possible for a malicious
// client to track the user locations via querying data usage. Thus, enforce
// fine location permission check.
@@ -1654,7 +1657,7 @@
}
}
- private @NetworkStatsAccess.Level int checkAccessLevel(String callingPackage) {
+ private @NetworkStatsAccess.Level int checkAccessLevel(@Nullable String callingPackage) {
return NetworkStatsAccess.checkAccessLevel(
mContext, Binder.getCallingPid(), Binder.getCallingUid(), callingPackage);
}
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 3391323..1264b0c 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -3021,26 +3021,6 @@
return false;
}
- private int getAppUid(final String app, final UserHandle user) {
- final PackageManager pm =
- mContext.createContextAsUser(user, 0 /* flags */).getPackageManager();
- final long token = Binder.clearCallingIdentity();
- try {
- return pm.getPackageUid(app, 0 /* flags */);
- } catch (PackageManager.NameNotFoundException e) {
- return -1;
- } finally {
- Binder.restoreCallingIdentity(token);
- }
- }
-
- private void verifyCallingUidAndPackage(String packageName, int callingUid) {
- final UserHandle user = UserHandle.getUserHandleForUid(callingUid);
- if (getAppUid(packageName, user) != callingUid) {
- throw new SecurityException(packageName + " does not belong to uid " + callingUid);
- }
- }
-
/**
* Ensure that a network route exists to deliver traffic to the specified
* host via the specified network interface.
@@ -3056,7 +3036,8 @@
if (disallowedBecauseSystemCaller()) {
return false;
}
- verifyCallingUidAndPackage(callingPackageName, mDeps.getCallingUid());
+ PermissionUtils.enforcePackageNameMatchesUid(
+ mContext, mDeps.getCallingUid(), callingPackageName);
enforceChangePermission(callingPackageName, callingAttributionTag);
if (mProtectedNetworks.contains(networkType)) {
enforceConnectivityRestrictedNetworksPermission(true /* checkUidsAllowedList */);
diff --git a/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java b/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java
index cd1f31c..f6bee69 100644
--- a/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java
+++ b/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java
@@ -189,8 +189,9 @@
* @param message A message describing why the permission was checked. Only needed if this is
* not inside of a two-way binder call from the data receiver
*/
- public boolean checkCallersLocationPermission(String pkgName, @Nullable String featureId,
- int uid, boolean coarseForTargetSdkLessThanQ, @Nullable String message) {
+ public boolean checkCallersLocationPermission(@Nullable String pkgName,
+ @Nullable String featureId, int uid, boolean coarseForTargetSdkLessThanQ,
+ @Nullable String message) {
boolean isTargetSdkLessThanQ = isTargetSdkLessThan(pkgName, Build.VERSION_CODES.Q, uid);
diff --git a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
index 8315b8f..f167d3d 100644
--- a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
+++ b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
@@ -27,7 +27,9 @@
import android.annotation.Nullable;
import android.content.Context;
import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
import android.os.Binder;
+import android.os.UserHandle;
import java.io.PrintWriter;
import java.util.ArrayList;
@@ -183,4 +185,33 @@
}
return result;
}
+
+ /**
+ * Enforces that the given package name belongs to the given uid.
+ *
+ * @param context {@link android.content.Context} for the process.
+ * @param uid User ID to check the package ownership for.
+ * @param packageName Package name to verify.
+ * @throws SecurityException If the package does not belong to the specified uid.
+ */
+ public static void enforcePackageNameMatchesUid(
+ @NonNull Context context, int uid, @Nullable String packageName) {
+ final UserHandle user = UserHandle.getUserHandleForUid(uid);
+ if (getAppUid(context, packageName, user) != uid) {
+ throw new SecurityException(packageName + " does not belong to uid " + uid);
+ }
+ }
+
+ private static int getAppUid(Context context, final String app, final UserHandle user) {
+ final PackageManager pm =
+ context.createContextAsUser(user, 0 /* flags */).getPackageManager();
+ final long token = Binder.clearCallingIdentity();
+ try {
+ return pm.getPackageUid(app, 0 /* flags */);
+ } catch (PackageManager.NameNotFoundException e) {
+ return -1;
+ } finally {
+ Binder.restoreCallingIdentity(token);
+ }
+ }
}
diff --git a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
index c5a91a4..d5b43fb 100644
--- a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
+++ b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
@@ -19,6 +19,7 @@
import android.Manifest.permission.NETWORK_STACK
import android.content.Context
import android.content.pm.PackageManager
+import android.content.pm.PackageManager.NameNotFoundException
import android.content.pm.PackageManager.PERMISSION_DENIED
import android.content.pm.PackageManager.PERMISSION_GRANTED
import android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
@@ -28,6 +29,7 @@
import com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr
+import com.android.net.module.util.PermissionUtils.enforcePackageNameMatchesUid
import com.android.net.module.util.PermissionUtils.enforceSystemFeature
import com.android.testutils.DevSdkIgnoreRule
import com.android.testutils.DevSdkIgnoreRunner
@@ -42,7 +44,10 @@
import org.junit.runner.RunWith
import org.mockito.ArgumentMatchers
import org.mockito.ArgumentMatchers.any
+import org.mockito.ArgumentMatchers.anyInt
+import org.mockito.ArgumentMatchers.eq
import org.mockito.Mockito.doReturn
+import org.mockito.Mockito.doThrow
import org.mockito.Mockito.mock
/** Tests for PermissionUtils */
@@ -53,6 +58,9 @@
val ignoreRule = DevSdkIgnoreRule()
private val TEST_PERMISSION1 = "android.permission.TEST_PERMISSION1"
private val TEST_PERMISSION2 = "android.permission.TEST_PERMISSION2"
+ private val TEST_UID1 = 1234
+ private val TEST_UID2 = 1235
+ private val TEST_PACKAGE_NAME = "test.package"
private val mockContext = mock(Context::class.java)
private val mockPackageManager = mock(PackageManager::class.java)
@@ -61,6 +69,7 @@
@Before
fun setup() {
doReturn(mockPackageManager).`when`(mockContext).packageManager
+ doReturn(mockContext).`when`(mockContext).createContextAsUser(any(), anyInt())
}
@Test
@@ -141,4 +150,24 @@
Assert.fail("Exception should have not been thrown with system feature enabled")
}
}
+
+ @Test
+ fun testEnforcePackageNameMatchesUid() {
+ // Verify name not found throws.
+ doThrow(NameNotFoundException()).`when`(mockPackageManager)
+ .getPackageUid(eq(TEST_PACKAGE_NAME), anyInt())
+ assertFailsWith<SecurityException> {
+ enforcePackageNameMatchesUid(mockContext, TEST_UID1, TEST_PACKAGE_NAME)
+ }
+
+ // Verify uid mismatch throws.
+ doReturn(TEST_UID1).`when`(mockPackageManager)
+ .getPackageUid(eq(TEST_PACKAGE_NAME), anyInt())
+ assertFailsWith<SecurityException> {
+ enforcePackageNameMatchesUid(mockContext, TEST_UID2, TEST_PACKAGE_NAME)
+ }
+
+ // Verify uid match passes.
+ enforcePackageNameMatchesUid(mockContext, TEST_UID1, TEST_PACKAGE_NAME)
+ }
}