Set attributionTag for noteOp(WRITE_SETTINGS) calls
Test: atest FrameworksNetTests TetheringTests:TetheringServiceTest
Bug: 136595429
Merged-In: I33f787644c44d7b0e5ce17a433820cfcd985cdfb
Change-Id: Ic3d937e7bb5141798234ed5b2852c1f768e97495
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
index 6892a94..ad07e7c 100644
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java
@@ -2044,13 +2044,22 @@
public boolean requestRouteToHostAddress(int networkType, InetAddress hostAddress) {
checkLegacyRoutingApiAccess();
try {
- return mService.requestRouteToHostAddress(networkType, hostAddress.getAddress());
+ return mService.requestRouteToHostAddress(networkType, hostAddress.getAddress(),
+ mContext.getOpPackageName(), getAttributionTag());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
+ * @return the context's attribution tag
+ */
+ // TODO: Remove method and replace with direct call once R code is pushed to AOSP
+ private @Nullable String getAttributionTag() {
+ return null;
+ }
+
+ /**
* Returns the value of the setting for background data usage. If false,
* applications should not use the network if the application is not in the
* foreground. Developers should respect this setting, and check the value
@@ -2240,14 +2249,30 @@
* services.jar, possibly in com.android.server.net. */
/** {@hide} */
- public static final void enforceChangePermission(Context context) {
+ public static final void enforceChangePermission(Context context,
+ String callingPkg, String callingAttributionTag) {
int uid = Binder.getCallingUid();
- Settings.checkAndNoteChangeNetworkStateOperation(context, uid, Settings
- .getPackageNameForUid(context, uid), true /* throwException */);
+ checkAndNoteChangeNetworkStateOperation(context, uid, callingPkg,
+ callingAttributionTag, true /* throwException */);
+ }
+
+ /**
+ * Check if the package is a allowed to change the network state. This also accounts that such
+ * an access happened.
+ *
+ * @return {@code true} iff the package is allowed to change the network state.
+ */
+ // TODO: Remove method and replace with direct call once R code is pushed to AOSP
+ private static boolean checkAndNoteChangeNetworkStateOperation(@NonNull Context context,
+ int uid, @NonNull String callingPackage, @Nullable String callingAttributionTag,
+ boolean throwException) {
+ return Settings.checkAndNoteChangeNetworkStateOperation(context, uid, callingPackage,
+ throwException);
}
/** {@hide} */
- public static final void enforceTetherChangePermission(Context context, String callingPkg) {
+ public static final void enforceTetherChangePermission(Context context, String callingPkg,
+ String callingAttributionTag) {
Preconditions.checkNotNull(context, "Context cannot be null");
Preconditions.checkNotNull(callingPkg, "callingPkg cannot be null");
@@ -2261,12 +2286,26 @@
int uid = Binder.getCallingUid();
// If callingPkg's uid is not same as Binder.getCallingUid(),
// AppOpsService throws SecurityException.
- Settings.checkAndNoteWriteSettingsOperation(context, uid, callingPkg,
- true /* throwException */);
+ checkAndNoteWriteSettingsOperation(context, uid, callingPkg,
+ callingAttributionTag, true /* throwException */);
}
}
/**
+ * Check if the package is a allowed to write settings. This also accounts that such an access
+ * happened.
+ *
+ * @return {@code true} iff the package is allowed to write settings.
+ */
+ // TODO: Remove method and replace with direct call once R code is pushed to AOSP
+ private static boolean checkAndNoteWriteSettingsOperation(@NonNull Context context, int uid,
+ @NonNull String callingPackage, @Nullable String callingAttributionTag,
+ boolean throwException) {
+ return Settings.checkAndNoteWriteSettingsOperation(context, uid, callingPackage,
+ throwException);
+ }
+
+ /**
* @deprecated - use getSystemService. This is a kludge to support static access in certain
* situations where a Context pointer is unavailable.
* @hide
@@ -3706,7 +3745,8 @@
need, messenger, binder, callingPackageName);
} else {
request = mService.requestNetwork(
- need, messenger, timeoutMs, binder, legacyType, callingPackageName);
+ need, messenger, timeoutMs, binder, legacyType, callingPackageName,
+ getAttributionTag());
}
if (request != null) {
sCallbacks.put(request, callback);
@@ -3982,7 +4022,8 @@
checkPendingIntentNotNull(operation);
try {
mService.pendingRequestForNetwork(
- request.networkCapabilities, operation, mContext.getOpPackageName());
+ request.networkCapabilities, operation, mContext.getOpPackageName(),
+ getAttributionTag());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (ServiceSpecificException e) {
diff --git a/core/java/android/net/IConnectivityManager.aidl b/core/java/android/net/IConnectivityManager.aidl
index 1434560..b0f79bc 100644
--- a/core/java/android/net/IConnectivityManager.aidl
+++ b/core/java/android/net/IConnectivityManager.aidl
@@ -77,7 +77,8 @@
NetworkQuotaInfo getActiveNetworkQuotaInfo();
boolean isActiveNetworkMetered();
- boolean requestRouteToHostAddress(int networkType, in byte[] hostAddress);
+ boolean requestRouteToHostAddress(int networkType, in byte[] hostAddress,
+ String callingPackageName, String callingAttributionTag);
@UnsupportedAppUsage(maxTargetSdk = 29,
publicAlternatives = "Use {@code TetheringManager#getLastTetherError} as alternative")
@@ -168,10 +169,10 @@
NetworkRequest requestNetwork(in NetworkCapabilities networkCapabilities,
in Messenger messenger, int timeoutSec, in IBinder binder, int legacy,
- String callingPackageName);
+ String callingPackageName, String callingAttributionTag);
NetworkRequest pendingRequestForNetwork(in NetworkCapabilities networkCapabilities,
- in PendingIntent operation, String callingPackageName);
+ in PendingIntent operation, String callingPackageName, String callingAttributionTag);
void releasePendingNetworkRequest(in PendingIntent operation);
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 336a090..4c55c67 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1819,11 +1819,12 @@
* @return {@code true} on success, {@code false} on failure
*/
@Override
- public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) {
+ public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress,
+ String callingPackageName, String callingAttributionTag) {
if (disallowedBecauseSystemCaller()) {
return false;
}
- enforceChangePermission();
+ enforceChangePermission(callingPackageName, callingAttributionTag);
if (mProtectedNetworks.contains(networkType)) {
enforceConnectivityRestrictedNetworksPermission();
}
@@ -2077,8 +2078,8 @@
"ConnectivityService");
}
- private void enforceChangePermission() {
- ConnectivityManager.enforceChangePermission(mContext);
+ private void enforceChangePermission(String callingPkg, String callingAttributionTag) {
+ ConnectivityManager.enforceChangePermission(mContext, callingPkg, callingAttributionTag);
}
private void enforceSettingsPermission() {
@@ -5430,7 +5431,7 @@
@Override
public NetworkRequest requestNetwork(NetworkCapabilities networkCapabilities,
Messenger messenger, int timeoutMs, IBinder binder, int legacyType,
- @NonNull String callingPackageName) {
+ @NonNull String callingPackageName, @Nullable String callingAttributionTag) {
if (legacyType != TYPE_NONE && !checkNetworkStackPermission()) {
if (checkUnsupportedStartingFrom(Build.VERSION_CODES.M, callingPackageName)) {
throw new SecurityException("Insufficient permissions to specify legacy type");
@@ -5448,7 +5449,8 @@
enforceAccessPermission();
} else {
networkCapabilities = new NetworkCapabilities(networkCapabilities);
- enforceNetworkRequestPermissions(networkCapabilities);
+ enforceNetworkRequestPermissions(networkCapabilities, callingPackageName,
+ callingAttributionTag);
// TODO: this is incorrect. We mark the request as metered or not depending on the state
// of the app when the request is filed, but we never change the request if the app
// changes network state. http://b/29964605
@@ -5483,11 +5485,12 @@
return networkRequest;
}
- private void enforceNetworkRequestPermissions(NetworkCapabilities networkCapabilities) {
+ private void enforceNetworkRequestPermissions(NetworkCapabilities networkCapabilities,
+ String callingPackageName, String callingAttributionTag) {
if (networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) == false) {
enforceConnectivityRestrictedNetworksPermission();
} else {
- enforceChangePermission();
+ enforceChangePermission(callingPackageName, callingAttributionTag);
}
}
@@ -5538,11 +5541,13 @@
@Override
public NetworkRequest pendingRequestForNetwork(NetworkCapabilities networkCapabilities,
- PendingIntent operation, @NonNull String callingPackageName) {
+ PendingIntent operation, @NonNull String callingPackageName,
+ @Nullable String callingAttributionTag) {
Objects.requireNonNull(operation, "PendingIntent cannot be null.");
final int callingUid = Binder.getCallingUid();
networkCapabilities = new NetworkCapabilities(networkCapabilities);
- enforceNetworkRequestPermissions(networkCapabilities);
+ enforceNetworkRequestPermissions(networkCapabilities, callingPackageName,
+ callingAttributionTag);
enforceMeteredApnPolicy(networkCapabilities);
ensureRequestableCapabilities(networkCapabilities);
ensureSufficientPermissionsForRequest(networkCapabilities,
diff --git a/tests/net/java/android/net/ConnectivityManagerTest.java b/tests/net/java/android/net/ConnectivityManagerTest.java
index d6bf334..d74a621 100644
--- a/tests/net/java/android/net/ConnectivityManagerTest.java
+++ b/tests/net/java/android/net/ConnectivityManagerTest.java
@@ -36,6 +36,7 @@
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.nullable;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.anyBoolean;
import static org.mockito.Mockito.anyInt;
@@ -213,7 +214,7 @@
// register callback
when(mService.requestNetwork(
- any(), captor.capture(), anyInt(), any(), anyInt(), any()))
+ any(), captor.capture(), anyInt(), any(), anyInt(), any(), nullable(String.class)))
.thenReturn(request);
manager.requestNetwork(request, callback, handler);
@@ -242,7 +243,7 @@
// register callback
when(mService.requestNetwork(
- any(), captor.capture(), anyInt(), any(), anyInt(), any()))
+ any(), captor.capture(), anyInt(), any(), anyInt(), any(), nullable(String.class)))
.thenReturn(req1);
manager.requestNetwork(req1, callback, handler);
@@ -261,7 +262,7 @@
// callback can be registered again
when(mService.requestNetwork(
- any(), captor.capture(), anyInt(), any(), anyInt(), any()))
+ any(), captor.capture(), anyInt(), any(), anyInt(), any(), nullable(String.class)))
.thenReturn(req2);
manager.requestNetwork(req2, callback, handler);
@@ -285,8 +286,8 @@
info.targetSdkVersion = VERSION_CODES.N_MR1 + 1;
when(mCtx.getApplicationInfo()).thenReturn(info);
- when(mService.requestNetwork(any(), any(), anyInt(), any(), anyInt(), any()))
- .thenReturn(request);
+ when(mService.requestNetwork(any(), any(), anyInt(), any(), anyInt(), any(),
+ nullable(String.class))).thenReturn(request);
Handler handler = new Handler(Looper.getMainLooper());
manager.requestNetwork(request, callback, handler);
diff --git a/tests/net/java/com/android/server/ConnectivityServiceTest.java b/tests/net/java/com/android/server/ConnectivityServiceTest.java
index a478e68..aa5c941 100644
--- a/tests/net/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/net/java/com/android/server/ConnectivityServiceTest.java
@@ -3049,6 +3049,13 @@
assertNoCallbacks(cEmpty1, cEmpty2, cEmpty3, cEmpty4, cFoo, cBar);
}
+ /**
+ * @return the context's attribution tag
+ */
+ private String getAttributionTag() {
+ return null;
+ }
+
@Test
public void testInvalidNetworkSpecifier() {
assertThrows(IllegalArgumentException.class, () -> {
@@ -3061,7 +3068,8 @@
networkCapabilities.addTransportType(TRANSPORT_WIFI)
.setNetworkSpecifier(new MatchAllNetworkSpecifier());
mService.requestNetwork(networkCapabilities, null, 0, null,
- ConnectivityManager.TYPE_WIFI, mContext.getPackageName());
+ ConnectivityManager.TYPE_WIFI, mContext.getPackageName(),
+ getAttributionTag());
});
class NonParcelableSpecifier extends NetworkSpecifier {