Merge "Rename to isNetworkStackFeatureEnabled" into main
diff --git a/staticlibs/device/com/android/net/module/util/structs/IaAddressOption.java b/staticlibs/device/com/android/net/module/util/structs/IaAddressOption.java
new file mode 100644
index 0000000..575a1f3
--- /dev/null
+++ b/staticlibs/device/com/android/net/module/util/structs/IaAddressOption.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.net.module.util.structs;
+
+import static com.android.net.module.util.NetworkStackConstants.DHCP6_OPTION_IA_ADDR;
+
+import com.android.net.module.util.Struct;
+import com.android.net.module.util.Struct.Field;
+import com.android.net.module.util.Struct.Type;
+
+import java.net.Inet6Address;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+
+/**
+ * DHCPv6 IA Address option.
+ * https://tools.ietf.org/html/rfc8415. This does not contain any option.
+ *
+ * 0 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | OPTION_IAADDR | option-len |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | |
+ * | IPv6-address |
+ * | |
+ * | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | preferred-lifetime |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | valid-lifetime |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * . .
+ * . IAaddr-options .
+ * . .
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+public class IaAddressOption extends Struct {
+ public static final int LENGTH = 24; // option length excluding IAaddr-options
+
+ @Field(order = 0, type = Type.S16)
+ public final short code;
+ @Field(order = 1, type = Type.S16)
+ public final short length;
+ @Field(order = 2, type = Type.Ipv6Address)
+ public final Inet6Address address;
+ @Field(order = 3, type = Type.U32)
+ public final long preferred;
+ @Field(order = 4, type = Type.U32)
+ public final long valid;
+
+ IaAddressOption(final short code, final short length, final Inet6Address address,
+ final long preferred, final long valid) {
+ this.code = code;
+ this.length = length;
+ this.address = address;
+ this.preferred = preferred;
+ this.valid = valid;
+ }
+
+ /**
+ * Build an IA Address option from the required specific parameters.
+ */
+ public static ByteBuffer build(final short length, final long id, final Inet6Address address,
+ final long preferred, final long valid) {
+ final IaAddressOption option = new IaAddressOption((short) DHCP6_OPTION_IA_ADDR,
+ length /* 24 + IAaddr-options length */, address, preferred, valid);
+ return ByteBuffer.wrap(option.writeToBytes(ByteOrder.BIG_ENDIAN));
+ }
+}
diff --git a/staticlibs/device/com/android/net/module/util/structs/IaPrefixOption.java b/staticlibs/device/com/android/net/module/util/structs/IaPrefixOption.java
index f0e4409..59d655c 100644
--- a/staticlibs/device/com/android/net/module/util/structs/IaPrefixOption.java
+++ b/staticlibs/device/com/android/net/module/util/structs/IaPrefixOption.java
@@ -18,8 +18,6 @@
import static com.android.net.module.util.NetworkStackConstants.DHCP6_OPTION_IAPREFIX;
-import androidx.annotation.VisibleForTesting;
-
import com.android.net.module.util.Struct;
import com.android.net.module.util.Struct.Field;
import com.android.net.module.util.Struct.Type;
@@ -69,7 +67,6 @@
@Field(order = 5, type = Type.ByteArray, arraysize = 16)
public final byte[] prefix;
- @VisibleForTesting
public IaPrefixOption(final short code, final short length, final long preferred,
final long valid, final byte prefixLen, final byte[] prefix) {
this.code = code;
diff --git a/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java b/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java
index 9149160..f9895c6 100644
--- a/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java
+++ b/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java
@@ -240,6 +240,7 @@
public static final int DHCP6_SERVER_PORT = 547;
public static final Inet6Address ALL_DHCP_RELAY_AGENTS_AND_SERVERS =
(Inet6Address) InetAddresses.parseNumericAddress("ff02::1:2");
+ public static final int DHCP6_OPTION_IA_ADDR = 5;
public static final int DHCP6_OPTION_IA_PD = 25;
public static final int DHCP6_OPTION_IAPREFIX = 26;
diff --git a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
index 8315b8f..d5b4c90 100644
--- a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
+++ b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
@@ -21,12 +21,15 @@
import static android.Manifest.permission.NETWORK_STACK;
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+import static android.content.pm.PermissionInfo.PROTECTION_SIGNATURE;
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.Context;
import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PermissionInfo;
import android.os.Binder;
import java.io.PrintWriter;
@@ -54,6 +57,25 @@
}
/**
+ * Return true if the permission has system signature.
+ */
+ public static boolean isSystemSignaturePermission(@NonNull Context context,
+ @NonNull String permission) {
+ try {
+ PermissionInfo permissionInfo = context.getPackageManager().getPermissionInfo(
+ permission, 0 /* flags */);
+ if (permissionInfo == null) {
+ return false;
+ }
+ return "android".equals(permissionInfo.packageName)
+ && permissionInfo.getProtection() == PROTECTION_SIGNATURE;
+ } catch (PackageManager.NameNotFoundException ignored) {
+ // Ignored the NameNotFoundException and return false
+ }
+ return false;
+ }
+
+ /**
* Return true if the context has one of give permission that is allowed
* for a particular process and user ID running in the system.
*/
diff --git a/staticlibs/native/bpf_syscall_wrappers/include/BpfSyscallWrappers.h b/staticlibs/native/bpf_syscall_wrappers/include/BpfSyscallWrappers.h
index ba16d53..13f7cb3 100644
--- a/staticlibs/native/bpf_syscall_wrappers/include/BpfSyscallWrappers.h
+++ b/staticlibs/native/bpf_syscall_wrappers/include/BpfSyscallWrappers.h
@@ -175,8 +175,8 @@
return bpf(BPF_PROG_RUN, {
.test = {
.prog_fd = BPF_FD_TO_U32(prog_fd),
- .data_in = ptr_to_u64(data),
.data_size_in = data_size,
+ .data_in = ptr_to_u64(data),
},
});
}
diff --git a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
index 1b6cbcb..028308b 100644
--- a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
+++ b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
@@ -16,96 +16,115 @@
package com.android.net.module.util
+import android.Manifest.permission.INTERNET
+import android.Manifest.permission.NETWORK_SETTINGS
import android.Manifest.permission.NETWORK_STACK
import android.content.Context
import android.content.pm.PackageManager
import android.content.pm.PackageManager.PERMISSION_DENIED
import android.content.pm.PackageManager.PERMISSION_GRANTED
import android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
+import android.os.Build
import androidx.test.filters.SmallTest
-import androidx.test.runner.AndroidJUnit4
+import androidx.test.platform.app.InstrumentationRegistry
import com.android.net.module.util.PermissionUtils.checkAnyPermissionOf
import com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr
import com.android.net.module.util.PermissionUtils.enforceSystemFeature
+import com.android.testutils.DevSdkIgnoreRule
+import com.android.testutils.DevSdkIgnoreRunner
+import kotlin.test.assertEquals
+import kotlin.test.assertFailsWith
+import kotlin.test.assertFalse
+import kotlin.test.assertTrue
import org.junit.Assert
-import org.junit.Assert.assertFalse
-import org.junit.Assert.assertTrue
import org.junit.Before
+import org.junit.Rule
import org.junit.Test
import org.junit.runner.RunWith
import org.mockito.ArgumentMatchers
import org.mockito.ArgumentMatchers.any
import org.mockito.Mockito.doReturn
import org.mockito.Mockito.mock
-import kotlin.test.assertEquals
-import kotlin.test.assertFailsWith
/** Tests for PermissionUtils */
-@RunWith(AndroidJUnit4::class)
+@RunWith(DevSdkIgnoreRunner::class)
@SmallTest
class PermissionUtilsTest {
+ @get:Rule
+ val ignoreRule = DevSdkIgnoreRule()
private val TEST_PERMISSION1 = "android.permission.TEST_PERMISSION1"
private val TEST_PERMISSION2 = "android.permission.TEST_PERMISSION2"
- private val context = mock(Context::class.java)
- private val packageManager = mock(PackageManager::class.java)
+ private val mockContext = mock(Context::class.java)
+ private val mockPackageManager = mock(PackageManager::class.java)
+
+ private val context by lazy { InstrumentationRegistry.getInstrumentation().context }
@Before
fun setup() {
- doReturn(packageManager).`when`(context).packageManager
+ doReturn(mockPackageManager).`when`(mockContext).packageManager
}
@Test
fun testEnforceAnyPermissionOf() {
- doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION1)
- doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION2)
- assertTrue(checkAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2))
- enforceAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2)
+ doReturn(PERMISSION_GRANTED).`when`(mockContext)
+ .checkCallingOrSelfPermission(TEST_PERMISSION1)
+ doReturn(PERMISSION_DENIED).`when`(mockContext)
+ .checkCallingOrSelfPermission(TEST_PERMISSION2)
+ assertTrue(checkAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
+ enforceAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2)
- doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION1)
- doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION2)
- assertTrue(checkAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2))
- enforceAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2)
+ doReturn(PERMISSION_DENIED).`when`(mockContext)
+ .checkCallingOrSelfPermission(TEST_PERMISSION1)
+ doReturn(PERMISSION_GRANTED).`when`(mockContext)
+ .checkCallingOrSelfPermission(TEST_PERMISSION2)
+ assertTrue(checkAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
+ enforceAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2)
- doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(any())
- assertFalse(checkAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2))
+ doReturn(PERMISSION_DENIED).`when`(mockContext).checkCallingOrSelfPermission(any())
+ assertFalse(checkAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
assertFailsWith<SecurityException>("Expect fail but permission granted.") {
- enforceAnyPermissionOf(context, TEST_PERMISSION1, TEST_PERMISSION2) }
+ enforceAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2)
+ }
}
@Test
fun testEnforceNetworkStackPermissionOr() {
- doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(NETWORK_STACK)
- doReturn(PERMISSION_DENIED).`when`(context)
- .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
- enforceNetworkStackPermission(context)
- enforceNetworkStackPermissionOr(context, TEST_PERMISSION1)
+ doReturn(PERMISSION_GRANTED).`when`(mockContext).checkCallingOrSelfPermission(NETWORK_STACK)
+ doReturn(PERMISSION_DENIED).`when`(mockContext)
+ .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
+ enforceNetworkStackPermission(mockContext)
+ enforceNetworkStackPermissionOr(mockContext, TEST_PERMISSION1)
- doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(NETWORK_STACK)
- doReturn(PERMISSION_GRANTED).`when`(context)
- .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
- enforceNetworkStackPermission(context)
- enforceNetworkStackPermissionOr(context, TEST_PERMISSION2)
+ doReturn(PERMISSION_DENIED).`when`(mockContext).checkCallingOrSelfPermission(NETWORK_STACK)
+ doReturn(PERMISSION_GRANTED).`when`(mockContext)
+ .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
+ enforceNetworkStackPermission(mockContext)
+ enforceNetworkStackPermissionOr(mockContext, TEST_PERMISSION2)
- doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(NETWORK_STACK)
- doReturn(PERMISSION_DENIED).`when`(context)
- .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
- doReturn(PERMISSION_GRANTED).`when`(context).checkCallingOrSelfPermission(TEST_PERMISSION1)
+ doReturn(PERMISSION_DENIED).`when`(mockContext).checkCallingOrSelfPermission(NETWORK_STACK)
+ doReturn(PERMISSION_DENIED).`when`(mockContext)
+ .checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK)
+ doReturn(PERMISSION_GRANTED).`when`(mockContext)
+ .checkCallingOrSelfPermission(TEST_PERMISSION1)
assertFailsWith<SecurityException>("Expect fail but permission granted.") {
- enforceNetworkStackPermission(context) }
- enforceNetworkStackPermissionOr(context, TEST_PERMISSION1)
+ enforceNetworkStackPermission(mockContext)
+ }
+ enforceNetworkStackPermissionOr(mockContext, TEST_PERMISSION1)
- doReturn(PERMISSION_DENIED).`when`(context).checkCallingOrSelfPermission(any())
+ doReturn(PERMISSION_DENIED).`when`(mockContext).checkCallingOrSelfPermission(any())
assertFailsWith<SecurityException>("Expect fail but permission granted.") {
- enforceNetworkStackPermission(context) }
+ enforceNetworkStackPermission(mockContext)
+ }
assertFailsWith<SecurityException>("Expect fail but permission granted.") {
- enforceNetworkStackPermissionOr(context, TEST_PERMISSION2) }
+ enforceNetworkStackPermissionOr(mockContext, TEST_PERMISSION2)
+ }
}
private fun mockHasSystemFeature(featureName: String, hasFeature: Boolean) {
- doReturn(hasFeature).`when`(packageManager)
- .hasSystemFeature(ArgumentMatchers.eq(featureName))
+ doReturn(hasFeature).`when`(mockPackageManager)
+ .hasSystemFeature(ArgumentMatchers.eq(featureName))
}
@Test
@@ -114,14 +133,38 @@
val exceptionMessage = "test exception message"
mockHasSystemFeature(featureName = systemFeature, hasFeature = false)
val e = assertFailsWith<UnsupportedOperationException>("Should fail without feature") {
- enforceSystemFeature(context, systemFeature, exceptionMessage) }
+ enforceSystemFeature(mockContext, systemFeature, exceptionMessage)
+ }
assertEquals(exceptionMessage, e.message)
mockHasSystemFeature(featureName = systemFeature, hasFeature = true)
try {
- enforceSystemFeature(context, systemFeature, "")
+ enforceSystemFeature(mockContext, systemFeature, "")
} catch (e: UnsupportedOperationException) {
Assert.fail("Exception should have not been thrown with system feature enabled")
}
}
+
+ @Test
+ @DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ fun testIsSystemSignaturePermission() {
+ assertTrue(
+ PermissionUtils.isSystemSignaturePermission(
+ context,
+ NETWORK_SETTINGS
+ )
+ )
+ assertFalse(
+ PermissionUtils
+ .isSystemSignaturePermission(context, PERMISSION_MAINLINE_NETWORK_STACK)
+ )
+ assertFalse(
+ PermissionUtils
+ .isSystemSignaturePermission(context, "test_permission")
+ )
+ assertFalse(
+ PermissionUtils
+ .isSystemSignaturePermission(context, INTERNET)
+ )
+ }
}