commit e5c0ba325df47800600bf2584d738e2d80cf6863
author Aaron Huang <huangaaron@google.com> Tue Apr 14 13:43:49 2020 +0800
committer Aaron Huang <huangaaron@google.com> Thu Apr 16 14:03:55 2020 +0800
tree 0cb2421152de90b5e87afb6ab8c4c73116efa6b1
parent 089f46b079a98a3e837175b8e74c66bd543a88af

Adjust permission of NetworkProvider related API

- Allow an app holds NETWORK_SETTINGS to acess registerNetworkProvier()
  and unregisterNetworkProvider().
- To access declareNetworkRequestUnfulfillable(), allow an app holds
  MANAGE_TEST_NETWORKS to declare a unfulfillable request that contains
  TRANSPORT_TEST transport.

This makes easier to write cts to test.

Bug: 153612373
Bug: 153614605
Test: atest FrameworksNetTests
      atest CtsNetTestCases:android.net.NetworkProviderTest
Change-Id: Ic9809e731aa811a51c2f82d189372169d99a5ed9

services/core/java/com/android/server/ConnectivityService.java

diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 1c04064..6b13a17 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -2093,6 +2093,20 @@
                 NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
     }
 
+    private void enforceNetworkFactoryOrSettingsPermission() {
+        enforceAnyPermissionOf(
+                android.Manifest.permission.NETWORK_SETTINGS,
+                android.Manifest.permission.NETWORK_FACTORY,
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
+    }
+
+    private void enforceNetworkFactoryOrTestNetworksPermission() {
+        enforceAnyPermissionOf(
+                android.Manifest.permission.MANAGE_TEST_NETWORKS,
+                android.Manifest.permission.NETWORK_FACTORY,
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
+    }
+
     private boolean checkSettingsPermission() {
         return checkAnyPermissionOf(
                 android.Manifest.permission.NETWORK_SETTINGS,
@@ -5672,7 +5686,7 @@
 
     @Override
     public int registerNetworkProvider(Messenger messenger, String name) {
-        enforceNetworkFactoryPermission();
+        enforceNetworkFactoryOrSettingsPermission();
         NetworkProviderInfo npi = new NetworkProviderInfo(name, messenger,
                 null /* asyncChannel */, nextNetworkProviderId(),
                 () -> unregisterNetworkProvider(messenger));
@@ -5682,7 +5696,7 @@
 
     @Override
     public void unregisterNetworkProvider(Messenger messenger) {
-        enforceNetworkFactoryPermission();
+        enforceNetworkFactoryOrSettingsPermission();
         mHandler.sendMessage(mHandler.obtainMessage(EVENT_UNREGISTER_NETWORK_PROVIDER, messenger));
     }
 
@@ -5702,7 +5716,11 @@
 
     @Override
     public void declareNetworkRequestUnfulfillable(NetworkRequest request) {
-        enforceNetworkFactoryPermission();
+        if (request.hasTransport(TRANSPORT_TEST)) {
+            enforceNetworkFactoryOrTestNetworksPermission();
+        } else {
+            enforceNetworkFactoryPermission();
+        }
         mHandler.post(() -> handleReleaseNetworkRequest(request, Binder.getCallingUid(), true));
     }