Expose network support configuration into AVF Java Framework API Bug: 340376951 Test: atest MicrodroidTests Test: atest MicrodroidTestAppNoInternetPerm Change-Id: I107de04e4c2890936a9c3fb4d6f61b8aff509ace

commit: a6589bdcccce47314f648573cc53dcc9f6a5b666 [log] [tgz]
author: Seungjae Yoo <seungjaeyoo@google.com> Tue Jun 11 10:14:07 2024 +0900
committer: Seungjae Yoo <seungjaeyoo@google.com> Wed Jun 12 15:33:12 2024 +0900
tree: 9d7cc1c2274e03500d6f7cdb44c226f9c96bf679
parent: 8e68bfbc30a497196f0dbec641d0e118c883abb7 [diff] [blame]
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 5592f14..3c45836 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs

@@ -510,6 +510,7 @@
     }
 
     fn createTapInterface(&self, iface_name_suffix: &str) -> binder::Result<ParcelFileDescriptor> {
+        check_internet_permission()?;
         check_use_custom_virtual_machine()?;
         if !cfg!(network) {
             return Err(Status::new_exception_str(
@@ -911,6 +912,12 @@
     check_permission("android.permission.USE_CUSTOM_VIRTUAL_MACHINE")
 }
 
+/// Check whether the caller of the current Binder method is allowed to create socket and
+/// establish connection between the VM and the Internet.
+fn check_internet_permission() -> binder::Result<()> {
+    check_permission("android.permission.INTERNET")
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
commit	a6589bdcccce47314f648573cc53dcc9f6a5b666	[log] [tgz]
author	Seungjae Yoo <seungjaeyoo@google.com>	Tue Jun 11 10:14:07 2024 +0900
committer	Seungjae Yoo <seungjaeyoo@google.com>	Wed Jun 12 15:33:12 2024 +0900
tree	9d7cc1c2274e03500d6f7cdb44c226f9c96bf679
parent	8e68bfbc30a497196f0dbec641d0e118c883abb7 [diff] [blame]