From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Danny Lin Date: Tue, 5 Oct 2021 17:05:49 -0700 Subject: [PATCH] Add callback for enforcing INTERNET permission changes Change-Id: Ic79b9c6a6cb35c69de16732ce5be0a3e6e81d066 --- framework/api/system-current.txt | 1 + .../src/android/net/ConnectivityManager.java | 16 ++++++++++++++++ .../src/android/net/IConnectivityManager.aidl | 2 ++ .../com/android/server/ConnectivityService.java | 6 ++++++ .../server/connectivity/PermissionMonitor.java | 5 +++++ 5 files changed, 30 insertions(+) diff --git a/framework/api/system-current.txt b/framework/api/system-current.txt index d1d51da15..09a678d9b 100644 --- a/framework/api/system-current.txt +++ b/framework/api/system-current.txt @@ -51,6 +51,7 @@ package android.net { method @Deprecated @RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS) public String getCaptivePortalServerUrl(); method @Deprecated @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public void getLatestTetheringEntitlementResult(int, boolean, @NonNull java.util.concurrent.Executor, @NonNull android.net.ConnectivityManager.OnTetheringEntitlementResultListener); method @Deprecated @RequiresPermission(anyOf={android.Manifest.permission.TETHER_PRIVILEGED, android.Manifest.permission.WRITE_SETTINGS}) public boolean isTetheringSupported(); + method public void onPackagePermissionChanged(int); method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_FACTORY}) public int registerNetworkProvider(@NonNull android.net.NetworkProvider); method public void registerQosCallback(@NonNull android.net.QosSocketInfo, @NonNull java.util.concurrent.Executor, @NonNull android.net.QosCallback); method @Deprecated @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public void registerTetheringEventCallback(@NonNull java.util.concurrent.Executor, @NonNull android.net.ConnectivityManager.OnTetheringEventCallback); diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java index 2eb5fb72a..fd37a9746 100644 --- a/framework/src/android/net/ConnectivityManager.java +++ b/framework/src/android/net/ConnectivityManager.java @@ -16,6 +16,7 @@ package android.net; import static android.annotation.SystemApi.Client.MODULE_LIBRARIES; +import static android.annotation.SystemApi.Client.SYSTEM_SERVER; import static android.net.NetworkRequest.Type.BACKGROUND_REQUEST; import static android.net.NetworkRequest.Type.LISTEN; import static android.net.NetworkRequest.Type.LISTEN_FOR_BEST; @@ -34,6 +35,7 @@ import android.annotation.SdkConstant.SdkConstantType; import android.annotation.SuppressLint; import android.annotation.SystemApi; import android.annotation.SystemService; +import android.annotation.UserIdInt; import android.app.PendingIntent; import android.app.admin.DevicePolicyManager; import android.compat.annotation.UnsupportedAppUsage; @@ -5499,4 +5501,18 @@ public class ConnectivityManager { public static Range getIpSecNetIdRange() { return new Range(TUN_INTF_NETID_START, TUN_INTF_NETID_START + TUN_INTF_NETID_RANGE - 1); } + + /** + * Notify ConnectivityService of a runtime permission change for the given package and user ID. + * + * @hide + */ + @SystemApi + public void onPackagePermissionChanged(int uid) { + try { + mService.onPackagePermissionChanged(uid); + } catch (RemoteException e) { + throw e.rethrowFromSystemServer(); + } + } } diff --git a/framework/src/android/net/IConnectivityManager.aidl b/framework/src/android/net/IConnectivityManager.aidl index 50ec78120..2d09c0422 100644 --- a/framework/src/android/net/IConnectivityManager.aidl +++ b/framework/src/android/net/IConnectivityManager.aidl @@ -228,4 +228,6 @@ interface IConnectivityManager void unofferNetwork(in INetworkOfferCallback callback); void setTestAllowBadWifiUntil(long timeMs); + + void onPackagePermissionChanged(int uid); } diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index 418e9e33b..d4da9a42a 100644 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -93,6 +93,7 @@ import static java.util.Map.Entry; import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; +import android.annotation.UserIdInt; import android.app.AppOpsManager; import android.app.BroadcastOptions; import android.app.PendingIntent; @@ -10346,4 +10347,9 @@ public class ConnectivityService extends IConnectivityManager.Stub return createNetworkRequest(NetworkRequest.Type.REQUEST, netcap); } } + + @Override + public void onPackagePermissionChanged(int uid) { + mPermissionMonitor.onInternetPermissionChanged(uid); + } } diff --git a/service/src/com/android/server/connectivity/PermissionMonitor.java b/service/src/com/android/server/connectivity/PermissionMonitor.java index a49c0a6e8..a43ee18b3 100755 --- a/service/src/com/android/server/connectivity/PermissionMonitor.java +++ b/service/src/com/android/server/connectivity/PermissionMonitor.java @@ -32,6 +32,7 @@ import static android.os.Process.SYSTEM_UID; import static com.android.net.module.util.CollectionUtils.toIntArray; import android.annotation.NonNull; +import android.annotation.UserIdInt; import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; @@ -278,6 +279,10 @@ public class PermissionMonitor { sendPackagePermissionsToNetd(netdPermsUids); } + public void onInternetPermissionChanged(int uid) { + sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid)); + } + @VisibleForTesting synchronized void updateUidsAllowedOnRestrictedNetworks(final Set uids) { mUidsAllowedOnRestrictedNetworks.clear();