diff --git a/services/java/com/android/server/NativeDaemonConnector.java b/services/java/com/android/server/NativeDaemonConnector.java
index 43d938cea3d88..28013bd7b35bb 100644
--- a/services/java/com/android/server/NativeDaemonConnector.java
+++ b/services/java/com/android/server/NativeDaemonConnector.java
@@ -207,6 +207,13 @@ final class NativeDaemonConnector implements Runnable, Handler.Callback, Watchdo
      */
     private void sendCommandLocked(String command, String argument)
             throws NativeDaemonConnectorException {
+        if (command != null && command.indexOf('\0') >= 0) {
+            throw new IllegalArgumentException("unexpected command: " + command);
+        }
+        if (argument != null && argument.indexOf('\0') >= 0) {
+            throw new IllegalArgumentException("unexpected argument: " + argument);
+        }
+
         if (LOCAL_LOGD) Slog.d(TAG, String.format("SND -> {%s} {%s}", command, argument));
         if (mOutputStream == null) {
             Slog.e(TAG, "No connection to daemon", new IllegalStateException());
diff --git a/services/java/com/android/server/NetworkManagementService.java b/services/java/com/android/server/NetworkManagementService.java
index bcb1aa24930d5..4e4fe4ad71af4 100644
--- a/services/java/com/android/server/NetworkManagementService.java
+++ b/services/java/com/android/server/NetworkManagementService.java
@@ -16,6 +16,8 @@
 
 package com.android.server;
 
+import static android.Manifest.permission.ACCESS_NETWORK_STATE;
+import static android.Manifest.permission.CHANGE_NETWORK_STATE;
 import static android.Manifest.permission.DUMP;
 import static android.Manifest.permission.MANAGE_NETWORK_POLICY;
 import static android.net.NetworkStats.SET_DEFAULT;
@@ -355,6 +357,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     }
 
     public InterfaceConfiguration getInterfaceConfig(String iface) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(ACCESS_NETWORK_STATE, TAG);
         String rsp;
         try {
             rsp = mConnector.doCommand("interface getcfg " + iface).get(0);
@@ -409,6 +412,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
 
     public void setInterfaceConfig(
             String iface, InterfaceConfiguration cfg) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         LinkAddress linkAddr = cfg.addr;
         if (linkAddr == null || linkAddr.getAddress() == null) {
             throw new IllegalStateException("Null LinkAddress given");
@@ -426,6 +430,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     }
 
     public void setInterfaceDown(String iface) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         try {
             InterfaceConfiguration ifcg = getInterfaceConfig(iface);
             ifcg.interfaceFlags = ifcg.interfaceFlags.replace("up", "down");
@@ -437,6 +442,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     }
 
     public void setInterfaceUp(String iface) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         try {
             InterfaceConfiguration ifcg = getInterfaceConfig(iface);
             ifcg.interfaceFlags = ifcg.interfaceFlags.replace("down", "up");
@@ -449,6 +455,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
 
     public void setInterfaceIpv6PrivacyExtensions(String iface, boolean enable)
             throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         String cmd = String.format("interface ipv6privacyextensions %s %s", iface,
                 enable ? "enable" : "disable");
         try {
@@ -464,7 +471,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     /* TODO: This is right now a IPv4 only function. Works for wifi which loses its
        IPv6 addresses on interface down, but we need to do full clean up here */
     public void clearInterfaceAddresses(String iface) throws IllegalStateException {
-         String cmd = String.format("interface clearaddrs %s", iface);
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
+        String cmd = String.format("interface clearaddrs %s", iface);
         try {
             mConnector.doCommand(cmd);
         } catch (NativeDaemonConnectorException e) {
@@ -496,10 +504,12 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     }
 
     public void addRoute(String interfaceName, RouteInfo route) {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         modifyRoute(interfaceName, ADD, route);
     }
 
     public void removeRoute(String interfaceName, RouteInfo route) {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         modifyRoute(interfaceName, REMOVE, route);
     }
 
@@ -583,6 +593,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     }
 
     public RouteInfo[] getRoutes(String interfaceName) {
+        mContext.enforceCallingOrSelfPermission(ACCESS_NETWORK_STATE, TAG);
         ArrayList<RouteInfo> routes = new ArrayList<RouteInfo>();
 
         // v4 routes listed as: