Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add privapp permissions to network modules.

Browse Source 
When built as part of the system, the network stack and the
captive portal login app should have the BYPASS_PRIVATE_DNS
and CONNECTIVITY_USE_RESTRICTED_NETWORKS permissions.
These are necessary to validate restricted networks, bypass VPNs,
bypass private DNS for captive portal login, etc. Add these
permissions to privapp-permissions-platform.xml.

When installed as mainline modules that cannot use signature
permissions, the modules get this ability by virtue of having the
MAINLINE_NETWORK_STACK permissions.

Additionally, add the CONNECTIVITY_USE_RESTRICTED_NETWORKS
permission to the captive portal login app manifest, which did
not contain it.

Bug: 129789428
Test: builds, boots
Test: dumpsys package shows permissions
Change-Id: I632359f7eff09fed71167733ac75824a5aa57894
This commit is contained in:
Lorenzo Colitti
2019-04-24 22:51:49 +09:00
parent 796afddd6c
commit 6c13b4e0f4
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
data/etc/privapp-permissions-platform.xml
View File

@@ -33,6 +33,11 @@ applications that come with the platform
<permission name="android.permission.CRYPT_KEEPER"/>
</privapp-permissions>
<privapp-permissions package="com.android.captiveportallogin">
<permission name="android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS"/>
<permission name="android.permission.NETWORK_BYPASS_PRIVATE_DNS"/>
</privapp-permissions>
<privapp-permissions package="com.android.cellbroadcastreceiver">
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
<permission name="android.permission.MANAGE_USERS"/>
@@ -203,6 +208,7 @@ applications that come with the platform
<permission name="android.permission.LOCAL_MAC_ADDRESS"/>
<permission name="android.permission.MANAGE_SUBSCRIPTION_PLANS"/>
<permission name="android.permission.MANAGE_USB"/>
<permission name="android.permission.NETWORK_BYPASS_PRIVATE_DNS"/>
<permission name="android.permission.PACKET_KEEPALIVE_OFFLOAD"/>
<permission name="android.permission.READ_NETWORK_USAGE_HISTORY"/>
<permission name="android.permission.READ_PRECISE_PHONE_STATE"/>