Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Guard the SSID with NETWORK_SETTINGS" into pi-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2018-04-16 05:40:17 +00:00
committed by Android (Google) Code Review
parent 214b3378e6 b5120cab6b
commit a7579d6325
2 changed files with 3 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/CaptivePortalLogin/AndroidManifest.xml
View File

@@ -22,7 +22,7 @@
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />
<uses-permission android:name="android.permission.NETWORK_STACK" />
<uses-permission android:name="android.permission.NETWORK_SETTINGS" />
<application android:label="@string/app_name"
android:usesCleartextTraffic="true">

9
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -1402,7 +1402,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
NetworkCapabilities nc, int callerPid, int callerUid) {
final NetworkCapabilities newNc = new NetworkCapabilities(nc);
if (!checkSettingsPermission(callerPid, callerUid)) newNc.setUids(null);
if (!checkNetworkStackPermission(callerPid, callerUid)) newNc.setSSID(null);
if (!checkSettingsPermission(callerPid, callerUid)) newNc.setSSID(null);
return newNc;
}
@@ -1662,11 +1662,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
android.Manifest.permission.NETWORK_SETTINGS, pid, uid);
}
private boolean checkNetworkStackPermission(int pid, int uid) {
return PERMISSION_GRANTED == mContext.checkPermission(
android.Manifest.permission.NETWORK_STACK, pid, uid);
}
private void enforceTetherAccessPermission() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.ACCESS_NETWORK_STATE,
@@ -4247,7 +4242,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
// calling app has permission to do so.
private void ensureSufficientPermissionsForRequest(NetworkCapabilities nc,
int callerPid, int callerUid) {
if (null != nc.getSSID() && !checkNetworkStackPermission(callerPid, callerUid)) {
if (null != nc.getSSID() && !checkSettingsPermission(callerPid, callerUid)) {
throw new SecurityException("Insufficient permissions to request a specific SSID");
}
}