From 6513fcdc61e39863c0bd9ad00e930baede113dee Mon Sep 17 00:00:00 2001
From: Chiachang Wang <chiachangwang@google.com>
Date: Mon, 26 Oct 2020 19:59:31 +0800
Subject: [PATCH] Replace hidden NMS permission control API

Replace the hidden setNetworkPermission NMS APIs with accessing
INetd directly for the incoming ConnectivityService mainline.

Bug: 170598012
Test: atest FrameworksNetTests CtsNetTestCasesLatestSdk
Change-Id: I37ed1003355677b98cbb741f774ba0fa4d193572
---
 core/java/android/os/INetworkManagementService.aidl   |  7 -------
 .../java/com/android/server/ConnectivityService.java  |  6 +++---
 .../com/android/server/NetworkManagementService.java  | 11 -----------
 3 files changed, 3 insertions(+), 21 deletions(-)

diff --git a/core/java/android/os/INetworkManagementService.aidl b/core/java/android/os/INetworkManagementService.aidl
index 3bcef901aa4a2..136f6121e585f 100644
--- a/core/java/android/os/INetworkManagementService.aidl
+++ b/core/java/android/os/INetworkManagementService.aidl
@@ -347,13 +347,6 @@ interface INetworkManagementService
 
     void addLegacyRouteForNetId(int netId, in RouteInfo routeInfo, int uid);
 
-    /**
-     * Set permission for a network.
-     * @param permission PERMISSION_NONE to clear permissions.
-     *                   PERMISSION_NETWORK or PERMISSION_SYSTEM to set permission.
-     */
-    void setNetworkPermission(int netId, int permission);
-
     /**
      * Allow UID to call protect().
      */
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 3291e96f4dc82..79e621870666d 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -6264,9 +6264,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
         final int newPermission = getNetworkPermission(newNc);
         if (oldPermission != newPermission && nai.created && !nai.isVPN()) {
             try {
-                mNMS.setNetworkPermission(nai.network.netId, newPermission);
-            } catch (RemoteException e) {
-                loge("Exception in setNetworkPermission: " + e);
+                mNetd.networkSetPermissionForNetwork(nai.network.netId, newPermission);
+            } catch (RemoteException | ServiceSpecificException e) {
+                loge("Exception in networkSetPermissionForNetwork: " + e);
             }
         }
     }
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index dea6c04b4f372..1c99465dfebfb 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -2008,17 +2008,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
         }
     }
 
-    @Override
-    public void setNetworkPermission(int netId, int permission) {
-        NetworkStack.checkNetworkStackPermission(mContext);
-
-        try {
-            mNetdService.networkSetPermissionForNetwork(netId, permission);
-        } catch (RemoteException | ServiceSpecificException e) {
-            throw new IllegalStateException(e);
-        }
-    }
-
     @Override
     public void allowProtect(int uid) {
         NetworkStack.checkNetworkStackPermission(mContext);