diff options
| author | 2020-01-17 11:58:36 -0800 | |
|---|---|---|
| committer | 2020-01-22 23:59:56 -0800 | |
| commit | 201fc13e0c4ced06d53e708fef91742862cadfb9 (patch) | |
| tree | 40a212b8fb9686307f842a50dac7cb6dcecd8a96 | |
| parent | a538107ad1dc46a4bd73adda020174f377471c71 (diff) | |
Add list of Administrator UIDs to NetworkCapabilities.
Adds a list of administrator UIDs to NetworkCapabilties. The carrier
privilege permission model allows multiple uids to be granted
network-management privileges via certificates stored on a SIM card or
in CarrierConfigManager. The current NetworkCapabilities only allows a
single uid to be stored to track the owner of the network - this change
remedies that discrepancy.
Bug: 147903575
Test: atest FrameworksNetTests
Change-Id: I3169d31e0270c976a720e80363cb268cbafd0455
| -rwxr-xr-x | api/system-current.txt | 2 | ||||
| -rw-r--r-- | core/java/android/net/NetworkCapabilities.java | 62 | ||||
| -rw-r--r-- | services/core/java/com/android/server/ConnectivityService.java | 3 | ||||
| -rw-r--r-- | tests/net/common/java/android/net/NetworkCapabilitiesTest.java | 2 |
4 files changed, 68 insertions, 1 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index a647da69bebe..e3b6989d8400 100755 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -4533,9 +4533,11 @@ package android.net { public final class NetworkCapabilities implements android.os.Parcelable { method public boolean deduceRestrictedCapability(); + method @NonNull public java.util.List<java.lang.Integer> getAdministratorUids(); method @Nullable public String getSSID(); method @NonNull public int[] getTransportTypes(); method public boolean satisfiedByNetworkCapabilities(@Nullable android.net.NetworkCapabilities); + method public void setAdministratorUids(@NonNull java.util.List<java.lang.Integer>); method @NonNull public android.net.NetworkCapabilities setSSID(@Nullable String); method @NonNull public android.net.NetworkCapabilities setTransportInfo(@NonNull android.net.TransportInfo); field public static final int NET_CAPABILITY_OEM_PAID = 22; // 0x16 diff --git a/core/java/android/net/NetworkCapabilities.java b/core/java/android/net/NetworkCapabilities.java index 8ebd1392240d..6207661e47ce 100644 --- a/core/java/android/net/NetworkCapabilities.java +++ b/core/java/android/net/NetworkCapabilities.java @@ -35,6 +35,9 @@ import com.android.internal.util.Preconditions; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; import java.util.Objects; import java.util.Set; import java.util.StringJoiner; @@ -83,6 +86,7 @@ public final class NetworkCapabilities implements Parcelable { mSignalStrength = SIGNAL_STRENGTH_UNSPECIFIED; mUids = null; mEstablishingVpnAppUid = INVALID_UID; + mAdministratorUids.clear(); mSSID = null; mPrivateDnsBroken = false; } @@ -101,6 +105,7 @@ public final class NetworkCapabilities implements Parcelable { mSignalStrength = nc.mSignalStrength; setUids(nc.mUids); // Will make the defensive copy mEstablishingVpnAppUid = nc.mEstablishingVpnAppUid; + setAdministratorUids(nc.mAdministratorUids); mUnwantedNetworkCapabilities = nc.mUnwantedNetworkCapabilities; mSSID = nc.mSSID; mPrivateDnsBroken = nc.mPrivateDnsBroken; @@ -833,6 +838,56 @@ public final class NetworkCapabilities implements Parcelable { } /** + * UIDs of packages that are administrators of this network, or empty if none. + * + * <p>This field tracks the UIDs of packages that have permission to manage this network. + * + * <p>Network owners will also be listed as administrators. + * + * <p>For NetworkCapability instances being sent from the System Server, this value MUST be + * empty unless the destination is 1) the System Server, or 2) Telephony. In either case, the + * receiving entity must have the ACCESS_FINE_LOCATION permission and target R+. + */ + private final List<Integer> mAdministratorUids = new ArrayList<>(); + + /** + * Sets the list of UIDs that are administrators of this network. + * + * <p>UIDs included in administratorUids gain administrator privileges over this Network. + * Examples of UIDs that should be included in administratorUids are: + * <ul> + * <li>Carrier apps with privileges for the relevant subscription + * <li>Active VPN apps + * <li>Other application groups with a particular Network-related role + * </ul> + * + * <p>In general, user-supplied networks (such as WiFi networks) do not have an administrator. + * + * <p>An app is granted owner privileges over Networks that it supplies. Owner privileges + * implicitly include administrator privileges. + * + * @param administratorUids the UIDs to be set as administrators of this Network. + * @hide + */ + @SystemApi + public void setAdministratorUids(@NonNull final List<Integer> administratorUids) { + mAdministratorUids.clear(); + mAdministratorUids.addAll(administratorUids); + } + + /** + * Retrieves the list of UIDs that are administrators of this Network. + * + * @return the List of UIDs that are administrators of this Network + * @hide + */ + @NonNull + @SystemApi + public List<Integer> getAdministratorUids() { + return Collections.unmodifiableList(mAdministratorUids); + } + + /** * Value indicating that link bandwidth is unspecified. * @hide */ @@ -1471,6 +1526,7 @@ public final class NetworkCapabilities implements Parcelable { public int describeContents() { return 0; } + @Override public void writeToParcel(Parcel dest, int flags) { dest.writeLong(mNetworkCapabilities); @@ -1484,6 +1540,7 @@ public final class NetworkCapabilities implements Parcelable { dest.writeArraySet(mUids); dest.writeString(mSSID); dest.writeBoolean(mPrivateDnsBroken); + dest.writeList(mAdministratorUids); } public static final @android.annotation.NonNull Creator<NetworkCapabilities> CREATOR = @@ -1504,6 +1561,7 @@ public final class NetworkCapabilities implements Parcelable { null /* ClassLoader, null for default */); netCap.mSSID = in.readString(); netCap.mPrivateDnsBroken = in.readBoolean(); + netCap.setAdministratorUids(in.readArrayList(null)); return netCap; } @Override @@ -1557,6 +1615,10 @@ public final class NetworkCapabilities implements Parcelable { sb.append(" EstablishingAppUid: ").append(mEstablishingVpnAppUid); } + if (!mAdministratorUids.isEmpty()) { + sb.append(" AdministratorUids: ").append(mAdministratorUids); + } + if (null != mSSID) { sb.append(" SSID: ").append(mSSID); } diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 76c119db0ad9..11f0a04fa8dc 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -212,6 +212,7 @@ import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.Comparator; import java.util.ConcurrentModificationException; import java.util.HashMap; @@ -1634,6 +1635,7 @@ public class ConnectivityService extends IConnectivityManager.Stub if (newNc.getNetworkSpecifier() != null) { newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact()); } + newNc.setAdministratorUids(Collections.EMPTY_LIST); return newNc; } @@ -1664,6 +1666,7 @@ public class ConnectivityService extends IConnectivityManager.Stub if (!checkSettingsPermission()) { nc.setSingleUid(Binder.getCallingUid()); } + nc.setAdministratorUids(Collections.EMPTY_LIST); } private void restrictBackgroundRequestForCaller(NetworkCapabilities nc) { diff --git a/tests/net/common/java/android/net/NetworkCapabilitiesTest.java b/tests/net/common/java/android/net/NetworkCapabilitiesTest.java index 15691127cab7..797fd83321f7 100644 --- a/tests/net/common/java/android/net/NetworkCapabilitiesTest.java +++ b/tests/net/common/java/android/net/NetworkCapabilitiesTest.java @@ -271,7 +271,7 @@ public class NetworkCapabilitiesTest { .addCapability(NET_CAPABILITY_NOT_METERED); assertParcelingIsLossless(netCap); netCap.setSSID(TEST_SSID); - assertParcelSane(netCap, 12); + assertParcelSane(netCap, 13); } @Test |