Merge "Check NetworkStack UID and perms before binding"

author: Remi NGUYEN VAN <reminv@google.com> 2019-02-13 00:10:18 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2019-02-13 00:10:18 +0000
commit: c96b852f464824f9b9249b1841a5a6ce460792fc (patch)
tree: bce2fe97932ed7e88a2c08ce15cf8606cff5f58b
parent: 76bc8cf927a7cfe9af4bc82352fb70aa28362980 (diff)
parent: c205f33bc471cd4fdf33744bdedfd5abd859b1a9 (diff)
1 files changed, 29 insertions, 1 deletions
diff --git a/core/java/android/net/NetworkStack.java b/core/java/android/net/NetworkStack.java
index 7a4c9bc16ac7..ca49438390e9 100644
--- a/core/java/android/net/NetworkStack.java
+++ b/core/java/android/net/NetworkStack.java
@@ -15,6 +15,7 @@
  */
 package android.net;
 
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
 import static android.os.IServiceManager.DUMP_FLAG_PRIORITY_HIGH;
 import static android.os.IServiceManager.DUMP_FLAG_PRIORITY_NORMAL;
 
@@ -27,6 +28,7 @@ import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.ServiceConnection;
+import android.content.pm.PackageManager;
 import android.net.dhcp.DhcpServingParamsParcel;
 import android.net.dhcp.IDhcpServerCallbacks;
 import android.net.ip.IIpClientCallbacks;
@@ -201,7 +203,33 @@ public class NetworkStack {
         final ComponentName comp = intent.resolveSystemService(context.getPackageManager(), 0);
         intent.setComponent(comp);
 
-        if (comp == null || !context.bindServiceAsUser(intent, new NetworkStackConnection(),
+        if (comp == null) {
+            Slog.wtf(TAG, "Could not resolve the network stack with " + intent);
+            // TODO: crash/reboot system server ?
+            return;
+        }
+
+        final PackageManager pm = context.getPackageManager();
+        int uid = -1;
+        try {
+            uid = pm.getPackageUid(comp.getPackageName(), UserHandle.USER_SYSTEM);
+        } catch (PackageManager.NameNotFoundException e) {
+            Slog.wtf("Network stack package not found", e);
+            // Fall through
+        }
+
+        if (uid != Process.NETWORK_STACK_UID) {
+            throw new SecurityException("Invalid network stack UID: " + uid);
+        }
+
+        final int hasPermission =
+                pm.checkPermission(PERMISSION_MAINLINE_NETWORK_STACK, comp.getPackageName());
+        if (hasPermission != PERMISSION_GRANTED) {
+            throw new SecurityException(
+                    "Network stack does not have permission " + PERMISSION_MAINLINE_NETWORK_STACK);
+        }
+
+        if (!context.bindServiceAsUser(intent, new NetworkStackConnection(),
                 Context.BIND_AUTO_CREATE | Context.BIND_IMPORTANT, UserHandle.SYSTEM)) {
             Slog.wtf(TAG,
                     "Could not bind to network stack in-process, or in app with " + intent);
author	Remi NGUYEN VAN <reminv@google.com>	2019-02-13 00:10:18 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2019-02-13 00:10:18 +0000
commit	c96b852f464824f9b9249b1841a5a6ce460792fc (patch)
tree	bce2fe97932ed7e88a2c08ce15cf8606cff5f58b
parent	76bc8cf927a7cfe9af4bc82352fb70aa28362980 (diff)
parent	c205f33bc471cd4fdf33744bdedfd5abd859b1a9 (diff)