Verify carrier privileges for VCN-providing packages

This change adds and verifies packages in the VcnManagmentService, ensuring that carrier privilege gain/loss correctly starts/tears down VCN instances. Bug: 163431877 Test: atest FrameworksNetTests Change-Id: I63203188c57fdde1cfc58aaf1108aa3e70eb4a50
author: Benedict Wong <benedictwong@google.com> 2020-11-30 17:25:46 -0800
committer: Benedict Wong <benedictwong@google.com> 2021-01-07 17:13:37 -0800
commit: 9cb580784531a0c62164ce4b907dc04ea522ba6a (patch)
tree: f469b5db250080ed6774aed3b706bd114724eb9a /core/java
parent: 6153723db5f8bb7ec58e220a2085577766b8f46b (diff)
3 files changed, 39 insertions, 8 deletions
diff --git a/core/java/android/net/vcn/IVcnManagementService.aidl b/core/java/android/net/vcn/IVcnManagementService.aidl
index 9dd01140b413..04b585cdf420 100644
--- a/core/java/android/net/vcn/IVcnManagementService.aidl
+++ b/core/java/android/net/vcn/IVcnManagementService.aidl
@@ -23,6 +23,6 @@ import android.os.ParcelUuid;
  * @hide
  */
 interface IVcnManagementService {
-    void setVcnConfig(in ParcelUuid subscriptionGroup, in VcnConfig config);
+    void setVcnConfig(in ParcelUuid subscriptionGroup, in VcnConfig config, in String opPkgName);
     void clearVcnConfig(in ParcelUuid subscriptionGroup);
 }
diff --git a/core/java/android/net/vcn/VcnConfig.java b/core/java/android/net/vcn/VcnConfig.java
index d4a3fa7411b1..ede8faaaf261 100644
--- a/core/java/android/net/vcn/VcnConfig.java
+++ b/core/java/android/net/vcn/VcnConfig.java
@@ -19,6 +19,7 @@ import static com.android.internal.annotations.VisibleForTesting.Visibility;
 
 import android.annotation.NonNull;
 import android.annotation.Nullable;
+import android.content.Context;
 import android.os.Parcel;
 import android.os.Parcelable;
 import android.os.PersistableBundle;
@@ -45,11 +46,17 @@ import java.util.Set;
 public final class VcnConfig implements Parcelable {
     @NonNull private static final String TAG = VcnConfig.class.getSimpleName();
 
+    private static final String PACKAGE_NAME_KEY = "mPackageName";
+    @NonNull private final String mPackageName;
+
     private static final String GATEWAY_CONNECTION_CONFIGS_KEY = "mGatewayConnectionConfigs";
     @NonNull private final Set<VcnGatewayConnectionConfig> mGatewayConnectionConfigs;
 
-    private VcnConfig(@NonNull Set<VcnGatewayConnectionConfig> tunnelConfigs) {
-        mGatewayConnectionConfigs = Collections.unmodifiableSet(tunnelConfigs);
+    private VcnConfig(
+            @NonNull String packageName,
+            @NonNull Set<VcnGatewayConnectionConfig> gatewayConnectionConfigs) {
+        mPackageName = packageName;
+        mGatewayConnectionConfigs = Collections.unmodifiableSet(gatewayConnectionConfigs);
 
         validate();
     }
@@ -61,6 +68,8 @@ public final class VcnConfig implements Parcelable {
      */
     @VisibleForTesting(visibility = Visibility.PRIVATE)
     public VcnConfig(@NonNull PersistableBundle in) {
+        mPackageName = in.getString(PACKAGE_NAME_KEY);
+
         final PersistableBundle gatewayConnectionConfigsBundle =
                 in.getPersistableBundle(GATEWAY_CONNECTION_CONFIGS_KEY);
         mGatewayConnectionConfigs =
@@ -72,8 +81,19 @@ public final class VcnConfig implements Parcelable {
     }
 
     private void validate() {
+        Objects.requireNonNull(mPackageName, "packageName was null");
         Preconditions.checkCollectionNotEmpty(
-                mGatewayConnectionConfigs, "gatewayConnectionConfigs");
+                mGatewayConnectionConfigs, "gatewayConnectionConfigs was empty");
+    }
+
+    /**
+     * Retrieve the package name of the provisioning app.
+     *
+     * @hide
+     */
+    @NonNull
+    public String getProvisioningPackageName() {
+        return mPackageName;
     }
 
     /** Retrieves the set of configured tunnels. */
@@ -91,6 +111,8 @@ public final class VcnConfig implements Parcelable {
     public PersistableBundle toPersistableBundle() {
         final PersistableBundle result = new PersistableBundle();
 
+        result.putString(PACKAGE_NAME_KEY, mPackageName);
+
         final PersistableBundle gatewayConnectionConfigsBundle =
                 PersistableBundleUtils.fromList(
                         new ArrayList<>(mGatewayConnectionConfigs),
@@ -102,7 +124,7 @@ public final class VcnConfig implements Parcelable {
 
     @Override
     public int hashCode() {
-        return Objects.hash(mGatewayConnectionConfigs);
+        return Objects.hash(mPackageName, mGatewayConnectionConfigs);
     }
 
     @Override
@@ -112,7 +134,8 @@ public final class VcnConfig implements Parcelable {
         }
 
         final VcnConfig rhs = (VcnConfig) other;
-        return mGatewayConnectionConfigs.equals(rhs.mGatewayConnectionConfigs);
+        return mPackageName.equals(rhs.mPackageName)
+                && mGatewayConnectionConfigs.equals(rhs.mGatewayConnectionConfigs);
     }
 
     // Parcelable methods
@@ -143,9 +166,17 @@ public final class VcnConfig implements Parcelable {
 
     /** This class is used to incrementally build {@link VcnConfig} objects. */
     public static class Builder {
+        @NonNull private final String mPackageName;
+
         @NonNull
         private final Set<VcnGatewayConnectionConfig> mGatewayConnectionConfigs = new ArraySet<>();
 
+        public Builder(@NonNull Context context) {
+            Objects.requireNonNull(context, "context was null");
+
+            mPackageName = context.getOpPackageName();
+        }
+
         /**
          * Adds a configuration for an individual gateway connection.
          *
@@ -168,7 +199,7 @@ public final class VcnConfig implements Parcelable {
          */
         @NonNull
         public VcnConfig build() {
-            return new VcnConfig(mGatewayConnectionConfigs);
+            return new VcnConfig(mPackageName, mGatewayConnectionConfigs);
         }
     }
 }
diff --git a/core/java/android/net/vcn/VcnManager.java b/core/java/android/net/vcn/VcnManager.java
index 19c183f9fe9c..b881a339535b 100644
--- a/core/java/android/net/vcn/VcnManager.java
+++ b/core/java/android/net/vcn/VcnManager.java
@@ -101,7 +101,7 @@ public final class VcnManager {
         requireNonNull(config, "config was null");
 
         try {
-            mService.setVcnConfig(subscriptionGroup, config);
+            mService.setVcnConfig(subscriptionGroup, config, mContext.getOpPackageName());
         } catch (ServiceSpecificException e) {
             throw new IOException(e);
         } catch (RemoteException e) {
author	Benedict Wong <benedictwong@google.com>	2020-11-30 17:25:46 -0800
committer	Benedict Wong <benedictwong@google.com>	2021-01-07 17:13:37 -0800
commit	9cb580784531a0c62164ce4b907dc04ea522ba6a (patch)
tree	f469b5db250080ed6774aed3b706bd114724eb9a /core/java
parent	6153723db5f8bb7ec58e220a2085577766b8f46b (diff)