diff options
| author | Patrick Rohr <prohr@google.com> | 2024-12-20 09:52:33 -0800 |
|---|---|---|
| committer | aoleary <seanm187@gmail.com> | 2025-10-07 18:23:01 +0000 |
| commit | 0a9bb1c772640431b322628148963bd77bd5ffff (patch) | |
| tree | 7a591c37d91b8e383a82f06a6bcdc5e370840d4a /service/src/com/android | |
| parent | d9d515b114017f9ff5fa795cab1a03ce5a2bfd06 (diff) | |
The missing permission check means that an unauthorized app could
have registered a network offer to intercept all NetworkRequests (by
trivially guessing an existing provider ID) which would have leaked
information about other apps on the system.
This adds a NETWORK_FACTORY or MAINLINE_NETWORK_STACK permission check
to offerNetwork per the API annotations in ConnectivityManager.
Test networks can be offered when holding the MANAGE_TEST_NETWORKS
permission which is consistent with similar APIs in this class.
There can be no legitimate use of this API a) offerNetwork is @hide
and only exposed via NetworkProvider, and b) it requires getting a
provider ID by calling registerNetworkProvider which correctly enforces
permissions.
unofferNetwork does not currently require any permissions. Again, this
is consistent with the API annotations in ConnectivityManager.
Test: TH
(cherry picked from https://android-review.googlesource.com/q/commit:ff65257bd07c791a5bfef2f54bf96ae224c03273)
Bug: 388828859
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1917a04ae0ebf221232f9f3bf80fe329a01c6ed2)
Merged-In: If71ce012f927a34c647d36b5eaf3723de2c01879
Change-Id: If71ce012f927a34c647d36b5eaf3723de2c01879
Diffstat (limited to 'service/src/com/android')
| -rw-r--r-- | service/src/com/android/server/ConnectivityService.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index d0cb294f81..d3f652ef07 100644 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -6950,6 +6950,11 @@ public class ConnectivityService extends IConnectivityManager.Stub Objects.requireNonNull(score); Objects.requireNonNull(caps); Objects.requireNonNull(callback); + if (caps.hasTransport(TRANSPORT_TEST)) { + enforceAnyPermissionOf(Manifest.permission.MANAGE_TEST_NETWORKS); + } else { + enforceNetworkFactoryPermission(); + } final boolean yieldToBadWiFi = caps.hasTransport(TRANSPORT_CELLULAR) && !avoidBadWifi(); final NetworkOffer offer = new NetworkOffer( FullScore.makeProspectiveScore(score, caps, yieldToBadWiFi), |