diff options
| author | Luke Huang <huangluke@google.com> | 2020-06-16 19:10:02 +0800 | 
|---|---|---|
| committer | Luke Huang <huangluke@google.com> | 2020-06-18 03:02:06 +0000 | 
| commit | 6f214e8ebee4f1665de3f2b586a22e7399482b3c (patch) | |
| tree | 4e96af808f83e0a2af6f715b3ef8546c946c1120 /graphics/java/android/renderscript/ProgramVertexFixedFunction.java | |
| parent | faf50e11cb8d3b5082c4e6574c0c8f9fe54c559b (diff) | |
Disable sockets and DNS if process lacks INTERNET permission.
This is a Client-only solution.
  - Add to NetdClient a per-process std::atomic_boolean
    similar to netIdForProcess and netIdForResolv.
  - The boolean says whether the process should be
    allowed Internet connectivity.
  - Add an @hide method to NetUtils.java to set the boolean;
    call it from the initialization code of the new
    process just after forking from zygote.
  - Make netdClientSocket and dnsOpenProxy check the
    boolean. If the boolean is false, return EPERM from
    socket calls.
Bug: 150028556
Test: atest NetworkUtilsTest
Test: atest CtsAppSecurityHostTestCases:UseProcessTest
Change-Id: If002280fbad493dfc2db3d9d505c0257d49a9056
Exempt-From-Owner-Approval: OWNERS already approved identical patchset 5
Diffstat (limited to 'graphics/java/android/renderscript/ProgramVertexFixedFunction.java')
0 files changed, 0 insertions, 0 deletions
