diff options
| author | Luke Huang <huangluke@google.com> | 2020-06-16 19:10:02 +0800 |
|---|---|---|
| committer | Luke Huang <huangluke@google.com> | 2020-06-24 11:58:57 +0000 |
| commit | 3cd122f485c644e728bf4438d1262c81948680d9 (patch) | |
| tree | 9537998a07349b19f4fc12325c34d7247daf3552 /rs/java/android/renderscript/ProgramStore.java | |
| parent | 77d486426222b905e104f8203ec3a2faa348fe62 (diff) | |
Disable sockets and DNS if process lacks INTERNET permission.
This is a Client-only solution.
- Add to NetdClient a per-process std::atomic_boolean
similar to netIdForProcess and netIdForResolv.
- The boolean says whether the process should be
allowed Internet connectivity.
- Add an @hide method to NetUtils.java to set the boolean;
call it from the initialization code of the new
process just after forking from zygote.
- Make netdClientSocket and dnsOpenProxy check the
boolean. If the boolean is false, return EPERM from
socket calls.
Bug: 150028556
Test: atest NetworkUtilsTest
Test: atest CtsAppSecurityHostTestCases:UseProcessTest
(cherry-pick from internal branch, ag/11881939)
Merged-In: If002280fbad493dfc2db3d9d505c0257d49a9056
Change-Id: If002280fbad493dfc2db3d9d505c0257d49a9056
Diffstat (limited to 'rs/java/android/renderscript/ProgramStore.java')
0 files changed, 0 insertions, 0 deletions