diff options
| author | Lorenzo Colitti <lorenzo@google.com> | 2021-03-22 02:12:04 +0900 |
|---|---|---|
| committer | Lorenzo Colitti <lorenzo@google.com> | 2021-03-22 02:29:29 +0900 |
| commit | ae67988721788b99b6150aeb8904c1c9d432fb0e (patch) | |
| tree | d6b6e8a246b7122c124f821a5da9c38863689e2b /services | |
| parent | d22c7588d7242604091a8efee39f79bb4b2bef70 (diff) | |
Fix privileged apps calling registerDefaultNetworkCallback.
When registerDefaultNetworkCallback is called by an app that has
NETWORK_SETTINGS, the UID of the app is forgotten and the request
that is filed has an empty UID set. This results in that request
matching networks that have UID ranges that do not include it,
e.g., VPNs.
Fix this by ensuring that the UID ranges are properly set.
Bug: 165835257
Test: updated specific tests for this bug
Change-Id: I90bf79573342c144d1cfbc2f61a3155fdd5b1fa7
Diffstat (limited to 'services')
| -rw-r--r-- | services/core/java/com/android/server/ConnectivityService.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 39230630966c..6fcb3f74c757 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -6116,10 +6116,15 @@ public class ConnectivityService extends IConnectivityManager.Stub private NetworkCapabilities copyDefaultNetworkCapabilitiesForUid( @NonNull final NetworkCapabilities netCapToCopy, @NonNull final int requestorUid, @NonNull final String requestorPackageName) { + // These capabilities are for a TRACK_DEFAULT callback, so: + // 1. Remove NET_CAPABILITY_VPN, because it's (currently!) the only difference between + // mDefaultRequest and a per-UID default request. + // TODO: stop depending on the fact that these two unrelated things happen to be the same + // 2. Always set the UIDs to mAsUid. restrictRequestUidsForCallerAndSetRequestorInfo will + // not do this in the case of a privileged application. final NetworkCapabilities netCap = new NetworkCapabilities(netCapToCopy); netCap.removeCapability(NET_CAPABILITY_NOT_VPN); netCap.setSingleUid(requestorUid); - netCap.setUids(new ArraySet<>()); restrictRequestUidsForCallerAndSetRequestorInfo( netCap, requestorUid, requestorPackageName); return netCap; |