diff options
| author | Remi NGUYEN VAN <reminv@google.com> | 2019-08-21 18:18:01 +0900 |
|---|---|---|
| committer | Remi NGUYEN VAN <reminv@google.com> | 2019-08-21 18:23:25 +0900 |
| commit | f3088e9925ac658c833bef258ffb2fff86442897 (patch) | |
| tree | 1b03dedf90d41702af9686d9573e6be1b0093616 | |
| parent | c80a667b36f6f9622e07156f40e3b91b33a18455 (diff) | |
Add permission to NetworkStackService
Require a permission to bind to NetworkStackService.
INetworkStackConnector already has permission (UID) checks on all calls
to the service, but callers should not even be able to bind to it.
The MAINLINE_NETWORK_STACK permission is appropriate as it is only held
by the network stack module. Only the system server (which is considered
as holding all permissions) and other network stack components should be
allowed to bind to the network stack service. Bluetooth gets the
connector through the ServiceManager and does not need to bind to it.
Bug: 139720667
Test: Flashed, booted, WiFi and bluetooth reverse tethering working.
Test: Also the above with a Go target (InProcessNetworkStack)
Test: atest FrameworksNetTests NetworkStackTests
Test: atest NetworkStackIntegrationTests
Change-Id: I5db6de782626e8ff2914e5840d3f8582e53ec9c2
| -rw-r--r-- | AndroidManifest.xml | 3 | ||||
| -rw-r--r-- | AndroidManifest_InProcess.xml | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index bb838a2..4ff433c 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -40,7 +40,8 @@ <application android:extractNativeLibs="false" android:persistent="true"> - <service android:name="com.android.server.NetworkStackService"> + <service android:name="com.android.server.NetworkStackService" + android:permission="android.permission.MAINLINE_NETWORK_STACK"> <intent-filter> <action android:name="android.net.INetworkStackConnector"/> </intent-filter> diff --git a/AndroidManifest_InProcess.xml b/AndroidManifest_InProcess.xml index 2778a2a..723df09 100644 --- a/AndroidManifest_InProcess.xml +++ b/AndroidManifest_InProcess.xml @@ -22,7 +22,9 @@ android:process="system"> <uses-sdk android:minSdkVersion="28" android:targetSdkVersion="28" /> <application> - <service android:name="com.android.server.NetworkStackService" android:process="system"> + <service android:name="com.android.server.NetworkStackService" + android:process="system" + android:permission="android.permission.MAINLINE_NETWORK_STACK"> <intent-filter> <action android:name="android.net.INetworkStackConnector.InProcess"/> </intent-filter> |