Guard the SSID with NETWORK_SETTINGS

author Chalard Jean <jchalard@google.com>

Mon, 16 Apr 2018 03:25:22 +0000 (12:25 +0900)

committer Chalard Jean <jchalard@google.com>

Wed, 6 Jun 2018 08:24:01 +0000 (08:24 +0000)
author Chalard Jean <jchalard@google.com>
Mon, 16 Apr 2018 03:25:22 +0000 (12:25 +0900)
committer Chalard Jean <jchalard@google.com>
Wed, 6 Jun 2018 08:24:01 +0000 (08:24 +0000)
diff --git a/packages/CaptivePortalLogin/AndroidManifest.xml b/packages/CaptivePortalLogin/AndroidManifest.xml

index e49b871..9ecaa03 100644 (file)
--- a/packages/CaptivePortalLogin/AndroidManifest.xml
+++ b/packages/CaptivePortalLogin/AndroidManifest.xml
@@ -23,7 +23,7 @@
      <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
      <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />
      <uses-permission android:name="android.permission.NETWORK_BYPASS_PRIVATE_DNS" />
-    <uses-permission android:name="android.permission.NETWORK_STACK" />
+    <uses-permission android:name="android.permission.NETWORK_SETTINGS" />
  
      <application android:label="@string/app_name"
                   android:usesCleartextTraffic="true">
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java

index 6f91ede..d9b4602 100644 (file)
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1373,7 +1373,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
              NetworkCapabilities nc, int callerPid, int callerUid) {
          final NetworkCapabilities newNc = new NetworkCapabilities(nc);
          if (!checkSettingsPermission(callerPid, callerUid)) newNc.setUids(null);
-        if (!checkNetworkStackPermission(callerPid, callerUid)) newNc.setSSID(null);
+        if (!checkSettingsPermission(callerPid, callerUid)) newNc.setSSID(null);
          return newNc;
      }
  
@@ -1633,11 +1633,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
                  android.Manifest.permission.NETWORK_SETTINGS, pid, uid);
      }
  
-    private boolean checkNetworkStackPermission(int pid, int uid) {
-        return PERMISSION_GRANTED == mContext.checkPermission(
-                android.Manifest.permission.NETWORK_STACK, pid, uid);
-    }
-
      private void enforceTetherAccessPermission() {
          mContext.enforceCallingOrSelfPermission(
                  android.Manifest.permission.ACCESS_NETWORK_STATE,
@@ -4197,7 +4192,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
      // calling app has permission to do so.
      private void ensureSufficientPermissionsForRequest(NetworkCapabilities nc,
              int callerPid, int callerUid) {
-        if (null != nc.getSSID() && !checkNetworkStackPermission(callerPid, callerUid)) {
+        if (null != nc.getSSID() && !checkSettingsPermission(callerPid, callerUid)) {
              throw new SecurityException("Insufficient permissions to request a specific SSID");
          }
      }
author	Chalard Jean <jchalard@google.com>
	Mon, 16 Apr 2018 03:25:22 +0000 (12:25 +0900)
committer	Chalard Jean <jchalard@google.com>
	Wed, 6 Jun 2018 08:24:01 +0000 (08:24 +0000)
packages/CaptivePortalLogin/AndroidManifest.xml		patch \| blob \| history
services/core/java/com/android/server/ConnectivityService.java		patch \| blob \| history