// limitations under the License.
//
-// Library including the network stack, used to compile the network stack app, or linked into the
-// system server on devices that run the stack there
-java_library {
- name: "NetworkStackLib",
+// Library including the network stack, used to compile both variants of the network stack
+android_library {
+ name: "NetworkStackBase",
sdk_version: "system_current",
- installable: true,
+ min_sdk_version: "28",
srcs: [
"src/**/*.java",
":framework-networkstack-shared-srcs",
"netd_aidl_interface-java",
"networkstack-aidl-interfaces-java",
"datastallprotosnano",
- ]
+ ],
+ manifest: "AndroidManifestBase.xml",
+}
+
+// Non-updatable in-process network stack for devices not using the module
+android_app {
+ name: "InProcessNetworkStack",
+ sdk_version: "system_current",
+ min_sdk_version: "28",
+ certificate: "platform",
+ privileged: true,
+ static_libs: [
+ "NetworkStackBase",
+ ],
+ jarjar_rules: "jarjar-rules-shared.txt",
+ // The permission configuration *must* be included to ensure security of the device
+ required: ["NetworkStackPermissionStub"],
+ manifest: "AndroidManifest_InProcess.xml",
}
// Updatable network stack packaged as an application
certificate: "networkstack",
privileged: true,
static_libs: [
- "NetworkStackLib"
+ "NetworkStackBase"
],
jarjar_rules: "jarjar-rules-shared.txt",
- manifest: "AndroidManifest.xml",
+ // The permission configuration *must* be included to ensure security of the device
required: ["NetworkStackPermissionStub"],
+ manifest: "AndroidManifest.xml",
}
<?xml version="1.0" encoding="utf-8"?>
<!--
/*
- * Copyright (C) 2014 The Android Open Source Project
+ * Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
-->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.networkstack"
- android:sharedUserId="android.uid.networkstack"
- android:versionCode="11"
- android:versionName="Q-initial">
- <uses-sdk android:minSdkVersion="28" android:targetSdkVersion="28" />
- <uses-permission android:name="android.permission.INTERNET" />
- <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
- <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
- <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
- <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />
+ android:sharedUserId="android.uid.networkstack">
<!-- Signature permission defined in NetworkStackStub -->
<uses-permission android:name="android.permission.MAINLINE_NETWORK_STACK" />
- <!-- Send latency broadcast as current user -->
- <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
- <uses-permission android:name="android.permission.WAKE_LOCK" />
- <uses-permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE" />
- <application
- android:label="NetworkStack"
- android:defaultToDeviceProtectedStorage="true"
- android:directBootAware="true"
- android:usesCleartextTraffic="true">
+ <application>
<service android:name="com.android.server.NetworkStackService">
<intent-filter>
<action android:name="android.net.INetworkStackConnector"/>
</intent-filter>
</service>
</application>
-</manifest>
+</manifest>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.networkstack"
+ android:versionCode="11"
+ android:versionName="Q-initial">
+ <uses-sdk android:minSdkVersion="28" android:targetSdkVersion="28" />
+ <uses-permission android:name="android.permission.INTERNET" />
+ <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
+ <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+ <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
+ <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />
+ <!-- Send latency broadcast as current user -->
+ <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
+ <uses-permission android:name="android.permission.WAKE_LOCK" />
+ <uses-permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE" />
+ <application
+ android:label="NetworkStack"
+ android:defaultToDeviceProtectedStorage="true"
+ android:directBootAware="true"
+ android:usesCleartextTraffic="true">
+ </application>
+</manifest>
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.networkstack.inprocess"
+ android:sharedUserId="android.uid.system"
+ android:process="system">
+ <application>
+ <service android:name="com.android.server.NetworkStackService" android:process="system">
+ <intent-filter>
+ <action android:name="android.net.INetworkStackConnector.InProcess"/>
+ </intent-filter>
+ </service>
+ </application>
+</manifest>
\ No newline at end of file
"androidx.test.rules",
"frameworks-base-testutils",
"mockito-target-extended-minus-junit4",
- "NetworkStackLib",
+ "NetworkStackBase",
"testables",
],
libs: [
import com.android.internal.annotations.GuardedBy;
import java.io.PrintWriter;
-import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
/**
private static final String TAG = NetworkStackClient.class.getSimpleName();
private static final int NETWORKSTACK_TIMEOUT_MS = 10_000;
+ private static final String IN_PROCESS_SUFFIX = ".InProcess";
private static NetworkStackClient sInstance;
public void start(Context context) {
log("Starting network stack");
mNetworkStackStartRequested = true;
- // Try to bind in-process if the library is available
- IBinder connector = null;
- try {
- final Class service = Class.forName(
- "com.android.server.NetworkStackService",
- true /* initialize */,
- context.getClassLoader());
- connector = (IBinder) service.getMethod("makeConnector", Context.class)
- .invoke(null, context);
- } catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) {
- logWtf("Could not create network stack connector from NetworkStackService", e);
- // TODO: crash/reboot system here ?
- return;
- } catch (ClassNotFoundException e) {
- // Normal behavior if stack is provided by the app: fall through
+
+ final PackageManager pm = context.getPackageManager();
+
+ // Try to bind in-process if the device was shipped with an in-process version
+ Intent intent = getNetworkStackIntent(pm, true /* inSystemProcess */);
+
+ // Otherwise use the updatable module version
+ if (intent == null) {
+ intent = getNetworkStackIntent(pm, false /* inSystemProcess */);
+ log("Starting network stack process");
+ } else {
+ log("Starting network stack in-process");
}
- // In-process network stack. Add the service to the service manager here.
- if (connector != null) {
- log("Registering in-process network stack connector");
- registerNetworkStackService(connector);
+ if (intent == null) {
+ logWtf("Could not resolve the network stack", null);
+ // TODO: crash/reboot system server ?
return;
}
- // Start the network stack process. The service will be added to the service manager in
+
+ // Start the network stack. The service will be added to the service manager in
// NetworkStackConnection.onServiceConnected().
- log("Starting network stack process");
- final Intent intent = new Intent(INetworkStackConnector.class.getName());
- final ComponentName comp = intent.resolveSystemService(context.getPackageManager(), 0);
- intent.setComponent(comp);
+ if (!context.bindServiceAsUser(intent, new NetworkStackConnection(),
+ Context.BIND_AUTO_CREATE | Context.BIND_IMPORTANT, UserHandle.SYSTEM)) {
+ logWtf("Could not bind to network stack with " + intent, null);
+ return;
+ // TODO: crash/reboot system server if no network stack after a timeout ?
+ }
+
+ log("Network stack service start requested");
+ }
+
+ @Nullable
+ private Intent getNetworkStackIntent(@NonNull PackageManager pm, boolean inSystemProcess) {
+ final String baseAction = INetworkStackConnector.class.getName();
+ final Intent intent =
+ new Intent(inSystemProcess ? baseAction + IN_PROCESS_SUFFIX : baseAction);
+ final ComponentName comp = intent.resolveSystemService(pm, 0);
if (comp == null) {
- logWtf("Could not resolve the network stack with " + intent, null);
- // TODO: crash/reboot system server ?
- return;
+ return null;
}
- final PackageManager pm = context.getPackageManager();
+ intent.setComponent(comp);
+
int uid = -1;
try {
uid = pm.getPackageUidAsUser(comp.getPackageName(), UserHandle.USER_SYSTEM);
logWtf("Network stack package not found", e);
// Fall through
}
- if (uid != Process.NETWORK_STACK_UID) {
+
+ final int expectedUid = inSystemProcess ? Process.SYSTEM_UID : Process.NETWORK_STACK_UID;
+ if (uid != expectedUid) {
throw new SecurityException("Invalid network stack UID: " + uid);
}
+ if (!inSystemProcess) {
+ checkNetworkStackPermission(pm, comp);
+ }
+
+ return intent;
+ }
+
+ private void checkNetworkStackPermission(
+ @NonNull PackageManager pm, @NonNull ComponentName comp) {
final int hasPermission =
pm.checkPermission(PERMISSION_MAINLINE_NETWORK_STACK, comp.getPackageName());
if (hasPermission != PERMISSION_GRANTED) {
throw new SecurityException(
"Network stack does not have permission " + PERMISSION_MAINLINE_NETWORK_STACK);
}
-
- if (!context.bindServiceAsUser(intent, new NetworkStackConnection(),
- Context.BIND_AUTO_CREATE | Context.BIND_IMPORTANT, UserHandle.SYSTEM)) {
- logWtf("Could not bind to network stack in-process, or in app with " + intent, null);
- return;
- // TODO: crash/reboot system server if no network stack after a timeout ?
- }
-
- log("Network stack service start requested");
}
private void log(@NonNull String message) {
OSDN Git Service
