Requests without NET_CAPABILITIES_INTERNET and just the default network
capabilities should not be marked restricted. Without this fix apps
can hit permissions exceptions if they inadvertently make requests
without NET_CAPABILITIES_INTERNET.
Bug:
23164917
Change-Id: I4c7136821315bcb05dfc42ffbc505a5d4f6109e6
(cherry picked from commit
aae613d96134245af7c55976731a49fa59e77470)
public void maybeMarkCapabilitiesRestricted() {
// If all the capabilities are typically provided by restricted networks, conclude that this
// network is restricted.
- if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0)
+ if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0 &&
+ // Must have at least some restricted capabilities, otherwise a request for an
+ // internet-less network will get marked restricted.
+ (mNetworkCapabilities & RESTRICTED_CAPABILITIES) != 0) {
removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
+ }
}
/**