Skip to content

Commit

Permalink
Enforce INTERNET as a runtime permission.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Zoraver @thestinger
Zoraver authored and thestinger committed Nov 4, 2019
1 parent caca47c commit 86a9704
Showing 1 changed file with 39 additions and 20 deletions.
59 changes: 39 additions & 20 deletions services/core/java/com/android/server/connectivity/PermissionMonitor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import static android.os.Process.SYSTEM_UID;

import android.annotation.NonNull;
import android.annotation.UserIdInt;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
Expand All @@ -55,6 +56,7 @@
import com.android.internal.util.IndentingPrintWriter;
import com.android.server.LocalServices;
import com.android.server.SystemConfig;
import com.android.server.pm.permission.PermissionManagerServiceInternal;

import java.util.ArrayList;
import java.util.Collection;
Expand All @@ -80,6 +82,7 @@ public class PermissionMonitor {
private static final int VERSION_Q = Build.VERSION_CODES.Q;

private final PackageManager mPackageManager;
private final PackageManagerInternal mPackageManagerInternal;
private final UserManager mUserManager;
private final INetd mNetd;

Expand All @@ -104,26 +107,6 @@ public class PermissionMonitor {

private class PackageListObserver implements PackageManagerInternal.PackageListObserver {

private int getPermissionForUid(int uid) {
int permission = 0;
// Check all the packages for this UID. The UID has the permission if any of the
// packages in it has the permission.
String[] packages = mPackageManager.getPackagesForUid(uid);
if (packages != null && packages.length > 0) {
for (String name : packages) {
final PackageInfo app = getPackageInfo(name);
if (app != null && app.requestedPermissions != null) {
permission |= getNetdPermissionMask(app.requestedPermissions,
app.requestedPermissionsFlags);
}
}
} else {
// The last package of this uid is removed from device. Clean the package up.
permission = INetd.PERMISSION_UNINSTALLED;
}
return permission;
}

@Override
public void onPackageAdded(String packageName, int uid) {
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
Expand All @@ -135,10 +118,46 @@ public void onPackageRemoved(String packageName, int uid) {
}
}

private int getPermissionForUid(int uid) {
int permission = 0;
// Check all the packages for this UID. The UID has the permission if any of the
// packages in it has the permission.
String[] packages = mPackageManager.getPackagesForUid(uid);
if (packages != null && packages.length > 0) {
for (String name : packages) {
final PackageInfo app = getPackageInfo(name);
if (app != null && app.requestedPermissions != null) {
permission |= getNetdPermissionMask(app.requestedPermissions,
app.requestedPermissionsFlags);
}
}
} else {
// The last package of this uid is removed from device. Clean the package up.
permission = INetd.PERMISSION_UNINSTALLED;
}
return permission;
}

// implements OnRuntimePermissionStateChangedListener
private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
@UserIdInt int userId) {
// userId is _not_ uid
int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
}

public PermissionMonitor(Context context, INetd netd) {
mPackageManager = context.getPackageManager();
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
mNetd = netd;

mPackageManagerInternal = LocalServices.getService(
PackageManagerInternal.class);

final PermissionManagerServiceInternal permManagerInternal = LocalServices.getService(
PermissionManagerServiceInternal.class);
permManagerInternal.addOnRuntimePermissionStateChangedListener(
this::enforceINTERNETAsRuntimePermission);
}

// Intended to be called only once at startup, after the system is ready. Installs a broadcast
Expand Down

0 comments on commit 86a9704

Please sign in to comment.