commit 0e0a7597343b4f030be17788006006c93c85759c
author Robert Greenwalt <rgreenwalt@google.com> Thu Jun 23 08:19:48 2011 -0700
committer Android Git Automerger <android-git-automerger@android.com> Thu Jun 23 08:19:48 2011 -0700
tree e126626d1df358c6709844d478518b3f249a45ee
parent d4f9872cb077abc54cfa2def348f831d24e32ca0
parent 1d6ffd7339c3dfa53de19e27ca09e57233cc25ef

am 1d6ffd73: Merge "Restrict access to protected networks." into honeycomb-LTE

* commit '1d6ffd7339c3dfa53de19e27ca09e57233cc25ef':
  Restrict access to protected networks.

core/res/res/values/config.xml

diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index e1eba7e..16e443b 100755
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -115,6 +115,14 @@
         <item>"mobile_cbs,12,0,2,60000,true"</item>
     </string-array>
 
+    <!-- Array of ConnectivityManager.TYPE_xxxx constants for networks that may only
+         be controlled by systemOrSignature apps.  -->
+    <integer-array translatable="false" name="config_protectedNetworks">
+        <item>10</item>
+        <item>11</item>
+        <item>12</item>
+    </integer-array>
+
     <!-- This string array should be overridden by the device to present a list of radio
          attributes.  This is used by the connectivity manager to decide which networks can coexist
          based on the hardware -->

services/java/com/android/server/ConnectivityService.java

diff --git a/services/java/com/android/server/ConnectivityService.java b/services/java/com/android/server/ConnectivityService.java
index aee2a9a1..c829ce7 100644
--- a/services/java/com/android/server/ConnectivityService.java
+++ b/services/java/com/android/server/ConnectivityService.java
@@ -250,6 +250,9 @@
     }
     RadioAttributes[] mRadioAttributes;
 
+    // the set of network types that can only be enabled by system/sig apps
+    List mProtectedNetworks;
+
     public static synchronized ConnectivityService getInstance(Context context) {
         if (sServiceInstance == null) {
             sServiceInstance = new ConnectivityService(context);
@@ -349,6 +352,17 @@
             }
         }
 
+        mProtectedNetworks = new ArrayList<Integer>();
+        int[] protectedNetworks = context.getResources().getIntArray(
+                com.android.internal.R.array.config_protectedNetworks);
+        for (int p : protectedNetworks) {
+            if ((mNetConfigs[p] != null) && (mProtectedNetworks.contains(p) == false)) {
+                mProtectedNetworks.add(p);
+            } else {
+                if (DBG) loge("Ignoring protectedNetwork " + p);
+            }
+        }
+
         // high priority first
         mPriorityList = new int[mNetworksDefined];
         {
@@ -678,6 +692,11 @@
                 usedNetworkType = networkType;
             }
         }
+
+        if (mProtectedNetworks.contains(usedNetworkType)) {
+            enforceConnectivityInternalPermission();
+        }
+
         NetworkStateTracker network = mNetTrackers[usedNetworkType];
         if (network != null) {
             Integer currentPid = new Integer(getCallingPid());
@@ -888,6 +907,10 @@
      */
     public boolean requestRouteToHostAddress(int networkType, byte[] hostAddress) {
         enforceChangePermission();
+        if (mProtectedNetworks.contains(networkType)) {
+            enforceConnectivityInternalPermission();
+        }
+
         if (!ConnectivityManager.isNetworkTypeValid(networkType)) {
             return false;
         }
@@ -1005,7 +1028,8 @@
     }
 
     public void setDataDependency(int networkType, boolean met) {
-        enforceChangePermission();
+        enforceConnectivityInternalPermission();
+
         if (DBG) {
             log("setDataDependency(" + networkType + ", " + met + ")");
         }