Add CONNECTIVITY_USE_RESTRICTED_NETWORKS permission
This patch creates a new permission used by ConnectivityService to give
access to restricted networks without the NET_CAPABILITY_NOT_RESTRICTED
capability bit on.
Bug: 24497316
Change-Id: I5b6c8a9ef14395b2f1ab26cb17b24d7876ec79f1
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 051cb2d..1106262 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1577,6 +1577,16 @@
"ConnectivityService");
}
+ private void enforceConnectivityRestrictedNetworksPermission() {
+ try {
+ mContext.enforceCallingOrSelfPermission(
+ android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS,
+ "ConnectivityService");
+ return;
+ } catch (SecurityException e) { /* fallback to ConnectivityInternalPermission */ }
+ enforceConnectivityInternalPermission();
+ }
+
private void enforceKeepalivePermission() {
mContext.enforceCallingOrSelfPermission(KeepaliveTracker.PERMISSION, "ConnectivityService");
}
@@ -4109,7 +4119,7 @@
private void enforceNetworkRequestPermissions(NetworkCapabilities networkCapabilities) {
if (networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED) == false) {
- enforceConnectivityInternalPermission();
+ enforceConnectivityRestrictedNetworksPermission();
} else {
enforceChangePermission();
}