commit 543fcd8b298127e090dcbff8df228e1c19c7910b
author Cody Kesting <ckesting@google.com> Tue Mar 17 15:31:06 2020 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Tue Mar 17 15:31:06 2020 +0000
tree e4ae532e95393c0fca9e8e6e8234fb4875e8a01f
parent e09e0db478659e63207b7a7d55cffec7a4b6f2a2
parent a5333b952837a880262121174b60809a82ab00dc

Merge "Protect ConnectivityService from SecurityException in permission check." into rvc-dev

services/core/java/com/android/server/ConnectivityService.java

diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 62ea862..deae459 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -7892,8 +7892,15 @@
             return true;
         }
 
-        if (!mLocationPermissionChecker.checkLocationPermission(
-                callbackPackageName, null /* featureId */, callbackUid, null /* message */)) {
+        // LocationPermissionChecker#checkLocationPermission can throw SecurityException if the uid
+        // and package name don't match. Throwing on the CS thread is not acceptable, so wrap the
+        // call in a try-catch.
+        try {
+            if (!mLocationPermissionChecker.checkLocationPermission(
+                    callbackPackageName, null /* featureId */, callbackUid, null /* message */)) {
+                return false;
+            }
+        } catch (SecurityException e) {
             return false;
         }
 

tests/net/java/com/android/server/ConnectivityServiceTest.java

diff --git a/tests/net/java/com/android/server/ConnectivityServiceTest.java b/tests/net/java/com/android/server/ConnectivityServiceTest.java
index de8bf3c..c21772a 100644
--- a/tests/net/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/net/java/com/android/server/ConnectivityServiceTest.java
@@ -6789,6 +6789,26 @@
     }
 
     @Test
+    public void testCheckConnectivityDiagnosticsPermissionsWrongUidPackageName() throws Exception {
+        final NetworkAgentInfo naiWithoutUid =
+                new NetworkAgentInfo(
+                        null, null, null, null, null, new NetworkCapabilities(), 0,
+                        mServiceContext, null, null, mService, null, null, null, 0);
+
+        mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
+
+        try {
+            assertFalse(
+                    "Mismatched uid/package name should not pass the location permission check",
+                    mService.checkConnectivityDiagnosticsPermissions(
+                            Process.myPid() + 1, Process.myUid() + 1, naiWithoutUid,
+                            mContext.getOpPackageName()));
+        } catch (SecurityException e) {
+            fail("checkConnectivityDiagnosticsPermissions shouldn't surface a SecurityException");
+        }
+    }
+
+    @Test
     public void testCheckConnectivityDiagnosticsPermissionsNoLocationPermission() throws Exception {
         final NetworkAgentInfo naiWithoutUid =
                 new NetworkAgentInfo(