Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / aae613d96134245af7c55976731a49fa59e77470^! / .
commitaae613d96134245af7c55976731a49fa59e77470[log] [tgz]
authorPaul Jensen <pauljensen@google.com>Wed Aug 19 11:06:15 2015 -0400
committerPaul Jensen <pauljensen@google.com>Wed Aug 19 11:08:38 2015 -0400
treefecd59637ca65eeac8b93bedfeeba0305669118a
parent8b8fa3e934e3ddf01790e647b4401dc88b24bf67 [diff]
Don't mark NetworkRequests restricted when they don't have restricted caps

Requests without NET_CAPABILITIES_INTERNET and just the default network
capabilities should not be marked restricted.  Without this fix apps
can hit permissions exceptions if they inadvertently make requests
without NET_CAPABILITIES_INTERNET.

Bug:23164917
Change-Id: I4c7136821315bcb05dfc42ffbc505a5d4f6109e6

diff --git a/core/java/android/net/NetworkCapabilities.java b/core/java/android/net/NetworkCapabilities.java
index 29b063a..d0e0cbe 100644
--- a/core/java/android/net/NetworkCapabilities.java
+++ b/core/java/android/net/NetworkCapabilities.java

@@ -299,8 +299,12 @@
     public void maybeMarkCapabilitiesRestricted() {
         // If all the capabilities are typically provided by restricted networks, conclude that this
         // network is restricted.
-        if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0)
+        if ((mNetworkCapabilities & ~(DEFAULT_CAPABILITIES | RESTRICTED_CAPABILITIES)) == 0 &&
+                // Must have at least some restricted capabilities, otherwise a request for an
+                // internet-less network will get marked restricted.
+                (mNetworkCapabilities & RESTRICTED_CAPABILITIES) != 0) {
             removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
+        }
     }
 
     /**

diff --git a/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java b/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java
index 696f106..b4c76b7 100644
--- a/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/ConnectivityServiceTest.java

@@ -943,8 +943,7 @@
         if (capability == NET_CAPABILITY_CBS || capability == NET_CAPABILITY_DUN ||
                 capability == NET_CAPABILITY_EIMS || capability == NET_CAPABILITY_FOTA ||
                 capability == NET_CAPABILITY_IA || capability == NET_CAPABILITY_IMS ||
-                capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP ||
-                capability == NET_CAPABILITY_TRUSTED || capability == NET_CAPABILITY_NOT_VPN) {
+                capability == NET_CAPABILITY_RCS || capability == NET_CAPABILITY_XCAP) {
             assertFalse(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
         } else {
             assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));