Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / b0aec07f7462ff7563835c3107f4b46a28eae7a4^! / .
commitb0aec07f7462ff7563835c3107f4b46a28eae7a4[log] [tgz]
authorJeff Sharkey <jsharkey@android.com>Fri Oct 14 18:32:24 2011 -0700
committerJeff Sharkey <jsharkey@android.com>Mon Oct 17 14:51:42 2011 -0700
treef989f3e7a21c85cc5fbf1ce8b6f0dd01e263b08f
parentc4de6f81d4533acbfc162d051de480d474b72e76 [diff]
Validate commands and arguments.

Bug: 5465176
Change-Id: I9402054c20ea6cae42781c35bfc2ade90aac31ce

diff --git a/services/java/com/android/server/NativeDaemonConnector.java b/services/java/com/android/server/NativeDaemonConnector.java
index 43d938c..28013bd 100644
--- a/services/java/com/android/server/NativeDaemonConnector.java
+++ b/services/java/com/android/server/NativeDaemonConnector.java

@@ -207,6 +207,13 @@
      */
     private void sendCommandLocked(String command, String argument)
             throws NativeDaemonConnectorException {
+        if (command != null && command.indexOf('\0') >= 0) {
+            throw new IllegalArgumentException("unexpected command: " + command);
+        }
+        if (argument != null && argument.indexOf('\0') >= 0) {
+            throw new IllegalArgumentException("unexpected argument: " + argument);
+        }
+
         if (LOCAL_LOGD) Slog.d(TAG, String.format("SND -> {%s} {%s}", command, argument));
         if (mOutputStream == null) {
             Slog.e(TAG, "No connection to daemon", new IllegalStateException());

diff --git a/services/java/com/android/server/NetworkManagementService.java b/services/java/com/android/server/NetworkManagementService.java
index b05705e..fb13b75 100644
--- a/services/java/com/android/server/NetworkManagementService.java
+++ b/services/java/com/android/server/NetworkManagementService.java

@@ -16,6 +16,8 @@
 
 package com.android.server;
 
+import static android.Manifest.permission.ACCESS_NETWORK_STATE;
+import static android.Manifest.permission.CHANGE_NETWORK_STATE;
 import static android.Manifest.permission.DUMP;
 import static android.Manifest.permission.MANAGE_NETWORK_POLICY;
 import static android.net.NetworkStats.SET_DEFAULT;
@@ -350,6 +352,7 @@
     }
 
     public InterfaceConfiguration getInterfaceConfig(String iface) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(ACCESS_NETWORK_STATE, TAG);
         String rsp;
         try {
             rsp = mConnector.doCommand("interface getcfg " + iface).get(0);
@@ -404,6 +407,7 @@
 
     public void setInterfaceConfig(
             String iface, InterfaceConfiguration cfg) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         LinkAddress linkAddr = cfg.addr;
         if (linkAddr == null || linkAddr.getAddress() == null) {
             throw new IllegalStateException("Null LinkAddress given");
@@ -421,6 +425,7 @@
     }
 
     public void setInterfaceDown(String iface) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         try {
             InterfaceConfiguration ifcg = getInterfaceConfig(iface);
             ifcg.interfaceFlags = ifcg.interfaceFlags.replace("up", "down");
@@ -432,6 +437,7 @@
     }
 
     public void setInterfaceUp(String iface) throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         try {
             InterfaceConfiguration ifcg = getInterfaceConfig(iface);
             ifcg.interfaceFlags = ifcg.interfaceFlags.replace("down", "up");
@@ -444,6 +450,7 @@
 
     public void setInterfaceIpv6PrivacyExtensions(String iface, boolean enable)
             throws IllegalStateException {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         String cmd = String.format("interface ipv6privacyextensions %s %s", iface,
                 enable ? "enable" : "disable");
         try {
@@ -459,7 +466,8 @@
     /* TODO: This is right now a IPv4 only function. Works for wifi which loses its
        IPv6 addresses on interface down, but we need to do full clean up here */
     public void clearInterfaceAddresses(String iface) throws IllegalStateException {
-         String cmd = String.format("interface clearaddrs %s", iface);
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
+        String cmd = String.format("interface clearaddrs %s", iface);
         try {
             mConnector.doCommand(cmd);
         } catch (NativeDaemonConnectorException e) {
@@ -491,10 +499,12 @@
     }
 
     public void addRoute(String interfaceName, RouteInfo route) {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         modifyRoute(interfaceName, ADD, route);
     }
 
     public void removeRoute(String interfaceName, RouteInfo route) {
+        mContext.enforceCallingOrSelfPermission(CHANGE_NETWORK_STATE, TAG);
         modifyRoute(interfaceName, REMOVE, route);
     }
 
@@ -578,6 +588,7 @@
     }
 
     public RouteInfo[] getRoutes(String interfaceName) {
+        mContext.enforceCallingOrSelfPermission(ACCESS_NETWORK_STATE, TAG);
         ArrayList<RouteInfo> routes = new ArrayList<RouteInfo>();
 
         // v4 routes listed as: