Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / modules / NetworkStack / 4f7589a313168b3aecc62e41b7ac858d33b4570a^1..4f7589a313168b3aecc62e41b7ac858d33b4570a / .
commit4f7589a313168b3aecc62e41b7ac858d33b4570a[log] [tgz]
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Tue May 10 10:08:07 2022 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Tue May 10 10:08:07 2022 +0000
tree4c63d032480092b1cf3b8d559a361eb17477178b
parent80085fe239a3babcaa3bf4e44f9ad3e0e490f99f [diff]
parent9292b4560896a1b60fc34ab5e7ead334b1a95373 [diff]
Snap for 8564229 from 9292b4560896a1b60fc34ab5e7ead334b1a95373 to t-keystone-qcom-release

Change-Id: I32e1d63da14135dab6a811fe094a7b3b36d12299

diff --git a/Android.bp b/Android.bp
index ec7f8b0..7ecfed3 100644
--- a/Android.bp
+++ b/Android.bp

@@ -347,11 +347,9 @@
     manifest: "AndroidManifest_InProcess.xml",
     // InProcessNetworkStack is a replacement for NetworkStack
     overrides: ["NetworkStack", "NetworkStackNext"],
-    // The permission configuration *must* be included to ensure security of the device
     // The InProcessNetworkStack goes together with the PlatformCaptivePortalLogin, which replaces
     // the default CaptivePortalLogin.
     required: [
-        "PlatformNetworkPermissionConfig",
         "PlatformCaptivePortalLogin",
     ],
 }
@@ -379,9 +377,7 @@
     static_libs: ["NetworkStackNextManifestBase"],
     certificate: "networkstack",
     manifest: "AndroidManifest_Next.xml",
-    // The permission configuration *must* be included to ensure security of the device
     required: [
-        "NetworkPermissionConfig",
         "privapp_whitelist_com.android.networkstack",
     ],
     lint: { strict_updatability_linting: true },
@@ -394,9 +390,7 @@
     static_libs: ["NetworkStackApiStableLib"],
     certificate: "networkstack",
     manifest: "AndroidManifest.xml",
-    // The permission configuration *must* be included to ensure security of the device
     required: [
-        "NetworkPermissionConfig",
         "privapp_whitelist_com.android.networkstack",
     ],
     updatable: true,
@@ -475,9 +469,7 @@
     static_libs: ["NetworkStackApiStableLib"],
     certificate: "networkstack",
     manifest: ":NetworkStackTestAndroidManifest",
-    // The permission configuration *must* be included to ensure security of the device
     required: [
-        "NetworkPermissionConfig",
         "privapp_whitelist_com.android.networkstack",
     ],
 }

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 8750795..b27c78f 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml

@@ -23,6 +23,8 @@
   android:versionName="s_aml_319999900"
   coreApp="true"
 >
+    <permission android:name="android.permission.MAINLINE_NETWORK_STACK"
+                android:protectionLevel="signature"/>
     <!-- Permissions must be defined here, and not in the base manifest, as the network stack
          running in the system server process does not need any permission, and having privileged
          permissions added would cause crashes on startup unless they are also added to the

diff --git a/AndroidManifest_InProcess.xml b/AndroidManifest_InProcess.xml
index 6c64d87..d8c5feb 100644
--- a/AndroidManifest_InProcess.xml
+++ b/AndroidManifest_InProcess.xml

@@ -21,6 +21,8 @@
           android:sharedUserId="android.uid.system"
           android:process="system"
           coreApp="true">
+    <permission android:name="android.permission.MAINLINE_NETWORK_STACK"
+                android:protectionLevel="signature"/>
     <application>
         <service android:name="com.android.server.NetworkStackService"
                  android:process="system"

diff --git a/res/values-mcc460/config.xml b/res/values-mcc460/config.xml
index 2863edd..3c4b493 100644
--- a/res/values-mcc460/config.xml
+++ b/res/values-mcc460/config.xml

@@ -5,13 +5,20 @@
          general case as this could degrade the user experience (portals not detected properly).
          However in China the default URLs are not accessible in general. The below alternatives
          should allow users to connect to local networks normally. -->
+    <!-- default_captive_portal_http_url is not configured as overlayable so
+         OEMs that wish to change captive_portal_http_url configuration must
+         do so via configuring runtime resource overlay to
+         config_captive_portal_http_url and *NOT* by changing or overlaying
+         this resource. It will break if the enforcement of overlayable starts.
+         -->
+    <string name="default_captive_portal_http_url" translatable="false">http://connectivitycheck.gstatic.cn/generate_204</string>
     <!-- default_captive_portal_https_url is not configured as overlayable so
          OEMs that wish to change captive_portal_https_url configuration must
          do so via configuring runtime resource overlay to
          config_captive_portal_https_url and *NOT* by changing or overlaying
          this resource. It will break if the enforcement of overlayable starts.
          -->
-    <string name="default_captive_portal_https_url" translatable="false">https://connectivitycheck.gstatic.com/generate_204</string>
+    <string name="default_captive_portal_https_url" translatable="false">https://connectivitycheck.gstatic.cn/generate_204</string>
     <!-- default_captive_portal_fallback_urls is not configured as overlayable
          so OEMs that wish to change captive_portal_fallback_urls configuration
          must do so via configuring runtime resource overlay to