commit da54a10704b390b6b986d395fc433ec6fc561a4a
author Remi NGUYEN VAN <reminv@google.com> Thu Jan 31 14:13:22 2019 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Jan 31 14:13:22 2019 +0000
tree 001c087a6d9b4d244ad6d9e5165c1dec581d87c7
parent 859a5d0f86a579e9af9296f6bd29419cdca0f499
parent d65832ec45955abfb2f49fb135f1569764f3b8c6

Merge "Add NetworkStackPermissionStub definitions"

src/com/android/server/connectivity/NetworkMonitor.java

diff --git a/src/com/android/server/connectivity/NetworkMonitor.java b/src/com/android/server/connectivity/NetworkMonitor.java
index b34efc4..dbffa6d 100644
--- a/src/com/android/server/connectivity/NetworkMonitor.java
+++ b/src/com/android/server/connectivity/NetworkMonitor.java
@@ -109,6 +109,8 @@
     private static final boolean DBG  = true;
     private static final boolean VDBG = false;
     private static final boolean VDBG_STALL = Log.isLoggable(TAG, Log.DEBUG);
+    // TODO: use another permission for CaptivePortalLoginActivity once it has its own certificate
+    private static final String PERMISSION_NETWORK_SETTINGS = "android.permission.NETWORK_SETTINGS";
     // Default configuration values for captive portal detection probes.
     // TODO: append a random length parameter to the default HTTPS url.
     // TODO: randomize browser version ids in the default User-Agent String.
@@ -682,7 +684,7 @@
                                 public void appResponse(int response) {
                                     if (response == APP_RETURN_WANTED_AS_IS) {
                                         mContext.enforceCallingPermission(
-                                                android.Manifest.permission.CONNECTIVITY_INTERNAL,
+                                                PERMISSION_NETWORK_SETTINGS,
                                                 "CaptivePortal");
                                     }
                                     sendMessage(CMD_CAPTIVE_PORTAL_APP_FINISHED, response);
@@ -692,7 +694,7 @@
                                 public void logEvent(int eventId, String packageName)
                                         throws RemoteException {
                                     mContext.enforceCallingPermission(
-                                            android.Manifest.permission.CONNECTIVITY_INTERNAL,
+                                            PERMISSION_NETWORK_SETTINGS,
                                             "CaptivePortal");
                                     mCallback.logCaptivePortalLoginEvent(eventId, packageName);
                                 }

src/com/android/server/util/PermissionUtil.java

diff --git a/src/com/android/server/util/PermissionUtil.java b/src/com/android/server/util/PermissionUtil.java
index 82bf038..f6eb900 100644
--- a/src/com/android/server/util/PermissionUtil.java
+++ b/src/com/android/server/util/PermissionUtil.java
@@ -19,6 +19,7 @@
 import static android.os.Binder.getCallingUid;
 
 import android.os.Process;
+import android.os.UserHandle;
 
 /**
  * Utility class to check calling permissions on the network stack.
@@ -32,7 +33,7 @@
     public static void checkNetworkStackCallingPermission() {
         // TODO: check that the calling PID is the system server.
         final int caller = getCallingUid();
-        if (caller != Process.SYSTEM_UID && caller != Process.BLUETOOTH_UID) {
+        if (caller != Process.SYSTEM_UID && UserHandle.getAppId(caller) != Process.BLUETOOTH_UID) {
             throw new SecurityException("Invalid caller: " + caller);
         }
     }