@EnforcePermission migrations - NetworkPolicyManagerService
Migrates call sites to use the @EnforcePermission annotation
instead of manually checking permissions.
These are fully behavior-preserving changes that can be identified by
Android Lint (see SimpleManualPermissionEnforcementDetector)
Bug: 265014041
Test: TH
Change-Id: I1b81a760374a7ff249e9bf00f79341396336cd86
diff --git a/core/java/android/net/INetworkPolicyManager.aidl b/core/java/android/net/INetworkPolicyManager.aidl
index dc24106..8f77571 100644
--- a/core/java/android/net/INetworkPolicyManager.aidl
+++ b/core/java/android/net/INetworkPolicyManager.aidl
@@ -30,29 +30,38 @@
interface INetworkPolicyManager {
/** Control UID policies. */
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
@UnsupportedAppUsage
void setUidPolicy(int uid, int policy);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
void addUidPolicy(int uid, int policy);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
void removeUidPolicy(int uid, int policy);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
@UnsupportedAppUsage
int getUidPolicy(int uid);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
int[] getUidsWithPolicy(int policy);
void registerListener(INetworkPolicyListener listener);
void unregisterListener(INetworkPolicyListener listener);
/** Control network policies atomically. */
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
@UnsupportedAppUsage
void setNetworkPolicies(in NetworkPolicy[] policies);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
NetworkPolicy[] getNetworkPolicies(String callingPackage);
/** Snooze limit on policy matching given template. */
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
@UnsupportedAppUsage
void snoozeLimit(in NetworkTemplate template);
/** Control if background data is restricted system-wide. */
@UnsupportedAppUsage
void setRestrictBackground(boolean restrictBackground);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
@UnsupportedAppUsage
boolean getRestrictBackground();
@@ -61,10 +70,13 @@
2 - whitelisted
3 - enabled
*/
+ @EnforcePermission("ACCESS_NETWORK_STATE")
int getRestrictBackgroundByCaller();
int getRestrictBackgroundStatus(int uid);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
void setDeviceIdleMode(boolean enabled);
+ @EnforcePermission("MANAGE_NETWORK_POLICY")
void setWifiMeteredOverride(String networkId, int meteredOverride);
int getMultipathPreference(in Network network);
@@ -76,8 +88,10 @@
String getSubscriptionPlansOwner(int subId);
void setSubscriptionOverride(int subId, int overrideMask, int overrideValue, in int[] networkTypes, long expirationDurationMillis, String callingPackage);
+ @EnforcePermission("NETWORK_SETTINGS")
void factoryReset(String subscriber);
boolean isUidNetworkingBlocked(int uid, boolean meteredNetwork);
+ @EnforcePermission("OBSERVE_NETWORK_POLICY")
boolean isUidRestrictedOnMeteredNetworks(int uid);
}
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index b708269..bde3447 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -141,6 +141,7 @@
import static org.xmlpull.v1.XmlPullParser.START_TAG;
import android.Manifest;
+import android.annotation.EnforcePermission;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
@@ -2842,9 +2843,10 @@
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public void setUidPolicy(int uid, int policy) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ setUidPolicy_enforcePermission();
if (!UserHandle.isApp(uid)) {
throw new IllegalArgumentException("cannot apply policy to UID " + uid);
@@ -2863,9 +2865,10 @@
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public void addUidPolicy(int uid, int policy) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ addUidPolicy_enforcePermission();
if (!UserHandle.isApp(uid)) {
throw new IllegalArgumentException("cannot apply policy to UID " + uid);
@@ -2881,9 +2884,10 @@
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public void removeUidPolicy(int uid, int policy) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ removeUidPolicy_enforcePermission();
if (!UserHandle.isApp(uid)) {
throw new IllegalArgumentException("cannot apply policy to UID " + uid);
@@ -2948,18 +2952,20 @@
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public int getUidPolicy(int uid) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ getUidPolicy_enforcePermission();
synchronized (mUidRulesFirstLock) {
return mUidPolicy.get(uid, POLICY_NONE);
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public int[] getUidsWithPolicy(int policy) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ getUidsWithPolicy_enforcePermission();
int[] uids = new int[0];
synchronized (mUidRulesFirstLock) {
@@ -3055,9 +3061,10 @@
mListeners.unregister(listener);
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public void setNetworkPolicies(NetworkPolicy[] policies) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ setNetworkPolicies_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
@@ -3078,9 +3085,10 @@
setNetworkPolicies(policies);
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public NetworkPolicy[] getNetworkPolicies(String callingPackage) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ getNetworkPolicies_enforcePermission();
try {
mContext.enforceCallingOrSelfPermission(READ_PRIVILEGED_PHONE_STATE, TAG);
// SKIP checking run-time OP_READ_PHONE_STATE since caller or self has PRIVILEGED
@@ -3176,9 +3184,10 @@
return template;
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public void snoozeLimit(NetworkTemplate template) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ snoozeLimit_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
@@ -3286,9 +3295,10 @@
.sendToTarget();
}
+ @EnforcePermission(ACCESS_NETWORK_STATE)
@Override
public int getRestrictBackgroundByCaller() {
- mContext.enforceCallingOrSelfPermission(ACCESS_NETWORK_STATE, TAG);
+ getRestrictBackgroundByCaller_enforcePermission();
return getRestrictBackgroundStatusInternal(Binder.getCallingUid());
}
@@ -3321,18 +3331,20 @@
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public boolean getRestrictBackground() {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ getRestrictBackground_enforcePermission();
synchronized (mUidRulesFirstLock) {
return mRestrictBackground;
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public void setDeviceIdleMode(boolean enabled) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ setDeviceIdleMode_enforcePermission();
Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "setDeviceIdleMode");
try {
synchronized (mUidRulesFirstLock) {
@@ -3357,9 +3369,10 @@
}
}
+ @EnforcePermission(MANAGE_NETWORK_POLICY)
@Override
public void setWifiMeteredOverride(String networkId, int meteredOverride) {
- mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
+ setWifiMeteredOverride_enforcePermission();
final long token = Binder.clearCallingIdentity();
try {
final WifiManager wm = mContext.getSystemService(WifiManager.class);
@@ -5967,9 +5980,10 @@
}
}
+ @EnforcePermission(NETWORK_SETTINGS)
@Override
public void factoryReset(String subscriber) {
- mContext.enforceCallingOrSelfPermission(NETWORK_SETTINGS, TAG);
+ factoryReset_enforcePermission();
if (mUserManager.hasUserRestriction(UserManager.DISALLOW_NETWORK_RESET)) {
return;
@@ -6028,9 +6042,10 @@
return blockedReasons != BLOCKED_REASON_NONE;
}
+ @EnforcePermission(OBSERVE_NETWORK_POLICY)
@Override
public boolean isUidRestrictedOnMeteredNetworks(int uid) {
- mContext.enforceCallingOrSelfPermission(OBSERVE_NETWORK_POLICY, TAG);
+ isUidRestrictedOnMeteredNetworks_enforcePermission();
synchronized (mUidBlockedState) {
final UidBlockedState uidBlockedState = mUidBlockedState.get(uid);
int blockedReasons = uidBlockedState == null
