Accept MAINLINE_NETWORK_STACK permission on register/unregister network provider Registering/Unregistering network provider needs NETWORK_FACTORY which is signature only permission. But mainline modules can't grant this permission because it's not signed with platform key. Hence, these APIs should also accept MAINLINE_NETWORK_STACK permission that allow mainline module to register/unregister network provider. Bug: 150733435 Test: atest FrameworksNetTests Change-Id: Id22113aa0db01244817b4b008f5573c5e7b317f0 Merged-In: Id22113aa0db01244817b4b008f5573c5e7b317f0 (cherry picked from aosp/1248727)

commit: 6617c9be421abd47a51f88b6ccbb56c015c2ffed [log] [tgz]
author: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Mar 04 18:04:01 2020 +0000
committer: Paul Hu <paulhu@google.com> Tue Mar 10 09:38:50 2020 +0000
tree: 72a651fddd4f963a54b35bda5228930c91cfa732
parent: ea7800cb54a5fdce0daf32f5c82deefde8c261ed [diff]
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
index fc6954f..81735ac 100644
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java

@@ -3222,7 +3222,9 @@
 
     /** {@hide} - returns the factory serial number */
     @UnsupportedAppUsage
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
     public int registerNetworkFactory(Messenger messenger, String name) {
         try {
             return mService.registerNetworkFactory(messenger, name);
@@ -3233,7 +3235,9 @@
 
     /** {@hide} */
     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023)
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
     public void unregisterNetworkFactory(Messenger messenger) {
         try {
             mService.unregisterNetworkFactory(messenger);
@@ -3253,7 +3257,9 @@
      * @hide
      */
     @SystemApi
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
     public int registerNetworkProvider(@NonNull NetworkProvider provider) {
         if (provider.getProviderId() != NetworkProvider.ID_NONE) {
             throw new IllegalStateException("NetworkProviders can only be registered once");
@@ -3276,7 +3282,9 @@
      * @hide
      */
     @SystemApi
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
     public void unregisterNetworkProvider(@NonNull NetworkProvider provider) {
         try {
             mService.unregisterNetworkProvider(provider.getMessenger());
@@ -3288,7 +3296,9 @@
 
 
     /** @hide exposed via the NetworkProvider class. */
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
     public void declareNetworkRequestUnfulfillable(@NonNull NetworkRequest request) {
         try {
             mService.declareNetworkRequestUnfulfillable(request);
@@ -3306,7 +3316,9 @@
      * Register a NetworkAgent with ConnectivityService.
      * @return Network corresponding to NetworkAgent.
      */
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
     public Network registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp,
             NetworkCapabilities nc, int score, NetworkAgentConfig config) {
         return registerNetworkAgent(messenger, ni, lp, nc, score, config, NetworkProvider.ID_NONE);
@@ -3317,7 +3329,9 @@
      * Register a NetworkAgent with ConnectivityService.
      * @return Network corresponding to NetworkAgent.
      */
-    @RequiresPermission(android.Manifest.permission.NETWORK_FACTORY)
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_FACTORY})
     public Network registerNetworkAgent(Messenger messenger, NetworkInfo ni, LinkProperties lp,
             NetworkCapabilities nc, int score, NetworkAgentConfig config, int providerId) {
         try {

diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 7287a44..8cb8baf 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java

@@ -2083,9 +2083,9 @@
     }
 
     private void enforceNetworkFactoryPermission() {
-        mContext.enforceCallingOrSelfPermission(
+        enforceAnyPermissionOf(
                 android.Manifest.permission.NETWORK_FACTORY,
-                "ConnectivityService");
+                NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
     }
 
     private boolean checkSettingsPermission() {
commit	6617c9be421abd47a51f88b6ccbb56c015c2ffed	[log] [tgz]
author	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Wed Mar 04 18:04:01 2020 +0000
committer	Paul Hu <paulhu@google.com>	Tue Mar 10 09:38:50 2020 +0000
tree	72a651fddd4f963a54b35bda5228930c91cfa732
parent	ea7800cb54a5fdce0daf32f5c82deefde8c261ed [diff]