diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-05-09 01:25:57 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2024-05-09 01:25:57 +0000 |
commit | 469caf45b1e7f2fd8d8389212218f041d3e44553 (patch) | |
tree | ec4dcfccdc8227f489e6dfa45864d6f542c6b0af | |
parent | 7b9381082ff2b60ce01bd8855da46662471ed9ab (diff) | |
parent | 62963144de8750f012454e77e9dd8a268820b8cb (diff) | |
download | base-sdk-release.tar.gz |
Merge "Snap for 11819063 from 43420b33e466e530d403c0bbd582edad583f6e8e to sdk-release" into sdk-releasesdk-release
-rw-r--r-- | config/Android.bp | 2 | ||||
-rw-r--r-- | core/java/android/net/vcn/flags.aconfig | 10 | ||||
-rw-r--r-- | data/keyboards/Android.bp | 6 | ||||
-rw-r--r-- | nfc/java/android/nfc/cardemulation/CardEmulation.java | 6 | ||||
-rw-r--r-- | services/core/java/com/android/server/VcnManagementService.java | 20 | ||||
-rw-r--r-- | services/core/java/com/android/server/wm/OWNERS | 1 | ||||
-rw-r--r-- | tests/vcn/java/com/android/server/VcnManagementServiceTest.java | 37 |
7 files changed, 61 insertions, 21 deletions
diff --git a/config/Android.bp b/config/Android.bp index adce203e1140..c9948c31f1c3 100644 --- a/config/Android.bp +++ b/config/Android.bp @@ -33,7 +33,7 @@ prebuilt_etc { name: "preloaded-classes", src: "preloaded-classes", filename: "preloaded-classes", - installable: false, + no_full_install: true, } filegroup { diff --git a/core/java/android/net/vcn/flags.aconfig b/core/java/android/net/vcn/flags.aconfig index 9fe0befb4f97..d4d1ed22dd4e 100644 --- a/core/java/android/net/vcn/flags.aconfig +++ b/core/java/android/net/vcn/flags.aconfig @@ -38,6 +38,16 @@ flag{ } flag{ + name: "enforce_main_user" + namespace: "vcn" + description: "Enforce main user to make VCN HSUM compatible" + bug: "310310661" + metadata { + purpose: PURPOSE_BUGFIX + } +} + +flag{ name: "handle_seq_num_leap" namespace: "vcn" description: "Do not report bad network when there is a suspected sequence number leap" diff --git a/data/keyboards/Android.bp b/data/keyboards/Android.bp index e62678f92d8b..423b55bd85db 100644 --- a/data/keyboards/Android.bp +++ b/data/keyboards/Android.bp @@ -33,7 +33,7 @@ prebuilt_usr_keylayout { srcs: [ "*.kl", ], - installable: false, + no_full_install: true, } prebuilt_usr_keychars { @@ -41,7 +41,7 @@ prebuilt_usr_keychars { srcs: [ "*.kcm", ], - installable: false, + no_full_install: true, } prebuilt_usr_idc { @@ -49,5 +49,5 @@ prebuilt_usr_idc { srcs: [ "*.idc", ], - installable: false, + no_full_install: true, } diff --git a/nfc/java/android/nfc/cardemulation/CardEmulation.java b/nfc/java/android/nfc/cardemulation/CardEmulation.java index ad86d70db967..4bae1188e0df 100644 --- a/nfc/java/android/nfc/cardemulation/CardEmulation.java +++ b/nfc/java/android/nfc/cardemulation/CardEmulation.java @@ -970,16 +970,16 @@ public final class CardEmulation { * * @param service The ComponentName of the service * @param status true to enable, false to disable + * @param userId the user handle of the user whose information is being requested. * @return set service for the category and true if service is already set return false. * * @hide */ - public boolean setServiceEnabledForCategoryOther(ComponentName service, boolean status) { + public boolean setServiceEnabledForCategoryOther(ComponentName service, boolean status, + int userId) { if (service == null) { throw new NullPointerException("activity or service or category is null"); } - int userId = mContext.getUser().getIdentifier(); - try { return sService.setServiceEnabledForCategoryOther(userId, service, status); } catch (RemoteException e) { diff --git a/services/core/java/com/android/server/VcnManagementService.java b/services/core/java/com/android/server/VcnManagementService.java index 7acca19f9d79..e2b6bd6ae360 100644 --- a/services/core/java/com/android/server/VcnManagementService.java +++ b/services/core/java/com/android/server/VcnManagementService.java @@ -36,6 +36,7 @@ import static java.util.Objects.requireNonNull; import android.annotation.NonNull; import android.annotation.Nullable; +import android.annotation.SuppressLint; import android.app.AppOpsManager; import android.content.BroadcastReceiver; import android.content.Context; @@ -47,6 +48,7 @@ import android.net.LinkProperties; import android.net.Network; import android.net.NetworkCapabilities; import android.net.NetworkRequest; +import android.net.vcn.Flags; import android.net.vcn.IVcnManagementService; import android.net.vcn.IVcnStatusCallback; import android.net.vcn.IVcnUnderlyingNetworkPolicyListener; @@ -68,6 +70,7 @@ import android.os.Process; import android.os.RemoteException; import android.os.ServiceSpecificException; import android.os.UserHandle; +import android.os.UserManager; import android.telephony.SubscriptionInfo; import android.telephony.SubscriptionManager; import android.telephony.TelephonyManager; @@ -431,6 +434,8 @@ public class VcnManagementService extends IVcnManagementService.Stub { mTelephonySubscriptionTracker.register(); } + // The system server automatically has the required permissions for #getMainUser() + @SuppressLint("AndroidFrameworkRequiresPermission") private void enforcePrimaryUser() { final int uid = mDeps.getBinderCallingUid(); if (uid == Process.SYSTEM_UID) { @@ -438,7 +443,20 @@ public class VcnManagementService extends IVcnManagementService.Stub { "Calling identity was System Server. Was Binder calling identity cleared?"); } - if (!UserHandle.getUserHandleForUid(uid).isSystem()) { + final UserHandle userHandle = UserHandle.getUserHandleForUid(uid); + + if (Flags.enforceMainUser()) { + final UserManager userManager = mContext.getSystemService(UserManager.class); + + Binder.withCleanCallingIdentity( + () -> { + if (!Objects.equals(userManager.getMainUser(), userHandle)) { + throw new SecurityException( + "VcnManagementService can only be used by callers running as" + + " the main user"); + } + }); + } else if (!userHandle.isSystem()) { throw new SecurityException( "VcnManagementService can only be used by callers running as the primary user"); } diff --git a/services/core/java/com/android/server/wm/OWNERS b/services/core/java/com/android/server/wm/OWNERS index ce47f5cc8a7e..60454fc5d7c6 100644 --- a/services/core/java/com/android/server/wm/OWNERS +++ b/services/core/java/com/android/server/wm/OWNERS @@ -18,6 +18,7 @@ rgl@google.com yunfanc@google.com wilsonshih@google.com jiamingliu@google.com +pdwilliams@google.com # Files related to background activity launches per-file Background*Start* = set noparent diff --git a/tests/vcn/java/com/android/server/VcnManagementServiceTest.java b/tests/vcn/java/com/android/server/VcnManagementServiceTest.java index 960b57cb632a..580efe126ea3 100644 --- a/tests/vcn/java/com/android/server/VcnManagementServiceTest.java +++ b/tests/vcn/java/com/android/server/VcnManagementServiceTest.java @@ -70,6 +70,7 @@ import android.net.Network; import android.net.NetworkCapabilities; import android.net.NetworkRequest; import android.net.Uri; +import android.net.vcn.Flags; import android.net.vcn.IVcnStatusCallback; import android.net.vcn.IVcnUnderlyingNetworkPolicyListener; import android.net.vcn.VcnConfig; @@ -82,7 +83,9 @@ import android.os.ParcelUuid; import android.os.PersistableBundle; import android.os.Process; import android.os.UserHandle; +import android.os.UserManager; import android.os.test.TestLooper; +import android.platform.test.flag.junit.SetFlagsRule; import android.telephony.SubscriptionInfo; import android.telephony.SubscriptionManager; import android.telephony.TelephonyManager; @@ -101,6 +104,7 @@ import com.android.server.vcn.util.PersistableBundleUtils; import com.android.server.vcn.util.PersistableBundleUtils.PersistableBundleWrapper; import org.junit.Before; +import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.ArgumentCaptor; @@ -118,6 +122,8 @@ import java.util.UUID; @RunWith(AndroidJUnit4.class) @SmallTest public class VcnManagementServiceTest { + @Rule public final SetFlagsRule mSetFlagsRule = new SetFlagsRule(); + private static final String CONTEXT_ATTRIBUTION_TAG = "VCN"; private static final String TEST_PACKAGE_NAME = VcnManagementServiceTest.class.getPackage().getName(); @@ -129,7 +135,12 @@ public class VcnManagementServiceTest { private static final ParcelUuid TEST_UUID_3 = new ParcelUuid(new UUID(2, 2)); private static final VcnConfig TEST_VCN_CONFIG; private static final VcnConfig TEST_VCN_CONFIG_PKG_2; - private static final int TEST_UID = Process.FIRST_APPLICATION_UID; + + private static final int TEST_UID = 1010000; // A non-system user + private static final UserHandle TEST_USER_HANDLE = UserHandle.getUserHandleForUid(TEST_UID); + private static final UserHandle TEST_USER_HANDLE_OTHER = + UserHandle.of(TEST_USER_HANDLE.getIdentifier() + 1); + private static final String TEST_IFACE_NAME = "TEST_IFACE"; private static final String TEST_IFACE_NAME_2 = "TEST_IFACE2"; private static final LinkProperties TEST_LP_1 = new LinkProperties(); @@ -187,6 +198,7 @@ public class VcnManagementServiceTest { private final TelephonyManager mTelMgr = mock(TelephonyManager.class); private final SubscriptionManager mSubMgr = mock(SubscriptionManager.class); private final AppOpsManager mAppOpsMgr = mock(AppOpsManager.class); + private final UserManager mUserManager = mock(UserManager.class); private final VcnContext mVcnContext = mock(VcnContext.class); private final PersistableBundleUtils.LockingReadWriteHelper mConfigReadWriteHelper = mock(PersistableBundleUtils.LockingReadWriteHelper.class); @@ -218,6 +230,9 @@ public class VcnManagementServiceTest { Context.TELEPHONY_SUBSCRIPTION_SERVICE, SubscriptionManager.class); setupSystemService(mMockContext, mAppOpsMgr, Context.APP_OPS_SERVICE, AppOpsManager.class); + setupSystemService(mMockContext, mUserManager, Context.USER_SERVICE, UserManager.class); + + doReturn(TEST_USER_HANDLE).when(mUserManager).getMainUser(); doReturn(TEST_PACKAGE_NAME).when(mMockContext).getOpPackageName(); @@ -267,6 +282,8 @@ public class VcnManagementServiceTest { @Before public void setUp() { + mSetFlagsRule.enableFlags(Flags.FLAG_ENFORCE_MAIN_USER); + doNothing() .when(mMockContext) .enforceCallingOrSelfPermission( @@ -717,10 +734,8 @@ public class VcnManagementServiceTest { } @Test - public void testSetVcnConfigRequiresSystemUser() throws Exception { - doReturn(UserHandle.getUid(UserHandle.MIN_SECONDARY_USER_ID, TEST_UID)) - .when(mMockDeps) - .getBinderCallingUid(); + public void testSetVcnConfigRequiresMainUser() throws Exception { + doReturn(TEST_USER_HANDLE_OTHER).when(mUserManager).getMainUser(); try { mVcnMgmtSvc.setVcnConfig(TEST_UUID_1, TEST_VCN_CONFIG, TEST_PACKAGE_NAME); @@ -832,10 +847,8 @@ public class VcnManagementServiceTest { } @Test - public void testClearVcnConfigRequiresSystemUser() throws Exception { - doReturn(UserHandle.getUid(UserHandle.MIN_SECONDARY_USER_ID, TEST_UID)) - .when(mMockDeps) - .getBinderCallingUid(); + public void testClearVcnConfigRequiresMainUser() throws Exception { + doReturn(TEST_USER_HANDLE_OTHER).when(mUserManager).getMainUser(); try { mVcnMgmtSvc.clearVcnConfig(TEST_UUID_1, TEST_PACKAGE_NAME); @@ -921,10 +934,8 @@ public class VcnManagementServiceTest { } @Test - public void testGetConfiguredSubscriptionGroupsRequiresSystemUser() throws Exception { - doReturn(UserHandle.getUid(UserHandle.MIN_SECONDARY_USER_ID, TEST_UID)) - .when(mMockDeps) - .getBinderCallingUid(); + public void testGetConfiguredSubscriptionGroupsRequiresMainUser() throws Exception { + doReturn(TEST_USER_HANDLE_OTHER).when(mUserManager).getMainUser(); try { mVcnMgmtSvc.getConfiguredSubscriptionGroups(TEST_PACKAGE_NAME); |