Skip to content
Commit 9352cb24 authored by Paul Hu's avatar Paul Hu Committed by paulhu
Browse files

Fix PermissionMonitor issues 

PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.

PermissionMonitor#hasUseBackgroundNetworksPermission only uses
the first package name of the uid for checking permission.
This is incorrect since each package declared different
permissions. So using the mApps which already checked both
network and using restricted network permissions. If uid is in
the mApps list that means uid has one of permission at least.

Bug: 144679405
Test: Build, flash, manual test
      atest FrameworksNetTests

Change-Id: I2da730feda4d7ebed1f158b073167bb3964b3e7d
Merged-In: I8b03c9e23ffc9ff46264d6307fb841a7eda76a76
Merged-In: Ib08a940a6e5d3365c392ab7174d8484c197e0947
(cherry picked from commit 2e1da35b)
parent 3e4f4f99
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment