diff --git a/framework-t/src/android/net/NetworkStatsAccess.java b/framework-t/src/android/net/NetworkStatsAccess.java
index 7fe499bfaece3b684f10e807b149acb0607011b1..7c9b3ecbf5af20e54800fa24dfe965408515bd53 100644
--- a/framework-t/src/android/net/NetworkStatsAccess.java
+++ b/framework-t/src/android/net/NetworkStatsAccess.java
@@ -128,7 +128,7 @@ public final class NetworkStatsAccess {
final int appId = UserHandle.getAppId(callingUid);
- final boolean isNetworkStack = PermissionUtils.checkAnyPermissionOf(
+ final boolean isNetworkStack = PermissionUtils.hasAnyPermissionOf(
context, callingPid, callingUid, android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
diff --git a/service-t/src/com/android/server/NsdService.java b/service-t/src/com/android/server/NsdService.java
index ac794a1891283cab6cd1740f784c9294b2c56417..34927a604e1b67daafc2701bf01d3783ca4fb4b7 100644
--- a/service-t/src/com/android/server/NsdService.java
+++ b/service-t/src/com/android/server/NsdService.java
@@ -2308,7 +2308,7 @@ public class NsdService extends INsdManager.Stub {
permissionsList.add(DEVICE_POWER);
}
- if (PermissionUtils.checkAnyPermissionOf(context,
+ if (PermissionUtils.hasAnyPermissionOf(context,
permissionsList.toArray(new String[0]))) {
return;
}
@@ -2505,7 +2505,7 @@ public class NsdService extends INsdManager.Stub {
@Override
public void dump(FileDescriptor fd, PrintWriter writer, String[] args) {
- if (!PermissionUtils.checkDumpPermission(mContext, TAG, writer)) return;
+ if (!PermissionUtils.hasDumpPermission(mContext, TAG, writer)) return;
final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " ");
// Dump state machine logs
diff --git a/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java b/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
index e7af569559ff250fbd8a5e360f02762506bddaa8..b8689d6f17efe375994a935354c22e525c32d509 100644
--- a/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
+++ b/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
@@ -19,6 +19,7 @@ package com.android.server.ethernet;
import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;
import static android.net.NetworkCapabilities.TRANSPORT_TEST;
+import android.annotation.CheckResult;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.Context;
@@ -72,8 +73,9 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
methodName + " is only available on automotive devices.");
}
- private boolean checkUseRestrictedNetworksPermission() {
- return PermissionUtils.checkAnyPermissionOf(mContext,
+ @CheckResult
+ private boolean hasUseRestrictedNetworksPermission() {
+ return PermissionUtils.hasAnyPermissionOf(mContext,
android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS);
}
@@ -92,7 +94,7 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
@Override
public String[] getAvailableInterfaces() throws RemoteException {
PermissionUtils.enforceAccessNetworkStatePermission(mContext, TAG);
- return mTracker.getClientModeInterfaces(checkUseRestrictedNetworksPermission());
+ return mTracker.getClientModeInterfaces(hasUseRestrictedNetworksPermission());
}
/**
@@ -146,7 +148,7 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
public void addListener(IEthernetServiceListener listener) throws RemoteException {
Objects.requireNonNull(listener, "listener must not be null");
PermissionUtils.enforceAccessNetworkStatePermission(mContext, TAG);
- mTracker.addListener(listener, checkUseRestrictedNetworksPermission());
+ mTracker.addListener(listener, hasUseRestrictedNetworksPermission());
}
/**
@@ -187,7 +189,7 @@ public class EthernetServiceImpl extends IEthernetManager.Stub {
@Override
protected void dump(FileDescriptor fd, PrintWriter writer, String[] args) {
final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " ");
- if (!PermissionUtils.checkDumpPermission(mContext, TAG, pw)) return;
+ if (!PermissionUtils.hasDumpPermission(mContext, TAG, pw)) return;
pw.println("Current Ethernet state: ");
pw.increaseIndent();
diff --git a/service-t/src/com/android/server/net/NetworkStatsService.java b/service-t/src/com/android/server/net/NetworkStatsService.java
index ec101586747aaa48d2f795357c41aa5f5c849cd8..80c4033f8f69c8974359abbc33a1c0877410eda5 100644
--- a/service-t/src/com/android/server/net/NetworkStatsService.java
+++ b/service-t/src/com/android/server/net/NetworkStatsService.java
@@ -1461,7 +1461,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
private int restrictFlagsForCaller(int flags, @Nullable String callingPackage) {
// All non-privileged callers are not allowed to turn off POLL_ON_OPEN.
- final boolean isPrivileged = PermissionUtils.checkAnyPermissionOf(mContext,
+ final boolean isPrivileged = PermissionUtils.hasAnyPermissionOf(mContext,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
android.Manifest.permission.NETWORK_STACK);
if (!isPrivileged) {
@@ -2667,7 +2667,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub {
@Override
protected void dump(FileDescriptor fd, PrintWriter rawWriter, String[] args) {
- if (!PermissionUtils.checkDumpPermission(mContext, TAG, rawWriter)) return;
+ if (!PermissionUtils.hasDumpPermission(mContext, TAG, rawWriter)) return;
long duration = DateUtils.DAY_IN_MILLIS;
final HashSet<String> argSet = new HashSet<String>();
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index a995439d1d45f31b82833e08bf51196f7dc91293..52f890d2b2f39a4568f07cd8c3fe0117d65fc364 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -108,15 +108,14 @@ import static com.android.net.module.util.BpfUtils.BPF_CGROUP_INET_EGRESS;
import static com.android.net.module.util.BpfUtils.BPF_CGROUP_INET_INGRESS;
import static com.android.net.module.util.BpfUtils.BPF_CGROUP_INET_SOCK_CREATE;
import static com.android.net.module.util.NetworkMonitorUtils.isPrivateDnsValidationRequired;
-import static com.android.net.module.util.PermissionUtils.checkAnyPermissionOf;
import static com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf;
import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission;
import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr;
+import static com.android.net.module.util.PermissionUtils.hasAnyPermissionOf;
import static com.android.server.ConnectivityStatsLog.CONNECTIVITY_STATE_SAMPLE;
-import static java.util.Map.Entry;
-
import android.Manifest;
+import android.annotation.CheckResult;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.SuppressLint;
@@ -351,7 +350,6 @@ import java.io.InterruptedIOException;
import java.io.PrintWriter;
import java.io.Writer;
import java.net.Inet4Address;
-import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketException;
@@ -2651,7 +2649,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
Objects.requireNonNull(packageName);
Objects.requireNonNull(lp);
enforceNetworkStackOrSettingsPermission();
- if (!checkAccessPermission(-1 /* pid */, uid)) {
+ if (!hasAccessPermission(-1 /* pid */, uid)) {
return null;
}
return linkPropertiesRestrictedForCallerPermissions(lp, -1 /* callerPid */, uid);
@@ -2687,7 +2685,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
Objects.requireNonNull(nc);
Objects.requireNonNull(packageName);
enforceNetworkStackOrSettingsPermission();
- if (!checkAccessPermission(-1 /* pid */, uid)) {
+ if (!hasAccessPermission(-1 /* pid */, uid)) {
return null;
}
return createWithLocationInfoSanitizedIfNecessaryWhenParceled(
@@ -2698,14 +2696,14 @@ public class ConnectivityService extends IConnectivityManager.Stub
private void redactUnderlyingNetworksForCapabilities(NetworkCapabilities nc, int pid, int uid) {
if (nc.getUnderlyingNetworks() != null
- && !checkNetworkFactoryOrSettingsPermission(pid, uid)) {
+ && !hasNetworkFactoryOrSettingsPermission(pid, uid)) {
nc.setUnderlyingNetworks(null);
}
}
private boolean canSeeAllowedUids(final int pid, final int uid, final int netOwnerUid) {
return Process.SYSTEM_UID == uid
- || checkAnyPermissionOf(mContext, pid, uid,
+ || hasAnyPermissionOf(mContext, pid, uid,
android.Manifest.permission.NETWORK_FACTORY);
}
@@ -2718,14 +2716,14 @@ public class ConnectivityService extends IConnectivityManager.Stub
// it happens for some reason (e.g. the package is uninstalled while CS is trying to
// send the callback) it would crash the system server with NPE.
final NetworkCapabilities newNc = new NetworkCapabilities(nc);
- if (!checkSettingsPermission(callerPid, callerUid)) {
+ if (!hasSettingsPermission(callerPid, callerUid)) {
newNc.setUids(null);
newNc.setSSID(null);
}
if (newNc.getNetworkSpecifier() != null) {
newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact());
}
- if (!checkAnyPermissionOf(mContext, callerPid, callerUid,
+ if (!hasAnyPermissionOf(mContext, callerPid, callerUid,
android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)) {
newNc.setAdministratorUids(new int[0]);
@@ -2793,11 +2791,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
* Returns whether the app holds local mac address permission or not (might return cached
* result if the permission was already checked before).
*/
+ @CheckResult
public boolean hasLocalMacAddressPermission() {
if (mHasLocalMacAddressPermission == null) {
// If there is no cached result, perform the check now.
- mHasLocalMacAddressPermission =
- checkLocalMacAddressPermission(mCallingPid, mCallingUid);
+ mHasLocalMacAddressPermission = ConnectivityService.this
+ .hasLocalMacAddressPermission(mCallingPid, mCallingUid);
}
return mHasLocalMacAddressPermission;
}
@@ -2806,10 +2805,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
* Returns whether the app holds settings permission or not (might return cached
* result if the permission was already checked before).
*/
+ @CheckResult
public boolean hasSettingsPermission() {
if (mHasSettingsPermission == null) {
// If there is no cached result, perform the check now.
- mHasSettingsPermission = checkSettingsPermission(mCallingPid, mCallingUid);
+ mHasSettingsPermission =
+ ConnectivityService.this.hasSettingsPermission(mCallingPid, mCallingUid);
}
return mHasSettingsPermission;
}
@@ -2913,7 +2914,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
return new LinkProperties(lp);
}
- if (checkSettingsPermission(callerPid, callerUid)) {
+ if (hasSettingsPermission(callerPid, callerUid)) {
return new LinkProperties(lp, true /* parcelSensitiveFields */);
}
@@ -2929,7 +2930,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
int callerUid, String callerPackageName) {
// There is no need to track the effective UID of the request here. If the caller
// lacks the settings permission, the effective UID is the same as the calling ID.
- if (!checkSettingsPermission()) {
+ if (!hasSettingsPermission()) {
// Unprivileged apps can only pass in null or their own UID.
if (nc.getUids() == null) {
// If the caller passes in null, the callback will also match networks that do not
@@ -3383,7 +3384,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
"ConnectivityService");
}
- private boolean checkAccessPermission(int pid, int uid) {
+ @CheckResult
+ private boolean hasAccessPermission(int pid, int uid) {
return mContext.checkPermission(android.Manifest.permission.ACCESS_NETWORK_STATE, pid, uid)
== PERMISSION_GRANTED;
}
@@ -3469,7 +3471,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
- private boolean checkNetworkFactoryOrSettingsPermission(int pid, int uid) {
+ @CheckResult
+ private boolean hasNetworkFactoryOrSettingsPermission(int pid, int uid) {
return PERMISSION_GRANTED == mContext.checkPermission(
android.Manifest.permission.NETWORK_FACTORY, pid, uid)
|| PERMISSION_GRANTED == mContext.checkPermission(
@@ -3479,13 +3482,14 @@ public class ConnectivityService extends IConnectivityManager.Stub
|| UserHandle.getAppId(uid) == Process.BLUETOOTH_UID;
}
- private boolean checkSettingsPermission() {
- return PermissionUtils.checkAnyPermissionOf(mContext,
- android.Manifest.permission.NETWORK_SETTINGS,
+ @CheckResult
+ private boolean hasSettingsPermission() {
+ return hasAnyPermissionOf(mContext, android.Manifest.permission.NETWORK_SETTINGS,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
- private boolean checkSettingsPermission(int pid, int uid) {
+ @CheckResult
+ private boolean hasSettingsPermission(int pid, int uid) {
return PERMISSION_GRANTED == mContext.checkPermission(
android.Manifest.permission.NETWORK_SETTINGS, pid, uid)
|| PERMISSION_GRANTED == mContext.checkPermission(
@@ -3522,33 +3526,36 @@ public class ConnectivityService extends IConnectivityManager.Stub
"ConnectivityService");
}
- private boolean checkNetworkStackPermission() {
- return PermissionUtils.checkAnyPermissionOf(mContext,
- android.Manifest.permission.NETWORK_STACK,
+ @CheckResult
+ private boolean hasNetworkStackPermission() {
+ return hasAnyPermissionOf(mContext, android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
- private boolean checkNetworkStackPermission(int pid, int uid) {
- return checkAnyPermissionOf(mContext, pid, uid,
- android.Manifest.permission.NETWORK_STACK,
+ @CheckResult
+ private boolean hasNetworkStackPermission(int pid, int uid) {
+ return hasAnyPermissionOf(mContext, pid, uid, android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
- private boolean checkSystemBarServicePermission(int pid, int uid) {
- return checkAnyPermissionOf(mContext, pid, uid,
+ @CheckResult
+ private boolean hasSystemBarServicePermission(int pid, int uid) {
+ return hasAnyPermissionOf(mContext, pid, uid,
android.Manifest.permission.STATUS_BAR_SERVICE);
}
- private boolean checkNetworkSignalStrengthWakeupPermission(int pid, int uid) {
- return checkAnyPermissionOf(mContext, pid, uid,
+ @CheckResult
+ private boolean hasNetworkSignalStrengthWakeupPermission(int pid, int uid) {
+ return hasAnyPermissionOf(mContext, pid, uid,
android.Manifest.permission.NETWORK_SIGNAL_STRENGTH_WAKEUP,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
android.Manifest.permission.NETWORK_SETTINGS);
}
- private boolean checkConnectivityRestrictedNetworksPermission(int callingUid,
+ @CheckResult
+ private boolean hasConnectivityRestrictedNetworksPermission(int callingUid,
boolean checkUidsAllowedList) {
- if (PermissionUtils.checkAnyPermissionOf(mContext,
+ if (hasAnyPermissionOf(mContext,
android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS)) {
return true;
}
@@ -3556,8 +3563,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
// fallback to ConnectivityInternalPermission
// TODO: Remove this fallback check after all apps have declared
// CONNECTIVITY_USE_RESTRICTED_NETWORKS.
- if (PermissionUtils.checkAnyPermissionOf(mContext,
- android.Manifest.permission.CONNECTIVITY_INTERNAL)) {
+ if (hasAnyPermissionOf(mContext, android.Manifest.permission.CONNECTIVITY_INTERNAL)) {
return true;
}
@@ -3571,7 +3577,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
private void enforceConnectivityRestrictedNetworksPermission(boolean checkUidsAllowedList) {
final int callingUid = mDeps.getCallingUid();
- if (!checkConnectivityRestrictedNetworksPermission(callingUid, checkUidsAllowedList)) {
+ if (!hasConnectivityRestrictedNetworksPermission(callingUid, checkUidsAllowedList)) {
throw new SecurityException("ConnectivityService: user " + callingUid
+ " has no permission to access restricted network.");
}
@@ -3581,7 +3587,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
mContext.enforceCallingOrSelfPermission(KeepaliveTracker.PERMISSION, "ConnectivityService");
}
- private boolean checkLocalMacAddressPermission(int pid, int uid) {
+ @CheckResult
+ private boolean hasLocalMacAddressPermission(int pid, int uid) {
return PERMISSION_GRANTED == mContext.checkPermission(
Manifest.permission.LOCAL_MAC_ADDRESS, pid, uid);
}
@@ -3875,12 +3882,13 @@ public class ConnectivityService extends IConnectivityManager.Stub
@Override
protected void dump(@NonNull FileDescriptor fd, @NonNull PrintWriter writer,
@Nullable String[] args) {
- if (!checkDumpPermission(mContext, TAG, writer)) return;
+ if (!hasDumpPermission(mContext, TAG, writer)) return;
mPriorityDumper.dump(fd, writer, args);
}
- private boolean checkDumpPermission(Context context, String tag, PrintWriter pw) {
+ @CheckResult
+ private boolean hasDumpPermission(Context context, String tag, PrintWriter pw) {
if (context.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
!= PackageManager.PERMISSION_GRANTED) {
pw.println("Permission Denial: can't dump " + tag + " from from pid="
@@ -5697,7 +5705,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
}
private RequestInfoPerUidCounter getRequestCounter(NetworkRequestInfo nri) {
- return checkAnyPermissionOf(mContext,
+ return hasAnyPermissionOf(mContext,
nri.mPid, nri.mUid, NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)
? mSystemNetworkRequestCounter : mNetworkRequestCounter;
}
@@ -5921,7 +5929,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
if (nm == null) return;
if (request == CaptivePortal.APP_REQUEST_REEVALUATION_REQUIRED) {
- checkNetworkStackPermission();
+ hasNetworkStackPermission();
nm.forceReevaluation(mDeps.getCallingUid());
}
}
@@ -5951,7 +5959,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
* @see MultinetworkPolicyTracker#getAvoidBadWifi()
*/
public boolean shouldAvoidBadWifi() {
- if (!checkNetworkStackPermission()) {
+ if (!hasNetworkStackPermission()) {
throw new SecurityException("avoidBadWifi requires NETWORK_STACK permission");
}
return avoidBadWifi();
@@ -7471,12 +7479,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
// specific SSID/SignalStrength, or the calling app has permission to do so.
private void ensureSufficientPermissionsForRequest(NetworkCapabilities nc,
int callerPid, int callerUid, String callerPackageName) {
- if (null != nc.getSsid() && !checkSettingsPermission(callerPid, callerUid)) {
+ if (null != nc.getSsid() && !hasSettingsPermission(callerPid, callerUid)) {
throw new SecurityException("Insufficient permissions to request a specific SSID");
}
if (nc.hasSignalStrength()
- && !checkNetworkSignalStrengthWakeupPermission(callerPid, callerUid)) {
+ && !hasNetworkSignalStrengthWakeupPermission(callerPid, callerUid)) {
throw new SecurityException(
"Insufficient permissions to request a specific signal strength");
}
@@ -7574,7 +7582,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
int reqTypeInt, Messenger messenger, int timeoutMs, final IBinder binder,
int legacyType, int callbackFlags, @NonNull String callingPackageName,
@Nullable String callingAttributionTag) {
- if (legacyType != TYPE_NONE && !checkNetworkStackPermission()) {
+ if (legacyType != TYPE_NONE && !hasNetworkStackPermission()) {
if (isTargetSdkAtleast(Build.VERSION_CODES.M, mDeps.getCallingUid(),
callingPackageName)) {
throw new SecurityException("Insufficient permissions to specify legacy type");
@@ -11324,7 +11332,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
// Connection owner UIDs are visible only to the network stack and to the VpnService-based
// VPN, if any, that applies to the UID that owns the connection.
- if (checkNetworkStackPermission()) return uid;
+ if (hasNetworkStackPermission()) return uid;
final NetworkAgentInfo vpn = getVpnForUid(uid);
if (vpn == null || getVpnType(vpn) != VpnManager.TYPE_VPN_SERVICE
@@ -11584,7 +11592,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
if (report == null) {
continue;
}
- if (!checkConnectivityDiagnosticsPermissions(
+ if (!hasConnectivityDiagnosticsPermissions(
nri.mPid, nri.mUid, nai, cbInfo.mCallingPackageName)) {
continue;
}
@@ -11747,7 +11755,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
continue;
}
- if (!checkConnectivityDiagnosticsPermissions(
+ if (!hasConnectivityDiagnosticsPermissions(
nri.mPid, nri.mUid, nai, cbInfo.mCallingPackageName)) {
continue;
}
@@ -11791,14 +11799,15 @@ public class ConnectivityService extends IConnectivityManager.Stub
return false;
}
+ @CheckResult
@VisibleForTesting
- boolean checkConnectivityDiagnosticsPermissions(
+ boolean hasConnectivityDiagnosticsPermissions(
int callbackPid, int callbackUid, NetworkAgentInfo nai, String callbackPackageName) {
- if (checkNetworkStackPermission(callbackPid, callbackUid)) {
+ if (hasNetworkStackPermission(callbackPid, callbackUid)) {
return true;
}
if (mAllowSysUiConnectivityReports
- && checkSystemBarServicePermission(callbackPid, callbackUid)) {
+ && hasSystemBarServicePermission(callbackPid, callbackUid)) {
return true;
}
diff --git a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
index f167d3d25e9f19a90c1cf7a42a9901fcd664d96e..0d7d96f3afaee38ed58b56632ebdc807c5ee6967 100644
--- a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
+++ b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
@@ -23,6 +23,7 @@ import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
+import android.annotation.CheckResult;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.Context;
@@ -45,8 +46,9 @@ public final class PermissionUtils {
/**
* Return true if the context has one of given permission.
*/
- public static boolean checkAnyPermissionOf(@NonNull Context context,
- @NonNull String... permissions) {
+ @CheckResult
+ public static boolean hasAnyPermissionOf(@NonNull Context context,
+ @NonNull String... permissions) {
for (String permission : permissions) {
if (context.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED) {
return true;
@@ -56,11 +58,12 @@ public final class PermissionUtils {
}
/**
- * Return true if the context has one of give permission that is allowed
+ * Return true if the context has one of given permission that is allowed
* for a particular process and user ID running in the system.
*/
- public static boolean checkAnyPermissionOf(@NonNull Context context,
- int pid, int uid, @NonNull String... permissions) {
+ @CheckResult
+ public static boolean hasAnyPermissionOf(@NonNull Context context,
+ int pid, int uid, @NonNull String... permissions) {
for (String permission : permissions) {
if (context.checkPermission(permission, pid, uid) == PERMISSION_GRANTED) {
return true;
@@ -74,7 +77,7 @@ public final class PermissionUtils {
*/
public static void enforceAnyPermissionOf(@NonNull Context context,
@NonNull String... permissions) {
- if (!checkAnyPermissionOf(context, permissions)) {
+ if (!hasAnyPermissionOf(context, permissions)) {
throw new SecurityException("Requires one of the following permissions: "
+ String.join(", ", permissions) + ".");
}
@@ -133,7 +136,8 @@ public final class PermissionUtils {
/**
* Return true if the context has DUMP permission.
*/
- public static boolean checkDumpPermission(Context context, String tag, PrintWriter pw) {
+ @CheckResult
+ public static boolean hasDumpPermission(Context context, String tag, PrintWriter pw) {
if (context.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
!= PERMISSION_GRANTED) {
pw.println("Permission Denial: can't dump " + tag + " from from pid="
diff --git a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
index d5b43fb10bbb6b4dd98eef0ebbfa343e9d515203..8586e82dcc526ef789541aae8848040e4a840239 100644
--- a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
+++ b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
@@ -25,12 +25,12 @@ import android.content.pm.PackageManager.PERMISSION_GRANTED
import android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
import androidx.test.filters.SmallTest
import androidx.test.platform.app.InstrumentationRegistry
-import com.android.net.module.util.PermissionUtils.checkAnyPermissionOf
import com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr
import com.android.net.module.util.PermissionUtils.enforcePackageNameMatchesUid
import com.android.net.module.util.PermissionUtils.enforceSystemFeature
+import com.android.net.module.util.PermissionUtils.hasAnyPermissionOf
import com.android.testutils.DevSdkIgnoreRule
import com.android.testutils.DevSdkIgnoreRunner
import kotlin.test.assertEquals
@@ -78,18 +78,18 @@ class PermissionUtilsTest {
.checkCallingOrSelfPermission(TEST_PERMISSION1)
doReturn(PERMISSION_DENIED).`when`(mockContext)
.checkCallingOrSelfPermission(TEST_PERMISSION2)
- assertTrue(checkAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
+ assertTrue(hasAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
enforceAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2)
doReturn(PERMISSION_DENIED).`when`(mockContext)
.checkCallingOrSelfPermission(TEST_PERMISSION1)
doReturn(PERMISSION_GRANTED).`when`(mockContext)
.checkCallingOrSelfPermission(TEST_PERMISSION2)
- assertTrue(checkAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
+ assertTrue(hasAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
enforceAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2)
doReturn(PERMISSION_DENIED).`when`(mockContext).checkCallingOrSelfPermission(any())
- assertFalse(checkAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
+ assertFalse(hasAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2))
assertFailsWith<SecurityException>("Expect fail but permission granted.") {
enforceAnyPermissionOf(mockContext, TEST_PERMISSION1, TEST_PERMISSION2)
}
diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
index 7f821dd32ab8b7d042b5d27c5f8742b21bc98f59..5562b6706bbd31fe50c7ce5cb31ffda6255f4e62 100755
--- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
@@ -12929,7 +12929,7 @@ public class ConnectivityServiceTest {
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_GRANTED);
assertTrue(
"NetworkStack permission not applied",
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid(), Process.myUid(), naiWithoutUid,
mContext.getOpPackageName()));
}
@@ -12941,7 +12941,7 @@ public class ConnectivityServiceTest {
mServiceContext.setPermission(STATUS_BAR_SERVICE, PERMISSION_GRANTED);
assertTrue(
"SysUi permission (STATUS_BAR_SERVICE) not applied",
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid(), Process.myUid(), naiWithoutUid,
mContext.getOpPackageName()));
}
@@ -12958,7 +12958,7 @@ public class ConnectivityServiceTest {
assertFalse(
"Mismatched uid/package name should not pass the location permission check",
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid() + 1, wrongUid, naiWithUid, mContext.getOpPackageName()));
}
@@ -12969,7 +12969,7 @@ public class ConnectivityServiceTest {
assertEquals(
"Unexpected ConnDiags permission",
expectPermission,
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid(), Process.myUid(), info, mContext.getOpPackageName()));
}
@@ -13011,7 +13011,7 @@ public class ConnectivityServiceTest {
waitForIdle();
assertTrue(
"Active VPN permission not applied",
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid(), Process.myUid(), naiWithoutUid,
mContext.getOpPackageName()));
@@ -13019,7 +13019,7 @@ public class ConnectivityServiceTest {
waitForIdle();
assertFalse(
"VPN shouldn't receive callback on non-underlying network",
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid(), Process.myUid(), naiWithoutUid,
mContext.getOpPackageName()));
}
@@ -13036,7 +13036,7 @@ public class ConnectivityServiceTest {
assertTrue(
"NetworkCapabilities administrator uid permission not applied",
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid(), Process.myUid(), naiWithUid, mContext.getOpPackageName()));
}
@@ -13054,7 +13054,7 @@ public class ConnectivityServiceTest {
// Use wrong pid and uid
assertFalse(
"Permissions allowed when they shouldn't be granted",
- mService.checkConnectivityDiagnosticsPermissions(
+ mService.hasConnectivityDiagnosticsPermissions(
Process.myPid() + 1, Process.myUid() + 1, naiWithUid,
mContext.getOpPackageName()));
}