The INTERNET
permission is checked in the kernel, so you might be using a kernel that doesn't have all Android patches. Assuming you have applied patches, you need to compile with CONFIG_ANDROID_PARANOID_NETWORK
to enable Internet permission checks. The checks require all processes that try to create sockets, etc. to be a member of the inet
group (GID 3003).
How do Android check permission?
-
07-10-2022 - |
문제
Im trying Android CTS. I facing problem during android.permission.
02-05 15:57:27 I/192.168.90.48:5555:
android.permission.cts.NoNetworkStatePermissionTest#testSecurityExceptionFromDns FAIL
junit.framework.AssertionFailedError
at android.permission.cts.NoNetworkStatePermissionTest.testSecurityExceptionFromDns
(NoNetworkStatePermissionTest.java:174)
at java.lang.reflect.Method.invokeNative(Native Method)
at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:190)
at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:175)
at android.test.InstrumentationTestRunner.onStart(InstrumentationTestRunner.java:555)
at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1661)
In my guess, this test check permission. Program tries like below:
public void testSecurityExceptionFromDns() throws Exception {
try {
InetAddress.getByName("www.google.com");
fail();
} catch (SecurityException expected) {
}
}
expected behavior is that program throws Security-exception because this Application have not
android.permission.INTERNET
but it can get InetAdress even though it has no permission.
How can I fix this situation?
I already check permissions such as /dev/socket
Can somebody tell me what is happening ?
Thanks.
해결책
다른 팁
Add below permission on manifest file
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
Thx for your reply. I solved this problem!!!!!!!!!. The root cause is from our device's kernel version. We using linux_kernel 2.6.34. Therefore, there are no CONFIG_ANDROID_PARANOID_NETWORK options and af_inet.c didnt define function that check the permision.
So I modify like below:
net/ipv4/af_inet.c
/* add ifdef CONFIG_ANDROID_PARANOID_NETWORK for CTS(android.permission) */
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
#include <linux/android_aid.h>
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
#else
static inline int current_has_network(void)
{
return 1;
}
#endif
/* end add */
static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
int try_loading_module = 0;
int err;
if (!current_has_network()) // check permission
return -EACCES; // return if it has no permission
if (unlikely(!inet_ehash_secret))
if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
build_ehash_secret();