Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07e11c3a authored by Victor Chang's avatar Victor Chang Committed by android-build-merger
Browse files

Merge \"Disallow shell to mutate always-on vpn when DISALLOW_CONFIG_VPN user... 

Merge \"Disallow shell to mutate always-on vpn when DISALLOW_CONFIG_VPN user restriction is set\" into nyc-dev
am: 488042fe

Change-Id: Ia41b8b2acbe3897423ac27881f3419efcfeeb002
parents 60c459ff 488042fe

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+14 −3
Original line number Diff line number Diff line
@@ -799,7 +799,8 @@ public class SettingsProvider extends ContentProvider { 


        // If this is a setting that is currently restricted for this user, do not allow

        // unrestricting changes.

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value)) {

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value,

                Binder.getCallingUid())) {

            return false;

        }
@@ -930,7 +931,8 @@ public class SettingsProvider extends ContentProvider { 


        // If this is a setting that is currently restricted for this user, do not allow

        // unrestricting changes.

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value)) {

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value,

                Binder.getCallingUid())) {

            return false;

        }
@@ -1153,7 +1155,7 @@ public class SettingsProvider extends ContentProvider { 
     * @return true if the change is prohibited, false if the change is allowed.

     */

    private boolean isGlobalOrSecureSettingRestrictedForUser(String setting, int userId,

            String value) {

            String value, int callingUid) {

        String restriction;

        switch (setting) {

            case Settings.Secure.LOCATION_MODE:
@@ -1191,6 +1193,15 @@ public class SettingsProvider extends ContentProvider { 
                restriction = UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS;

                break;



            case Settings.Secure.ALWAYS_ON_VPN_APP:

            case Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN:

                // Whitelist system uid (ConnectivityService) and root uid to change always-on vpn

                if (callingUid == Process.SYSTEM_UID || callingUid == Process.ROOT_UID) {

                    return false;

                }

                restriction = UserManager.DISALLOW_CONFIG_VPN;

                break;



            default:

                if (setting != null && setting.startsWith(Settings.Global.DATA_ROAMING)) {

                    if ("0".equals(value)) return false;