Merge "Re-enable checks for MANAGE_IPSEC_TUNNELS" am: 69c973b33f (44006f3d) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/IpSecService.java

+10 −14

Original line number	Original line	Diff line number	Diff line
	@@ -1490,14 +1490,11 @@ public class IpSecService extends IIpSecService.Stub {
	}		}
	}		}

	private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;		private static final String TUNNEL_OP = AppOpsManager.OPSTR_MANAGE_IPSEC_TUNNELS;

	private void enforceTunnelPermissions(String callingPackage) {		private void enforceTunnelPermissions(String callingPackage) {
	checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");		checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
	if (false) { // STOPSHIP if this line is present		switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
	switch (getAppOpsManager().noteOp(
	TUNNEL_OP,
	Binder.getCallingUid(), callingPackage)) {
	case AppOpsManager.MODE_DEFAULT:		case AppOpsManager.MODE_DEFAULT:
	mContext.enforceCallingOrSelfPermission(		mContext.enforceCallingOrSelfPermission(
	android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");		android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
	@@ -1508,7 +1505,6 @@ public class IpSecService extends IIpSecService.Stub {
	throw new SecurityException("Request to ignore AppOps for non-legacy API");		throw new SecurityException("Request to ignore AppOps for non-legacy API");
	}		}
	}		}
	}

	private void createOrUpdateTransform(		private void createOrUpdateTransform(
	IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord)		IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord)