Merge "Grant the ACTIVATE_PLATFORM_VPN appop if VPN app has CONTROL_VPN" am: 41142d7244 (58c07921) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/connectivity/Vpn.java

+9 −3

Original line number	Diff line number	Diff line
		@@ -1095,7 +1095,7 @@ public class Vpn {
		// Except for Settings and VpnDialogs, the caller should be matched one of oldPackage or
		// newPackage. Otherwise, non VPN owner might get the VPN always-on status of the VPN owner.
		// See b/191382886.
		if (mContext.checkCallingOrSelfPermission(CONTROL_VPN) != PERMISSION_GRANTED) {
		if (!hasControlVpnPermission()) {
		if (oldPackage != null) {
		verifyCallingUidAndPackage(oldPackage);
		}
		@@ -2045,6 +2045,10 @@ public class Vpn {
		"Unauthorized Caller");
		}

		private boolean hasControlVpnPermission() {
		return mContext.checkCallingOrSelfPermission(CONTROL_VPN) == PERMISSION_GRANTED;
		}

		private class Connection implements ServiceConnection {
		private IBinder mService;

		@@ -3846,8 +3850,10 @@ public class Vpn {
		Binder.restoreCallingIdentity(token);
		}

		// TODO: if package has CONTROL_VPN, grant the ACTIVATE_PLATFORM_VPN appop.
		// This mirrors the prepareAndAuthorize that is used by VpnService.
		// If package has CONTROL_VPN, grant the ACTIVATE_PLATFORM_VPN appop.
		if (hasControlVpnPermission()) {
		setPackageAuthorization(packageName, VpnManager.TYPE_VPN_PLATFORM);
		}

		// Return whether the app is already pre-consented
		return isVpnProfilePreConsented(mContext, packageName);