Loading services/core/java/com/android/server/ConnectivityService.java +1 −1 Original line number Diff line number Diff line Loading @@ -2776,7 +2776,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } /** * Prepare for a VPN application. This method is used by system-privileged apps. * Prepare for a VPN application. * Permissions are checked in Vpn class. * @hide */ Loading services/core/java/com/android/server/connectivity/Vpn.java +46 −51 Original line number Diff line number Diff line Loading @@ -216,20 +216,11 @@ public class Vpn { * @return true if the operation is succeeded. */ public synchronized boolean prepare(String oldPackage, String newPackage) { // Return false if the package does not match. if (oldPackage != null && getAppUid(oldPackage, mUserHandle) != mOwnerUID) { // The package doesn't match. If this VPN was not previously authorized, return false // to force user authorization. Otherwise, revoke the VPN anyway. // The package doesn't match. We return false (to obtain user consent) unless the user // has already consented to that VPN package. if (!oldPackage.equals(VpnConfig.LEGACY_VPN) && isVpnUserPreConsented(oldPackage)) { long token = Binder.clearCallingIdentity(); try { // This looks bizarre, but it is what ConfirmDialog in VpnDialogs is doing when // the user clicks through to allow the VPN to consent. So we are emulating the // action of the dialog without actually showing it. prepare(null, oldPackage); } finally { Binder.restoreCallingIdentity(token); } prepareInternal(oldPackage); return true; } return false; Loading @@ -244,6 +235,14 @@ public class Vpn { // Check if the caller is authorized. enforceControlPermission(); prepareInternal(newPackage); return true; } /** Prepare the VPN for the given package. Does not perform permission checks. */ private void prepareInternal(String newPackage) { long token = Binder.clearCallingIdentity(); try { // Reset the interface. if (mInterface != null) { mStatusIntent = null; Loading @@ -268,30 +267,26 @@ public class Vpn { mLegacyVpnRunner = null; } long token = Binder.clearCallingIdentity(); try { mNetd.denyProtect(mOwnerUID); } catch (Exception e) { Log.wtf(TAG, "Failed to disallow UID " + mOwnerUID + " to call protect() " + e); } finally { Binder.restoreCallingIdentity(token); } Log.i(TAG, "Switched from " + mPackage + " to " + newPackage); mPackage = newPackage; mOwnerUID = getAppUid(newPackage, mUserHandle); token = Binder.clearCallingIdentity(); try { mNetd.allowProtect(mOwnerUID); } catch (Exception e) { Log.wtf(TAG, "Failed to allow UID " + mOwnerUID + " to call protect() " + e); } finally { Binder.restoreCallingIdentity(token); } mConfig = null; updateState(DetailedState.IDLE, "prepare"); return true; } finally { Binder.restoreCallingIdentity(token); } } /** Loading Loading
services/core/java/com/android/server/ConnectivityService.java +1 −1 Original line number Diff line number Diff line Loading @@ -2776,7 +2776,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } /** * Prepare for a VPN application. This method is used by system-privileged apps. * Prepare for a VPN application. * Permissions are checked in Vpn class. * @hide */ Loading
services/core/java/com/android/server/connectivity/Vpn.java +46 −51 Original line number Diff line number Diff line Loading @@ -216,20 +216,11 @@ public class Vpn { * @return true if the operation is succeeded. */ public synchronized boolean prepare(String oldPackage, String newPackage) { // Return false if the package does not match. if (oldPackage != null && getAppUid(oldPackage, mUserHandle) != mOwnerUID) { // The package doesn't match. If this VPN was not previously authorized, return false // to force user authorization. Otherwise, revoke the VPN anyway. // The package doesn't match. We return false (to obtain user consent) unless the user // has already consented to that VPN package. if (!oldPackage.equals(VpnConfig.LEGACY_VPN) && isVpnUserPreConsented(oldPackage)) { long token = Binder.clearCallingIdentity(); try { // This looks bizarre, but it is what ConfirmDialog in VpnDialogs is doing when // the user clicks through to allow the VPN to consent. So we are emulating the // action of the dialog without actually showing it. prepare(null, oldPackage); } finally { Binder.restoreCallingIdentity(token); } prepareInternal(oldPackage); return true; } return false; Loading @@ -244,6 +235,14 @@ public class Vpn { // Check if the caller is authorized. enforceControlPermission(); prepareInternal(newPackage); return true; } /** Prepare the VPN for the given package. Does not perform permission checks. */ private void prepareInternal(String newPackage) { long token = Binder.clearCallingIdentity(); try { // Reset the interface. if (mInterface != null) { mStatusIntent = null; Loading @@ -268,30 +267,26 @@ public class Vpn { mLegacyVpnRunner = null; } long token = Binder.clearCallingIdentity(); try { mNetd.denyProtect(mOwnerUID); } catch (Exception e) { Log.wtf(TAG, "Failed to disallow UID " + mOwnerUID + " to call protect() " + e); } finally { Binder.restoreCallingIdentity(token); } Log.i(TAG, "Switched from " + mPackage + " to " + newPackage); mPackage = newPackage; mOwnerUID = getAppUid(newPackage, mUserHandle); token = Binder.clearCallingIdentity(); try { mNetd.allowProtect(mOwnerUID); } catch (Exception e) { Log.wtf(TAG, "Failed to allow UID " + mOwnerUID + " to call protect() " + e); } finally { Binder.restoreCallingIdentity(token); } mConfig = null; updateState(DetailedState.IDLE, "prepare"); return true; } finally { Binder.restoreCallingIdentity(token); } } /** Loading
