Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6fdf2a17 authored by Jeff Davidson's avatar Jeff Davidson Committed by Android Git Automerger
Browse files

am 6ea4e11d: Merge "Don\'t enforce control permission when preparing consented... 

am 6ea4e11d: Merge "Don\'t enforce control permission when preparing consented VPN." into lmp-mr1-dev

* commit '6ea4e11d':
  Don't enforce control permission when preparing consented VPN.
parents c27f5baa 6ea4e11d

services/core/java/com/android/server/ConnectivityService.java

+1 −1
Original line number Diff line number Diff line
@@ -2776,7 +2776,7 @@ public class ConnectivityService extends IConnectivityManager.Stub 
    }



    /**

     * Prepare for a VPN application. This method is used by system-privileged apps.

     * Prepare for a VPN application.

     * Permissions are checked in Vpn class.

     * @hide

     */

services/core/java/com/android/server/connectivity/Vpn.java

+46 −51
Original line number Diff line number Diff line
@@ -216,20 +216,11 @@ public class Vpn { 
     * @return true if the operation is succeeded.

     */

    public synchronized boolean prepare(String oldPackage, String newPackage) {

        // Return false if the package does not match.

        if (oldPackage != null && getAppUid(oldPackage, mUserHandle) != mOwnerUID) {

            // The package doesn't match. If this VPN was not previously authorized, return false

            // to force user authorization. Otherwise, revoke the VPN anyway.

            // The package doesn't match. We return false (to obtain user consent) unless the user

            // has already consented to that VPN package.

            if (!oldPackage.equals(VpnConfig.LEGACY_VPN) && isVpnUserPreConsented(oldPackage)) {

                long token = Binder.clearCallingIdentity();

                try {

                    // This looks bizarre, but it is what ConfirmDialog in VpnDialogs is doing when

                    // the user clicks through to allow the VPN to consent. So we are emulating the

                    // action of the dialog without actually showing it.

                    prepare(null, oldPackage);

                } finally {

                    Binder.restoreCallingIdentity(token);

                }

                prepareInternal(oldPackage);

                return true;

            }

            return false;
@@ -244,6 +235,14 @@ public class Vpn { 
        // Check if the caller is authorized.

        enforceControlPermission();



        prepareInternal(newPackage);

        return true;

    }



    /** Prepare the VPN for the given package. Does not perform permission checks. */

    private void prepareInternal(String newPackage) {

        long token = Binder.clearCallingIdentity();

        try {

            // Reset the interface.

            if (mInterface != null) {

                mStatusIntent = null;
@@ -268,30 +267,26 @@ public class Vpn { 
                mLegacyVpnRunner = null;

            }



        long token = Binder.clearCallingIdentity();

            try {

                mNetd.denyProtect(mOwnerUID);

            } catch (Exception e) {

                Log.wtf(TAG, "Failed to disallow UID " + mOwnerUID + " to call protect() " + e);

        } finally {

            Binder.restoreCallingIdentity(token);

            }



            Log.i(TAG, "Switched from " + mPackage + " to " + newPackage);

            mPackage = newPackage;

            mOwnerUID = getAppUid(newPackage, mUserHandle);

        token = Binder.clearCallingIdentity();

            try {

                mNetd.allowProtect(mOwnerUID);

            } catch (Exception e) {

                Log.wtf(TAG, "Failed to allow UID " + mOwnerUID + " to call protect() " + e);

        } finally {

            Binder.restoreCallingIdentity(token);

            }

            mConfig = null;



            updateState(DetailedState.IDLE, "prepare");

        return true;

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }



    /**