Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 70cc90b9 authored by t-m-w's avatar t-m-w Committed by Michael Bestas
Browse files

Fix network leaks with split-tunnel VPNs 

NetworkCallback handlers that would typically cause firewall
restrictions to be updated on VPN connect/disconnect are *not* called
for split-tunnel VPNs when the system is not included. As a workaround,
we now additionally update app restrictions in a function that *is*
successfully reached in both scenarios, via the broadcast receiver for
CONNECTIVITY_ACTION.

As noted in the comments, the new function call is not reached as
early as the NetworkCallback handlers are, which could present
a window of opportunity for unauthorized network access, but not an
indefinite one, as is the case for the issue this patch addresses.

Issue: calyxos#1081
Change-Id: Ib4bcf5aeabe116cc13a669a01bfa91389d4d06fa
parent 30e26904

services/core/java/com/android/server/net/NetworkPolicyManagerService.java

+12 −0
Original line number Diff line number Diff line
@@ -1888,6 +1888,18 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { 
        updateSubscriptions();



        synchronized (mUidRulesFirstLock) {

            /* With split-tunnel VPNs (those that only include specific apps),

             * the usual NetworkCallback handlers are never called, because the call to

             * registerDefaultNetworkCallbackForUid only detects changes that affect this

             * process; if this process is not covered by the VPN, it won't get callbacks.

             * Ordinarily, updateRestrictedModeAllowlistUL() would be called from those.

             * Firewall restrictions for apps will not be updated properly on VPN connect

             * or disconnect if we don't call it from somewhere else, like here. */

            // TODO: Come up with an appropriate callback that runs more promptly.

            // updateNetworksInternal runs later than NetworkCallback handlers run, so

            // this may present a window of opportunity for unauthorized network access.

            updateRestrictedModeAllowlistUL();



            synchronized (mNetworkPoliciesSecondLock) {

                ensureActiveCarrierPolicyAL();

                normalizePoliciesNL();