Fix network leaks with split-tunnel VPNs (70cc90b9) · Commits · e / os / android_frameworks_base · GitLab

Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 70cc90b9 authored Aug 11, 2022 by t-m-w Committed by Michael Bestas Dec 02, 2022

Fix network leaks with split-tunnel VPNs

NetworkCallback handlers that would typically cause firewall
restrictions to be updated on VPN connect/disconnect are *not* called
for split-tunnel VPNs when the system is not included. As a workaround,
we now additionally update app restrictions in a function that *is*
successfully reached in both scenarios, via the broadcast receiver for
CONNECTIVITY_ACTION.

As noted in the comments, the new function call is not reached as
early as the NetworkCallback handlers are, which could present
a window of opportunity for unauthorized network access, but not an
indefinite one, as is the case for the issue this patch addresses.

Issue: calyxos#1081
Change-Id: Ib4bcf5aeabe116cc13a669a01bfa91389d4d06fa

parent 30e26904

Hide whitespace changes

Inline Side-by-side

/e/ robot @erobot
mentioned in commit c2c2f590
· Dec 09, 2022

mentioned in commit c2c2f590

mentioned in commit c2c2f590d40e348d6805357e58985c31310d10a9

Toggle commit list

Please register or to comment