Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 826224db authored by lucaslin's avatar lucaslin
Browse files

Add enforceNetworkStackOrProfileOrDeviceOwner() 

Add enforceNetworkStackOrProfileOrDeviceOwner() to check if the
caller has PERMISSION_MAINLINE_NETWORK_STACK or not.

Call this check in isAlwaysOnVpnLockdownEnabled() for allowing
the caller which has PERMISSION_MAINLINE_NETWORK_STACK to get the
status of always-on VPN.

Bug: 141621373
Test: 1. Build pass
      2. Manual test to see if CaptivePortalLoginActivity could
      deal with the issue properly.
Change-Id: I3b7ddc2543e6b4754d6eaac128ca9a8ccea6b59c
parent 735ed754

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+10 −1
Original line number Diff line number Diff line
@@ -86,6 +86,7 @@ import static android.app.admin.DevicePolicyManager.WIPE_SILENTLY; 
import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE;

import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_UNAWARE;

import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES;

import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;

import static android.provider.Settings.Global.PRIVATE_DNS_MODE;

import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;

import static android.provider.Telephony.Carriers.DPC_URI;
@@ -5874,6 +5875,14 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
        }

    }













    private void enforceNetworkStackOrProfileOrDeviceOwner(ComponentName who) {













        if (mContext.checkCallingPermission(PERMISSION_MAINLINE_NETWORK_STACK)













                == PackageManager.PERMISSION_GRANTED) {













            return;













        }













        enforceProfileOrDeviceOwner(who);













    }



























    private void enforceDeviceOwnerOrProfileOwnerOnOrganizationOwnedDevice(ComponentName who) {















        synchronized (getLockObject()) {















            getActiveAdminForCallerLocked(










@@ -6870,7 +6879,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {



























    @Override















    public boolean isAlwaysOnVpnLockdownEnabled(ComponentName admin) throws SecurityException {













        enforceProfileOrDeviceOwner(admin);













        enforceNetworkStackOrProfileOrDeviceOwner(admin);





























        final int userId = mInjector.userHandleGetCallingUserId();















        return mInjector.binderWithCleanCallingIdentity(