Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c8dbc5af authored by Hansen Kurli's avatar Hansen Kurli
Browse files

Clone the VpnProfile in startLegacyVpnPrivileged() 

The profile is modified within startLegacyVpnPrivileged(), e.g.
ipsecCaCert, ipsecUserCert. This causes subsequent calls from
callers such as LockdownVpnTracker to fail.

Make VpnProfile.clone() public and clone the VpnProfile before
modifiying it.

Bug: 190572822
Bug: 309591931
Test: New test in VpnTest
Test: Manual test always-on VPNs
Change-Id: I2a8dd03ef7da9b950df54ba993a527eb15272281
parent ecf90eb7

core/java/com/android/internal/net/VpnProfile.java

+10 −0
Original line number Diff line number Diff line
@@ -618,4 +618,14 @@ public final class VpnProfile implements Cloneable, Parcelable { 
    public int describeContents() {

        return 0;

    }



    @Override

    public VpnProfile clone() {

        try {

            return (VpnProfile) super.clone();

        } catch (CloneNotSupportedException e) {

            Log.wtf(TAG, e);

            return null;

        }

    }

}

services/core/java/com/android/server/connectivity/Vpn.java

+2 −1
Original line number Diff line number Diff line
@@ -2657,8 +2657,9 @@ public class Vpn { 
     *

     * Callers are responsible for checking permissions if needed.

     */

    public void startLegacyVpnPrivileged(VpnProfile profile,

    public void startLegacyVpnPrivileged(VpnProfile profileToStart,

            @Nullable Network underlying, @NonNull LinkProperties egress) {

        final VpnProfile profile = profileToStart.clone();

        UserInfo user = mUserManager.getUserInfo(mUserId);

        if (user.isRestricted() || mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN,

                    new UserHandle(mUserId))) {