Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d097d0c4 authored by Cassie Wang's avatar Cassie Wang
Browse files

Allow any caller with CONTROL_VPN to disconnect existing VPN 

When calling prepare(null, LEGACY_VPN, TYPE_VPN_SERVICE), the caller
wants to disconnect the current VPN. The current code checks to make
sure an IPC caller, and only an IPC caller, with the CONTROL_VPN
permission can do so.

But this doesn't allow for other processes in the system server (which
also have CONTROL_VPN permission) to do so. Expand the check to allow
those callers.

Bug: 284803285
Test: VpnTest in http://aosp/2624812
Change-Id: Ib9baa40d6dc870a548ebf8332f2829f4e49be428
parent af2669d6

services/core/java/com/android/server/connectivity/Vpn.java

+1 −1
Original line number Original line Diff line number Diff line
@@ -1389,7 +1389,7 @@ public class Vpn { 
        }

        }





        // Check that the caller is authorized.

        // Check that the caller is authorized.

        enforceControlPermission();

        enforceControlPermissionOrInternalCaller();





        // Stop an existing always-on VPN from being dethroned by other apps.

        // Stop an existing always-on VPN from being dethroned by other apps.

        if (mAlwaysOn && !isCurrentPreparedPackage(newPackage)) {

        if (mAlwaysOn && !isCurrentPreparedPackage(newPackage)) {