Loading core/res/AndroidManifest.xml +9 −0 Original line number Diff line number Diff line Loading @@ -2406,6 +2406,15 @@ android:description="@string/permdesc_controlWifiDisplay" android:protectionLevel="signature" /> <!-- @SystemApi Allows an application to control VPN. <p>Not for use by third-party applications.</p> @hide --> <permission android:name="android.permission.CONTROL_VPN" android:label="@string/permlab_controlVpn" android:description="@string/permdesc_controlVpn" android:protectionLevel="signature|system" /> <uses-permission android:name="android.permission.CONTROL_VPN" /> <!-- @SystemApi Allows an application to capture audio output. <p>Not for use by third-party applications.</p> --> <permission android:name="android.permission.CAPTURE_AUDIO_OUTPUT" Loading core/res/res/values/strings.xml +5 −0 Original line number Diff line number Diff line Loading @@ -1651,6 +1651,11 @@ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permdesc_controlWifiDisplay">Allows the app to control low-level features of Wifi displays.</string> <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permlab_controlVpn">control Virtual Private Networks</string> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permdesc_controlVpn">Allows the app to control low-level features of Virtual Private Networks.</string> <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permlab_captureAudioOutput">capture audio output</string> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> Loading packages/SystemUI/AndroidManifest.xml +1 −0 Original line number Diff line number Diff line Loading @@ -55,6 +55,7 @@ <uses-permission android:name="android.permission.MANAGE_NETWORK_POLICY" /> <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" /> <uses-permission android:name="android.permission.READ_NETWORK_USAGE_HISTORY" /> <uses-permission android:name="android.permission.CONTROL_VPN" /> <!-- Physical hardware --> <uses-permission android:name="android.permission.MANAGE_USB" /> Loading packages/VpnDialogs/AndroidManifest.xml +2 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,8 @@ <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.android.vpndialogs"> <uses-permission android:name="android.permission.CONTROL_VPN" /> <application android:label="VpnDialogs" android:allowBackup="false" > <activity android:name=".ConfirmDialog" Loading services/core/java/com/android/server/connectivity/Vpn.java +2 −25 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ import static android.net.RouteInfo.RTN_UNREACHABLE; import static android.system.OsConstants.AF_INET; import static android.system.OsConstants.AF_INET6; import android.Manifest; import android.app.AppGlobals; import android.app.AppOpsManager; import android.app.PendingIntent; Loading Loading @@ -739,31 +740,7 @@ public class Vpn { }; private void enforceControlPermission() { // System user is allowed to control VPN. if (Binder.getCallingUid() == Process.SYSTEM_UID) { return; } int appId = UserHandle.getAppId(Binder.getCallingUid()); final long token = Binder.clearCallingIdentity(); try { // System VPN dialogs are also allowed to control VPN. PackageManager pm = mContext.getPackageManager(); ApplicationInfo app = pm.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0); if (((app.flags & ApplicationInfo.FLAG_SYSTEM) != 0) && (appId == app.uid)) { return; } // SystemUI dialogs are also allowed to control VPN. ApplicationInfo sysUiApp = pm.getApplicationInfo("com.android.systemui", 0); if (((sysUiApp.flags & ApplicationInfo.FLAG_SYSTEM) != 0) && (appId == sysUiApp.uid)) { return; } } catch (Exception e) { // ignore } finally { Binder.restoreCallingIdentity(token); } throw new SecurityException("Unauthorized Caller"); mContext.enforceCallingPermission(Manifest.permission.CONTROL_VPN, "Unauthorized Caller"); } private class Connection implements ServiceConnection { Loading Loading
core/res/AndroidManifest.xml +9 −0 Original line number Diff line number Diff line Loading @@ -2406,6 +2406,15 @@ android:description="@string/permdesc_controlWifiDisplay" android:protectionLevel="signature" /> <!-- @SystemApi Allows an application to control VPN. <p>Not for use by third-party applications.</p> @hide --> <permission android:name="android.permission.CONTROL_VPN" android:label="@string/permlab_controlVpn" android:description="@string/permdesc_controlVpn" android:protectionLevel="signature|system" /> <uses-permission android:name="android.permission.CONTROL_VPN" /> <!-- @SystemApi Allows an application to capture audio output. <p>Not for use by third-party applications.</p> --> <permission android:name="android.permission.CAPTURE_AUDIO_OUTPUT" Loading
core/res/res/values/strings.xml +5 −0 Original line number Diff line number Diff line Loading @@ -1651,6 +1651,11 @@ <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permdesc_controlWifiDisplay">Allows the app to control low-level features of Wifi displays.</string> <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permlab_controlVpn">control Virtual Private Networks</string> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permdesc_controlVpn">Allows the app to control low-level features of Virtual Private Networks.</string> <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permlab_captureAudioOutput">capture audio output</string> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> Loading
packages/SystemUI/AndroidManifest.xml +1 −0 Original line number Diff line number Diff line Loading @@ -55,6 +55,7 @@ <uses-permission android:name="android.permission.MANAGE_NETWORK_POLICY" /> <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" /> <uses-permission android:name="android.permission.READ_NETWORK_USAGE_HISTORY" /> <uses-permission android:name="android.permission.CONTROL_VPN" /> <!-- Physical hardware --> <uses-permission android:name="android.permission.MANAGE_USB" /> Loading
packages/VpnDialogs/AndroidManifest.xml +2 −0 Original line number Diff line number Diff line Loading @@ -19,6 +19,8 @@ <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.android.vpndialogs"> <uses-permission android:name="android.permission.CONTROL_VPN" /> <application android:label="VpnDialogs" android:allowBackup="false" > <activity android:name=".ConfirmDialog" Loading
services/core/java/com/android/server/connectivity/Vpn.java +2 −25 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ import static android.net.RouteInfo.RTN_UNREACHABLE; import static android.system.OsConstants.AF_INET; import static android.system.OsConstants.AF_INET6; import android.Manifest; import android.app.AppGlobals; import android.app.AppOpsManager; import android.app.PendingIntent; Loading Loading @@ -739,31 +740,7 @@ public class Vpn { }; private void enforceControlPermission() { // System user is allowed to control VPN. if (Binder.getCallingUid() == Process.SYSTEM_UID) { return; } int appId = UserHandle.getAppId(Binder.getCallingUid()); final long token = Binder.clearCallingIdentity(); try { // System VPN dialogs are also allowed to control VPN. PackageManager pm = mContext.getPackageManager(); ApplicationInfo app = pm.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0); if (((app.flags & ApplicationInfo.FLAG_SYSTEM) != 0) && (appId == app.uid)) { return; } // SystemUI dialogs are also allowed to control VPN. ApplicationInfo sysUiApp = pm.getApplicationInfo("com.android.systemui", 0); if (((sysUiApp.flags & ApplicationInfo.FLAG_SYSTEM) != 0) && (appId == sysUiApp.uid)) { return; } } catch (Exception e) { // ignore } finally { Binder.restoreCallingIdentity(token); } throw new SecurityException("Unauthorized Caller"); mContext.enforceCallingPermission(Manifest.permission.CONTROL_VPN, "Unauthorized Caller"); } private class Connection implements ServiceConnection { Loading
