Loading core/java/android/net/NetworkCapabilities.java +22 −5 Original line number Diff line number Diff line Loading @@ -900,9 +900,17 @@ public final class NetworkCapabilities implements Parcelable { * <p>For NetworkCapability instances being sent from ConnectivityService, this value MUST be * reset to Process.INVALID_UID unless all the following conditions are met: * * <p>The caller is the network owner, AND one of the following sets of requirements is met: * * <ol> * <li>The described Network is a VPN * </ol> * * <p>OR: * * <ol> * <li>The destination app is the network owner * <li>The destination app has the ACCESS_FINE_LOCATION permission granted * <li>The calling app is the network owner * <li>The calling app has the ACCESS_FINE_LOCATION permission granted * <li>The user's location toggle is on * </ol> * Loading @@ -928,7 +936,16 @@ public final class NetworkCapabilities implements Parcelable { /** * Retrieves the UID of the app that owns this network. * * <p>For user privacy reasons, this field will only be populated if: * <p>For user privacy reasons, this field will only be populated if the following conditions * are met: * * <p>The caller is the network owner, AND one of the following sets of requirements is met: * * <ol> * <li>The described Network is a VPN * </ol> * * <p>OR: * * <ol> * <li>The calling app is the network owner Loading @@ -936,8 +953,8 @@ public final class NetworkCapabilities implements Parcelable { * <li>The user's location toggle is on * </ol> * * Instances of NetworkCapabilities sent to apps without the appropriate permissions will * have this field cleared out. * Instances of NetworkCapabilities sent to apps without the appropriate permissions will have * this field cleared out. */ public int getOwnerUid() { return mOwnerUid; Loading services/core/java/com/android/server/ConnectivityService.java +6 −0 Original line number Diff line number Diff line Loading @@ -1698,6 +1698,12 @@ public class ConnectivityService extends IConnectivityManager.Stub return newNc; } // Allow VPNs to see ownership of their own VPN networks - not location sensitive. if (nc.hasTransport(TRANSPORT_VPN)) { // Owner UIDs already checked above. No need to re-check. return newNc; } Binder.withCleanCallingIdentity( () -> { if (!mLocationPermissionChecker.checkLocationPermission( Loading services/core/java/com/android/server/connectivity/Vpn.java +2 −1 Original line number Diff line number Diff line Loading @@ -1106,7 +1106,8 @@ public class Vpn { NetworkAgentConfig networkAgentConfig = new NetworkAgentConfig(); networkAgentConfig.allowBypass = mConfig.allowBypass && !mLockdown; mNetworkCapabilities.setOwnerUid(Binder.getCallingUid()); mNetworkCapabilities.setOwnerUid(mOwnerUID); mNetworkCapabilities.setAdministratorUids(new int[] {mOwnerUID}); mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(mUserHandle, mConfig.allowedApplications, mConfig.disallowedApplications)); long token = Binder.clearCallingIdentity(); Loading Loading
core/java/android/net/NetworkCapabilities.java +22 −5 Original line number Diff line number Diff line Loading @@ -900,9 +900,17 @@ public final class NetworkCapabilities implements Parcelable { * <p>For NetworkCapability instances being sent from ConnectivityService, this value MUST be * reset to Process.INVALID_UID unless all the following conditions are met: * * <p>The caller is the network owner, AND one of the following sets of requirements is met: * * <ol> * <li>The described Network is a VPN * </ol> * * <p>OR: * * <ol> * <li>The destination app is the network owner * <li>The destination app has the ACCESS_FINE_LOCATION permission granted * <li>The calling app is the network owner * <li>The calling app has the ACCESS_FINE_LOCATION permission granted * <li>The user's location toggle is on * </ol> * Loading @@ -928,7 +936,16 @@ public final class NetworkCapabilities implements Parcelable { /** * Retrieves the UID of the app that owns this network. * * <p>For user privacy reasons, this field will only be populated if: * <p>For user privacy reasons, this field will only be populated if the following conditions * are met: * * <p>The caller is the network owner, AND one of the following sets of requirements is met: * * <ol> * <li>The described Network is a VPN * </ol> * * <p>OR: * * <ol> * <li>The calling app is the network owner Loading @@ -936,8 +953,8 @@ public final class NetworkCapabilities implements Parcelable { * <li>The user's location toggle is on * </ol> * * Instances of NetworkCapabilities sent to apps without the appropriate permissions will * have this field cleared out. * Instances of NetworkCapabilities sent to apps without the appropriate permissions will have * this field cleared out. */ public int getOwnerUid() { return mOwnerUid; Loading
services/core/java/com/android/server/ConnectivityService.java +6 −0 Original line number Diff line number Diff line Loading @@ -1698,6 +1698,12 @@ public class ConnectivityService extends IConnectivityManager.Stub return newNc; } // Allow VPNs to see ownership of their own VPN networks - not location sensitive. if (nc.hasTransport(TRANSPORT_VPN)) { // Owner UIDs already checked above. No need to re-check. return newNc; } Binder.withCleanCallingIdentity( () -> { if (!mLocationPermissionChecker.checkLocationPermission( Loading
services/core/java/com/android/server/connectivity/Vpn.java +2 −1 Original line number Diff line number Diff line Loading @@ -1106,7 +1106,8 @@ public class Vpn { NetworkAgentConfig networkAgentConfig = new NetworkAgentConfig(); networkAgentConfig.allowBypass = mConfig.allowBypass && !mLockdown; mNetworkCapabilities.setOwnerUid(Binder.getCallingUid()); mNetworkCapabilities.setOwnerUid(mOwnerUID); mNetworkCapabilities.setAdministratorUids(new int[] {mOwnerUID}); mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(mUserHandle, mConfig.allowedApplications, mConfig.disallowedApplications)); long token = Binder.clearCallingIdentity(); Loading
