Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ec548dbb authored by Victor Chang's avatar Victor Chang Committed by android-build-merger
Browse files

Merge \\"Disallow shell to mutate always-on vpn when DISALLOW_CONFIG_VPN user... 

Merge \\"Disallow shell to mutate always-on vpn when DISALLOW_CONFIG_VPN user restriction is set\\" into nyc-mr1-dev am: e05b35db
am: 87ec0ef5

Change-Id: Ib6ed82c6e9e48cb7f08cfca194331796c5cdd5ba
parents 0812bbcc 87ec0ef5

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+14 −3
Original line number Diff line number Diff line
@@ -799,7 +799,8 @@ public class SettingsProvider extends ContentProvider { 


        // If this is a setting that is currently restricted for this user, do not allow

        // unrestricting changes.

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value)) {

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value,

                Binder.getCallingUid())) {

            return false;

        }
@@ -930,7 +931,8 @@ public class SettingsProvider extends ContentProvider { 


        // If this is a setting that is currently restricted for this user, do not allow

        // unrestricting changes.

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value)) {

        if (isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value,

                Binder.getCallingUid())) {

            return false;

        }
@@ -1153,7 +1155,7 @@ public class SettingsProvider extends ContentProvider { 
     * @return true if the change is prohibited, false if the change is allowed.

     */

    private boolean isGlobalOrSecureSettingRestrictedForUser(String setting, int userId,

            String value) {

            String value, int callingUid) {

        String restriction;

        switch (setting) {

            case Settings.Secure.LOCATION_MODE:
@@ -1191,6 +1193,15 @@ public class SettingsProvider extends ContentProvider { 
                restriction = UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS;

                break;



            case Settings.Secure.ALWAYS_ON_VPN_APP:

            case Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN:

                // Whitelist system uid (ConnectivityService) and root uid to change always-on vpn

                if (callingUid == Process.SYSTEM_UID || callingUid == Process.ROOT_UID) {

                    return false;

                }

                restriction = UserManager.DISALLOW_CONFIG_VPN;

                break;



            default:

                if (setting != null && setting.startsWith(Settings.Global.DATA_ROAMING)) {

                    if ("0".equals(value)) return false;