Loading services/java/com/android/server/ConnectivityService.java +9 −1 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ import android.os.Looper; import android.os.Message; import android.os.ParcelFileDescriptor; import android.os.PowerManager; import android.os.Process; import android.os.RemoteException; import android.os.ServiceManager; import android.os.SystemClock; Loading Loading @@ -3370,7 +3371,7 @@ public class ConnectivityService extends IConnectivityManager.Stub { @Override public boolean updateLockdownVpn() { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); // Tear down existing lockdown if profile was removed mLockdownEnabled = LockdownVpnTracker.isEnabled(); Loading Loading @@ -3421,4 +3422,11 @@ public class ConnectivityService extends IConnectivityManager.Stub { throw new IllegalStateException("Unavailable in lockdown mode"); } } private static void enforceSystemUid() { final int uid = Binder.getCallingUid(); if (uid != Process.SYSTEM_UID) { throw new SecurityException("Only available to AID_SYSTEM"); } } } services/java/com/android/server/NetworkManagementService.java +15 −6 Original line number Diff line number Diff line Loading @@ -45,8 +45,10 @@ import android.net.NetworkUtils; import android.net.RouteInfo; import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiConfiguration.KeyMgmt; import android.os.Binder; import android.os.Handler; import android.os.INetworkManagementService; import android.os.Process; import android.os.RemoteCallbackList; import android.os.RemoteException; import android.os.SystemClock; Loading Loading @@ -1436,7 +1438,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallEnabled(boolean enabled) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); try { mConnector.execute("firewall", enabled ? "enable" : "disable"); mFirewallEnabled = enabled; Loading @@ -1447,13 +1449,13 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public boolean isFirewallEnabled() { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); return mFirewallEnabled; } @Override public void setFirewallInterfaceRule(String iface, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1465,7 +1467,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallEgressSourceRule(String addr, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1477,7 +1479,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallEgressDestRule(String addr, int port, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1489,7 +1491,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallUidRule(int uid, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1499,6 +1501,13 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } private static void enforceSystemUid() { final int uid = Binder.getCallingUid(); if (uid != Process.SYSTEM_UID) { throw new SecurityException("Only available to AID_SYSTEM"); } } @Override public void monitor() { if (mConnector != null) { Loading Loading
services/java/com/android/server/ConnectivityService.java +9 −1 Original line number Diff line number Diff line Loading @@ -77,6 +77,7 @@ import android.os.Looper; import android.os.Message; import android.os.ParcelFileDescriptor; import android.os.PowerManager; import android.os.Process; import android.os.RemoteException; import android.os.ServiceManager; import android.os.SystemClock; Loading Loading @@ -3370,7 +3371,7 @@ public class ConnectivityService extends IConnectivityManager.Stub { @Override public boolean updateLockdownVpn() { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); // Tear down existing lockdown if profile was removed mLockdownEnabled = LockdownVpnTracker.isEnabled(); Loading Loading @@ -3421,4 +3422,11 @@ public class ConnectivityService extends IConnectivityManager.Stub { throw new IllegalStateException("Unavailable in lockdown mode"); } } private static void enforceSystemUid() { final int uid = Binder.getCallingUid(); if (uid != Process.SYSTEM_UID) { throw new SecurityException("Only available to AID_SYSTEM"); } } }
services/java/com/android/server/NetworkManagementService.java +15 −6 Original line number Diff line number Diff line Loading @@ -45,8 +45,10 @@ import android.net.NetworkUtils; import android.net.RouteInfo; import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiConfiguration.KeyMgmt; import android.os.Binder; import android.os.Handler; import android.os.INetworkManagementService; import android.os.Process; import android.os.RemoteCallbackList; import android.os.RemoteException; import android.os.SystemClock; Loading Loading @@ -1436,7 +1438,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallEnabled(boolean enabled) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); try { mConnector.execute("firewall", enabled ? "enable" : "disable"); mFirewallEnabled = enabled; Loading @@ -1447,13 +1449,13 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public boolean isFirewallEnabled() { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); return mFirewallEnabled; } @Override public void setFirewallInterfaceRule(String iface, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1465,7 +1467,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallEgressSourceRule(String addr, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1477,7 +1479,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallEgressDestRule(String addr, int port, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1489,7 +1491,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void setFirewallUidRule(int uid, boolean allow) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); enforceSystemUid(); Preconditions.checkState(mFirewallEnabled); final String rule = allow ? ALLOW : DENY; try { Loading @@ -1499,6 +1501,13 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } private static void enforceSystemUid() { final int uid = Binder.getCallingUid(); if (uid != Process.SYSTEM_UID) { throw new SecurityException("Only available to AID_SYSTEM"); } } @Override public void monitor() { if (mConnector != null) { Loading
