LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable the AppOp Restriction for IpSec Tunnels

Browse Source 
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.

Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
This commit is contained in:
Nathan Harold
2018-05-15 19:18:38 -07:00
parent d21e909fd3
commit 147f7386da
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/core/java/com/android/server/IpSecService.java
View File

@@ -1481,10 +1481,13 @@ public class IpSecService extends IIpSecService.Stub {
} }
} }
private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;
private void enforceTunnelPermissions(String callingPackage) { private void enforceTunnelPermissions(String callingPackage) {
checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels"); checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
if (false) { // STOPSHIP if this line is present
switch (getAppOpsManager().noteOp( switch (getAppOpsManager().noteOp(
AppOpsManager.OP_MANAGE_IPSEC_TUNNELS, TUNNEL_OP,
Binder.getCallingUid(), callingPackage)) { Binder.getCallingUid(), callingPackage)) {
case AppOpsManager.MODE_DEFAULT: case AppOpsManager.MODE_DEFAULT:
mContext.enforceCallingOrSelfPermission( mContext.enforceCallingOrSelfPermission(
@@ -1496,6 +1499,7 @@ public class IpSecService extends IIpSecService.Stub {
throw new SecurityException("Request to ignore AppOps for non-legacy API"); throw new SecurityException("Request to ignore AppOps for non-legacy API");
} }
} }
}
private void createOrUpdateTransform( private void createOrUpdateTransform(
IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord) IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord)