LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Re-enable checks for MANAGE_IPSEC_TUNNELS

Browse Source 
This patch ensures that creation and modification of IPsec tunnels
requires the MANAGE_IPSEC_TUNNELS appop.

Bug: 115685048
Test: IpSecManagerTunnelTest fails without appops set
Change-Id: I6c60a2573ca521717877f36e28a392b0d3b62754
This commit is contained in:
Benedict Wong
2018-09-13 16:45:12 -07:00
parent 38e52973d2
commit 2b6a14ecf3
1 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
services/core/java/com/android/server/IpSecService.java
View File

@@ -1488,14 +1488,11 @@ public class IpSecService extends IIpSecService.Stub {
} }
} }
private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS; private static final String TUNNEL_OP = AppOpsManager.OPSTR_MANAGE_IPSEC_TUNNELS;
private void enforceTunnelPermissions(String callingPackage) { private void enforceTunnelPermissions(String callingPackage) {
checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels"); checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
if (false) { // STOPSHIP if this line is present switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
switch (getAppOpsManager().noteOp(
TUNNEL_OP,
Binder.getCallingUid(), callingPackage)) {
case AppOpsManager.MODE_DEFAULT: case AppOpsManager.MODE_DEFAULT:
mContext.enforceCallingOrSelfPermission( mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService"); android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
@@ -1506,7 +1503,6 @@ public class IpSecService extends IIpSecService.Stub {
throw new SecurityException("Request to ignore AppOps for non-legacy API"); throw new SecurityException("Request to ignore AppOps for non-legacy API");
} }
} }
}
private void createOrUpdateTransform( private void createOrUpdateTransform(
IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord) IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord)