From ca3d8edfba3697e84d6227ee1e964a42ec6e0d5f Mon Sep 17 00:00:00 2001 From: Jeff Davidson Date: Thu, 20 Nov 2014 13:12:46 -0800 Subject: [PATCH] Don't enforce control permission when preparing consented VPN. If a VPN app requests to be prepared and has already obtained user consent, there is no need to additionally enforce the control permission. We only need to enforce the control permission when a VPN is first being prepared, where such a preparation would bypass user consent. Also ensure that in this case, the VPN being prepared matches the calling app. Otherwise an app could prepare another pre-consented VPN, which is not particularly dangerous but is likely unexpected. Finally, remove misleading comment in ConnectivityService#prepareVpn. This method IS called from VpnService.prepare(), not only from system-privileged apps. Bug: 18442887 Change-Id: Ic3227c6c1c74312697f0576d3811b06692a4edff --- services/core/java/com/android/server/ConnectivityService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 17889eae77..4bfc3ea7f1 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -2813,7 +2813,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } /** - * Prepare for a VPN application. This method is used by system-privileged apps. + * Prepare for a VPN application. * Permissions are checked in Vpn class. * @hide */