LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keep UID in lockdown when present in any range

Browse Source 
Do not remove LOCKDOWN_VPN_MATCH from a UID if it is present in any of
the supplied ranges that have yet to be removed.

Change-Id: Ia95724cd19040f83cea2c169a2585ab5dbdddbac
This commit is contained in:
Tommy Webb
2023-02-26 15:50:50 -05:00
committed by Michael Bestas
parent b825c6f71c
commit 407ba4ce6e
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
service/src/com/android/server/connectivity/PermissionMonitor.java
View File

@@ -1067,8 +1067,10 @@ public class PermissionMonitor {
// exclude privileged apps from the prohibit routing rules used to implement outgoing packet
// filtering, privileged apps can still bypass outgoing packet filtering because the
// prohibit rules observe the protected from VPN bit.
// If removing a UID, we ensure it is not present anywhere in the set first.
for (final int uid: affectedUids) {
if (!hasRestrictedNetworksPermission(uid)) {
if (!hasRestrictedNetworksPermission(uid)
&& (add || !UidRange.containsUid(mVpnLockdownUidRanges.getSet(), uid))) {
updateLockdownUidRule(uid, add);
}
}