LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Disable the AppOp Restriction for IpSec Tunnels" into stage-aosp-master

Browse Source 
am: bda7c96038

Change-Id: I98f2a964b3035daf93b54dc2b72561b16d2ded92
This commit is contained in:
Nathan Harold
2018-06-09 09:25:32 -07:00
committed by android-build-merger
parent a2734cfc87 7c250aedb1
commit 48474a78ad
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
services/core/java/com/android/server/IpSecService.java
View File

@@ -1481,19 +1481,23 @@ public class IpSecService extends IIpSecService.Stub {
} }
} }
private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;
private void enforceTunnelPermissions(String callingPackage) { private void enforceTunnelPermissions(String callingPackage) {
checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels"); checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
switch (getAppOpsManager().noteOp( if (false) { // STOPSHIP if this line is present
AppOpsManager.OP_MANAGE_IPSEC_TUNNELS, switch (getAppOpsManager().noteOp(
Binder.getCallingUid(), callingPackage)) { TUNNEL_OP,
case AppOpsManager.MODE_DEFAULT: Binder.getCallingUid(), callingPackage)) {
mContext.enforceCallingOrSelfPermission( case AppOpsManager.MODE_DEFAULT:
android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService"); mContext.enforceCallingOrSelfPermission(
break; android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
case AppOpsManager.MODE_ALLOWED: break;
return; case AppOpsManager.MODE_ALLOWED:
default: return;
throw new SecurityException("Request to ignore AppOps for non-legacy API"); default:
throw new SecurityException("Request to ignore AppOps for non-legacy API");
}
} }
} }