LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Re-enable checks for MANAGE_IPSEC_TUNNELS" am: 4f94cbe619 am: e2778b09ad

Browse Source 
am: 319d308884

Change-Id: Ifa46c8e45f307d924c2ea589345957736dee0db0
This commit is contained in:
Benedict Wong
2018-09-19 17:33:21 -07:00
committed by android-build-merger
parent dde588d9b8 319d308884
commit 92334a78e0
1 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
services/core/java/com/android/server/IpSecService.java
View File

@@ -1490,23 +1490,19 @@ public class IpSecService extends IIpSecService.Stub {
}
}
private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;
private static final String TUNNEL_OP = AppOpsManager.OPSTR_MANAGE_IPSEC_TUNNELS;
private void enforceTunnelPermissions(String callingPackage) {
checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
if (false) { // STOPSHIP if this line is present
switch (getAppOpsManager().noteOp(
TUNNEL_OP,
Binder.getCallingUid(), callingPackage)) {
case AppOpsManager.MODE_DEFAULT:
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
break;
case AppOpsManager.MODE_ALLOWED:
return;
default:
throw new SecurityException("Request to ignore AppOps for non-legacy API");
}
switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
case AppOpsManager.MODE_DEFAULT:
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
break;
case AppOpsManager.MODE_ALLOWED:
return;
default:
throw new SecurityException("Request to ignore AppOps for non-legacy API");
}
}