LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Set correct owner UID for VPN agentConnect()" am: 2f7bb517fd

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1326493

Change-Id: I04609b41c9e878e1e3ca8f128d86290012d4ede7
This commit is contained in:
Benedict Wong
2020-06-15 17:18:15 +00:00
committed by Automerger Merge Worker
parent 363fb9fef9 2f7bb517fd
commit bab1782868
2 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
core/java/android/net/NetworkCapabilities.java
View File

@@ -900,9 +900,17 @@ public final class NetworkCapabilities implements Parcelable {
* <p>For NetworkCapability instances being sent from ConnectivityService, this value MUST be * <p>For NetworkCapability instances being sent from ConnectivityService, this value MUST be
* reset to Process.INVALID_UID unless all the following conditions are met: * reset to Process.INVALID_UID unless all the following conditions are met:
* *
* <p>The caller is the network owner, AND one of the following sets of requirements is met:
*
* <ol> * <ol>
* <li>The destination app is the network owner * <li>The described Network is a VPN
* <li>The destination app has the ACCESS_FINE_LOCATION permission granted * </ol>
*
* <p>OR:
*
* <ol>
* <li>The calling app is the network owner
* <li>The calling app has the ACCESS_FINE_LOCATION permission granted
* <li>The user's location toggle is on * <li>The user's location toggle is on
* </ol> * </ol>
* *
@@ -928,7 +936,16 @@ public final class NetworkCapabilities implements Parcelable {
/** /**
* Retrieves the UID of the app that owns this network. * Retrieves the UID of the app that owns this network.
* *
* <p>For user privacy reasons, this field will only be populated if: * <p>For user privacy reasons, this field will only be populated if the following conditions
* are met:
*
* <p>The caller is the network owner, AND one of the following sets of requirements is met:
*
* <ol>
* <li>The described Network is a VPN
* </ol>
*
* <p>OR:
* *
* <ol> * <ol>
* <li>The calling app is the network owner * <li>The calling app is the network owner
@@ -936,8 +953,8 @@ public final class NetworkCapabilities implements Parcelable {
* <li>The user's location toggle is on * <li>The user's location toggle is on
* </ol> * </ol>
* *
* Instances of NetworkCapabilities sent to apps without the appropriate permissions will * Instances of NetworkCapabilities sent to apps without the appropriate permissions will have
* have this field cleared out. * this field cleared out.
*/ */
public int getOwnerUid() { public int getOwnerUid() {
return mOwnerUid; return mOwnerUid;

6
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -1698,6 +1698,12 @@ public class ConnectivityService extends IConnectivityManager.Stub
return newNc; return newNc;
} }
// Allow VPNs to see ownership of their own VPN networks - not location sensitive.
if (nc.hasTransport(TRANSPORT_VPN)) {
// Owner UIDs already checked above. No need to re-check.
return newNc;
}
Binder.withCleanCallingIdentity( Binder.withCleanCallingIdentity(
() -> { () -> {
if (!mLocationPermissionChecker.checkLocationPermission( if (!mLocationPermissionChecker.checkLocationPermission(