LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Restrict VPN Diagnostics callbacks to underlying networks.

Browse Source 
ConnectivityDiagnosticsCallbacks should only be invoked for the
underlying networks declared by active VPNs. This encourages VPN apps to
declare their underlying networks.

The previous permission model for VPNs allowed active VPNs to receive
callbacks on any network.

Bug: 148903617
Test: atest FrameworksNetTests
Change-Id: Ic08cdd2e2532580fda0fd3034e2bdff27e0ff84b
This commit is contained in:
Cody Kesting
2020-02-11 14:16:41 -08:00
parent 0b6dd36a52
commit d759ac61ee
2 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -7890,10 +7890,13 @@ public class ConnectivityService extends IConnectivityManager.Stub
return false;
}
final Network[] underlyingNetworks;
synchronized (mVpns) {
if (getVpnIfOwner(callbackUid) != null) {
return true;
}
final Vpn vpn = getVpnIfOwner(callbackUid);
underlyingNetworks = (vpn == null) ? null : vpn.getUnderlyingNetworks();
}
if (underlyingNetworks != null) {
if (Arrays.asList(underlyingNetworks).contains(nai.network)) return true;
}
// Administrator UIDs also contains the Owner UID