LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Re-enable checks for MANAGE_IPSEC_TUNNELS"

Browse Source 
am: 4f94cbe619

Change-Id: I071f4f1c797d03776d1dd38f5734c6d07e2cecc7
This commit is contained in:
Benedict Wong
2018-09-19 17:10:42 -07:00
committed by android-build-merger
parent 5dfc4f5e4c 4f94cbe619
commit e2778b09ad
1 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
services/core/java/com/android/server/IpSecService.java
View File

@@ -1490,23 +1490,19 @@ public class IpSecService extends IIpSecService.Stub {
} }
} }
private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS; private static final String TUNNEL_OP = AppOpsManager.OPSTR_MANAGE_IPSEC_TUNNELS;
private void enforceTunnelPermissions(String callingPackage) { private void enforceTunnelPermissions(String callingPackage) {
checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels"); checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
if (false) { // STOPSHIP if this line is present switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
switch (getAppOpsManager().noteOp( case AppOpsManager.MODE_DEFAULT:
TUNNEL_OP, mContext.enforceCallingOrSelfPermission(
Binder.getCallingUid(), callingPackage)) { android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
case AppOpsManager.MODE_DEFAULT: break;
mContext.enforceCallingOrSelfPermission( case AppOpsManager.MODE_ALLOWED:
android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService"); return;
break; default:
case AppOpsManager.MODE_ALLOWED: throw new SecurityException("Request to ignore AppOps for non-legacy API");
return;
default:
throw new SecurityException("Request to ignore AppOps for non-legacy API");
}
} }
} }