LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

am 52781414: am fa8d83d9: Merge "Restrict lockdown and firewall to AID_SYSTEM." into jb-mr1-dev

Browse Source 
* commit '527814142037fe08934b4e9ef3961742ffbd5a20':
  Restrict lockdown and firewall to AID_SYSTEM.
This commit is contained in:
Jeff Sharkey
2012-09-06 18:07:27 -07:00
committed by Android Git Automerger
parent cc4caf33a9 5663b6e934
commit e4e3c9dce2
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
services/java/com/android/server/ConnectivityService.java
View File

@@ -77,6 +77,7 @@ import android.os.Looper;
import android.os.Message;
import android.os.ParcelFileDescriptor;
import android.os.PowerManager;
import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.SystemClock;
@@ -3370,7 +3371,7 @@ public class ConnectivityService extends IConnectivityManager.Stub {
@Override
public boolean updateLockdownVpn() {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
enforceSystemUid();
// Tear down existing lockdown if profile was removed
mLockdownEnabled = LockdownVpnTracker.isEnabled();
@@ -3421,4 +3422,11 @@ public class ConnectivityService extends IConnectivityManager.Stub {
throw new IllegalStateException("Unavailable in lockdown mode");
}
}
private static void enforceSystemUid() {
final int uid = Binder.getCallingUid();
if (uid != Process.SYSTEM_UID) {
throw new SecurityException("Only available to AID_SYSTEM");
}
}
}