Lock down networking when waiting for always-on
Fix: 26694104
Fix: 27042309
Fix: 28335277
Change-Id: I47a4c9d2b98235195b1356af3dabf7235870e4fa
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index e5b301e..8b2d003 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1845,6 +1845,22 @@
}
@Override
+ public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges)
+ throws ServiceSpecificException {
+ try {
+ mNetdService.networkRejectNonSecureVpn(add, uidRanges);
+ } catch (ServiceSpecificException e) {
+ Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")"
+ + ": netd command failed", e);
+ throw e;
+ } catch (RemoteException e) {
+ Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")"
+ + ": netd command failed", e);
+ throw e.rethrowAsRuntimeException();
+ }
+ }
+
+ @Override
public void setUidCleartextNetworkPolicy(int uid, int policy) {
if (Binder.getCallingUid() != uid) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);