Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / b21298a686b04d55ff97223dd317497845713f4b
commitb21298a686b04d55ff97223dd317497845713f4b[log] [tgz]
authorJeff Davidson <jpd@google.com>Tue Feb 10 10:02:11 2015 -0800
committerJeff Davidson <jpd@google.com>Tue Feb 10 23:41:42 2015 -0800
treef601ce3c9ba7082f91d21dcf4bd17e6cf2fa1b68
parent175ddbcf2ed71fdcd44a9b64cdc5d479df496a4d [diff]
Do not enforce CONTROL_VPN for calls from lockdown VPN.

Clearly document which methods in Vpn.java are designed to be used to
service a Binder call, and which must therefore check permissions and
clear the calling identity, and which methods are designed for
internal use only and which therefore need not check permission.

Add a new startLegacyVpnPrivileged method which bypasses the
permission checks, to be used by lockdown VPN which is a trusted
system service. Ensure that the existing startLegacyVpn method checks
permissions as this is used whenever we respond to a binder call.

Bug: 19311172
Change-Id: I34f13258ee7481f1356bc523124cf5db068b4972
2 files changed
tree: f601ce3c9ba7082f91d21dcf4bd17e6cf2fa1b68
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. policy/
  19. rs/
  20. samples/
  21. sax/
  22. services/
  23. telecomm/
  24. telephony/
  25. test-runner/
  26. tests/
  27. tools/
  28. wifi/
  29. Android.mk
  30. CleanSpec.mk
  31. MODULE_LICENSE_APACHE2
  32. NOTICE
  33. preloaded-classes