Enforce VPN control "permission" with an actual permission.
The current implementation uses a whitelist of package names. Use a
system|signature permission instead of rolling our own security and
add that permission to the existing set of whitelisted packages
(SystemUI and VpnDialogs).
In addition to being less of a security risk (using well-known methods
like Context.enforceCallingPermission rather than manually querying
PackageManager and checking UIDs for package names), this enables
other system-privileged apps to control VPN as needed per the below
bug.
Bug: 18327583
Change-Id: I38617965c40d62cf1ac28e3cb382c0877fb1275d
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index b03103e..1d067c8 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2406,6 +2406,15 @@
android:description="@string/permdesc_controlWifiDisplay"
android:protectionLevel="signature" />
+ <!-- @SystemApi Allows an application to control VPN.
+ <p>Not for use by third-party applications.</p>
+ @hide -->
+ <permission android:name="android.permission.CONTROL_VPN"
+ android:label="@string/permlab_controlVpn"
+ android:description="@string/permdesc_controlVpn"
+ android:protectionLevel="signature|system" />
+ <uses-permission android:name="android.permission.CONTROL_VPN" />
+
<!-- @SystemApi Allows an application to capture audio output.
<p>Not for use by third-party applications.</p> -->
<permission android:name="android.permission.CAPTURE_AUDIO_OUTPUT"