Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / bc19c181c8c058c824e4fee907a05129e142c388^! / . / services / core / java / com / android / server / connectivity / Vpn.java
commitbc19c181c8c058c824e4fee907a05129e142c388[log] [tgz]
authorJeff Davidson <jpd@google.com>Tue Nov 11 13:20:01 2014 -0800
committerJeff Davidson <jpd@google.com>Wed Nov 12 08:56:20 2014 -0800
tree666427f56a5be8afe891bc975343240f9ffbe654
parentda772234f6f9498bf02f31448bda16e9fcbd6bd2 [diff] [blame]
Enforce VPN control "permission" with an actual permission.

The current implementation uses a whitelist of package names. Use a
system|signature permission instead of rolling our own security and
add that permission to the existing set of whitelisted packages
(SystemUI and VpnDialogs).

In addition to being less of a security risk (using well-known methods
like Context.enforceCallingPermission rather than manually querying
PackageManager and checking UIDs for package names), this enables
other system-privileged apps to control VPN as needed per the below
bug.

Bug: 18327583
Change-Id: I38617965c40d62cf1ac28e3cb382c0877fb1275d

diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 83756aa..03c05ec 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java

@@ -23,6 +23,7 @@
 import static android.system.OsConstants.AF_INET;
 import static android.system.OsConstants.AF_INET6;
 
+import android.Manifest;
 import android.app.AppGlobals;
 import android.app.AppOpsManager;
 import android.app.PendingIntent;
@@ -739,31 +740,7 @@
     };
 
     private void enforceControlPermission() {
-        // System user is allowed to control VPN.
-        if (Binder.getCallingUid() == Process.SYSTEM_UID) {
-            return;
-        }
-        int appId = UserHandle.getAppId(Binder.getCallingUid());
-        final long token = Binder.clearCallingIdentity();
-        try {
-            // System VPN dialogs are also allowed to control VPN.
-            PackageManager pm = mContext.getPackageManager();
-            ApplicationInfo app = pm.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0);
-            if (((app.flags & ApplicationInfo.FLAG_SYSTEM) != 0) && (appId == app.uid)) {
-                return;
-            }
-            // SystemUI dialogs are also allowed to control VPN.
-            ApplicationInfo sysUiApp = pm.getApplicationInfo("com.android.systemui", 0);
-            if (((sysUiApp.flags & ApplicationInfo.FLAG_SYSTEM) != 0) && (appId == sysUiApp.uid)) {
-                return;
-            }
-        } catch (Exception e) {
-            // ignore
-        } finally {
-            Binder.restoreCallingIdentity(token);
-        }
-
-        throw new SecurityException("Unauthorized Caller");
+        mContext.enforceCallingPermission(Manifest.permission.CONTROL_VPN, "Unauthorized Caller");
     }
 
     private class Connection implements ServiceConnection {