Apply DISALLOW_CONFIG_VPN restriction to VPN.
Bug: 16008760
Change-Id: I299d5f32d9b09c3abcc32f3e889a0187880621df
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index cb1dfe4..ad7c0aa 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -329,7 +329,7 @@
try {
// Restricted users are not allowed to create VPNs, they are tied to Owner
UserInfo user = mgr.getUserInfo(mUserId);
- if (user.isRestricted()) {
+ if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN)) {
throw new SecurityException("Restricted users cannot establish VPNs");
}
@@ -722,6 +722,11 @@
if (!keyStore.isUnlocked()) {
throw new IllegalStateException("KeyStore isn't unlocked");
}
+ UserManager mgr = UserManager.get(mContext);
+ UserInfo user = mgr.getUserInfo(mUserId);
+ if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN)) {
+ throw new SecurityException("Restricted users cannot establish VPNs");
+ }
final RouteInfo ipv4DefaultRoute = findIPv4DefaultRoute(egress);
final String gateway = ipv4DefaultRoute.getGateway().getHostAddress();