Merge "Do not enforce CONTROL_VPN for calls from lockdown VPN." into lmp-mr1-dev
This commit is contained in:
committed by
Android (Google) Code Review
commit
50996a12a8
@@ -846,9 +846,29 @@ public class Vpn {
|
|||||||
/**
|
/**
|
||||||
* Start legacy VPN, controlling native daemons as needed. Creates a
|
* Start legacy VPN, controlling native daemons as needed. Creates a
|
||||||
* secondary thread to perform connection work, returning quickly.
|
* secondary thread to perform connection work, returning quickly.
|
||||||
|
*
|
||||||
|
* Should only be called to respond to Binder requests as this enforces caller permission. Use
|
||||||
|
* {@link #startLegacyVpnPrivileged(VpnProfile, KeyStore, LinkProperties)} to skip the
|
||||||
|
* permission check only when the caller is trusted (or the call is initiated by the system).
|
||||||
*/
|
*/
|
||||||
public void startLegacyVpn(VpnProfile profile, KeyStore keyStore, LinkProperties egress) {
|
public void startLegacyVpn(VpnProfile profile, KeyStore keyStore, LinkProperties egress) {
|
||||||
enforceControlPermission();
|
enforceControlPermission();
|
||||||
|
long token = Binder.clearCallingIdentity();
|
||||||
|
try {
|
||||||
|
startLegacyVpnPrivileged(profile, keyStore, egress);
|
||||||
|
} finally {
|
||||||
|
Binder.restoreCallingIdentity(token);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Like {@link #startLegacyVpn(VpnProfile, KeyStore, LinkProperties)}, but does not check
|
||||||
|
* permissions under the assumption that the caller is the system.
|
||||||
|
*
|
||||||
|
* Callers are responsible for checking permissions if needed.
|
||||||
|
*/
|
||||||
|
public void startLegacyVpnPrivileged(VpnProfile profile, KeyStore keyStore,
|
||||||
|
LinkProperties egress) {
|
||||||
if (!keyStore.isUnlocked()) {
|
if (!keyStore.isUnlocked()) {
|
||||||
throw new IllegalStateException("KeyStore isn't unlocked");
|
throw new IllegalStateException("KeyStore isn't unlocked");
|
||||||
}
|
}
|
||||||
@@ -959,10 +979,10 @@ public class Vpn {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private synchronized void startLegacyVpn(VpnConfig config, String[] racoon, String[] mtpd) {
|
private synchronized void startLegacyVpn(VpnConfig config, String[] racoon, String[] mtpd) {
|
||||||
stopLegacyVpn();
|
stopLegacyVpnPrivileged();
|
||||||
|
|
||||||
// Prepare for the new request. This also checks the caller.
|
// Prepare for the new request.
|
||||||
prepare(null, VpnConfig.LEGACY_VPN);
|
prepareInternal(VpnConfig.LEGACY_VPN);
|
||||||
updateState(DetailedState.CONNECTING, "startLegacyVpn");
|
updateState(DetailedState.CONNECTING, "startLegacyVpn");
|
||||||
|
|
||||||
// Start a new LegacyVpnRunner and we are done!
|
// Start a new LegacyVpnRunner and we are done!
|
||||||
@@ -970,7 +990,8 @@ public class Vpn {
|
|||||||
mLegacyVpnRunner.start();
|
mLegacyVpnRunner.start();
|
||||||
}
|
}
|
||||||
|
|
||||||
public synchronized void stopLegacyVpn() {
|
/** Stop legacy VPN. Permissions must be checked by callers. */
|
||||||
|
public synchronized void stopLegacyVpnPrivileged() {
|
||||||
if (mLegacyVpnRunner != null) {
|
if (mLegacyVpnRunner != null) {
|
||||||
mLegacyVpnRunner.exit();
|
mLegacyVpnRunner.exit();
|
||||||
mLegacyVpnRunner = null;
|
mLegacyVpnRunner = null;
|
||||||
|
|||||||
@@ -140,7 +140,7 @@ public class LockdownVpnTracker {
|
|||||||
if (egressDisconnected || egressChanged) {
|
if (egressDisconnected || egressChanged) {
|
||||||
clearSourceRulesLocked();
|
clearSourceRulesLocked();
|
||||||
mAcceptedEgressIface = null;
|
mAcceptedEgressIface = null;
|
||||||
mVpn.stopLegacyVpn();
|
mVpn.stopLegacyVpnPrivileged();
|
||||||
}
|
}
|
||||||
if (egressDisconnected) {
|
if (egressDisconnected) {
|
||||||
hideNotification();
|
hideNotification();
|
||||||
@@ -163,7 +163,9 @@ public class LockdownVpnTracker {
|
|||||||
|
|
||||||
mAcceptedEgressIface = egressProp.getInterfaceName();
|
mAcceptedEgressIface = egressProp.getInterfaceName();
|
||||||
try {
|
try {
|
||||||
mVpn.startLegacyVpn(mProfile, KeyStore.getInstance(), egressProp);
|
// Use the privileged method because Lockdown VPN is initiated by the system, so
|
||||||
|
// no additional permission checks are necessary.
|
||||||
|
mVpn.startLegacyVpnPrivileged(mProfile, KeyStore.getInstance(), egressProp);
|
||||||
} catch (IllegalStateException e) {
|
} catch (IllegalStateException e) {
|
||||||
mAcceptedEgressIface = null;
|
mAcceptedEgressIface = null;
|
||||||
Slog.e(TAG, "Failed to start VPN", e);
|
Slog.e(TAG, "Failed to start VPN", e);
|
||||||
@@ -250,7 +252,7 @@ public class LockdownVpnTracker {
|
|||||||
mAcceptedEgressIface = null;
|
mAcceptedEgressIface = null;
|
||||||
mErrorCount = 0;
|
mErrorCount = 0;
|
||||||
|
|
||||||
mVpn.stopLegacyVpn();
|
mVpn.stopLegacyVpnPrivileged();
|
||||||
try {
|
try {
|
||||||
mNetService.setFirewallEgressDestRule(mProfile.server, 500, false);
|
mNetService.setFirewallEgressDestRule(mProfile.server, 500, false);
|
||||||
mNetService.setFirewallEgressDestRule(mProfile.server, 4500, false);
|
mNetService.setFirewallEgressDestRule(mProfile.server, 4500, false);
|
||||||
|
|||||||
Reference in New Issue
Block a user