From 41d8bf1fedbd71b86579fff8d581491f36beb241 Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Thu, 11 Jan 2018 10:59:19 +0000
Subject: [PATCH] [DO NOT MERGE] Add permission check to setAllowOnlyVpnForUids

Bug: 63000005
Test: runtest frameworks-net -c com.android.server.connectivity.VpnTest
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnLockDown
Change-Id: Ia1a82ee73d8617f3124032986fe6c09c14bf7752
---
 .../core/java/com/android/server/NetworkManagementService.java  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index f2368779336d1..7996628107612 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1852,6 +1852,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     @Override
     public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges)
             throws ServiceSpecificException {
+        mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
+
         try {
             mNetdService.networkRejectNonSecureVpn(add, uidRanges);
         } catch (ServiceSpecificException e) {