Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am b7ba3e21: am 94dbc64c: am ffd73350: am 917c547b: Merge "Don\'t make lockdown VPN source firewall rules over-broad." into lmp-dev

Browse Source 
* commit 'b7ba3e21e2a92ce8778045b6fe8b1cddc477215a':
  Don't make lockdown VPN source firewall rules over-broad.
This commit is contained in:
Lorenzo Colitti
2014-10-16 18:45:18 +00:00
committed by Android Git Automerger
parent 80f8c02eb2 b7ba3e21e2
commit 5b72efd078
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
services/core/java/com/android/server/net/LockdownVpnTracker.java
View File

@@ -190,7 +190,7 @@ public class LockdownVpnTracker {
mNetService.setFirewallInterfaceRule(iface, true);
for (LinkAddress addr : sourceAddrs) {
mNetService.setFirewallEgressSourceRule(addr.toString(), true);
setFirewallEgressSourceRule(addr, true);
}
mErrorCount = 0;
@@ -277,7 +277,7 @@ public class LockdownVpnTracker {
}
if (mAcceptedSourceAddr != null) {
for (LinkAddress addr : mAcceptedSourceAddr) {
mNetService.setFirewallEgressSourceRule(addr.toString(), false);
setFirewallEgressSourceRule(addr, false);
}
mAcceptedSourceAddr = null;
}
@@ -286,6 +286,14 @@ public class LockdownVpnTracker {
}
}
private void setFirewallEgressSourceRule(
LinkAddress address, boolean allow) throws RemoteException {
// Our source address based firewall rules must only cover our own source address, not the
// whole subnet
final String addrString = address.getAddress().getHostAddress();
mNetService.setFirewallEgressSourceRule(addrString, allow);
}
public void onNetworkInfoChanged() {
synchronized (mStateLock) {
handleStateChangedLocked();