Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add enforceNetworkStackOrProfileOrDeviceOwner()

Browse Source 
Add enforceNetworkStackOrProfileOrDeviceOwner() to check if the
caller has PERMISSION_MAINLINE_NETWORK_STACK or not.

Call this check in isAlwaysOnVpnLockdownEnabled() for allowing
the caller which has PERMISSION_MAINLINE_NETWORK_STACK to get the
status of always-on VPN.

Bug: 141621373
Test: 1. Build pass
      2. Manual test to see if CaptivePortalLoginActivity could
      deal with the issue properly.
Change-Id: I3b7ddc2543e6b4754d6eaac128ca9a8ccea6b59c
This commit is contained in:
lucaslin
2020-03-12 13:23:52 +08:00
parent 735ed754b9
commit 826224dbc1
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
View File

@@ -86,6 +86,7 @@ import static android.app.admin.DevicePolicyManager.WIPE_SILENTLY;
import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE;
import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_UNAWARE;
import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES;
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
import static android.provider.Settings.Global.PRIVATE_DNS_MODE;
import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;
import static android.provider.Telephony.Carriers.DPC_URI;
@@ -5874,6 +5875,14 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
}
private void enforceNetworkStackOrProfileOrDeviceOwner(ComponentName who) {
if (mContext.checkCallingPermission(PERMISSION_MAINLINE_NETWORK_STACK)
== PackageManager.PERMISSION_GRANTED) {
return;
}
enforceProfileOrDeviceOwner(who);
}
private void enforceDeviceOwnerOrProfileOwnerOnOrganizationOwnedDevice(ComponentName who) {
synchronized (getLockObject()) {
getActiveAdminForCallerLocked(
@@ -6870,7 +6879,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
@Override
public boolean isAlwaysOnVpnLockdownEnabled(ComponentName admin) throws SecurityException {
enforceProfileOrDeviceOwner(admin);
enforceNetworkStackOrProfileOrDeviceOwner(admin);
final int userId = mInjector.userHandleGetCallingUserId();
return mInjector.binderWithCleanCallingIdentity(