Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "vpn: allow IPSec traffic through Always-on VPN" into oc-dev

Browse Source 
am: 8f1c70e49b

Change-Id: Ic103dfa909ca4567a815b16f0794baf74c1cf068
This commit is contained in:
Bernie Innocenti
2018-07-13 09:17:40 -07:00
committed by android-build-merger
parent 262d6935a0 8f1c70e49b
commit d1f53d13a9
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
services/core/java/com/android/server/connectivity/Vpn.java
View File

@@ -90,8 +90,6 @@ import com.android.server.DeviceIdleController;
import com.android.server.LocalServices;
import com.android.server.net.BaseNetworkObserver;
import libcore.io.IoUtils;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -110,6 +108,8 @@ import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicInteger;
import libcore.io.IoUtils;
/**
* @hide
*/
@@ -1121,6 +1121,18 @@ public class Vpn {
/* allowedApplications */ null,
/* disallowedApplications */ exemptedPackages);
// The UID range of the first user (0-99999) would block the IPSec traffic, which comes
// directly from the kernel and is marked as uid=0. So we adjust the range to allow
// it through (b/69873852).
for (UidRange range : addedRanges) {
if (range.start == 0) {
addedRanges.remove(range);
if (range.stop != 0) {
addedRanges.add(new UidRange(1, range.stop));
}
}
}
removedRanges.removeAll(addedRanges);
addedRanges.removeAll(mBlockedUsers);
}