diff options
| author | Chia-chi Yeh <chiachi@android.com> | 2011-06-17 16:43:44 -0700 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2011-06-17 16:43:44 -0700 |
| commit | 941ed30638e42bbae32a270511d3c2716307c767 (patch) | |
| tree | 1190b67ecbc154ed7f34acdb5328dde60784921d | |
| parent | ec08cacd78c4b746ac385c874f41833fc06ebc2f (diff) | |
| parent | 3f3337a662e9916bbf14502ef3b32dedaa7adfa4 (diff) | |
| download | frameworks_base-941ed30638e42bbae32a270511d3c2716307c767.zip frameworks_base-941ed30638e42bbae32a270511d3c2716307c767.tar.gz frameworks_base-941ed30638e42bbae32a270511d3c2716307c767.tar.bz2 | |
Merge "VPN: avoid leaking file descriptors."
| -rw-r--r-- | core/res/AndroidManifest.xml | 2 | ||||
| -rw-r--r-- | services/java/com/android/server/connectivity/Vpn.java | 14 |
2 files changed, 13 insertions, 3 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index a8aff37..47902a8 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -91,6 +91,8 @@ <protected-broadcast android:name="android.hardware.usb.action.USB_DEVICE_ATTACHED" /> <protected-broadcast android:name="android.hardware.usb.action.USB_DEVICE_DETACHED" /> + <protected-broadcast android:name="android.net.vpn.action.REVOKED" /> + <protected-broadcast android:name="android.nfc.action.LLCP_LINK_STATE_CHANGED" /> <protected-broadcast android:name="com.android.nfc_extras.action.RF_FIELD_ON_DETECTED" /> <protected-broadcast android:name="com.android.nfc_extras.action.RF_FIELD_OFF_DETECTED" /> diff --git a/services/java/com/android/server/connectivity/Vpn.java b/services/java/com/android/server/connectivity/Vpn.java index 035a667..47813f8 100644 --- a/services/java/com/android/server/connectivity/Vpn.java +++ b/services/java/com/android/server/connectivity/Vpn.java @@ -102,14 +102,22 @@ public class Vpn extends INetworkManagementEventObserver.Stub { /** * Protect a socket from routing changes by binding it to the given - * interface. The socket is NOT closed by this method. + * interface. The socket IS closed by this method. * * @param socket The socket to be bound. * @param name The name of the interface. */ public void protect(ParcelFileDescriptor socket, String name) { - mContext.enforceCallingPermission(VPN, "protect"); - nativeProtect(socket.getFd(), name); + try { + mContext.enforceCallingPermission(VPN, "protect"); + nativeProtect(socket.getFd(), name); + } finally { + try { + socket.close(); + } catch (Exception e) { + // ignore + } + } } /** |