am d04d6c91: am b7d85148: Merge "Allow root and system to bypass the always-on VPN firewall rules" into lmp-dev

* commit 'd04d6c91a311af7a52f05fac5935c9327a990046': Allow root and system to bypass the always-on VPN firewall rules
author: Lorenzo Colitti <lorenzo@google.com> 2014-10-16 18:35:21 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2014-10-16 18:35:21 +0000
commit: e526668eae7ba79e9558cb2b34486bbae2403fd5 (patch)
tree: 87b80930db6ea7f5e0d29f96d9c26b2862558b5c
parent: 94dbc64c9871d394fc7038c95cc140c52ad35255 (diff)
parent: d04d6c91a311af7a52f05fac5935c9327a990046 (diff)
download: frameworks_base-e526668eae7ba79e9558cb2b34486bbae2403fd5.zip
frameworks_base-e526668eae7ba79e9558cb2b34486bbae2403fd5.tar.gz
frameworks_base-e526668eae7ba79e9558cb2b34486bbae2403fd5.tar.bz2
1 files changed, 10 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/net/LockdownVpnTracker.java b/services/core/java/com/android/server/net/LockdownVpnTracker.java
index cf0aba4..3a1e4a4 100644
--- a/services/core/java/com/android/server/net/LockdownVpnTracker.java
+++ b/services/core/java/com/android/server/net/LockdownVpnTracker.java
@@ -35,6 +35,7 @@ import android.os.INetworkManagementService;
 import android.os.RemoteException;
 import android.security.Credentials;
 import android.security.KeyStore;
+import android.system.Os;
 import android.text.TextUtils;
 import android.util.Slog;
 
@@ -64,6 +65,8 @@ public class LockdownVpnTracker {
     private static final String ACTION_VPN_SETTINGS = "android.net.vpn.SETTINGS";
     private static final String EXTRA_PICK_LOCKDOWN = "android.net.vpn.PICK_LOCKDOWN";
 
+    private static final int ROOT_UID = 0;
+
     private final Context mContext;
     private final INetworkManagementService mNetService;
     private final ConnectivityService mConnService;
@@ -193,6 +196,9 @@ public class LockdownVpnTracker {
                     setFirewallEgressSourceRule(addr, true);
                 }
 
+                mNetService.setFirewallUidRule(ROOT_UID, true);
+                mNetService.setFirewallUidRule(Os.getuid(), true);
+
                 mErrorCount = 0;
                 mAcceptedIface = iface;
                 mAcceptedSourceAddr = sourceAddrs;
@@ -279,6 +285,10 @@ public class LockdownVpnTracker {
                 for (LinkAddress addr : mAcceptedSourceAddr) {
                     setFirewallEgressSourceRule(addr, false);
                 }
+
+                mNetService.setFirewallUidRule(ROOT_UID, false);
+                mNetService.setFirewallUidRule(Os.getuid(), false);
+
                 mAcceptedSourceAddr = null;
             }
         } catch (RemoteException e) {
author	Lorenzo Colitti <lorenzo@google.com>	2014-10-16 18:35:21 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2014-10-16 18:35:21 +0000
commit	e526668eae7ba79e9558cb2b34486bbae2403fd5 (patch)
tree	87b80930db6ea7f5e0d29f96d9c26b2862558b5c
parent	94dbc64c9871d394fc7038c95cc140c52ad35255 (diff)
parent	d04d6c91a311af7a52f05fac5935c9327a990046 (diff)
download	frameworks_base-e526668eae7ba79e9558cb2b34486bbae2403fd5.zip frameworks_base-e526668eae7ba79e9558cb2b34486bbae2403fd5.tar.gz frameworks_base-e526668eae7ba79e9558cb2b34486bbae2403fd5.tar.bz2