summaryrefslogtreecommitdiffstats
path: root/packages/VpnDialogs
diff options
context:
space:
mode:
authorJeff Davidson <jpd@google.com>2014-11-11 13:20:01 -0800
committerJeff Davidson <jpd@google.com>2014-11-12 08:56:20 -0800
commitbc19c181c8c058c824e4fee907a05129e142c388 (patch)
tree666427f56a5be8afe891bc975343240f9ffbe654 /packages/VpnDialogs
parentda772234f6f9498bf02f31448bda16e9fcbd6bd2 (diff)
downloadframeworks_base-bc19c181c8c058c824e4fee907a05129e142c388.zip
frameworks_base-bc19c181c8c058c824e4fee907a05129e142c388.tar.gz
frameworks_base-bc19c181c8c058c824e4fee907a05129e142c388.tar.bz2
Enforce VPN control "permission" with an actual permission.
The current implementation uses a whitelist of package names. Use a system|signature permission instead of rolling our own security and add that permission to the existing set of whitelisted packages (SystemUI and VpnDialogs). In addition to being less of a security risk (using well-known methods like Context.enforceCallingPermission rather than manually querying PackageManager and checking UIDs for package names), this enables other system-privileged apps to control VPN as needed per the below bug. Bug: 18327583 Change-Id: I38617965c40d62cf1ac28e3cb382c0877fb1275d
Diffstat (limited to 'packages/VpnDialogs')
-rw-r--r--packages/VpnDialogs/AndroidManifest.xml2
1 files changed, 2 insertions, 0 deletions
diff --git a/packages/VpnDialogs/AndroidManifest.xml b/packages/VpnDialogs/AndroidManifest.xml
index 03d920a..375c5d8 100644
--- a/packages/VpnDialogs/AndroidManifest.xml
+++ b/packages/VpnDialogs/AndroidManifest.xml
@@ -19,6 +19,8 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.vpndialogs">
+ <uses-permission android:name="android.permission.CONTROL_VPN" />
+
<application android:label="VpnDialogs"
android:allowBackup="false" >
<activity android:name=".ConfirmDialog"
generated by cgit v1.1 at 2024-05-15 10:18:44 +0000