diff options
author | Jeff Davidson <jpd@google.com> | 2014-11-11 13:20:01 -0800 |
---|---|---|
committer | Jeff Davidson <jpd@google.com> | 2014-11-12 08:56:20 -0800 |
commit | bc19c181c8c058c824e4fee907a05129e142c388 (patch) | |
tree | 666427f56a5be8afe891bc975343240f9ffbe654 /packages | |
parent | da772234f6f9498bf02f31448bda16e9fcbd6bd2 (diff) | |
download | frameworks_base-bc19c181c8c058c824e4fee907a05129e142c388.zip frameworks_base-bc19c181c8c058c824e4fee907a05129e142c388.tar.gz frameworks_base-bc19c181c8c058c824e4fee907a05129e142c388.tar.bz2 |
Enforce VPN control "permission" with an actual permission.
The current implementation uses a whitelist of package names. Use a
system|signature permission instead of rolling our own security and
add that permission to the existing set of whitelisted packages
(SystemUI and VpnDialogs).
In addition to being less of a security risk (using well-known methods
like Context.enforceCallingPermission rather than manually querying
PackageManager and checking UIDs for package names), this enables
other system-privileged apps to control VPN as needed per the below
bug.
Bug: 18327583
Change-Id: I38617965c40d62cf1ac28e3cb382c0877fb1275d
Diffstat (limited to 'packages')
-rw-r--r-- | packages/SystemUI/AndroidManifest.xml | 1 | ||||
-rw-r--r-- | packages/VpnDialogs/AndroidManifest.xml | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml index b3e60d1..5f024ac 100644 --- a/packages/SystemUI/AndroidManifest.xml +++ b/packages/SystemUI/AndroidManifest.xml @@ -55,6 +55,7 @@ <uses-permission android:name="android.permission.MANAGE_NETWORK_POLICY" /> <uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" /> <uses-permission android:name="android.permission.READ_NETWORK_USAGE_HISTORY" /> + <uses-permission android:name="android.permission.CONTROL_VPN" /> <!-- Physical hardware --> <uses-permission android:name="android.permission.MANAGE_USB" /> diff --git a/packages/VpnDialogs/AndroidManifest.xml b/packages/VpnDialogs/AndroidManifest.xml index 03d920a..375c5d8 100644 --- a/packages/VpnDialogs/AndroidManifest.xml +++ b/packages/VpnDialogs/AndroidManifest.xml @@ -19,6 +19,8 @@ <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.android.vpndialogs"> + <uses-permission android:name="android.permission.CONTROL_VPN" /> + <application android:label="VpnDialogs" android:allowBackup="false" > <activity android:name=".ConfirmDialog" |