diff options
| author | Chia-chi Yeh <chiachi@android.com> | 2012-06-08 13:05:58 -0700 |
|---|---|---|
| committer | Chia-chi Yeh <chiachi@android.com> | 2012-06-08 13:05:58 -0700 |
| commit | dadc857d9de364fded10d4f69eb82bc9cd35d4b7 (patch) | |
| tree | 10aefdaa7a72cadf4025187dc12e6977a40bc6f4 /services/java/com/android/server/connectivity | |
| parent | 37e0c3681ef403e5a43a4f3dbca954ec8a4bfb5d (diff) | |
| download | frameworks_base-dadc857d9de364fded10d4f69eb82bc9cd35d4b7.zip frameworks_base-dadc857d9de364fded10d4f69eb82bc9cd35d4b7.tar.gz frameworks_base-dadc857d9de364fded10d4f69eb82bc9cd35d4b7.tar.bz2 | |
VPN: move VpnDialogs away from system uid.
Bug: 6632536
Change-Id: Iece647c077caf5298ccfe7d7aba5f0911a4ed0d1
Diffstat (limited to 'services/java/com/android/server/connectivity')
| -rw-r--r-- | services/java/com/android/server/connectivity/Vpn.java | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/services/java/com/android/server/connectivity/Vpn.java b/services/java/com/android/server/connectivity/Vpn.java index c4f9ce1..4b82037 100644 --- a/services/java/com/android/server/connectivity/Vpn.java +++ b/services/java/com/android/server/connectivity/Vpn.java @@ -106,16 +106,16 @@ public class Vpn extends INetworkManagementEventObserver.Stub { return true; } - // Only system user can revoke a package. - if (Binder.getCallingUid() != Process.SYSTEM_UID) { - throw new SecurityException("Unauthorized Caller"); - } + // Check if the caller is authorized. + enforceControlPermission(); // Reset the interface and hide the notification. if (mInterface != null) { jniReset(mInterface); + long identity = Binder.clearCallingIdentity(); mCallback.restore(); hideNotification(); + Binder.restoreCallingIdentity(identity); mInterface = null; } @@ -291,6 +291,26 @@ public class Vpn extends INetworkManagementEventObserver.Stub { public void limitReached(String limit, String interfaze) { } + private void enforceControlPermission() { + // System user is allowed to control VPN. + if (Binder.getCallingUid() == Process.SYSTEM_UID) { + return; + } + + try { + // System dialogs are also allowed to control VPN. + PackageManager pm = mContext.getPackageManager(); + ApplicationInfo app = pm.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0); + if (Binder.getCallingUid() == app.uid) { + return; + } + } catch (Exception e) { + // ignore + } + + throw new SecurityException("Unauthorized Caller"); + } + private class Connection implements ServiceConnection { private IBinder mService; @@ -368,10 +388,8 @@ public class Vpn extends INetworkManagementEventObserver.Stub { * Return the information of the current ongoing legacy VPN. */ public synchronized LegacyVpnInfo getLegacyVpnInfo() { - // Only system user can call this method. - if (Binder.getCallingUid() != Process.SYSTEM_UID) { - throw new SecurityException("Unauthorized Caller"); - } + // Check if the caller is authorized. + enforceControlPermission(); return (mLegacyVpnRunner == null) ? null : mLegacyVpnRunner.getInfo(); } |