if (egressDisconnected || egressChanged) {
clearSourceRulesLocked();
mAcceptedEgressIface = null;
- mVpn.stopLegacyVpn();
+ mVpn.stopLegacyVpnPrivileged();
}
if (egressDisconnected) {
hideNotification();
mAcceptedEgressIface = egressProp.getInterfaceName();
try {
- mVpn.startLegacyVpn(mProfile, KeyStore.getInstance(), egressProp);
+ // Use the privileged method because Lockdown VPN is initiated by the system, so
+ // no additional permission checks are necessary.
+ mVpn.startLegacyVpnPrivileged(mProfile, KeyStore.getInstance(), egressProp);
} catch (IllegalStateException e) {
mAcceptedEgressIface = null;
Slog.e(TAG, "Failed to start VPN", e);
mAcceptedEgressIface = null;
mErrorCount = 0;
- mVpn.stopLegacyVpn();
+ mVpn.stopLegacyVpnPrivileged();
try {
mNetService.setFirewallEgressDestRule(mProfile.server, 500, false);
mNetService.setFirewallEgressDestRule(mProfile.server, 4500, false);