git.osdn.net Git - android-x86/frameworks-base.git/commit

author	Jeff Davidson <jpd@google.com>
	Thu, 20 Nov 2014 21:12:46 +0000 (13:12 -0800)
committer	Jeff Davidson <jpd@google.com>
	Fri, 21 Nov 2014 20:56:29 +0000 (12:56 -0800)
commit	11008a78b8e30910cedd8b8431980c7738183292
tree	edafc6154d8e723d976d2152a6dc953bd8c049f9	tree \| snapshot
parent	8ccf071ab83510c8ef7b4d311d894d5c4a352f6c	commit \| diff

Don't enforce control permission when preparing consented VPN.

If a VPN app requests to be prepared and has already obtained user
consent, there is no need to additionally enforce the control
permission. We only need to enforce the control permission when a VPN
is first being prepared, where such a preparation would bypass user
consent.

Also ensure that in this case, the VPN being prepared matches the
calling app. Otherwise an app could prepare another pre-consented VPN,
which is not particularly dangerous but is likely unexpected.

Finally, remove misleading comment in ConnectivityService#prepareVpn.
This method IS called from VpnService.prepare(), not only from
system-privileged apps.

Bug: 18442887
Change-Id: Ic3227c6c1c74312697f0576d3811b06692a4edff

services/core/java/com/android/server/ConnectivityService.java		diff \| blob \| history
services/core/java/com/android/server/connectivity/Vpn.java		diff \| blob \| history