OSDN Git Service

(root) / android-x86 / frameworks-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 175ddbc) | patch
Do not enforce CONTROL_VPN for calls from lockdown VPN.
authorJeff Davidson <jpd@google.com>
Tue, 10 Feb 2015 18:02:11 +0000 (10:02 -0800)
committerJeff Davidson <jpd@google.com>
Wed, 11 Feb 2015 07:41:42 +0000 (23:41 -0800)
commitb21298a686b04d55ff97223dd317497845713f4b
treef601ce3c9ba7082f91d21dcf4bd17e6cf2fa1b68tree | snapshot
parent175ddbcf2ed71fdcd44a9b64cdc5d479df496a4dcommit | diff
Do not enforce CONTROL_VPN for calls from lockdown VPN.

Clearly document which methods in Vpn.java are designed to be used to
service a Binder call, and which must therefore check permissions and
clear the calling identity, and which methods are designed for
internal use only and which therefore need not check permission.

Add a new startLegacyVpnPrivileged method which bypasses the
permission checks, to be used by lockdown VPN which is a trusted
system service. Ensure that the existing startLegacyVpn method checks
permissions as this is used whenever we respond to a binder call.

Bug: 19311172
Change-Id: I34f13258ee7481f1356bc523124cf5db068b4972
services/core/java/com/android/server/connectivity/Vpn.java diff | blob | history
services/core/java/com/android/server/net/LockdownVpnTracker.java diff | blob | history
frameworks/base
About OSDN
Find Software
Develop Software
Help