From: Rubin Xu <rubinxu@google.com>
Date: Thu, 11 Jan 2018 10:59:19 +0000 (+0000)
Subject: [DO NOT MERGE] Add permission check to setAllowOnlyVpnForUids
X-Git-Tag: android-x86-7.1-r3^2~42
X-Git-Url: http://git.osdn.net/view?p=android-x86%2Fframeworks-base.git;a=commitdiff_plain;h=f91a5005a3c6b53fc9c7d01be91faafea04e7aab

[DO NOT MERGE] Add permission check to setAllowOnlyVpnForUids

Bug: 63000005
Test: runtest frameworks-net -c com.android.server.connectivity.VpnTest
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnLockDown
Change-Id: Ia1a82ee73d8617f3124032986fe6c09c14bf7752
(cherry picked from commit 41d8bf1fedbd71b86579fff8d581491f36beb241)
---

diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index bdbd06640e49..44031cfd56bc 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1864,6 +1864,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     @Override
     public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges)
             throws ServiceSpecificException {
+        mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
+
         try {
             mNetdService.networkRejectNonSecureVpn(add, uidRanges);
         } catch (ServiceSpecificException e) {