Merge "VPN: move VpnDialogs away from system uid." into jb-dev
This commit is contained in:
@ -34,17 +34,19 @@ public class VpnConfig implements Parcelable {
|
|||||||
|
|
||||||
public static final String SERVICE_INTERFACE = "android.net.VpnService";
|
public static final String SERVICE_INTERFACE = "android.net.VpnService";
|
||||||
|
|
||||||
|
public static final String DIALOGS_PACKAGE = "com.android.vpndialogs";
|
||||||
|
|
||||||
public static final String LEGACY_VPN = "[Legacy VPN]";
|
public static final String LEGACY_VPN = "[Legacy VPN]";
|
||||||
|
|
||||||
public static Intent getIntentForConfirmation() {
|
public static Intent getIntentForConfirmation() {
|
||||||
Intent intent = new Intent();
|
Intent intent = new Intent();
|
||||||
intent.setClassName("com.android.vpndialogs", "com.android.vpndialogs.ConfirmDialog");
|
intent.setClassName(DIALOGS_PACKAGE, DIALOGS_PACKAGE + ".ConfirmDialog");
|
||||||
return intent;
|
return intent;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static PendingIntent getIntentForStatusPanel(Context context, VpnConfig config) {
|
public static PendingIntent getIntentForStatusPanel(Context context, VpnConfig config) {
|
||||||
Intent intent = new Intent();
|
Intent intent = new Intent();
|
||||||
intent.setClassName("com.android.vpndialogs", "com.android.vpndialogs.ManageDialog");
|
intent.setClassName(DIALOGS_PACKAGE, DIALOGS_PACKAGE + ".ManageDialog");
|
||||||
intent.putExtra("config", config);
|
intent.putExtra("config", config);
|
||||||
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY |
|
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_NO_HISTORY |
|
||||||
Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS);
|
Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS);
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
|
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
|
||||||
package="com.android.vpndialogs"
|
package="com.android.vpndialogs">
|
||||||
android:sharedUserId="android.uid.system">
|
|
||||||
|
|
||||||
<application android:label="VpnDialogs"
|
<application android:label="VpnDialogs"
|
||||||
android:allowBackup="false" >
|
android:allowBackup="false" >
|
||||||
|
@ -106,16 +106,16 @@ public class Vpn extends INetworkManagementEventObserver.Stub {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only system user can revoke a package.
|
// Check if the caller is authorized.
|
||||||
if (Binder.getCallingUid() != Process.SYSTEM_UID) {
|
enforceControlPermission();
|
||||||
throw new SecurityException("Unauthorized Caller");
|
|
||||||
}
|
|
||||||
|
|
||||||
// Reset the interface and hide the notification.
|
// Reset the interface and hide the notification.
|
||||||
if (mInterface != null) {
|
if (mInterface != null) {
|
||||||
jniReset(mInterface);
|
jniReset(mInterface);
|
||||||
|
long identity = Binder.clearCallingIdentity();
|
||||||
mCallback.restore();
|
mCallback.restore();
|
||||||
hideNotification();
|
hideNotification();
|
||||||
|
Binder.restoreCallingIdentity(identity);
|
||||||
mInterface = null;
|
mInterface = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -291,6 +291,26 @@ public class Vpn extends INetworkManagementEventObserver.Stub {
|
|||||||
public void limitReached(String limit, String interfaze) {
|
public void limitReached(String limit, String interfaze) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void enforceControlPermission() {
|
||||||
|
// System user is allowed to control VPN.
|
||||||
|
if (Binder.getCallingUid() == Process.SYSTEM_UID) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
// System dialogs are also allowed to control VPN.
|
||||||
|
PackageManager pm = mContext.getPackageManager();
|
||||||
|
ApplicationInfo app = pm.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0);
|
||||||
|
if (Binder.getCallingUid() == app.uid) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
// ignore
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new SecurityException("Unauthorized Caller");
|
||||||
|
}
|
||||||
|
|
||||||
private class Connection implements ServiceConnection {
|
private class Connection implements ServiceConnection {
|
||||||
private IBinder mService;
|
private IBinder mService;
|
||||||
|
|
||||||
@ -368,10 +388,8 @@ public class Vpn extends INetworkManagementEventObserver.Stub {
|
|||||||
* Return the information of the current ongoing legacy VPN.
|
* Return the information of the current ongoing legacy VPN.
|
||||||
*/
|
*/
|
||||||
public synchronized LegacyVpnInfo getLegacyVpnInfo() {
|
public synchronized LegacyVpnInfo getLegacyVpnInfo() {
|
||||||
// Only system user can call this method.
|
// Check if the caller is authorized.
|
||||||
if (Binder.getCallingUid() != Process.SYSTEM_UID) {
|
enforceControlPermission();
|
||||||
throw new SecurityException("Unauthorized Caller");
|
|
||||||
}
|
|
||||||
return (mLegacyVpnRunner == null) ? null : mLegacyVpnRunner.getInfo();
|
return (mLegacyVpnRunner == null) ? null : mLegacyVpnRunner.getInfo();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user