diff options
author | lucaslin <lucaslin@google.com> | 2022-07-25 15:07:52 +0800 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-09-02 02:54:13 +0000 |
commit | ff1c673515cb0f679e21b8d1df1d93f1e80cd586 (patch) | |
tree | 7ac95735007d664cadefc0eb686d446a3c415ab8 | |
parent | f600ab436176d973cea7aeae7ce77735c81d612e (diff) | |
download | base-ff1c673515cb0f679e21b8d1df1d93f1e80cd586.tar.gz |
Skip sending VpnManager events for Settings VPNs
This change early-exits from the sendEventToVpnManagerApp()
method if the profile was not a VPN app.
Otherwise the sendEventToVpnManagerApp() will call
getRedactedNetworkCapabilities() which will call
AppOpsManager#checkPackage() eventually.
And AppOpsManager#checkPackage() will check if the given package
is the same as the given uid. In this case, VPN sends
"[Legacy VPN]" as the package and sends 1000 as the uid, but
there is no package named "[Legacy VPN], so the SecurityException
is thrown.
Bug: 236315805
Test: atest FrameworksNetTests:VpnTest
Change-Id: I486398111106b1a9551fb29f92ba7b4fe85f68c1
Merged-In: I486398111106b1a9551fb29f92ba7b4fe85f68c1
Merged-In: I228f62a5e09017dbf985a614f2e42434238a220c
(cherry picked from commit a7ec0cbe45dd75301b19290174ecf2da6421cf97)
Merged-In: I486398111106b1a9551fb29f92ba7b4fe85f68c1
-rw-r--r-- | services/core/java/com/android/server/connectivity/Vpn.java | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java index 77d3392da993..15aa07f40641 100644 --- a/services/core/java/com/android/server/connectivity/Vpn.java +++ b/services/core/java/com/android/server/connectivity/Vpn.java @@ -2944,7 +2944,7 @@ public class Vpn { // All the above failures are configuration errors, and are terminal // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. - if (SdkLevel.isAtLeastT()) { + if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) { sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_IKE_ERROR, VpnManager.ERROR_CLASS_NOT_RECOVERABLE, ikeException.getErrorType(), @@ -2962,7 +2962,7 @@ public class Vpn { // All the above failures are configuration errors, and are terminal // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. - if (SdkLevel.isAtLeastT()) { + if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) { sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_IKE_ERROR, VpnManager.ERROR_CLASS_RECOVERABLE, ikeException.getErrorType(), @@ -2981,7 +2981,7 @@ public class Vpn { } else if (exception instanceof IkeNetworkLostException) { // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. - if (SdkLevel.isAtLeastT()) { + if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) { sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR, VpnManager.ERROR_CLASS_RECOVERABLE, VpnManager.ERROR_CODE_NETWORK_LOST, @@ -2996,7 +2996,7 @@ public class Vpn { if (exception.getCause() instanceof UnknownHostException) { // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. - if (SdkLevel.isAtLeastT()) { + if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) { sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR, VpnManager.ERROR_CLASS_RECOVERABLE, VpnManager.ERROR_CODE_NETWORK_UNKNOWN_HOST, @@ -3010,7 +3010,7 @@ public class Vpn { } else if (exception.getCause() instanceof IkeTimeoutException) { // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. - if (SdkLevel.isAtLeastT()) { + if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) { sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR, VpnManager.ERROR_CLASS_RECOVERABLE, VpnManager.ERROR_CODE_NETWORK_PROTOCOL_TIMEOUT, @@ -3024,7 +3024,7 @@ public class Vpn { } else if (exception.getCause() instanceof IOException) { // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. - if (SdkLevel.isAtLeastT()) { + if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) { sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR, VpnManager.ERROR_CLASS_RECOVERABLE, VpnManager.ERROR_CODE_NETWORK_IO, |