summaryrefslogtreecommitdiff
path: root/services/core/java/com/android/server/connectivity/Vpn.java
diff options
context:
space:
mode:
Diffstat (limited to 'services/core/java/com/android/server/connectivity/Vpn.java')
-rw-r--r--services/core/java/com/android/server/connectivity/Vpn.java16
1 files changed, 14 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 56cff7c715d6..d51e1f738659 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -94,8 +94,6 @@ import com.android.server.DeviceIdleController;
import com.android.server.LocalServices;
import com.android.server.net.BaseNetworkObserver;
-import libcore.io.IoUtils;
-
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -114,6 +112,8 @@ import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicInteger;
+import libcore.io.IoUtils;
+
/**
* @hide
*/
@@ -1184,6 +1184,18 @@ public class Vpn {
/* allowedApplications */ null,
/* disallowedApplications */ exemptedPackages);
+ // The UID range of the first user (0-99999) would block the IPSec traffic, which comes
+ // directly from the kernel and is marked as uid=0. So we adjust the range to allow
+ // it through (b/69873852).
+ for (UidRange range : addedRanges) {
+ if (range.start == 0) {
+ addedRanges.remove(range);
+ if (range.stop != 0) {
+ addedRanges.add(new UidRange(1, range.stop));
+ }
+ }
+ }
+
removedRanges.removeAll(addedRanges);
addedRanges.removeAll(mBlockedUsers);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 02:47:24 +0000