Add permission check to setAllowOnlyVpnForUids

Bug: 63000005 Test: runtest frameworks-net -c com.android.server.connectivity.VpnTest Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnLockDown Change-Id: Ia1a82ee73d8617f3124032986fe6c09c14bf7752 (cherry picked from commit be806661d0967ddabbeb444cccc939039f3e5e81)
author: Rubin Xu <rubinxu@google.com> 2018-01-11 10:59:19 +0000
committer: Rubin Xu <rubinxu@google.com> 2018-05-01 12:18:38 +0100
commit: 2ea6c55590d18aeaf8647d464f15b35675e518f5 (patch)
tree: ddad32f796d3a0701bef258638c4528cd1a3c244
parent: 59e139a767b5552a0c42ce236ff59f843900e842 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index 5d719ad46a05..6d6fd84dafaa 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1789,6 +1789,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     @Override
     public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges)
             throws ServiceSpecificException {
+        mContext.enforceCallingOrSelfPermission(NETWORK_STACK, TAG);
+
         try {
             mNetdService.networkRejectNonSecureVpn(add, uidRanges);
         } catch (ServiceSpecificException e) {
author	Rubin Xu <rubinxu@google.com>	2018-01-11 10:59:19 +0000
committer	Rubin Xu <rubinxu@google.com>	2018-05-01 12:18:38 +0100
commit	2ea6c55590d18aeaf8647d464f15b35675e518f5 (patch)
tree	ddad32f796d3a0701bef258638c4528cd1a3c244
parent	59e139a767b5552a0c42ce236ff59f843900e842 (diff)