Merge "Re-enable checks for MANAGE_IPSEC_TUNNELS" am: 69c973b33f am: a6bf6271e2

am: 44006f3d58 Change-Id: Ifa46c8e45f307d924c2ea589345957736dee0db0
author: Benedict Wong <benedictwong@google.com> 2018-09-19 17:33:21 -0700
committer: android-build-merger <android-build-merger@google.com> 2018-09-19 17:33:21 -0700
commit: 52aafaf3b29a70435402e4f994a7770a36883cf3 (patch)
tree: 48768a0b1c06d6ddf04dfd0e9b2ad54965e9372d
parent: b6ffc07e06e593c416556096f084e84a3de09406 (diff)
parent: 44006f3d5852bdffa06a7a35843f57c06fbc005c (diff)
1 files changed, 10 insertions, 14 deletions
diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java
index 380f6a7e581e..a69d41683c29 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java
@@ -1490,23 +1490,19 @@ public class IpSecService extends IIpSecService.Stub {
         }
     }
 
-    private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;
+    private static final String TUNNEL_OP = AppOpsManager.OPSTR_MANAGE_IPSEC_TUNNELS;
 
     private void enforceTunnelPermissions(String callingPackage) {
         checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
-        if (false) { // STOPSHIP if this line is present
-            switch (getAppOpsManager().noteOp(
-                        TUNNEL_OP,
-                        Binder.getCallingUid(), callingPackage)) {
-                case AppOpsManager.MODE_DEFAULT:
-                    mContext.enforceCallingOrSelfPermission(
-                            android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
-                    break;
-                case AppOpsManager.MODE_ALLOWED:
-                    return;
-                default:
-                    throw new SecurityException("Request to ignore AppOps for non-legacy API");
-            }
+        switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
+            case AppOpsManager.MODE_DEFAULT:
+                mContext.enforceCallingOrSelfPermission(
+                        android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
+                break;
+            case AppOpsManager.MODE_ALLOWED:
+                return;
+            default:
+                throw new SecurityException("Request to ignore AppOps for non-legacy API");
         }
     }
author	Benedict Wong <benedictwong@google.com>	2018-09-19 17:33:21 -0700
committer	android-build-merger <android-build-merger@google.com>	2018-09-19 17:33:21 -0700
commit	52aafaf3b29a70435402e4f994a7770a36883cf3 (patch)
tree	48768a0b1c06d6ddf04dfd0e9b2ad54965e9372d
parent	b6ffc07e06e593c416556096f084e84a3de09406 (diff)
parent	44006f3d5852bdffa06a7a35843f57c06fbc005c (diff)