diff options
| -rw-r--r-- | services/core/java/com/android/server/connectivity/Vpn.java | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java index 2fda08e2a575..df94de2e52d1 100644 --- a/services/core/java/com/android/server/connectivity/Vpn.java +++ b/services/core/java/com/android/server/connectivity/Vpn.java @@ -100,8 +100,6 @@ import com.android.server.DeviceIdleController; import com.android.server.LocalServices; import com.android.server.net.BaseNetworkObserver; -import libcore.io.IoUtils; - import java.io.File; import java.io.IOException; import java.io.InputStream; @@ -122,6 +120,8 @@ import java.util.SortedSet; import java.util.TreeSet; import java.util.concurrent.atomic.AtomicInteger; +import libcore.io.IoUtils; + /** * @hide */ @@ -1274,6 +1274,18 @@ public class Vpn { /* allowedApplications */ null, /* disallowedApplications */ exemptedPackages); + // The UID range of the first user (0-99999) would block the IPSec traffic, which comes + // directly from the kernel and is marked as uid=0. So we adjust the range to allow + // it through (b/69873852). + for (UidRange range : addedRanges) { + if (range.start == 0) { + addedRanges.remove(range); + if (range.stop != 0) { + addedRanges.add(new UidRange(1, range.stop)); + } + } + } + removedRanges.removeAll(addedRanges); addedRanges.removeAll(mBlockedUsers); } |