Merge "Revert "Grant the ACTIVATE_PLATFORM_VPN appop if VPN app has CON...""
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 931c692..b4e91b5 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -1110,7 +1110,7 @@
// Except for Settings and VpnDialogs, the caller should be matched one of oldPackage or
// newPackage. Otherwise, non VPN owner might get the VPN always-on status of the VPN owner.
// See b/191382886.
- if (!hasControlVpnPermission()) {
+ if (mContext.checkCallingOrSelfPermission(CONTROL_VPN) != PERMISSION_GRANTED) {
if (oldPackage != null) {
verifyCallingUidAndPackage(oldPackage);
}
@@ -2073,10 +2073,6 @@
"Unauthorized Caller");
}
- private boolean hasControlVpnPermission() {
- return mContext.checkCallingOrSelfPermission(CONTROL_VPN) == PERMISSION_GRANTED;
- }
-
private class Connection implements ServiceConnection {
private IBinder mService;
@@ -3901,10 +3897,8 @@
Binder.restoreCallingIdentity(token);
}
- // If package has CONTROL_VPN, grant the ACTIVATE_PLATFORM_VPN appop.
- if (hasControlVpnPermission()) {
- setPackageAuthorization(packageName, VpnManager.TYPE_VPN_PLATFORM);
- }
+ // TODO: if package has CONTROL_VPN, grant the ACTIVATE_PLATFORM_VPN appop.
+ // This mirrors the prepareAndAuthorize that is used by VpnService.
// Return whether the app is already pre-consented
return isVpnProfilePreConsented(mContext, packageName);