Revert "Grant the ACTIVATE_PLATFORM_VPN appop if VPN app has CON..."
Revert submission 2141595-GRANT_PLATFORM_VPN
Reason for revert: Refer to the comment in ag/19491935.
Reverted Changes:
I0e0566bb8:Grant the ACTIVATE_PLATFORM_VPN appop if VPN app h...
I0580baca6:Test if VPN app can grant ACTIVATE_PLATFORM_VPN wi...
Change-Id: I6cfdd2b75aa6e7427ffa6024e1c3ff183a3e0379
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index da77742..5b282ce 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -1095,7 +1095,7 @@
// Except for Settings and VpnDialogs, the caller should be matched one of oldPackage or
// newPackage. Otherwise, non VPN owner might get the VPN always-on status of the VPN owner.
// See b/191382886.
- if (!hasControlVpnPermission()) {
+ if (mContext.checkCallingOrSelfPermission(CONTROL_VPN) != PERMISSION_GRANTED) {
if (oldPackage != null) {
verifyCallingUidAndPackage(oldPackage);
}
@@ -2056,10 +2056,6 @@
"Unauthorized Caller");
}
- private boolean hasControlVpnPermission() {
- return mContext.checkCallingOrSelfPermission(CONTROL_VPN) == PERMISSION_GRANTED;
- }
-
private class Connection implements ServiceConnection {
private IBinder mService;
@@ -3861,10 +3857,8 @@
Binder.restoreCallingIdentity(token);
}
- // If package has CONTROL_VPN, grant the ACTIVATE_PLATFORM_VPN appop.
- if (hasControlVpnPermission()) {
- setPackageAuthorization(packageName, VpnManager.TYPE_VPN_PLATFORM);
- }
+ // TODO: if package has CONTROL_VPN, grant the ACTIVATE_PLATFORM_VPN appop.
+ // This mirrors the prepareAndAuthorize that is used by VpnService.
// Return whether the app is already pre-consented
return isVpnProfilePreConsented(mContext, packageName);