Gitiles
Code Review Sign In
review.blissroms.org / platform_system_netd / 736206f4866eae577748c1c2da4b83a89437d023
commit736206f4866eae577748c1c2da4b83a89437d023[log] [tgz]
authorTommy Webb <tommy@calyxinstitute.org>Tue Feb 28 10:46:05 2023 -0500
committerJackeagle <jackeagle102@gmail.com>Wed Aug 30 00:58:26 2023 -0400
tree67d0c33ba2aa43f2132c523f229eb2c229fe417b
parentee5f8fc18da1f870ea7ae4413843b44383d207cc [diff]
Do not add VPN local exclusion rules

Prevent UIDs on a VPN from accessing the private IP ranges of networks
that they are not allowed to access. Without this, when connected to a
VPN, apps that are disallowed from accessing a Wi-Fi network will
become able to access the Wi-Fi network's LAN despite not being able
to access the Wi-Fi network whatsoever before connecting to a VPN.

Stop adding the local exclusion rule that makes this bypass possible.

Change-Id: I9975b5ab1306ee86863979d1fe73203799cce648
Signed-off-by: Mohammad Hasan Keramat J <ikeramat@protonmail.com>
1 file changed
tree: 67d0c33ba2aa43f2132c523f229eb2c229fe417b
  1. client/
  2. include/
  3. netutils_wrappers/
  4. server/
  5. tests/
  6. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  7. .editorconfig
  8. Android.bp
  9. NOTICE
  10. OWNERS
  11. PREUPLOAD.cfg
  12. TEST_MAPPING