mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-14 02:14:34 -05:00
25 lines
1.1 KiB
Diff
25 lines
1.1 KiB
Diff
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||
|
|
Date: Thu, 9 May 2024 23:02:17 +0300
|
||
|
|
Subject: [PATCH] fix DNS leak in VPN lockdown mode when VPN is down
|
||
|
|
|
||
|
|
---
|
||
|
|
server/NetworkController.cpp | 4 ++--
|
||
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp
|
||
|
|
index ecb4ceed..0229ffb8 100644
|
||
|
|
--- a/server/NetworkController.cpp
|
||
|
|
+++ b/server/NetworkController.cpp
|
||
|
|
@@ -191,8 +191,8 @@ int NetworkController::setDefaultNetwork(unsigned netId) {
|
||
|
|
uint32_t NetworkController::getNetworkForDns(unsigned* netId, uid_t uid) const {
|
||
|
|
android::RWLock::AutoRLock lock(mRWLock);
|
||
|
|
Fwmark fwmark;
|
||
|
|
- fwmark.protectedFromVpn = true;
|
||
|
|
- fwmark.permission = PERMISSION_SYSTEM;
|
||
|
|
+ fwmark.protectedFromVpn = canProtectLocked(uid);
|
||
|
|
+ fwmark.permission = getPermissionForUserLocked(uid);
|
||
|
|
if (checkUserNetworkAccessLocked(uid, *netId) == 0) {
|
||
|
|
// If a non-zero NetId was explicitly specified, and the user has permission for that
|
||
|
|
// network, use that network's DNS servers. Do not fall through to the default network even
|