From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 9 May 2024 23:02:17 +0300
Subject: [PATCH] fix DNS leak in VPN lockdown mode when VPN is down

---
 server/NetworkController.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp
index ecb4ceed..0229ffb8 100644
--- a/server/NetworkController.cpp
+++ b/server/NetworkController.cpp
@@ -191,8 +191,8 @@ int NetworkController::setDefaultNetwork(unsigned netId) {
 uint32_t NetworkController::getNetworkForDns(unsigned* netId, uid_t uid) const {
     android::RWLock::AutoRLock lock(mRWLock);
     Fwmark fwmark;
-    fwmark.protectedFromVpn = true;
-    fwmark.permission = PERMISSION_SYSTEM;
+    fwmark.protectedFromVpn = canProtectLocked(uid);
+    fwmark.permission = getPermissionForUserLocked(uid);
     if (checkUserNetworkAccessLocked(uid, *netId) == 0) {
         // If a non-zero NetId was explicitly specified, and the user has permission for that
         // network, use that network's DNS servers. Do not fall through to the default network even