DivestOS/Patches/LineageOS-15.1/android_system_netd/0001-Fix_DNS_leaks.patch
2024-07-31 20:50:20 -04:00

25 lines
1.1 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 9 May 2024 23:02:17 +0300
Subject: [PATCH] fix DNS leak in VPN lockdown mode when VPN is down
---
server/NetworkController.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp
index ecb4ceed..0229ffb8 100644
--- a/server/NetworkController.cpp
+++ b/server/NetworkController.cpp
@@ -191,8 +191,8 @@ int NetworkController::setDefaultNetwork(unsigned netId) {
uint32_t NetworkController::getNetworkForDns(unsigned* netId, uid_t uid) const {
android::RWLock::AutoRLock lock(mRWLock);
Fwmark fwmark;
- fwmark.protectedFromVpn = true;
- fwmark.permission = PERMISSION_SYSTEM;
+ fwmark.protectedFromVpn = canProtectLocked(uid);
+ fwmark.permission = getPermissionForUserLocked(uid);
if (checkUserNetworkAccessLocked(uid, *netId) == 0) {
// If a non-zero NetId was explicitly specified, and the user has permission for that
// network, use that network's DNS servers. Do not fall through to the default network even