DivestOS/Patches/LineageOS-17.1/android_system_netd/0003-Fix_DNS_leaks.patch
2024-07-31 20:50:20 -04:00

25 lines
1.1 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
Date: Thu, 9 May 2024 23:02:17 +0300
Subject: [PATCH] fix DNS leak in VPN lockdown mode when VPN is down
---
server/NetworkController.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp
index 20ae44b2..93ccf202 100644
--- a/server/NetworkController.cpp
+++ b/server/NetworkController.cpp
@@ -204,8 +204,8 @@ int NetworkController::setDefaultNetwork(unsigned netId) {
uint32_t NetworkController::getNetworkForDnsLocked(unsigned* netId, uid_t uid) const {
Fwmark fwmark;
- fwmark.protectedFromVpn = true;
- fwmark.permission = PERMISSION_SYSTEM;
+ fwmark.protectedFromVpn = canProtectLocked(uid);
+ fwmark.permission = getPermissionForUserLocked(uid);
// Common case: there is no VPN that applies to the user, and the query did not specify a netId.
// Therefore, it is safe to set the explicit bit on this query and skip all the complex logic