Loading services/core/java/com/android/server/connectivity/Vpn.java +68 −63 Original line number Diff line number Diff line Loading @@ -222,6 +222,11 @@ public class Vpn { */ private static final int VPN_DEFAULT_SCORE = 101; /** * The initial token value of IKE session. */ private static final int STARTING_TOKEN = -1; // TODO: create separate trackers for each unique VPN to support // automated reconnection Loading Loading @@ -785,7 +790,7 @@ public class Vpn { } } private boolean isVpnApp(String packageName) { private static boolean isVpnApp(String packageName) { return packageName != null && !VpnConfig.LEGACY_VPN.equals(packageName); } Loading Loading @@ -2589,7 +2594,7 @@ public class Vpn { } @Nullable protected synchronized NetworkCapabilities getRedactedNetworkCapabilitiesOfUnderlyingNetwork( private synchronized NetworkCapabilities getRedactedNetworkCapabilities( NetworkCapabilities nc) { if (nc == null) return null; return mConnectivityManager.getRedactedNetworkCapabilitiesForPackage( Loading @@ -2597,8 +2602,7 @@ public class Vpn { } @Nullable protected synchronized LinkProperties getRedactedLinkPropertiesOfUnderlyingNetwork( LinkProperties lp) { private synchronized LinkProperties getRedactedLinkProperties(LinkProperties lp) { if (lp == null) return null; return mConnectivityManager.getRedactedLinkPropertiesForPackage(lp, mOwnerUID, mPackage); } Loading Loading @@ -2712,11 +2716,13 @@ public class Vpn { private boolean mIsRunning = true; /** * The token used by the primary/current/active IKE session. * The token that identifies the most recently created IKE session. * * <p>This token MUST be updated when the VPN switches to use a new IKE session. * <p>This token is monotonically increasing and will never be reset in the lifetime of this * Ikev2VpnRunner, but it does get reset across runs. It also MUST be accessed on the * executor thread and updated when a new IKE session is created. */ private int mCurrentToken = -1; private int mCurrentToken = STARTING_TOKEN; @Nullable private IpSecTunnelInterface mTunnelIface; @Nullable private Network mActiveNetwork; Loading Loading @@ -3208,7 +3214,7 @@ public class Vpn { mExecutor.schedule( () -> { if (isActiveToken(token)) { handleSessionLost(null, network); handleSessionLost(null /* exception */, network); } else { Log.d( TAG, Loading @@ -3225,7 +3231,7 @@ public class Vpn { TimeUnit.MILLISECONDS); } else { Log.d(TAG, "Call handleSessionLost for losing network " + network); handleSessionLost(null, network); handleSessionLost(null /* exception */, network); } } Loading Loading @@ -3293,10 +3299,15 @@ public class Vpn { // already terminated due to other failures. cancelHandleNetworkLostTimeout(); synchronized (Vpn.this) { String category = null; int errorClass = -1; int errorCode = -1; if (exception instanceof IllegalArgumentException) { // Failed to build IKE/ChildSessionParams; fatal profile configuration error markFailedAndDisconnect(exception); return; } if (exception instanceof IkeProtocolException) { final IkeProtocolException ikeException = (IkeProtocolException) exception; category = VpnManager.CATEGORY_EVENT_IKE_ERROR; Loading @@ -3314,13 +3325,8 @@ public class Vpn { break; // All other cases possibly recoverable. default: // All the above failures are configuration errors, and are terminal errorClass = VpnManager.ERROR_CLASS_RECOVERABLE; } } else if (exception instanceof IllegalArgumentException) { // Failed to build IKE/ChildSessionParams; fatal profile configuration error markFailedAndDisconnect(exception); return; } else if (exception instanceof IkeNetworkLostException) { category = VpnManager.CATEGORY_EVENT_NETWORK_ERROR; errorClass = VpnManager.ERROR_CLASS_RECOVERABLE; Loading @@ -3339,16 +3345,16 @@ public class Vpn { Log.wtf(TAG, "onSessionLost: exception = " + exception); } synchronized (Vpn.this) { // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. if (SdkLevel.isAtLeastT() && category != null && isVpnApp(mPackage)) { sendEventToVpnManagerApp(category, errorClass, errorCode, getPackage(), mSessionKey, makeVpnProfileStateLocked(), mActiveNetwork, getRedactedNetworkCapabilitiesOfUnderlyingNetwork( mUnderlyingNetworkCapabilities), getRedactedLinkPropertiesOfUnderlyingNetwork( mUnderlyingLinkProperties)); getRedactedNetworkCapabilities(mUnderlyingNetworkCapabilities), getRedactedLinkProperties(mUnderlyingLinkProperties)); } } if (errorClass == VpnManager.ERROR_CLASS_NOT_RECOVERABLE) { Loading @@ -3357,7 +3363,6 @@ public class Vpn { } else { scheduleRetryNewIkeSession(); } } mUnderlyingNetworkCapabilities = null; mUnderlyingLinkProperties = null; Loading Loading
services/core/java/com/android/server/connectivity/Vpn.java +68 −63 Original line number Diff line number Diff line Loading @@ -222,6 +222,11 @@ public class Vpn { */ private static final int VPN_DEFAULT_SCORE = 101; /** * The initial token value of IKE session. */ private static final int STARTING_TOKEN = -1; // TODO: create separate trackers for each unique VPN to support // automated reconnection Loading Loading @@ -785,7 +790,7 @@ public class Vpn { } } private boolean isVpnApp(String packageName) { private static boolean isVpnApp(String packageName) { return packageName != null && !VpnConfig.LEGACY_VPN.equals(packageName); } Loading Loading @@ -2589,7 +2594,7 @@ public class Vpn { } @Nullable protected synchronized NetworkCapabilities getRedactedNetworkCapabilitiesOfUnderlyingNetwork( private synchronized NetworkCapabilities getRedactedNetworkCapabilities( NetworkCapabilities nc) { if (nc == null) return null; return mConnectivityManager.getRedactedNetworkCapabilitiesForPackage( Loading @@ -2597,8 +2602,7 @@ public class Vpn { } @Nullable protected synchronized LinkProperties getRedactedLinkPropertiesOfUnderlyingNetwork( LinkProperties lp) { private synchronized LinkProperties getRedactedLinkProperties(LinkProperties lp) { if (lp == null) return null; return mConnectivityManager.getRedactedLinkPropertiesForPackage(lp, mOwnerUID, mPackage); } Loading Loading @@ -2712,11 +2716,13 @@ public class Vpn { private boolean mIsRunning = true; /** * The token used by the primary/current/active IKE session. * The token that identifies the most recently created IKE session. * * <p>This token MUST be updated when the VPN switches to use a new IKE session. * <p>This token is monotonically increasing and will never be reset in the lifetime of this * Ikev2VpnRunner, but it does get reset across runs. It also MUST be accessed on the * executor thread and updated when a new IKE session is created. */ private int mCurrentToken = -1; private int mCurrentToken = STARTING_TOKEN; @Nullable private IpSecTunnelInterface mTunnelIface; @Nullable private Network mActiveNetwork; Loading Loading @@ -3208,7 +3214,7 @@ public class Vpn { mExecutor.schedule( () -> { if (isActiveToken(token)) { handleSessionLost(null, network); handleSessionLost(null /* exception */, network); } else { Log.d( TAG, Loading @@ -3225,7 +3231,7 @@ public class Vpn { TimeUnit.MILLISECONDS); } else { Log.d(TAG, "Call handleSessionLost for losing network " + network); handleSessionLost(null, network); handleSessionLost(null /* exception */, network); } } Loading Loading @@ -3293,10 +3299,15 @@ public class Vpn { // already terminated due to other failures. cancelHandleNetworkLostTimeout(); synchronized (Vpn.this) { String category = null; int errorClass = -1; int errorCode = -1; if (exception instanceof IllegalArgumentException) { // Failed to build IKE/ChildSessionParams; fatal profile configuration error markFailedAndDisconnect(exception); return; } if (exception instanceof IkeProtocolException) { final IkeProtocolException ikeException = (IkeProtocolException) exception; category = VpnManager.CATEGORY_EVENT_IKE_ERROR; Loading @@ -3314,13 +3325,8 @@ public class Vpn { break; // All other cases possibly recoverable. default: // All the above failures are configuration errors, and are terminal errorClass = VpnManager.ERROR_CLASS_RECOVERABLE; } } else if (exception instanceof IllegalArgumentException) { // Failed to build IKE/ChildSessionParams; fatal profile configuration error markFailedAndDisconnect(exception); return; } else if (exception instanceof IkeNetworkLostException) { category = VpnManager.CATEGORY_EVENT_NETWORK_ERROR; errorClass = VpnManager.ERROR_CLASS_RECOVERABLE; Loading @@ -3339,16 +3345,16 @@ public class Vpn { Log.wtf(TAG, "onSessionLost: exception = " + exception); } synchronized (Vpn.this) { // TODO(b/230548427): Remove SDK check once VPN related stuff are // decoupled from ConnectivityServiceTest. if (SdkLevel.isAtLeastT() && category != null && isVpnApp(mPackage)) { sendEventToVpnManagerApp(category, errorClass, errorCode, getPackage(), mSessionKey, makeVpnProfileStateLocked(), mActiveNetwork, getRedactedNetworkCapabilitiesOfUnderlyingNetwork( mUnderlyingNetworkCapabilities), getRedactedLinkPropertiesOfUnderlyingNetwork( mUnderlyingLinkProperties)); getRedactedNetworkCapabilities(mUnderlyingNetworkCapabilities), getRedactedLinkProperties(mUnderlyingLinkProperties)); } } if (errorClass == VpnManager.ERROR_CLASS_NOT_RECOVERABLE) { Loading @@ -3357,7 +3363,6 @@ public class Vpn { } else { scheduleRetryNewIkeSession(); } } mUnderlyingNetworkCapabilities = null; mUnderlyingLinkProperties = null; Loading
