Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 16dd8500 authored by Charles He's avatar Charles He
Browse files

VPN profile: break up lockdown mode validation 

Previously, there is one single method to test whether the current VPN
profile is a valid configuration for lockdown (always-on) VPN. In order
to provide a clearer feedback to the user regarding which part of the
profile is incompatible with the lockdown mode, we break the orginal
isValidLockdownProfile method into various parts, which can be called
individually to identify the exact reason for lockdown being disabled.

Test: manual
Bug: 29208008
Bug: 28072644
Change-Id: I1703742fe3d18d771c7f8d029cb89c2c28737c1b
parent aae474b6

core/java/com/android/internal/net/VpnProfile.java

+32 −16
Original line number Diff line number Diff line
@@ -19,7 +19,6 @@ package com.android.internal.net; 
import android.os.Parcel;

import android.os.Parcelable;

import android.text.TextUtils;

import android.util.Log;



import java.net.InetAddress;

import java.nio.charset.StandardCharsets;
@@ -171,34 +170,51 @@ public class VpnProfile implements Cloneable, Parcelable { 
    }



    /**

     * Test if profile is valid for lockdown, which requires IPv4 address for

     * Tests if profile is valid for lockdown, which requires IPv4 address for

     * both server and DNS. Server hostnames would require using DNS before

     * connection.

     */

    public boolean isValidLockdownProfile() {

        // b/7064069: lockdown firewall blocks ports that would be used for PPTP

        if (type == TYPE_PPTP) {

            return false;

        return isTypeValidForLockdown()

                && isServerAddressNumeric()

                && hasDns()

                && areDnsAddressesNumeric();

    }



    /** Returns {@code true} if the VPN type is valid for lockdown. */

    public boolean isTypeValidForLockdown() {

        // b/7064069: lockdown firewall blocks ports used for PPTP

        return type != TYPE_PPTP;

    }



    /** Returns {@code true} if the server address is numeric, e.g. 8.8.8.8 */

    public boolean isServerAddressNumeric() {

        try {

            InetAddress.parseNumericAddress(server);



            for (String dnsServer : dnsServers.split(" +")) {

                InetAddress.parseNumericAddress(this.dnsServers);

            }

            if (TextUtils.isEmpty(dnsServers)) {

                Log.w(TAG, "DNS required");

        } catch (IllegalArgumentException e) {

            return false;

        }



            // Everything checked out above

        return true;

    }



    /** Returns {@code true} if one or more DNS servers are specified. */

    public boolean hasDns() {

        return !TextUtils.isEmpty(dnsServers);

    }



    /**

     * Returns {@code true} if all DNS servers have numeric addresses,

     * e.g. 8.8.8.8

     */

    public boolean areDnsAddressesNumeric() {

        try {

            for (String dnsServer : dnsServers.split(" +")) {

                InetAddress.parseNumericAddress(dnsServer);

            }

        } catch (IllegalArgumentException e) {

            Log.w(TAG, "Invalid address", e);

            return false;

        }

        return true;

    }



    public static final Creator<VpnProfile> CREATOR = new Creator<VpnProfile>() {