Merge "Update VPN app exclusion list when packages are added or removed" (1af24cfd) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/VpnManagerService.java

+38 −6

Original line number	Diff line number	Diff line
		@@ -45,6 +45,7 @@ import android.os.Build;
		import android.os.Handler;
		import android.os.HandlerThread;
		import android.os.INetworkManagementService;
		import android.os.Looper;
		import android.os.ParcelFileDescriptor;
		import android.os.Process;
		import android.os.ServiceManager;
		@@ -131,6 +132,12 @@ public class VpnManagerService extends IVpnManager.Stub {
		return INetworkManagementService.Stub.asInterface(
		ServiceManager.getService(Context.NETWORKMANAGEMENT_SERVICE));
		}

		/** Create a VPN. */
		public Vpn createVpn(Looper looper, Context context, INetworkManagementService nms,
		INetd netd, int userId) {
		return new Vpn(looper, context, nms, netd, userId, new VpnProfileStore());
		}
		}

		public VpnManagerService(Context context, Dependencies deps) {
		@@ -688,6 +695,7 @@ public class VpnManagerService extends IVpnManager.Stub {

		// Listen to package add and removal events for all users.
		intentFilter = new IntentFilter();
		intentFilter.addAction(Intent.ACTION_PACKAGE_ADDED);
		intentFilter.addAction(Intent.ACTION_PACKAGE_REPLACED);
		intentFilter.addAction(Intent.ACTION_PACKAGE_REMOVED);
		intentFilter.addDataScheme("package");
		@@ -738,6 +746,10 @@ public class VpnManagerService extends IVpnManager.Stub {
		final boolean isReplacing = intent.getBooleanExtra(
		Intent.EXTRA_REPLACING, false);
		onPackageRemoved(packageName, uid, isReplacing);
		} else if (Intent.ACTION_PACKAGE_ADDED.equals(action)) {
		final boolean isReplacing = intent.getBooleanExtra(
		Intent.EXTRA_REPLACING, false);
		onPackageAdded(packageName, uid, isReplacing);
		} else {
		Log.wtf(TAG, "received unexpected intent: " + action);
		}
		@@ -757,15 +769,15 @@ public class VpnManagerService extends IVpnManager.Stub {
		}
		};

		private void onUserStarted(int userId) {
		@VisibleForTesting
		void onUserStarted(int userId) {
		synchronized (mVpns) {
		Vpn userVpn = mVpns.get(userId);
		if (userVpn != null) {
		loge("Starting user already has a VPN");
		return;
		}
		userVpn = new Vpn(mHandler.getLooper(), mContext, mNMS, mNetd, userId,
		new VpnProfileStore());
		userVpn = mDeps.createVpn(mHandler.getLooper(), mContext, mNMS, mNetd, userId);
		mVpns.put(userId, userVpn);
		if (mUserManager.getUserInfo(userId).isPrimary() && isLockdownVpnEnabled()) {
		updateLockdownVpn();
		@@ -842,7 +854,8 @@ public class VpnManagerService extends IVpnManager.Stub {
		}
		}

		private void onPackageRemoved(String packageName, int uid, boolean isReplacing) {
		@VisibleForTesting
		void onPackageRemoved(String packageName, int uid, boolean isReplacing) {
		if (TextUtils.isEmpty(packageName) \|\| uid < 0) {
		Log.wtf(TAG, "Invalid package in onPackageRemoved: " + packageName + " \| " + uid);
		return;
		@@ -851,15 +864,34 @@ public class VpnManagerService extends IVpnManager.Stub {
		final int userId = UserHandle.getUserId(uid);
		synchronized (mVpns) {
		final Vpn vpn = mVpns.get(userId);
		if (vpn == null) {
		if (vpn == null \|\| isReplacing) {
		return;
		}
		// Legacy always-on VPN won't be affected since the package name is not set.
		if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName) && !isReplacing) {
		if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName)) {
		log("Removing always-on VPN package " + packageName + " for user "
		+ userId);
		vpn.setAlwaysOnPackage(null, false, null);
		}

		vpn.refreshPlatformVpnAppExclusionList();
		}
		}

		@VisibleForTesting
		void onPackageAdded(String packageName, int uid, boolean isReplacing) {
		if (TextUtils.isEmpty(packageName) \|\| uid < 0) {
		Log.wtf(TAG, "Invalid package in onPackageAdded: " + packageName + " \| " + uid);
		return;
		}

		final int userId = UserHandle.getUserId(uid);
		synchronized (mVpns) {
		final Vpn vpn = mVpns.get(userId);

		if (vpn != null && !isReplacing) {
		vpn.refreshPlatformVpnAppExclusionList();
		}
		}
		}

services/core/java/com/android/server/connectivity/Vpn.java

+14 −2

Original line number	Diff line number	Diff line
		@@ -4085,6 +4085,20 @@ public class Vpn {
		@NonNull List<String> excludedApps) {
		enforceNotRestrictedUser();
		if (!storeAppExclusionList(packageName, excludedApps)) return false;

		updateAppExclusionList(excludedApps);

		return true;
		}

		/**
		* Triggers an update of the VPN network's excluded UIDs if a VPN is running.
		*/
		public synchronized void refreshPlatformVpnAppExclusionList() {
		updateAppExclusionList(getAppExclusionList(mPackage));
		}

		private synchronized void updateAppExclusionList(@NonNull List<String> excludedApps) {
		// Re-build and update NetworkCapabilities via NetworkAgent.
		if (mNetworkAgent != null) {
		// Only update the platform VPN
		@@ -4097,8 +4111,6 @@ public class Vpn {
		mNetworkAgent.sendNetworkCapabilities(mNetworkCapabilities);
		}
		}

		return true;
		}

		/**