Loading services/core/java/com/android/server/ConnectivityService.java +95 −81 Original line number Original line Diff line number Diff line Loading @@ -226,7 +226,11 @@ public class ConnectivityService extends IConnectivityManager.Stub @GuardedBy("mVpns") @GuardedBy("mVpns") private final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); private final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); // TODO: investigate if mLockdownEnabled can be removed and replaced everywhere by // a direct call to LockdownVpnTracker.isEnabled(). @GuardedBy("mVpns") private boolean mLockdownEnabled; private boolean mLockdownEnabled; @GuardedBy("mVpns") private LockdownVpnTracker mLockdownTracker; private LockdownVpnTracker mLockdownTracker; final private Context mContext; final private Context mContext; Loading Loading @@ -997,9 +1001,9 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private Network[] getVpnUnderlyingNetworks(int uid) { private Network[] getVpnUnderlyingNetworks(int uid) { synchronized (mVpns) { if (!mLockdownEnabled) { if (!mLockdownEnabled) { int user = UserHandle.getUserId(uid); int user = UserHandle.getUserId(uid); synchronized (mVpns) { Vpn vpn = mVpns.get(user); Vpn vpn = mVpns.get(user); if (vpn != null && vpn.appliesToUid(uid)) { if (vpn != null && vpn.appliesToUid(uid)) { return vpn.getUnderlyingNetworks(); return vpn.getUnderlyingNetworks(); Loading Loading @@ -1087,10 +1091,12 @@ public class ConnectivityService extends IConnectivityManager.Stub if (isNetworkWithLinkPropertiesBlocked(state.linkProperties, uid, ignoreBlocked)) { if (isNetworkWithLinkPropertiesBlocked(state.linkProperties, uid, ignoreBlocked)) { state.networkInfo.setDetailedState(DetailedState.BLOCKED, null, null); state.networkInfo.setDetailedState(DetailedState.BLOCKED, null, null); } } synchronized (mVpns) { if (mLockdownTracker != null) { if (mLockdownTracker != null) { mLockdownTracker.augmentNetworkInfo(state.networkInfo); mLockdownTracker.augmentNetworkInfo(state.networkInfo); } } } } } /** /** * Return NetworkInfo for the active (i.e., connected) network interface. * Return NetworkInfo for the active (i.e., connected) network interface. Loading Loading @@ -1253,8 +1259,8 @@ public class ConnectivityService extends IConnectivityManager.Stub result.put(nai.network, nc); result.put(nai.network, nc); } } if (!mLockdownEnabled) { synchronized (mVpns) { synchronized (mVpns) { if (!mLockdownEnabled) { Vpn vpn = mVpns.get(userId); Vpn vpn = mVpns.get(userId); if (vpn != null) { if (vpn != null) { Network[] networks = vpn.getUnderlyingNetworks(); Network[] networks = vpn.getUnderlyingNetworks(); Loading Loading @@ -1580,10 +1586,12 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private Intent makeGeneralIntent(NetworkInfo info, String bcastType) { private Intent makeGeneralIntent(NetworkInfo info, String bcastType) { synchronized (mVpns) { if (mLockdownTracker != null) { if (mLockdownTracker != null) { info = new NetworkInfo(info); info = new NetworkInfo(info); mLockdownTracker.augmentNetworkInfo(info); mLockdownTracker.augmentNetworkInfo(info); } } } Intent intent = new Intent(bcastType); Intent intent = new Intent(bcastType); intent.putExtra(ConnectivityManager.EXTRA_NETWORK_INFO, new NetworkInfo(info)); intent.putExtra(ConnectivityManager.EXTRA_NETWORK_INFO, new NetworkInfo(info)); Loading Loading @@ -3436,9 +3444,9 @@ public class ConnectivityService extends IConnectivityManager.Stub public boolean prepareVpn(@Nullable String oldPackage, @Nullable String newPackage, public boolean prepareVpn(@Nullable String oldPackage, @Nullable String newPackage, int userId) { int userId) { enforceCrossUserPermission(userId); enforceCrossUserPermission(userId); throwIfLockdownEnabled(); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); Vpn vpn = mVpns.get(userId); Vpn vpn = mVpns.get(userId); if (vpn != null) { if (vpn != null) { return vpn.prepare(oldPackage, newPackage); return vpn.prepare(oldPackage, newPackage); Loading Loading @@ -3482,9 +3490,9 @@ public class ConnectivityService extends IConnectivityManager.Stub */ */ @Override @Override public ParcelFileDescriptor establishVpn(VpnConfig config) { public ParcelFileDescriptor establishVpn(VpnConfig config) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); return mVpns.get(user).establish(config); return mVpns.get(user).establish(config); } } } } Loading @@ -3495,13 +3503,13 @@ public class ConnectivityService extends IConnectivityManager.Stub */ */ @Override @Override public void startLegacyVpn(VpnProfile profile) { public void startLegacyVpn(VpnProfile profile) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); final LinkProperties egress = getActiveLinkProperties(); final LinkProperties egress = getActiveLinkProperties(); if (egress == null) { if (egress == null) { throw new IllegalStateException("Missing active network connection"); throw new IllegalStateException("Missing active network connection"); } } int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); mVpns.get(user).startLegacyVpn(profile, mKeyStore, egress); mVpns.get(user).startLegacyVpn(profile, mKeyStore, egress); } } } } Loading @@ -3527,11 +3535,11 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override @Override public VpnInfo[] getAllVpnInfo() { public VpnInfo[] getAllVpnInfo() { enforceConnectivityInternalPermission(); enforceConnectivityInternalPermission(); synchronized (mVpns) { if (mLockdownEnabled) { if (mLockdownEnabled) { return new VpnInfo[0]; return new VpnInfo[0]; } } synchronized (mVpns) { List<VpnInfo> infoList = new ArrayList<>(); List<VpnInfo> infoList = new ArrayList<>(); for (int i = 0; i < mVpns.size(); i++) { for (int i = 0; i < mVpns.size(); i++) { VpnInfo info = createVpnInfo(mVpns.valueAt(i)); VpnInfo info = createVpnInfo(mVpns.valueAt(i)); Loading Loading @@ -3596,6 +3604,7 @@ public class ConnectivityService extends IConnectivityManager.Stub return false; return false; } } synchronized (mVpns) { // Tear down existing lockdown if profile was removed // Tear down existing lockdown if profile was removed mLockdownEnabled = LockdownVpnTracker.isEnabled(); mLockdownEnabled = LockdownVpnTracker.isEnabled(); if (mLockdownEnabled) { if (mLockdownEnabled) { Loading @@ -3613,17 +3622,16 @@ public class ConnectivityService extends IConnectivityManager.Stub return true; return true; } } int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { Vpn vpn = mVpns.get(user); Vpn vpn = mVpns.get(user); if (vpn == null) { if (vpn == null) { Slog.w(TAG, "VPN for user " + user + " not ready yet. Skipping lockdown"); Slog.w(TAG, "VPN for user " + user + " not ready yet. Skipping lockdown"); return false; return false; } } setLockdownTracker(new LockdownVpnTracker(mContext, mNetd, this, vpn, profile)); setLockdownTracker(new LockdownVpnTracker(mContext, mNetd, this, vpn, profile)); } } else { } else { setLockdownTracker(null); setLockdownTracker(null); } } } return true; return true; } } Loading @@ -3632,6 +3640,7 @@ public class ConnectivityService extends IConnectivityManager.Stub * Internally set new {@link LockdownVpnTracker}, shutting down any existing * Internally set new {@link LockdownVpnTracker}, shutting down any existing * {@link LockdownVpnTracker}. Can be {@code null} to disable lockdown. * {@link LockdownVpnTracker}. Can be {@code null} to disable lockdown. */ */ @GuardedBy("mVpns") private void setLockdownTracker(LockdownVpnTracker tracker) { private void setLockdownTracker(LockdownVpnTracker tracker) { // Shutdown any existing tracker // Shutdown any existing tracker final LockdownVpnTracker existing = mLockdownTracker; final LockdownVpnTracker existing = mLockdownTracker; Loading @@ -3646,6 +3655,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } } } @GuardedBy("mVpns") private void throwIfLockdownEnabled() { private void throwIfLockdownEnabled() { if (mLockdownEnabled) { if (mLockdownEnabled) { throw new IllegalStateException("Unavailable in lockdown mode"); throw new IllegalStateException("Unavailable in lockdown mode"); Loading Loading @@ -3693,12 +3703,12 @@ public class ConnectivityService extends IConnectivityManager.Stub enforceConnectivityInternalPermission(); enforceConnectivityInternalPermission(); enforceCrossUserPermission(userId); enforceCrossUserPermission(userId); synchronized (mVpns) { // Can't set always-on VPN if legacy VPN is already in lockdown mode. // Can't set always-on VPN if legacy VPN is already in lockdown mode. if (LockdownVpnTracker.isEnabled()) { if (LockdownVpnTracker.isEnabled()) { return false; return false; } } synchronized (mVpns) { Vpn vpn = mVpns.get(userId); Vpn vpn = mVpns.get(userId); if (vpn == null) { if (vpn == null) { Slog.w(TAG, "User " + userId + " has no Vpn configuration"); Slog.w(TAG, "User " + userId + " has no Vpn configuration"); Loading Loading @@ -3874,11 +3884,11 @@ public class ConnectivityService extends IConnectivityManager.Stub } } userVpn = new Vpn(mHandler.getLooper(), mContext, mNetd, userId); userVpn = new Vpn(mHandler.getLooper(), mContext, mNetd, userId); mVpns.put(userId, userVpn); mVpns.put(userId, userVpn); } if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { updateLockdownVpn(); updateLockdownVpn(); } } } } } private void onUserStop(int userId) { private void onUserStop(int userId) { synchronized (mVpns) { synchronized (mVpns) { Loading Loading @@ -3913,6 +3923,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private void onUserUnlocked(int userId) { private void onUserUnlocked(int userId) { synchronized (mVpns) { // User present may be sent because of an unlock, which might mean an unlocked keystore. // User present may be sent because of an unlock, which might mean an unlocked keystore. if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { updateLockdownVpn(); updateLockdownVpn(); Loading @@ -3920,6 +3931,7 @@ public class ConnectivityService extends IConnectivityManager.Stub startAlwaysOnVpn(userId); startAlwaysOnVpn(userId); } } } } } private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { @Override @Override Loading Loading @@ -5205,6 +5217,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private void notifyLockdownVpn(NetworkAgentInfo nai) { private void notifyLockdownVpn(NetworkAgentInfo nai) { synchronized (mVpns) { if (mLockdownTracker != null) { if (mLockdownTracker != null) { if (nai != null && nai.isVPN()) { if (nai != null && nai.isVPN()) { mLockdownTracker.onVpnStateChanged(nai.networkInfo); mLockdownTracker.onVpnStateChanged(nai.networkInfo); Loading @@ -5213,6 +5226,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } } } } } } private void updateNetworkInfo(NetworkAgentInfo networkAgent, NetworkInfo newInfo) { private void updateNetworkInfo(NetworkAgentInfo networkAgent, NetworkInfo newInfo) { final NetworkInfo.State state = newInfo.getState(); final NetworkInfo.State state = newInfo.getState(); Loading Loading @@ -5439,28 +5453,28 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override @Override public boolean addVpnAddress(String address, int prefixLength) { public boolean addVpnAddress(String address, int prefixLength) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); return mVpns.get(user).addAddress(address, prefixLength); return mVpns.get(user).addAddress(address, prefixLength); } } } } @Override @Override public boolean removeVpnAddress(String address, int prefixLength) { public boolean removeVpnAddress(String address, int prefixLength) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); return mVpns.get(user).removeAddress(address, prefixLength); return mVpns.get(user).removeAddress(address, prefixLength); } } } } @Override @Override public boolean setUnderlyingNetworksForVpn(Network[] networks) { public boolean setUnderlyingNetworksForVpn(Network[] networks) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); boolean success; final boolean success; synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); success = mVpns.get(user).setUnderlyingNetworks(networks); success = mVpns.get(user).setUnderlyingNetworks(networks); } } if (success) { if (success) { Loading Loading @@ -5520,7 +5534,6 @@ public class ConnectivityService extends IConnectivityManager.Stub setAlwaysOnVpnPackage(userId, null, false); setAlwaysOnVpnPackage(userId, null, false); setVpnPackageAuthorization(alwaysOnPackage, userId, false); setVpnPackageAuthorization(alwaysOnPackage, userId, false); } } } // Turn Always-on VPN off // Turn Always-on VPN off if (mLockdownEnabled && userId == UserHandle.USER_SYSTEM) { if (mLockdownEnabled && userId == UserHandle.USER_SYSTEM) { Loading @@ -5540,14 +5553,15 @@ public class ConnectivityService extends IConnectivityManager.Stub if (vpnConfig.legacy) { if (vpnConfig.legacy) { prepareVpn(VpnConfig.LEGACY_VPN, VpnConfig.LEGACY_VPN, userId); prepareVpn(VpnConfig.LEGACY_VPN, VpnConfig.LEGACY_VPN, userId); } else { } else { // Prevent this app (packagename = vpnConfig.user) from initiating VPN connections // Prevent this app (packagename = vpnConfig.user) from initiating // in the future without user intervention. // VPN connections in the future without user intervention. setVpnPackageAuthorization(vpnConfig.user, userId, false); setVpnPackageAuthorization(vpnConfig.user, userId, false); prepareVpn(null, VpnConfig.LEGACY_VPN, userId); prepareVpn(null, VpnConfig.LEGACY_VPN, userId); } } } } } } } Settings.Global.putString(mContext.getContentResolver(), Settings.Global.putString(mContext.getContentResolver(), Settings.Global.NETWORK_AVOID_BAD_WIFI, null); Settings.Global.NETWORK_AVOID_BAD_WIFI, null); Loading Loading
services/core/java/com/android/server/ConnectivityService.java +95 −81 Original line number Original line Diff line number Diff line Loading @@ -226,7 +226,11 @@ public class ConnectivityService extends IConnectivityManager.Stub @GuardedBy("mVpns") @GuardedBy("mVpns") private final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); private final SparseArray<Vpn> mVpns = new SparseArray<Vpn>(); // TODO: investigate if mLockdownEnabled can be removed and replaced everywhere by // a direct call to LockdownVpnTracker.isEnabled(). @GuardedBy("mVpns") private boolean mLockdownEnabled; private boolean mLockdownEnabled; @GuardedBy("mVpns") private LockdownVpnTracker mLockdownTracker; private LockdownVpnTracker mLockdownTracker; final private Context mContext; final private Context mContext; Loading Loading @@ -997,9 +1001,9 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private Network[] getVpnUnderlyingNetworks(int uid) { private Network[] getVpnUnderlyingNetworks(int uid) { synchronized (mVpns) { if (!mLockdownEnabled) { if (!mLockdownEnabled) { int user = UserHandle.getUserId(uid); int user = UserHandle.getUserId(uid); synchronized (mVpns) { Vpn vpn = mVpns.get(user); Vpn vpn = mVpns.get(user); if (vpn != null && vpn.appliesToUid(uid)) { if (vpn != null && vpn.appliesToUid(uid)) { return vpn.getUnderlyingNetworks(); return vpn.getUnderlyingNetworks(); Loading Loading @@ -1087,10 +1091,12 @@ public class ConnectivityService extends IConnectivityManager.Stub if (isNetworkWithLinkPropertiesBlocked(state.linkProperties, uid, ignoreBlocked)) { if (isNetworkWithLinkPropertiesBlocked(state.linkProperties, uid, ignoreBlocked)) { state.networkInfo.setDetailedState(DetailedState.BLOCKED, null, null); state.networkInfo.setDetailedState(DetailedState.BLOCKED, null, null); } } synchronized (mVpns) { if (mLockdownTracker != null) { if (mLockdownTracker != null) { mLockdownTracker.augmentNetworkInfo(state.networkInfo); mLockdownTracker.augmentNetworkInfo(state.networkInfo); } } } } } /** /** * Return NetworkInfo for the active (i.e., connected) network interface. * Return NetworkInfo for the active (i.e., connected) network interface. Loading Loading @@ -1253,8 +1259,8 @@ public class ConnectivityService extends IConnectivityManager.Stub result.put(nai.network, nc); result.put(nai.network, nc); } } if (!mLockdownEnabled) { synchronized (mVpns) { synchronized (mVpns) { if (!mLockdownEnabled) { Vpn vpn = mVpns.get(userId); Vpn vpn = mVpns.get(userId); if (vpn != null) { if (vpn != null) { Network[] networks = vpn.getUnderlyingNetworks(); Network[] networks = vpn.getUnderlyingNetworks(); Loading Loading @@ -1580,10 +1586,12 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private Intent makeGeneralIntent(NetworkInfo info, String bcastType) { private Intent makeGeneralIntent(NetworkInfo info, String bcastType) { synchronized (mVpns) { if (mLockdownTracker != null) { if (mLockdownTracker != null) { info = new NetworkInfo(info); info = new NetworkInfo(info); mLockdownTracker.augmentNetworkInfo(info); mLockdownTracker.augmentNetworkInfo(info); } } } Intent intent = new Intent(bcastType); Intent intent = new Intent(bcastType); intent.putExtra(ConnectivityManager.EXTRA_NETWORK_INFO, new NetworkInfo(info)); intent.putExtra(ConnectivityManager.EXTRA_NETWORK_INFO, new NetworkInfo(info)); Loading Loading @@ -3436,9 +3444,9 @@ public class ConnectivityService extends IConnectivityManager.Stub public boolean prepareVpn(@Nullable String oldPackage, @Nullable String newPackage, public boolean prepareVpn(@Nullable String oldPackage, @Nullable String newPackage, int userId) { int userId) { enforceCrossUserPermission(userId); enforceCrossUserPermission(userId); throwIfLockdownEnabled(); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); Vpn vpn = mVpns.get(userId); Vpn vpn = mVpns.get(userId); if (vpn != null) { if (vpn != null) { return vpn.prepare(oldPackage, newPackage); return vpn.prepare(oldPackage, newPackage); Loading Loading @@ -3482,9 +3490,9 @@ public class ConnectivityService extends IConnectivityManager.Stub */ */ @Override @Override public ParcelFileDescriptor establishVpn(VpnConfig config) { public ParcelFileDescriptor establishVpn(VpnConfig config) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); return mVpns.get(user).establish(config); return mVpns.get(user).establish(config); } } } } Loading @@ -3495,13 +3503,13 @@ public class ConnectivityService extends IConnectivityManager.Stub */ */ @Override @Override public void startLegacyVpn(VpnProfile profile) { public void startLegacyVpn(VpnProfile profile) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); final LinkProperties egress = getActiveLinkProperties(); final LinkProperties egress = getActiveLinkProperties(); if (egress == null) { if (egress == null) { throw new IllegalStateException("Missing active network connection"); throw new IllegalStateException("Missing active network connection"); } } int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); mVpns.get(user).startLegacyVpn(profile, mKeyStore, egress); mVpns.get(user).startLegacyVpn(profile, mKeyStore, egress); } } } } Loading @@ -3527,11 +3535,11 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override @Override public VpnInfo[] getAllVpnInfo() { public VpnInfo[] getAllVpnInfo() { enforceConnectivityInternalPermission(); enforceConnectivityInternalPermission(); synchronized (mVpns) { if (mLockdownEnabled) { if (mLockdownEnabled) { return new VpnInfo[0]; return new VpnInfo[0]; } } synchronized (mVpns) { List<VpnInfo> infoList = new ArrayList<>(); List<VpnInfo> infoList = new ArrayList<>(); for (int i = 0; i < mVpns.size(); i++) { for (int i = 0; i < mVpns.size(); i++) { VpnInfo info = createVpnInfo(mVpns.valueAt(i)); VpnInfo info = createVpnInfo(mVpns.valueAt(i)); Loading Loading @@ -3596,6 +3604,7 @@ public class ConnectivityService extends IConnectivityManager.Stub return false; return false; } } synchronized (mVpns) { // Tear down existing lockdown if profile was removed // Tear down existing lockdown if profile was removed mLockdownEnabled = LockdownVpnTracker.isEnabled(); mLockdownEnabled = LockdownVpnTracker.isEnabled(); if (mLockdownEnabled) { if (mLockdownEnabled) { Loading @@ -3613,17 +3622,16 @@ public class ConnectivityService extends IConnectivityManager.Stub return true; return true; } } int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { Vpn vpn = mVpns.get(user); Vpn vpn = mVpns.get(user); if (vpn == null) { if (vpn == null) { Slog.w(TAG, "VPN for user " + user + " not ready yet. Skipping lockdown"); Slog.w(TAG, "VPN for user " + user + " not ready yet. Skipping lockdown"); return false; return false; } } setLockdownTracker(new LockdownVpnTracker(mContext, mNetd, this, vpn, profile)); setLockdownTracker(new LockdownVpnTracker(mContext, mNetd, this, vpn, profile)); } } else { } else { setLockdownTracker(null); setLockdownTracker(null); } } } return true; return true; } } Loading @@ -3632,6 +3640,7 @@ public class ConnectivityService extends IConnectivityManager.Stub * Internally set new {@link LockdownVpnTracker}, shutting down any existing * Internally set new {@link LockdownVpnTracker}, shutting down any existing * {@link LockdownVpnTracker}. Can be {@code null} to disable lockdown. * {@link LockdownVpnTracker}. Can be {@code null} to disable lockdown. */ */ @GuardedBy("mVpns") private void setLockdownTracker(LockdownVpnTracker tracker) { private void setLockdownTracker(LockdownVpnTracker tracker) { // Shutdown any existing tracker // Shutdown any existing tracker final LockdownVpnTracker existing = mLockdownTracker; final LockdownVpnTracker existing = mLockdownTracker; Loading @@ -3646,6 +3655,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } } } @GuardedBy("mVpns") private void throwIfLockdownEnabled() { private void throwIfLockdownEnabled() { if (mLockdownEnabled) { if (mLockdownEnabled) { throw new IllegalStateException("Unavailable in lockdown mode"); throw new IllegalStateException("Unavailable in lockdown mode"); Loading Loading @@ -3693,12 +3703,12 @@ public class ConnectivityService extends IConnectivityManager.Stub enforceConnectivityInternalPermission(); enforceConnectivityInternalPermission(); enforceCrossUserPermission(userId); enforceCrossUserPermission(userId); synchronized (mVpns) { // Can't set always-on VPN if legacy VPN is already in lockdown mode. // Can't set always-on VPN if legacy VPN is already in lockdown mode. if (LockdownVpnTracker.isEnabled()) { if (LockdownVpnTracker.isEnabled()) { return false; return false; } } synchronized (mVpns) { Vpn vpn = mVpns.get(userId); Vpn vpn = mVpns.get(userId); if (vpn == null) { if (vpn == null) { Slog.w(TAG, "User " + userId + " has no Vpn configuration"); Slog.w(TAG, "User " + userId + " has no Vpn configuration"); Loading Loading @@ -3874,11 +3884,11 @@ public class ConnectivityService extends IConnectivityManager.Stub } } userVpn = new Vpn(mHandler.getLooper(), mContext, mNetd, userId); userVpn = new Vpn(mHandler.getLooper(), mContext, mNetd, userId); mVpns.put(userId, userVpn); mVpns.put(userId, userVpn); } if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { updateLockdownVpn(); updateLockdownVpn(); } } } } } private void onUserStop(int userId) { private void onUserStop(int userId) { synchronized (mVpns) { synchronized (mVpns) { Loading Loading @@ -3913,6 +3923,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private void onUserUnlocked(int userId) { private void onUserUnlocked(int userId) { synchronized (mVpns) { // User present may be sent because of an unlock, which might mean an unlocked keystore. // User present may be sent because of an unlock, which might mean an unlocked keystore. if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { updateLockdownVpn(); updateLockdownVpn(); Loading @@ -3920,6 +3931,7 @@ public class ConnectivityService extends IConnectivityManager.Stub startAlwaysOnVpn(userId); startAlwaysOnVpn(userId); } } } } } private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { @Override @Override Loading Loading @@ -5205,6 +5217,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private void notifyLockdownVpn(NetworkAgentInfo nai) { private void notifyLockdownVpn(NetworkAgentInfo nai) { synchronized (mVpns) { if (mLockdownTracker != null) { if (mLockdownTracker != null) { if (nai != null && nai.isVPN()) { if (nai != null && nai.isVPN()) { mLockdownTracker.onVpnStateChanged(nai.networkInfo); mLockdownTracker.onVpnStateChanged(nai.networkInfo); Loading @@ -5213,6 +5226,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } } } } } } } private void updateNetworkInfo(NetworkAgentInfo networkAgent, NetworkInfo newInfo) { private void updateNetworkInfo(NetworkAgentInfo networkAgent, NetworkInfo newInfo) { final NetworkInfo.State state = newInfo.getState(); final NetworkInfo.State state = newInfo.getState(); Loading Loading @@ -5439,28 +5453,28 @@ public class ConnectivityService extends IConnectivityManager.Stub @Override @Override public boolean addVpnAddress(String address, int prefixLength) { public boolean addVpnAddress(String address, int prefixLength) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); return mVpns.get(user).addAddress(address, prefixLength); return mVpns.get(user).addAddress(address, prefixLength); } } } } @Override @Override public boolean removeVpnAddress(String address, int prefixLength) { public boolean removeVpnAddress(String address, int prefixLength) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); return mVpns.get(user).removeAddress(address, prefixLength); return mVpns.get(user).removeAddress(address, prefixLength); } } } } @Override @Override public boolean setUnderlyingNetworksForVpn(Network[] networks) { public boolean setUnderlyingNetworksForVpn(Network[] networks) { throwIfLockdownEnabled(); int user = UserHandle.getUserId(Binder.getCallingUid()); int user = UserHandle.getUserId(Binder.getCallingUid()); boolean success; final boolean success; synchronized (mVpns) { synchronized (mVpns) { throwIfLockdownEnabled(); success = mVpns.get(user).setUnderlyingNetworks(networks); success = mVpns.get(user).setUnderlyingNetworks(networks); } } if (success) { if (success) { Loading Loading @@ -5520,7 +5534,6 @@ public class ConnectivityService extends IConnectivityManager.Stub setAlwaysOnVpnPackage(userId, null, false); setAlwaysOnVpnPackage(userId, null, false); setVpnPackageAuthorization(alwaysOnPackage, userId, false); setVpnPackageAuthorization(alwaysOnPackage, userId, false); } } } // Turn Always-on VPN off // Turn Always-on VPN off if (mLockdownEnabled && userId == UserHandle.USER_SYSTEM) { if (mLockdownEnabled && userId == UserHandle.USER_SYSTEM) { Loading @@ -5540,14 +5553,15 @@ public class ConnectivityService extends IConnectivityManager.Stub if (vpnConfig.legacy) { if (vpnConfig.legacy) { prepareVpn(VpnConfig.LEGACY_VPN, VpnConfig.LEGACY_VPN, userId); prepareVpn(VpnConfig.LEGACY_VPN, VpnConfig.LEGACY_VPN, userId); } else { } else { // Prevent this app (packagename = vpnConfig.user) from initiating VPN connections // Prevent this app (packagename = vpnConfig.user) from initiating // in the future without user intervention. // VPN connections in the future without user intervention. setVpnPackageAuthorization(vpnConfig.user, userId, false); setVpnPackageAuthorization(vpnConfig.user, userId, false); prepareVpn(null, VpnConfig.LEGACY_VPN, userId); prepareVpn(null, VpnConfig.LEGACY_VPN, userId); } } } } } } } Settings.Global.putString(mContext.getContentResolver(), Settings.Global.putString(mContext.getContentResolver(), Settings.Global.NETWORK_AVOID_BAD_WIFI, null); Settings.Global.NETWORK_AVOID_BAD_WIFI, null); Loading
