Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 34b12098 authored by Robin Lee's avatar Robin Lee Committed by The Android Automerger
Browse files

Check if we're connected before marking a UID blocked 

This kills the always-on test, and any third-party app that correctly
checks whether it's blocked before attempting to make a connection.

Only affects always-on VPN when lockdown=true.

Bug: 28909500
Change-Id: I87aa9598d3872ae2ec409c2b19d73052c21ec878
parent 3b078376

services/core/java/com/android/server/connectivity/Vpn.java

+15 −6
Original line number Diff line number Diff line
@@ -1055,12 +1055,20 @@ public class Vpn { 
    }



    /**

     * @return {@code true} if the set of users blocked whilst waiting for VPN to connect includes

     *         the UID {@param uid}, {@code false} otherwise.

     * @return {@code true} if {@param uid} is blocked by an always-on VPN.

     *         A UID is blocked if it's included in one of the mBlockedUsers ranges and the VPN is

     *         not connected, or if the VPN is connected but does not apply to the UID.

     *

     * @see #mBlockedUsers

     */

    public synchronized boolean isBlockingUid(int uid) {

        if (!mLockdown) {

            return false;

        }



        if (mNetworkInfo.isConnected()) {

            return !appliesToUid(uid);

        } else {

            for (UidRange uidRange : mBlockedUsers) {

                if (uidRange.contains(uid)) {

                    return true;
@@ -1068,6 +1076,7 @@ public class Vpn { 
            }

            return false;

        }

    }



    private native int jniCreate(int mtu);

    private native String jniGetName(int tun);