Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 418017e5 authored by Benedict Wong's avatar Benedict Wong
Browse files

Add separate user consent for Platform VPNs 

This change adds a new VPN user consent flow (using the same text) for
granting the lesser OP_ACTIVATE_PLATFORM_VPN. A new
PlatformVpnConfirmDialog is created as a subclass to preserve all logic,
but ensure the right appop is granted for the relevant dialog.

Intent extras were considered, but are inherently unsafe, since the
caller may add any extras that they would want.

Bug: 144246835
Test: FrameworksNetTests passing
Change-Id: Ia6f36207d43c3748f938430c2780dcf29e5623f3
parent 2d814e8b

core/java/android/net/IConnectivityManager.aidl

+1 −1
Original line number Original line Diff line number Diff line
@@ -117,7 +117,7 @@ interface IConnectivityManager 




    boolean prepareVpn(String oldPackage, String newPackage, int userId);

    boolean prepareVpn(String oldPackage, String newPackage, int userId);





    void setVpnPackageAuthorization(String packageName, int userId, boolean authorized);

    void setVpnPackageAuthorization(String packageName, int userId, int vpnType);





    ParcelFileDescriptor establishVpn(in VpnConfig config);

    ParcelFileDescriptor establishVpn(in VpnConfig config);

core/java/android/net/VpnManager.java

+16 −1
Original line number Original line Diff line number Diff line
@@ -18,6 +18,7 @@ package android.net; 




import static com.android.internal.util.Preconditions.checkNotNull;

import static com.android.internal.util.Preconditions.checkNotNull;





import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.Nullable;

import android.app.Activity;

import android.app.Activity;
@@ -30,6 +31,8 @@ import android.os.RemoteException; 
import com.android.internal.net.VpnProfile;

import com.android.internal.net.VpnProfile;





import java.io.IOException;

import java.io.IOException;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.security.GeneralSecurityException;

import java.security.GeneralSecurityException;





/**

/**
@@ -47,6 +50,18 @@ import java.security.GeneralSecurityException; 
 * @see Ikev2VpnProfile

 * @see Ikev2VpnProfile

 */

 */

public class VpnManager {

public class VpnManager {

    /** Type representing a lack of VPN @hide */

    public static final int TYPE_VPN_NONE = -1;

    /** VPN service type code @hide */

    public static final int TYPE_VPN_SERVICE = 1;

    /** Platform VPN type code @hide */

    public static final int TYPE_VPN_PLATFORM = 2;



    /** @hide */

    @IntDef(value = {TYPE_VPN_NONE, TYPE_VPN_SERVICE, TYPE_VPN_PLATFORM})

    @Retention(RetentionPolicy.SOURCE)

    public @interface VpnType {}



    @NonNull private final Context mContext;

    @NonNull private final Context mContext;

    @NonNull private final IConnectivityManager mService;

    @NonNull private final IConnectivityManager mService;
@@ -54,7 +69,7 @@ public class VpnManager { 
        final Intent intent = new Intent();

        final Intent intent = new Intent();

        final ComponentName componentName = ComponentName.unflattenFromString(

        final ComponentName componentName = ComponentName.unflattenFromString(

                Resources.getSystem().getString(

                Resources.getSystem().getString(

                        com.android.internal.R.string.config_customVpnConfirmDialogComponent));

                        com.android.internal.R.string.config_platformVpnConfirmDialogComponent));

        intent.setComponent(componentName);

        intent.setComponent(componentName);

        return intent;

        return intent;

    }

    }

core/java/android/net/VpnService.java

+1 −1
Original line number Original line Diff line number Diff line
@@ -234,7 +234,7 @@ public class VpnService extends Service { 
            if (!cm.prepareVpn(packageName, null, userId)) {

            if (!cm.prepareVpn(packageName, null, userId)) {

                cm.prepareVpn(null, packageName, userId);

                cm.prepareVpn(null, packageName, userId);

            }

            }

            cm.setVpnPackageAuthorization(packageName, userId, true);

            cm.setVpnPackageAuthorization(packageName, userId, VpnManager.TYPE_VPN_SERVICE);

        } catch (RemoteException e) {

        } catch (RemoteException e) {

            // ignore

            // ignore

        }

        }

core/res/res/values/config.xml

+5 −1
Original line number Original line Diff line number Diff line
@@ -2565,7 +2565,11 @@ 
    <string name="config_usbResolverActivity" translatable="false"

    <string name="config_usbResolverActivity" translatable="false"

            >com.android.systemui/com.android.systemui.usb.UsbResolverActivity</string>

            >com.android.systemui/com.android.systemui.usb.UsbResolverActivity</string>





    <!-- Name of the dialog that is used to request the user's consent to VPN connection -->

    <!-- Name of the dialog that is used to request the user's consent for a Platform VPN -->

    <string name="config_platformVpnConfirmDialogComponent" translatable="false"

            >com.android.vpndialogs/com.android.vpndialogs.PlatformVpnConfirmDialog</string>



    <!-- Name of the dialog that is used to request the user's consent for a VpnService VPN -->

    <string name="config_customVpnConfirmDialogComponent" translatable="false"

    <string name="config_customVpnConfirmDialogComponent" translatable="false"

            >com.android.vpndialogs/com.android.vpndialogs.ConfirmDialog</string>

            >com.android.vpndialogs/com.android.vpndialogs.ConfirmDialog</string>

core/res/res/values/symbols.xml

+1 −0
Original line number Original line Diff line number Diff line
@@ -2143,6 +2143,7 @@ 
  <java-symbol type="string" name="config_customAdbPublicKeyConfirmationSecondaryUserComponent" />

  <java-symbol type="string" name="config_customAdbPublicKeyConfirmationSecondaryUserComponent" />

  <java-symbol type="string" name="config_customVpnConfirmDialogComponent" />

  <java-symbol type="string" name="config_customVpnConfirmDialogComponent" />

  <java-symbol type="string" name="config_customVpnAlwaysOnDisconnectedDialogComponent" />

  <java-symbol type="string" name="config_customVpnAlwaysOnDisconnectedDialogComponent" />

  <java-symbol type="string" name="config_platformVpnConfirmDialogComponent" />

  <java-symbol type="string" name="config_carrierAppInstallDialogComponent" />

  <java-symbol type="string" name="config_carrierAppInstallDialogComponent" />

  <java-symbol type="string" name="config_defaultNetworkScorerPackageName" />

  <java-symbol type="string" name="config_defaultNetworkScorerPackageName" />

  <java-symbol type="string" name="config_persistentDataPackageName" />

  <java-symbol type="string" name="config_persistentDataPackageName" />