Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 526e7dd0 authored by Benedict Wong's avatar Benedict Wong
Browse files

Add separate user consent for Platform VPNs 

This change adds a new VPN user consent flow (using the same text) for
granting the lesser OP_ACTIVATE_PLATFORM_VPN. A new
PlatformVpnConfirmDialog is created as a subclass to preserve all logic,
but ensure the right appop is granted for the relevant dialog.

Intent extras were considered, but are inherently unsafe, since the
caller may add any extras that they would want.

Bug: 144246835
Test: FrameworksNetTests passing
Change-Id: Ia6f36207d43c3748f938430c2780dcf29e5623f3
Merged-In: Ia6f36207d43c3748f938430c2780dcf29e5623f3
parent dc63bcc1

core/java/android/net/IConnectivityManager.aidl

+1 −1
Original line number Diff line number Diff line
@@ -116,7 +116,7 @@ interface IConnectivityManager 


    boolean prepareVpn(String oldPackage, String newPackage, int userId);



    void setVpnPackageAuthorization(String packageName, int userId, boolean authorized);

    void setVpnPackageAuthorization(String packageName, int userId, int vpnType);



    ParcelFileDescriptor establishVpn(in VpnConfig config);

core/java/android/net/VpnManager.java

+16 −1
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ package android.net; 


import static com.android.internal.util.Preconditions.checkNotNull;



import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.app.Activity;
@@ -30,6 +31,8 @@ import android.os.RemoteException; 
import com.android.internal.net.VpnProfile;



import java.io.IOException;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.security.GeneralSecurityException;



/**
@@ -47,6 +50,18 @@ import java.security.GeneralSecurityException; 
 * @see Ikev2VpnProfile

 */

public class VpnManager {

    /** Type representing a lack of VPN @hide */

    public static final int TYPE_VPN_NONE = -1;

    /** VPN service type code @hide */

    public static final int TYPE_VPN_SERVICE = 1;

    /** Platform VPN type code @hide */

    public static final int TYPE_VPN_PLATFORM = 2;



    /** @hide */

    @IntDef(value = {TYPE_VPN_NONE, TYPE_VPN_SERVICE, TYPE_VPN_PLATFORM})

    @Retention(RetentionPolicy.SOURCE)

    public @interface VpnType {}



    @NonNull private final Context mContext;

    @NonNull private final IConnectivityManager mService;
@@ -54,7 +69,7 @@ public class VpnManager { 
        final Intent intent = new Intent();

        final ComponentName componentName = ComponentName.unflattenFromString(

                Resources.getSystem().getString(

                        com.android.internal.R.string.config_customVpnConfirmDialogComponent));

                        com.android.internal.R.string.config_platformVpnConfirmDialogComponent));

        intent.setComponent(componentName);

        return intent;

    }

core/java/android/net/VpnService.java

+1 −1
Original line number Diff line number Diff line
@@ -234,7 +234,7 @@ public class VpnService extends Service { 
            if (!cm.prepareVpn(packageName, null, userId)) {

                cm.prepareVpn(null, packageName, userId);

            }

            cm.setVpnPackageAuthorization(packageName, userId, true);

            cm.setVpnPackageAuthorization(packageName, userId, VpnManager.TYPE_VPN_SERVICE);

        } catch (RemoteException e) {

            // ignore

        }

core/res/res/values/config.xml

+5 −1
Original line number Diff line number Diff line
@@ -2708,7 +2708,11 @@ 
    <string name="config_customAdbPublicKeyConfirmationSecondaryUserComponent"

            >com.android.systemui/com.android.systemui.usb.UsbDebuggingSecondaryUserActivity</string>



    <!-- Name of the dialog that is used to request the user's consent to VPN connection -->

    <!-- Name of the dialog that is used to request the user's consent for a Platform VPN -->

    <string name="config_platformVpnConfirmDialogComponent" translatable="false"

            >com.android.vpndialogs/com.android.vpndialogs.PlatformVpnConfirmDialog</string>



    <!-- Name of the dialog that is used to request the user's consent for a VpnService VPN -->

    <string name="config_customVpnConfirmDialogComponent" translatable="false"

            >com.android.vpndialogs/com.android.vpndialogs.ConfirmDialog</string>

core/res/res/values/symbols.xml

+1 −0
Original line number Diff line number Diff line
@@ -2233,6 +2233,7 @@ 
  <java-symbol type="string" name="config_customAdbPublicKeyConfirmationSecondaryUserComponent" />

  <java-symbol type="string" name="config_customVpnConfirmDialogComponent" />

  <java-symbol type="string" name="config_customVpnAlwaysOnDisconnectedDialogComponent" />

  <java-symbol type="string" name="config_platformVpnConfirmDialogComponent" />

  <java-symbol type="string" name="config_carrierAppInstallDialogComponent" />

  <java-symbol type="string" name="config_defaultNetworkScorerPackageName" />

  <java-symbol type="string" name="config_persistentDataPackageName" />