Merge "Update VPN app exclusion list when packages are added or removed" am: 1af24cfdbf (55836582) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/VpnManagerService.java

+38 −6

Original line number	Original line	Diff line number	Diff line
	@@ -45,6 +45,7 @@ import android.os.Build;
	import android.os.Handler;		import android.os.Handler;
	import android.os.HandlerThread;		import android.os.HandlerThread;
	import android.os.INetworkManagementService;		import android.os.INetworkManagementService;
			import android.os.Looper;
	import android.os.ParcelFileDescriptor;		import android.os.ParcelFileDescriptor;
	import android.os.Process;		import android.os.Process;
	import android.os.ServiceManager;		import android.os.ServiceManager;
	@@ -131,6 +132,12 @@ public class VpnManagerService extends IVpnManager.Stub {
	return INetworkManagementService.Stub.asInterface(		return INetworkManagementService.Stub.asInterface(
	ServiceManager.getService(Context.NETWORKMANAGEMENT_SERVICE));		ServiceManager.getService(Context.NETWORKMANAGEMENT_SERVICE));
	}		}

			/** Create a VPN. */
			public Vpn createVpn(Looper looper, Context context, INetworkManagementService nms,
			INetd netd, int userId) {
			return new Vpn(looper, context, nms, netd, userId, new VpnProfileStore());
			}
	}		}

	public VpnManagerService(Context context, Dependencies deps) {		public VpnManagerService(Context context, Dependencies deps) {
	@@ -688,6 +695,7 @@ public class VpnManagerService extends IVpnManager.Stub {

	// Listen to package add and removal events for all users.		// Listen to package add and removal events for all users.
	intentFilter = new IntentFilter();		intentFilter = new IntentFilter();
			intentFilter.addAction(Intent.ACTION_PACKAGE_ADDED);
	intentFilter.addAction(Intent.ACTION_PACKAGE_REPLACED);		intentFilter.addAction(Intent.ACTION_PACKAGE_REPLACED);
	intentFilter.addAction(Intent.ACTION_PACKAGE_REMOVED);		intentFilter.addAction(Intent.ACTION_PACKAGE_REMOVED);
	intentFilter.addDataScheme("package");		intentFilter.addDataScheme("package");
	@@ -738,6 +746,10 @@ public class VpnManagerService extends IVpnManager.Stub {
	final boolean isReplacing = intent.getBooleanExtra(		final boolean isReplacing = intent.getBooleanExtra(
	Intent.EXTRA_REPLACING, false);		Intent.EXTRA_REPLACING, false);
	onPackageRemoved(packageName, uid, isReplacing);		onPackageRemoved(packageName, uid, isReplacing);
			} else if (Intent.ACTION_PACKAGE_ADDED.equals(action)) {
			final boolean isReplacing = intent.getBooleanExtra(
			Intent.EXTRA_REPLACING, false);
			onPackageAdded(packageName, uid, isReplacing);
	} else {		} else {
	Log.wtf(TAG, "received unexpected intent: " + action);		Log.wtf(TAG, "received unexpected intent: " + action);
	}		}
	@@ -757,15 +769,15 @@ public class VpnManagerService extends IVpnManager.Stub {
	}		}
	};		};

	private void onUserStarted(int userId) {		@VisibleForTesting
			void onUserStarted(int userId) {
	synchronized (mVpns) {		synchronized (mVpns) {
	Vpn userVpn = mVpns.get(userId);		Vpn userVpn = mVpns.get(userId);
	if (userVpn != null) {		if (userVpn != null) {
	loge("Starting user already has a VPN");		loge("Starting user already has a VPN");
	return;		return;
	}		}
	userVpn = new Vpn(mHandler.getLooper(), mContext, mNMS, mNetd, userId,		userVpn = mDeps.createVpn(mHandler.getLooper(), mContext, mNMS, mNetd, userId);
	new VpnProfileStore());
	mVpns.put(userId, userVpn);		mVpns.put(userId, userVpn);
	if (mUserManager.getUserInfo(userId).isPrimary() && isLockdownVpnEnabled()) {		if (mUserManager.getUserInfo(userId).isPrimary() && isLockdownVpnEnabled()) {
	updateLockdownVpn();		updateLockdownVpn();
	@@ -842,7 +854,8 @@ public class VpnManagerService extends IVpnManager.Stub {
	}		}
	}		}

	private void onPackageRemoved(String packageName, int uid, boolean isReplacing) {		@VisibleForTesting
			void onPackageRemoved(String packageName, int uid, boolean isReplacing) {
	if (TextUtils.isEmpty(packageName) \|\| uid < 0) {		if (TextUtils.isEmpty(packageName) \|\| uid < 0) {
	Log.wtf(TAG, "Invalid package in onPackageRemoved: " + packageName + " \| " + uid);		Log.wtf(TAG, "Invalid package in onPackageRemoved: " + packageName + " \| " + uid);
	return;		return;
	@@ -851,15 +864,34 @@ public class VpnManagerService extends IVpnManager.Stub {
	final int userId = UserHandle.getUserId(uid);		final int userId = UserHandle.getUserId(uid);
	synchronized (mVpns) {		synchronized (mVpns) {
	final Vpn vpn = mVpns.get(userId);		final Vpn vpn = mVpns.get(userId);
	if (vpn == null) {		if (vpn == null \|\| isReplacing) {
	return;		return;
	}		}
	// Legacy always-on VPN won't be affected since the package name is not set.		// Legacy always-on VPN won't be affected since the package name is not set.
	if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName) && !isReplacing) {		if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName)) {
	log("Removing always-on VPN package " + packageName + " for user "		log("Removing always-on VPN package " + packageName + " for user "
	+ userId);		+ userId);
	vpn.setAlwaysOnPackage(null, false, null);		vpn.setAlwaysOnPackage(null, false, null);
	}		}

			vpn.refreshPlatformVpnAppExclusionList();
			}
			}

			@VisibleForTesting
			void onPackageAdded(String packageName, int uid, boolean isReplacing) {
			if (TextUtils.isEmpty(packageName) \|\| uid < 0) {
			Log.wtf(TAG, "Invalid package in onPackageAdded: " + packageName + " \| " + uid);
			return;
			}

			final int userId = UserHandle.getUserId(uid);
			synchronized (mVpns) {
			final Vpn vpn = mVpns.get(userId);

			if (vpn != null && !isReplacing) {
			vpn.refreshPlatformVpnAppExclusionList();
			}
	}		}
	}		}

services/core/java/com/android/server/connectivity/Vpn.java

+14 −2

Original line number	Original line	Diff line number	Diff line
	@@ -4085,6 +4085,20 @@ public class Vpn {
	@NonNull List<String> excludedApps) {		@NonNull List<String> excludedApps) {
	enforceNotRestrictedUser();		enforceNotRestrictedUser();
	if (!storeAppExclusionList(packageName, excludedApps)) return false;		if (!storeAppExclusionList(packageName, excludedApps)) return false;

			updateAppExclusionList(excludedApps);

			return true;
			}

			/**
			* Triggers an update of the VPN network's excluded UIDs if a VPN is running.
			*/
			public synchronized void refreshPlatformVpnAppExclusionList() {
			updateAppExclusionList(getAppExclusionList(mPackage));
			}

			private synchronized void updateAppExclusionList(@NonNull List<String> excludedApps) {
	// Re-build and update NetworkCapabilities via NetworkAgent.		// Re-build and update NetworkCapabilities via NetworkAgent.
	if (mNetworkAgent != null) {		if (mNetworkAgent != null) {
	// Only update the platform VPN		// Only update the platform VPN
	@@ -4097,8 +4111,6 @@ public class Vpn {
	mNetworkAgent.sendNetworkCapabilities(mNetworkCapabilities);		mNetworkAgent.sendNetworkCapabilities(mNetworkCapabilities);
	}		}
	}		}

	return true;
	}		}

	/**		/**