Loading services/core/java/com/android/server/ConnectivityService.java +2 −2 Original line number Diff line number Diff line Loading @@ -1143,7 +1143,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } synchronized (mVpns) { final Vpn vpn = mVpns.get(UserHandle.getUserId(uid)); if (vpn != null && vpn.isBlockingUid(uid)) { if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) { return true; } } Loading Loading @@ -1736,7 +1736,7 @@ public class ConnectivityService extends IConnectivityManager.Stub // list all state depending on the return value of this function has to be recomputed. // TODO: add a trigger when the always-on VPN sets its blocked UIDs to reevaluate and // send the necessary onBlockedStatusChanged callbacks. if (vpn != null && vpn.isBlockingUid(uid)) { if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) { return true; } } Loading services/core/java/com/android/server/connectivity/Vpn.java +14 −7 Original line number Diff line number Diff line Loading @@ -380,6 +380,15 @@ public class Vpn { } } /** * Check whether to prevent all traffic outside of a VPN even when the VPN is not connected. * * @return {@code true} if VPN lockdown is enabled. */ public boolean getLockdown() { return mLockdown; } /** * Checks if a VPN app supports always-on mode. * Loading Loading @@ -1533,17 +1542,15 @@ public class Vpn { } /** * @return {@code true} if {@param uid} is blocked by an always-on VPN. * A UID is blocked if it's included in one of the mBlockedUsers ranges and the VPN is * not connected, or if the VPN is connected but does not apply to the UID. * @param uid The target uid. * * @return {@code true} if {@code uid} is included in one of the mBlockedUsers ranges and the * VPN is not connected, or if the VPN is connected but does not apply to the {@code uid}. * * @apiNote This method don't check VPN lockdown status. * @see #mBlockedUsers */ public synchronized boolean isBlockingUid(int uid) { if (!mLockdown) { return false; } if (mNetworkInfo.isConnected()) { return !appliesToUid(uid); } else { Loading tests/net/java/com/android/server/connectivity/VpnTest.java +4 −2 Original line number Diff line number Diff line Loading @@ -507,13 +507,15 @@ public class VpnTest { private static void assertBlocked(Vpn vpn, int... uids) { for (int uid : uids) { assertTrue("Uid " + uid + " should be blocked", vpn.isBlockingUid(uid)); final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid); assertTrue("Uid " + uid + " should be blocked", blocked); } } private static void assertUnblocked(Vpn vpn, int... uids) { for (int uid : uids) { assertFalse("Uid " + uid + " should not be blocked", vpn.isBlockingUid(uid)); final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid); assertFalse("Uid " + uid + " should not be blocked", blocked); } } Loading Loading
services/core/java/com/android/server/ConnectivityService.java +2 −2 Original line number Diff line number Diff line Loading @@ -1143,7 +1143,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } synchronized (mVpns) { final Vpn vpn = mVpns.get(UserHandle.getUserId(uid)); if (vpn != null && vpn.isBlockingUid(uid)) { if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) { return true; } } Loading Loading @@ -1736,7 +1736,7 @@ public class ConnectivityService extends IConnectivityManager.Stub // list all state depending on the return value of this function has to be recomputed. // TODO: add a trigger when the always-on VPN sets its blocked UIDs to reevaluate and // send the necessary onBlockedStatusChanged callbacks. if (vpn != null && vpn.isBlockingUid(uid)) { if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) { return true; } } Loading
services/core/java/com/android/server/connectivity/Vpn.java +14 −7 Original line number Diff line number Diff line Loading @@ -380,6 +380,15 @@ public class Vpn { } } /** * Check whether to prevent all traffic outside of a VPN even when the VPN is not connected. * * @return {@code true} if VPN lockdown is enabled. */ public boolean getLockdown() { return mLockdown; } /** * Checks if a VPN app supports always-on mode. * Loading Loading @@ -1533,17 +1542,15 @@ public class Vpn { } /** * @return {@code true} if {@param uid} is blocked by an always-on VPN. * A UID is blocked if it's included in one of the mBlockedUsers ranges and the VPN is * not connected, or if the VPN is connected but does not apply to the UID. * @param uid The target uid. * * @return {@code true} if {@code uid} is included in one of the mBlockedUsers ranges and the * VPN is not connected, or if the VPN is connected but does not apply to the {@code uid}. * * @apiNote This method don't check VPN lockdown status. * @see #mBlockedUsers */ public synchronized boolean isBlockingUid(int uid) { if (!mLockdown) { return false; } if (mNetworkInfo.isConnected()) { return !appliesToUid(uid); } else { Loading
tests/net/java/com/android/server/connectivity/VpnTest.java +4 −2 Original line number Diff line number Diff line Loading @@ -507,13 +507,15 @@ public class VpnTest { private static void assertBlocked(Vpn vpn, int... uids) { for (int uid : uids) { assertTrue("Uid " + uid + " should be blocked", vpn.isBlockingUid(uid)); final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid); assertTrue("Uid " + uid + " should be blocked", blocked); } } private static void assertUnblocked(Vpn vpn, int... uids) { for (int uid : uids) { assertFalse("Uid " + uid + " should not be blocked", vpn.isBlockingUid(uid)); final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid); assertFalse("Uid " + uid + " should not be blocked", blocked); } } Loading
