Minor fixes to LockdownVpnTracker. (98d12c7d) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/ConnectivityService.java

+10 −5

Original line number	Original line	Diff line number	Diff line
	@@ -4824,12 +4824,15 @@ public class ConnectivityService extends IConnectivityManager.Stub
	if (!mLockdownEnabled) {		if (!mLockdownEnabled) {
	return null;		return null;
	}		}
	// The legacy lockdown VPN always only applies to UID 0.		// The legacy lockdown VPN always only applies to userId 0.
	final NetworkAgentInfo nai = getVpnForUid(Process.FIRST_APPLICATION_UID);		final NetworkAgentInfo nai = getVpnForUid(Process.FIRST_APPLICATION_UID);
	if (nai == null \|\| !isLegacyLockdownNai(nai)) return null;		if (nai == null \|\| !isLegacyLockdownNai(nai)) return null;

	// The legacy lockdown VPN must always have exactly one underlying network.		// The legacy lockdown VPN must always have exactly one underlying network.
	if (nai.declaredUnderlyingNetworks == null \|\| nai.declaredUnderlyingNetworks.length != 1) {		// This code may run on any thread and declaredUnderlyingNetworks may change, so store it in
			// a local variable. There is no need to make a copy because its contents cannot change.
			final Network[] underlying = nai.declaredUnderlyingNetworks;
			if (underlying == null \|\| underlying.length != 1) {
	return null;		return null;
	}		}

	@@ -4839,8 +4842,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	// Report that the VPN is not connected, so when the state of NetworkInfo objects		// Report that the VPN is not connected, so when the state of NetworkInfo objects
	// overwritten by getLegacyLockdownState will be set to CONNECTING and not CONNECTED.		// overwritten by getLegacyLockdownState will be set to CONNECTING and not CONNECTED.
	final NetworkAgentInfo defaultNetwork = getDefaultNetwork();		final NetworkAgentInfo defaultNetwork = getDefaultNetwork();
	if (defaultNetwork == null		if (defaultNetwork == null \|\| !defaultNetwork.network.equals(underlying[0])) {
	\|\| !defaultNetwork.network.equals(nai.declaredUnderlyingNetworks[0])) {
	return null;		return null;
	}		}

	@@ -4899,6 +4901,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
	private BroadcastReceiver mIntentReceiver = new BroadcastReceiver() {		private BroadcastReceiver mIntentReceiver = new BroadcastReceiver() {
	@Override		@Override
	public void onReceive(Context context, Intent intent) {		public void onReceive(Context context, Intent intent) {
			// TODO: make BroadcastInterceptingContext use the Handler passed in to registerReceiver
			// and put this back.
			// ensureRunningOnConnectivityServiceThread();
	final String action = intent.getAction();		final String action = intent.getAction();
	final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);		final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL);

services/core/java/com/android/server/net/LockdownVpnTracker.java

+3 −24

Original line number	Original line	Diff line number	Diff line
	@@ -16,7 +16,6 @@

	package com.android.server.net;		package com.android.server.net;

	import static android.net.ConnectivityManager.TYPE_NONE;
	import static android.net.NetworkCapabilities.TRANSPORT_VPN;		import static android.net.NetworkCapabilities.TRANSPORT_VPN;
	import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN;		import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN;
	import static android.provider.Settings.ACTION_VPN_SETTINGS;		import static android.provider.Settings.ACTION_VPN_SETTINGS;
	@@ -34,7 +33,6 @@ import android.net.LinkAddress;
	import android.net.LinkProperties;		import android.net.LinkProperties;
	import android.net.Network;		import android.net.Network;
	import android.net.NetworkInfo;		import android.net.NetworkInfo;
	import android.net.NetworkInfo.DetailedState;
	import android.net.NetworkRequest;		import android.net.NetworkRequest;
	import android.os.Handler;		import android.os.Handler;
	import android.security.KeyStore;		import android.security.KeyStore;
	@@ -45,7 +43,6 @@ import com.android.internal.R;
	import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;		import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;
	import com.android.internal.net.VpnConfig;		import com.android.internal.net.VpnConfig;
	import com.android.internal.net.VpnProfile;		import com.android.internal.net.VpnProfile;
	import com.android.server.EventLogTags;
	import com.android.server.connectivity.Vpn;		import com.android.server.connectivity.Vpn;

	import java.util.List;		import java.util.List;
	@@ -58,9 +55,6 @@ import java.util.Objects;
	public class LockdownVpnTracker {		public class LockdownVpnTracker {
	private static final String TAG = "LockdownVpnTracker";		private static final String TAG = "LockdownVpnTracker";

	/** Number of VPN attempts before waiting for user intervention. */
	private static final int MAX_ERROR_COUNT = 4;

	public static final String ACTION_LOCKDOWN_RESET = "com.android.server.action.LOCKDOWN_RESET";		public static final String ACTION_LOCKDOWN_RESET = "com.android.server.action.LOCKDOWN_RESET";

	@NonNull private final Context mContext;		@NonNull private final Context mContext;
	@@ -83,6 +77,7 @@ public class LockdownVpnTracker {
	private Network mNetwork = null;		private Network mNetwork = null;
	private LinkProperties mLinkProperties = null;		private LinkProperties mLinkProperties = null;

			@Override
	public void onLinkPropertiesChanged(Network network, LinkProperties lp) {		public void onLinkPropertiesChanged(Network network, LinkProperties lp) {
	boolean networkChanged = false;		boolean networkChanged = false;
	if (!network.equals(mNetwork)) {		if (!network.equals(mNetwork)) {
	@@ -100,6 +95,7 @@ public class LockdownVpnTracker {
	}		}
	}		}

			@Override
	public void onLost(Network network) {		public void onLost(Network network) {
	// The default network has gone down.		// The default network has gone down.
	mNetwork = null;		mNetwork = null;
	@@ -134,8 +130,6 @@ public class LockdownVpnTracker {
	@Nullable		@Nullable
	private String mAcceptedEgressIface;		private String mAcceptedEgressIface;

	private int mErrorCount;

	public LockdownVpnTracker(@NonNull Context context,		public LockdownVpnTracker(@NonNull Context context,
	@NonNull Handler handler,		@NonNull Handler handler,
	@NonNull KeyStore keyStore,		@NonNull KeyStore keyStore,
	@@ -165,7 +159,6 @@ public class LockdownVpnTracker {
	*/		*/
	private void handleStateChangedLocked() {		private void handleStateChangedLocked() {
	final Network network = mDefaultNetworkCallback.getNetwork();		final Network network = mDefaultNetworkCallback.getNetwork();
	final NetworkInfo egressInfo = mCm.getNetworkInfo(network); // Only for logging
	final LinkProperties egressProp = mDefaultNetworkCallback.getLinkProperties();		final LinkProperties egressProp = mDefaultNetworkCallback.getLinkProperties();

	final NetworkInfo vpnInfo = mVpn.getNetworkInfo();		final NetworkInfo vpnInfo = mVpn.getNetworkInfo();
	@@ -176,11 +169,9 @@ public class LockdownVpnTracker {
	final boolean egressChanged = egressProp == null		final boolean egressChanged = egressProp == null
	\|\| !TextUtils.equals(mAcceptedEgressIface, egressProp.getInterfaceName());		\|\| !TextUtils.equals(mAcceptedEgressIface, egressProp.getInterfaceName());

	final int egressType = (egressInfo == null) ? TYPE_NONE : egressInfo.getType();
	final String egressIface = (egressProp == null) ?		final String egressIface = (egressProp == null) ?
	null : egressProp.getInterfaceName();		null : egressProp.getInterfaceName();
	Log.d(TAG, "handleStateChanged: egress=" + egressType		Log.d(TAG, "handleStateChanged: egress=" + mAcceptedEgressIface + "->" + egressIface);
	+ " " + mAcceptedEgressIface + "->" + egressIface);

	if (egressDisconnected \|\| egressChanged) {		if (egressDisconnected \|\| egressChanged) {
	mAcceptedEgressIface = null;		mAcceptedEgressIface = null;
	@@ -190,15 +181,6 @@ public class LockdownVpnTracker {
	hideNotification();		hideNotification();
	return;		return;
	}		}
	if (vpnInfo.getDetailedState() == DetailedState.FAILED) {
	EventLogTags.writeLockdownVpnError(egressType);
	}

	if (mErrorCount > MAX_ERROR_COUNT) {
	// Cannot happen because ConnectivityService never sees a NetworkInfo in state FAILED.
	showNotification(R.string.vpn_lockdown_error, R.drawable.vpn_disconnected);
	return;
	}

	// At this point, \|network\| is known to be non-null.		// At this point, \|network\| is known to be non-null.
	if (!vpnInfo.isConnectedOrConnecting()) {		if (!vpnInfo.isConnectedOrConnecting()) {
	@@ -209,7 +191,6 @@ public class LockdownVpnTracker {
	}		}

	Log.d(TAG, "Active network connected; starting VPN");		Log.d(TAG, "Active network connected; starting VPN");
	EventLogTags.writeLockdownVpnConnecting(egressType);
	showNotification(R.string.vpn_lockdown_connecting, R.drawable.vpn_disconnected);		showNotification(R.string.vpn_lockdown_connecting, R.drawable.vpn_disconnected);

	mAcceptedEgressIface = egressIface;		mAcceptedEgressIface = egressIface;
	@@ -243,7 +224,6 @@ public class LockdownVpnTracker {

	Log.d(TAG, "VPN connected using iface=" + iface		Log.d(TAG, "VPN connected using iface=" + iface
	+ ", sourceAddr=" + sourceAddrs.toString());		+ ", sourceAddr=" + sourceAddrs.toString());
	EventLogTags.writeLockdownVpnConnected(egressType);
	showNotification(R.string.vpn_lockdown_connected, R.drawable.vpn_connected);		showNotification(R.string.vpn_lockdown_connected, R.drawable.vpn_connected);
	}		}
	}		}
	@@ -280,7 +260,6 @@ public class LockdownVpnTracker {
	Log.d(TAG, "shutdownLocked()");		Log.d(TAG, "shutdownLocked()");

	mAcceptedEgressIface = null;		mAcceptedEgressIface = null;
	mErrorCount = 0;

	mVpn.stopVpnRunnerPrivileged();		mVpn.stopVpnRunnerPrivileged();
	mVpn.setLockdown(false);		mVpn.setLockdown(false);