Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a7ec0cbe authored by lucaslin's avatar lucaslin Committed by Lucas Lin
Browse files

Skip sending VpnManager events for Settings VPNs 

This change early-exits from the sendEventToVpnManagerApp()
method if the profile was not a VPN app.

Otherwise the sendEventToVpnManagerApp() will call
getRedactedNetworkCapabilities() which will call
AppOpsManager#checkPackage() eventually.
And AppOpsManager#checkPackage() will check if the given package
is the same as the given uid. In this case, VPN sends
"[Legacy VPN]" as the package and sends 1000 as the uid, but
there is no package named "[Legacy VPN], so the SecurityException
is thrown.

Bug: 236315805
Test: atest FrameworksNetTests:VpnTest
Change-Id: I486398111106b1a9551fb29f92ba7b4fe85f68c1
Merged-In: I486398111106b1a9551fb29f92ba7b4fe85f68c1
Merged-In: I228f62a5e09017dbf985a614f2e42434238a220c
parent e15951e5

services/core/java/com/android/server/connectivity/Vpn.java

+6 −6
Original line number Diff line number Diff line
@@ -2944,7 +2944,7 @@ public class Vpn { 
                            // All the above failures are configuration errors, and are terminal

                            // TODO(b/230548427): Remove SDK check once VPN related stuff are

                            //  decoupled from ConnectivityServiceTest.

                            if (SdkLevel.isAtLeastT()) {

                            if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {

                                sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_IKE_ERROR,

                                        VpnManager.ERROR_CLASS_NOT_RECOVERABLE,

                                        ikeException.getErrorType(),
@@ -2962,7 +2962,7 @@ public class Vpn { 
                            // All the above failures are configuration errors, and are terminal

                            // TODO(b/230548427): Remove SDK check once VPN related stuff are

                            //  decoupled from ConnectivityServiceTest.

                            if (SdkLevel.isAtLeastT()) {

                            if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {

                                sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_IKE_ERROR,

                                        VpnManager.ERROR_CLASS_RECOVERABLE,

                                        ikeException.getErrorType(),
@@ -2981,7 +2981,7 @@ public class Vpn { 
                } else if (exception instanceof IkeNetworkLostException) {

                    // TODO(b/230548427): Remove SDK check once VPN related stuff are

                    //  decoupled from ConnectivityServiceTest.

                    if (SdkLevel.isAtLeastT()) {

                    if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {

                        sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,

                                VpnManager.ERROR_CLASS_RECOVERABLE,

                                VpnManager.ERROR_CODE_NETWORK_LOST,
@@ -2996,7 +2996,7 @@ public class Vpn { 
                    if (exception.getCause() instanceof UnknownHostException) {

                        // TODO(b/230548427): Remove SDK check once VPN related stuff are

                        //  decoupled from ConnectivityServiceTest.

                        if (SdkLevel.isAtLeastT()) {

                        if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {

                            sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,

                                    VpnManager.ERROR_CLASS_RECOVERABLE,

                                    VpnManager.ERROR_CODE_NETWORK_UNKNOWN_HOST,
@@ -3010,7 +3010,7 @@ public class Vpn { 
                    } else if (exception.getCause() instanceof IkeTimeoutException) {

                        // TODO(b/230548427): Remove SDK check once VPN related stuff are

                        //  decoupled from ConnectivityServiceTest.

                        if (SdkLevel.isAtLeastT()) {

                        if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {

                            sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,

                                    VpnManager.ERROR_CLASS_RECOVERABLE,

                                    VpnManager.ERROR_CODE_NETWORK_PROTOCOL_TIMEOUT,
@@ -3024,7 +3024,7 @@ public class Vpn { 
                    } else if (exception.getCause() instanceof IOException) {

                        // TODO(b/230548427): Remove SDK check once VPN related stuff are

                        //  decoupled from ConnectivityServiceTest.

                        if (SdkLevel.isAtLeastT()) {

                        if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {

                            sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,

                                    VpnManager.ERROR_CLASS_RECOVERABLE,

                                    VpnManager.ERROR_CODE_NETWORK_IO,