Loading services/core/java/com/android/server/connectivity/Vpn.java +70 −55 Original line number Diff line number Diff line Loading @@ -385,6 +385,7 @@ public class Vpn { private final INetworkManagementService mNms; private final INetd mNetd; @VisibleForTesting @GuardedBy("this") protected VpnConfig mConfig; private final NetworkProvider mNetworkProvider; @VisibleForTesting Loading Loading @@ -1602,6 +1603,8 @@ public class Vpn { return network; } // TODO : this is not synchronized(this) but reads from mConfig, which is dangerous // This file makes an effort to avoid partly initializing mConfig, but this is still not great private LinkProperties makeLinkProperties() { // The design of disabling IPv6 is only enabled for IKEv2 VPN because it needs additional // logic to handle IPv6 only VPN, and the IPv6 only VPN may be restarted when its MTU Loading Loading @@ -1683,6 +1686,7 @@ public class Vpn { * registering a new NetworkAgent. This is not always possible if the new VPN configuration * has certain changes, in which case this method would just return {@code false}. */ // TODO : this method is not synchronized(this) but reads from mConfig private boolean updateLinkPropertiesInPlaceIfPossible(NetworkAgent agent, VpnConfig oldConfig) { // NetworkAgentConfig cannot be updated without registering a new NetworkAgent. // Strictly speaking, bypassability is affected by lockdown and therefore it's possible Loading Loading @@ -2273,7 +2277,12 @@ public class Vpn { */ public synchronized VpnConfig getVpnConfig() { enforceControlPermission(); return mConfig; // Constructor of VpnConfig cannot take a null parameter. Return null directly if mConfig is // null if (mConfig == null) return null; // mConfig is guarded by "this" and can be modified by another thread as soon as // this method returns, so this method must return a copy. return new VpnConfig(mConfig); } @Deprecated Loading Loading @@ -2319,6 +2328,7 @@ public class Vpn { } }; @GuardedBy("this") private void cleanupVpnStateLocked() { mStatusIntent = null; resetNetworkCapabilities(); Loading Loading @@ -2841,9 +2851,7 @@ public class Vpn { } final boolean isLegacyVpn = mVpnRunner instanceof LegacyVpnRunner; mVpnRunner.exit(); mVpnRunner = null; // LegacyVpn uses daemons that must be shut down before new ones are brought up. // The same limitation does not apply to Platform VPNs. Loading Loading @@ -3087,6 +3095,7 @@ public class Vpn { } }; // GuardedBy("Vpn.this") (annotation can't be applied to constructor) IkeV2VpnRunner( @NonNull Ikev2VpnProfile profile, @NonNull ScheduledThreadPoolExecutor executor) { super(TAG); Loading Loading @@ -3704,11 +3713,14 @@ public class Vpn { } public void updateVpnTransportInfoAndNetCap(int keepaliveDelaySec) { final VpnTransportInfo info = new VpnTransportInfo( final VpnTransportInfo info; synchronized (Vpn.this) { info = new VpnTransportInfo( getActiveVpnType(), mConfig.session, mConfig.allowBypass && !mLockdown, areLongLivedTcpConnectionsExpensive(keepaliveDelaySec)); } final boolean ncUpdateRequired = !info.equals(mNetworkCapabilities.getTransportInfo()); if (ncUpdateRequired) { mNetworkCapabilities = new NetworkCapabilities.Builder(mNetworkCapabilities) Loading Loading @@ -4202,7 +4214,7 @@ public class Vpn { * consistency of the Ikev2VpnRunner fields. */ private void disconnectVpnRunner() { mEventChanges.log("[VPNRunner] Disconnect runner, underlying network" + mActiveNetwork); mEventChanges.log("[VPNRunner] Disconnect runner, underlying net " + mActiveNetwork); mActiveNetwork = null; mUnderlyingNetworkCapabilities = null; mUnderlyingLinkProperties = null; Loading Loading @@ -4273,6 +4285,7 @@ public class Vpn { } }; // GuardedBy("Vpn.this") (annotation can't be applied to constructor) LegacyVpnRunner(VpnConfig config, String[] racoon, String[] mtpd, VpnProfile profile) { super(TAG); if (racoon == null && mtpd == null) { Loading Loading @@ -4480,6 +4493,7 @@ public class Vpn { } // Set the interface and the addresses in the config. synchronized (Vpn.this) { mConfig.interfaze = parameters[0].trim(); mConfig.addLegacyAddresses(parameters[1]); Loading Loading @@ -4519,7 +4533,6 @@ public class Vpn { } // Here is the last step and it must be done synchronously. synchronized (Vpn.this) { // Set the start time mConfig.startTime = SystemClock.elapsedRealtime(); Loading Loading @@ -4753,25 +4766,26 @@ public class Vpn { try { // Build basic config mConfig = new VpnConfig(); final VpnConfig config = new VpnConfig(); if (VpnConfig.LEGACY_VPN.equals(packageName)) { mConfig.legacy = true; mConfig.session = profile.name; mConfig.user = profile.key; config.legacy = true; config.session = profile.name; config.user = profile.key; // TODO: Add support for configuring meteredness via Settings. Until then, use a // safe default. mConfig.isMetered = true; config.isMetered = true; } else { mConfig.user = packageName; mConfig.isMetered = profile.isMetered; config.user = packageName; config.isMetered = profile.isMetered; } mConfig.startTime = SystemClock.elapsedRealtime(); mConfig.proxyInfo = profile.proxy; mConfig.requiresInternetValidation = profile.requiresInternetValidation; mConfig.excludeLocalRoutes = profile.excludeLocalRoutes; mConfig.allowBypass = profile.isBypassable; mConfig.disallowedApplications = getAppExclusionList(mPackage); config.startTime = SystemClock.elapsedRealtime(); config.proxyInfo = profile.proxy; config.requiresInternetValidation = profile.requiresInternetValidation; config.excludeLocalRoutes = profile.excludeLocalRoutes; config.allowBypass = profile.isBypassable; config.disallowedApplications = getAppExclusionList(mPackage); mConfig = config; switch (profile.type) { case VpnProfile.TYPE_IKEV2_IPSEC_USER_PASS: Loading @@ -4785,6 +4799,7 @@ public class Vpn { mVpnRunner.start(); break; default: mConfig = null; updateState(DetailedState.FAILED, "Invalid platform VPN type"); Log.d(TAG, "Unknown VPN profile type: " + profile.type); break; Loading Loading
services/core/java/com/android/server/connectivity/Vpn.java +70 −55 Original line number Diff line number Diff line Loading @@ -385,6 +385,7 @@ public class Vpn { private final INetworkManagementService mNms; private final INetd mNetd; @VisibleForTesting @GuardedBy("this") protected VpnConfig mConfig; private final NetworkProvider mNetworkProvider; @VisibleForTesting Loading Loading @@ -1602,6 +1603,8 @@ public class Vpn { return network; } // TODO : this is not synchronized(this) but reads from mConfig, which is dangerous // This file makes an effort to avoid partly initializing mConfig, but this is still not great private LinkProperties makeLinkProperties() { // The design of disabling IPv6 is only enabled for IKEv2 VPN because it needs additional // logic to handle IPv6 only VPN, and the IPv6 only VPN may be restarted when its MTU Loading Loading @@ -1683,6 +1686,7 @@ public class Vpn { * registering a new NetworkAgent. This is not always possible if the new VPN configuration * has certain changes, in which case this method would just return {@code false}. */ // TODO : this method is not synchronized(this) but reads from mConfig private boolean updateLinkPropertiesInPlaceIfPossible(NetworkAgent agent, VpnConfig oldConfig) { // NetworkAgentConfig cannot be updated without registering a new NetworkAgent. // Strictly speaking, bypassability is affected by lockdown and therefore it's possible Loading Loading @@ -2273,7 +2277,12 @@ public class Vpn { */ public synchronized VpnConfig getVpnConfig() { enforceControlPermission(); return mConfig; // Constructor of VpnConfig cannot take a null parameter. Return null directly if mConfig is // null if (mConfig == null) return null; // mConfig is guarded by "this" and can be modified by another thread as soon as // this method returns, so this method must return a copy. return new VpnConfig(mConfig); } @Deprecated Loading Loading @@ -2319,6 +2328,7 @@ public class Vpn { } }; @GuardedBy("this") private void cleanupVpnStateLocked() { mStatusIntent = null; resetNetworkCapabilities(); Loading Loading @@ -2841,9 +2851,7 @@ public class Vpn { } final boolean isLegacyVpn = mVpnRunner instanceof LegacyVpnRunner; mVpnRunner.exit(); mVpnRunner = null; // LegacyVpn uses daemons that must be shut down before new ones are brought up. // The same limitation does not apply to Platform VPNs. Loading Loading @@ -3087,6 +3095,7 @@ public class Vpn { } }; // GuardedBy("Vpn.this") (annotation can't be applied to constructor) IkeV2VpnRunner( @NonNull Ikev2VpnProfile profile, @NonNull ScheduledThreadPoolExecutor executor) { super(TAG); Loading Loading @@ -3704,11 +3713,14 @@ public class Vpn { } public void updateVpnTransportInfoAndNetCap(int keepaliveDelaySec) { final VpnTransportInfo info = new VpnTransportInfo( final VpnTransportInfo info; synchronized (Vpn.this) { info = new VpnTransportInfo( getActiveVpnType(), mConfig.session, mConfig.allowBypass && !mLockdown, areLongLivedTcpConnectionsExpensive(keepaliveDelaySec)); } final boolean ncUpdateRequired = !info.equals(mNetworkCapabilities.getTransportInfo()); if (ncUpdateRequired) { mNetworkCapabilities = new NetworkCapabilities.Builder(mNetworkCapabilities) Loading Loading @@ -4202,7 +4214,7 @@ public class Vpn { * consistency of the Ikev2VpnRunner fields. */ private void disconnectVpnRunner() { mEventChanges.log("[VPNRunner] Disconnect runner, underlying network" + mActiveNetwork); mEventChanges.log("[VPNRunner] Disconnect runner, underlying net " + mActiveNetwork); mActiveNetwork = null; mUnderlyingNetworkCapabilities = null; mUnderlyingLinkProperties = null; Loading Loading @@ -4273,6 +4285,7 @@ public class Vpn { } }; // GuardedBy("Vpn.this") (annotation can't be applied to constructor) LegacyVpnRunner(VpnConfig config, String[] racoon, String[] mtpd, VpnProfile profile) { super(TAG); if (racoon == null && mtpd == null) { Loading Loading @@ -4480,6 +4493,7 @@ public class Vpn { } // Set the interface and the addresses in the config. synchronized (Vpn.this) { mConfig.interfaze = parameters[0].trim(); mConfig.addLegacyAddresses(parameters[1]); Loading Loading @@ -4519,7 +4533,6 @@ public class Vpn { } // Here is the last step and it must be done synchronously. synchronized (Vpn.this) { // Set the start time mConfig.startTime = SystemClock.elapsedRealtime(); Loading Loading @@ -4753,25 +4766,26 @@ public class Vpn { try { // Build basic config mConfig = new VpnConfig(); final VpnConfig config = new VpnConfig(); if (VpnConfig.LEGACY_VPN.equals(packageName)) { mConfig.legacy = true; mConfig.session = profile.name; mConfig.user = profile.key; config.legacy = true; config.session = profile.name; config.user = profile.key; // TODO: Add support for configuring meteredness via Settings. Until then, use a // safe default. mConfig.isMetered = true; config.isMetered = true; } else { mConfig.user = packageName; mConfig.isMetered = profile.isMetered; config.user = packageName; config.isMetered = profile.isMetered; } mConfig.startTime = SystemClock.elapsedRealtime(); mConfig.proxyInfo = profile.proxy; mConfig.requiresInternetValidation = profile.requiresInternetValidation; mConfig.excludeLocalRoutes = profile.excludeLocalRoutes; mConfig.allowBypass = profile.isBypassable; mConfig.disallowedApplications = getAppExclusionList(mPackage); config.startTime = SystemClock.elapsedRealtime(); config.proxyInfo = profile.proxy; config.requiresInternetValidation = profile.requiresInternetValidation; config.excludeLocalRoutes = profile.excludeLocalRoutes; config.allowBypass = profile.isBypassable; config.disallowedApplications = getAppExclusionList(mPackage); mConfig = config; switch (profile.type) { case VpnProfile.TYPE_IKEV2_IPSEC_USER_PASS: Loading @@ -4785,6 +4799,7 @@ public class Vpn { mVpnRunner.start(); break; default: mConfig = null; updateState(DetailedState.FAILED, "Invalid platform VPN type"); Log.d(TAG, "Unknown VPN profile type: " + profile.type); break; Loading
