From c5383dcb45c986c70083467701d46106bf02f1b3 Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Fri, 29 Jan 2021 20:34:38 +0900 Subject: [PATCH 1/2] Allow passing the underlying network to startLegacyVpn. This will be used by a future change that makes the legacy lockdown VPN pass the underlying network. Bug: 173331190 Test: tests in subsequent CLs in stack Change-Id: I09366a7f872ef3d4538962a75b0114a2ecb536e6 --- services/core/java/com/android/server/ConnectivityService.java | 2 +- tests/net/java/com/android/server/connectivity/VpnTest.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 96c3e573a8..d6c7dda02b 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -4838,7 +4838,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } synchronized (mVpns) { throwIfLockdownEnabled(); - mVpns.get(user).startLegacyVpn(profile, mKeyStore, egress); + mVpns.get(user).startLegacyVpn(profile, mKeyStore, null /* underlying */, egress); } } diff --git a/tests/net/java/com/android/server/connectivity/VpnTest.java b/tests/net/java/com/android/server/connectivity/VpnTest.java index 68aaaeda1b..f4782829cf 100644 --- a/tests/net/java/com/android/server/connectivity/VpnTest.java +++ b/tests/net/java/com/android/server/connectivity/VpnTest.java @@ -148,6 +148,7 @@ public class VpnTest { managedProfileA.profileGroupId = primaryUser.id; } + static final Network EGRESS_NETWORK = new Network(101); static final String EGRESS_IFACE = "wlan0"; static final String TEST_VPN_PKG = "com.testvpn.vpn"; private static final String TEST_VPN_SERVER = "1.2.3.4"; @@ -963,7 +964,7 @@ public class VpnTest { InetAddresses.parseNumericAddress("192.0.2.0"), EGRESS_IFACE); lp.addRoute(defaultRoute); - vpn.startLegacyVpn(vpnProfile, mKeyStore, lp); + vpn.startLegacyVpn(vpnProfile, mKeyStore, EGRESS_NETWORK, lp); return vpn; } From 611cb268354fe94798d3c9a4bd757393b0a340d7 Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Fri, 29 Jan 2021 21:03:01 +0900 Subject: [PATCH 2/2] Allow setting underlying networks when legacy lockdown enabled. Currently, if a legacy lockdown VPN is up, no VPN can set underlying networks. This does not make much sense. When legacy lockdown VPN is enabled, no other VPN is allowed to call prepare() or establish(), so no other VPN can connect, and if no VPN can connect, then no VPN can set underlying networks. Therefore, disabling the ability to set underlying networks only affects the legacy lockdown VPN itself. This change is necessary because in a future CL, the legacy lockdown VPN will start to inform ConnectivityService of its underlying network. Bug: 173331190 Test: tests in subsequent CLs in stack Change-Id: Ifa2aa3351c2c8324571f96fda151864ed987ed5a --- services/core/java/com/android/server/ConnectivityService.java | 1 - 1 file changed, 1 deletion(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index d6c7dda02b..f2e192065e 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -8068,7 +8068,6 @@ public class ConnectivityService extends IConnectivityManager.Stub int user = UserHandle.getUserId(mDeps.getCallingUid()); final boolean success; synchronized (mVpns) { - throwIfLockdownEnabled(); success = mVpns.get(user).setUnderlyingNetworks(networks); } return success;