From 94d03aecfc4b9adf306ef14b532ebfb92048065f Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Fri, 29 Jan 2021 20:34:38 +0900 Subject: [PATCH 1/2] Allow passing the underlying network to startLegacyVpn. This will be used by a future change that makes the legacy lockdown VPN pass the underlying network. Bug: 173331190 Test: tests in subsequent CLs in stack Change-Id: I09366a7f872ef3d4538962a75b0114a2ecb536e6 --- services/core/java/com/android/server/ConnectivityService.java | 2 +- tests/net/java/com/android/server/connectivity/VpnTest.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 96c3e573a8..d6c7dda02b 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -4838,7 +4838,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } synchronized (mVpns) { throwIfLockdownEnabled(); - mVpns.get(user).startLegacyVpn(profile, mKeyStore, egress); + mVpns.get(user).startLegacyVpn(profile, mKeyStore, null /* underlying */, egress); } } diff --git a/tests/net/java/com/android/server/connectivity/VpnTest.java b/tests/net/java/com/android/server/connectivity/VpnTest.java index 68aaaeda1b..f4782829cf 100644 --- a/tests/net/java/com/android/server/connectivity/VpnTest.java +++ b/tests/net/java/com/android/server/connectivity/VpnTest.java @@ -148,6 +148,7 @@ public class VpnTest { managedProfileA.profileGroupId = primaryUser.id; } + static final Network EGRESS_NETWORK = new Network(101); static final String EGRESS_IFACE = "wlan0"; static final String TEST_VPN_PKG = "com.testvpn.vpn"; private static final String TEST_VPN_SERVER = "1.2.3.4"; @@ -963,7 +964,7 @@ public class VpnTest { InetAddresses.parseNumericAddress("192.0.2.0"), EGRESS_IFACE); lp.addRoute(defaultRoute); - vpn.startLegacyVpn(vpnProfile, mKeyStore, lp); + vpn.startLegacyVpn(vpnProfile, mKeyStore, EGRESS_NETWORK, lp); return vpn; } From 31f058e11919b4917697df2db4e033a1a5dbc6a7 Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Fri, 29 Jan 2021 21:03:01 +0900 Subject: [PATCH 2/2] Allow setting underlying networks when legacy lockdown enabled. Currently, if a legacy lockdown VPN is up, no VPN can set underlying networks. This does not make much sense. When legacy lockdown VPN is enabled, no other VPN is allowed to call prepare() or establish(), so no other VPN can connect, and if no VPN can connect, then no VPN can set underlying networks. Therefore, disabling the ability to set underlying networks only affects the legacy lockdown VPN itself. This change is necessary because in a future CL, the legacy lockdown VPN will start to inform ConnectivityService of its underlying network. Bug: 173331190 Test: tests in subsequent CLs in stack Change-Id: Ifa2aa3351c2c8324571f96fda151864ed987ed5a --- services/core/java/com/android/server/ConnectivityService.java | 1 - 1 file changed, 1 deletion(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index d6c7dda02b..f2e192065e 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -8068,7 +8068,6 @@ public class ConnectivityService extends IConnectivityManager.Stub int user = UserHandle.getUserId(mDeps.getCallingUid()); final boolean success; synchronized (mVpns) { - throwIfLockdownEnabled(); success = mVpns.get(user).setUnderlyingNetworks(networks); } return success;