From 9b747914f3fb6fde4867fbf92d1598f9893624cf Mon Sep 17 00:00:00 2001 From: Robin Lee Date: Thu, 17 Dec 2015 11:42:22 +0000 Subject: [PATCH] [VPN] start lockdown before user is unlocked Removed the dependency on KeyStore encryption by removing that flag for VPN profiles which don't use secure credentials when saving in Settings. Old encrypted profiles will simply fail to load untile USER_PRESENT is sent, as before. Bug: 26108660 Change-Id: I2677d741d54252f15cb772c94ce1b39041f1e19c --- .../android/server/ConnectivityService.java | 41 ++++++++----------- 1 file changed, 17 insertions(+), 24 deletions(-) diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java index 2de5324fe4..df20704f86 100644 --- a/services/core/java/com/android/server/ConnectivityService.java +++ b/services/core/java/com/android/server/ConnectivityService.java @@ -753,6 +753,7 @@ public class ConnectivityService extends IConnectivityManager.Stub intentFilter.addAction(Intent.ACTION_USER_STOPPING); intentFilter.addAction(Intent.ACTION_USER_ADDED); intentFilter.addAction(Intent.ACTION_USER_REMOVED); + intentFilter.addAction(Intent.ACTION_USER_PRESENT); mContext.registerReceiverAsUser( mUserIntentReceiver, UserHandle.ALL, intentFilter, null, null); @@ -1571,8 +1572,6 @@ public class ConnectivityService extends IConnectivityManager.Stub // Try bringing up tracker, but KeyStore won't be ready yet for secondary users so wait // for user to unlock device too. updateLockdownVpn(); - final IntentFilter filter = new IntentFilter(Intent.ACTION_USER_PRESENT); - mContext.registerReceiverAsUser(mUserPresentReceiver, UserHandle.ALL, filter, null, null); // Configure whether mobile data is always on. mHandler.sendMessage(mHandler.obtainMessage(EVENT_CONFIGURE_MOBILE_DATA_ALWAYS_ON)); @@ -1582,23 +1581,6 @@ public class ConnectivityService extends IConnectivityManager.Stub mPermissionMonitor.startMonitoring(); } - private BroadcastReceiver mUserPresentReceiver = new BroadcastReceiver() { - @Override - public void onReceive(Context context, Intent intent) { - // User that sent this intent = user that was just unlocked - final int unlockedUser = getSendingUserId(); - - // Try creating lockdown tracker, since user present usually means - // unlocked keystore. - if (mUserManager.getUserInfo(unlockedUser).isPrimary() && - LockdownVpnTracker.isEnabled()) { - updateLockdownVpn(); - } else { - updateAlwaysOnVpn(unlockedUser); - } - } - }; - /** * Setup data activity tracking for the given network. * @@ -3206,11 +3188,6 @@ public class ConnectivityService extends IConnectivityManager.Stub // Tear down existing lockdown if profile was removed mLockdownEnabled = LockdownVpnTracker.isEnabled(); if (mLockdownEnabled) { - if (!mKeyStore.isUnlocked()) { - Slog.w(TAG, "KeyStore locked; unable to create LockdownTracker"); - return false; - } - final String profileName = new String(mKeyStore.get(Credentials.LOCKDOWN_VPN)); final VpnProfile profile = VpnProfile.decode( profileName, mKeyStore.get(Credentials.VPN + profileName)); @@ -3589,6 +3566,11 @@ public class ConnectivityService extends IConnectivityManager.Stub userVpn = new Vpn(mHandler.getLooper(), mContext, mNetd, userId); mVpns.put(userId, userVpn); } + if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { + updateLockdownVpn(); + } else { + updateAlwaysOnVpn(userId); + } } private void onUserStop(int userId) { @@ -3622,6 +3604,15 @@ public class ConnectivityService extends IConnectivityManager.Stub } } + private void onUserPresent(int userId) { + // User present may be sent because of an unlock, which might mean an unlocked keystore. + if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) { + updateLockdownVpn(); + } else { + updateAlwaysOnVpn(userId); + } + } + private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent) { @@ -3637,6 +3628,8 @@ public class ConnectivityService extends IConnectivityManager.Stub onUserAdded(userId); } else if (Intent.ACTION_USER_REMOVED.equals(action)) { onUserRemoved(userId); + } else if (Intent.ACTION_USER_PRESENT.equals(action)) { + onUserPresent(userId); } } };