LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[VPN] start lockdown before user is unlocked

Browse Source 
Removed the dependency on KeyStore encryption by removing that flag for
VPN profiles which don't use secure credentials when saving in Settings.

Old encrypted profiles will simply fail to load untile USER_PRESENT is
sent, as before.

Bug: 26108660
Change-Id: I2677d741d54252f15cb772c94ce1b39041f1e19c
This commit is contained in:
Robin Lee
2015-12-17 11:42:22 +00:00
parent e7a3e95319
commit 9b747914f3
1 changed files with 17 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -753,6 +753,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
intentFilter.addAction(Intent.ACTION_USER_STOPPING);
intentFilter.addAction(Intent.ACTION_USER_ADDED);
intentFilter.addAction(Intent.ACTION_USER_REMOVED);
intentFilter.addAction(Intent.ACTION_USER_PRESENT);
mContext.registerReceiverAsUser(
mUserIntentReceiver, UserHandle.ALL, intentFilter, null, null);
@@ -1571,8 +1572,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
// Try bringing up tracker, but KeyStore won't be ready yet for secondary users so wait
// for user to unlock device too.
updateLockdownVpn();
final IntentFilter filter = new IntentFilter(Intent.ACTION_USER_PRESENT);
mContext.registerReceiverAsUser(mUserPresentReceiver, UserHandle.ALL, filter, null, null);
// Configure whether mobile data is always on.
mHandler.sendMessage(mHandler.obtainMessage(EVENT_CONFIGURE_MOBILE_DATA_ALWAYS_ON));
@@ -1582,23 +1581,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
mPermissionMonitor.startMonitoring();
}
private BroadcastReceiver mUserPresentReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
// User that sent this intent = user that was just unlocked
final int unlockedUser = getSendingUserId();
// Try creating lockdown tracker, since user present usually means
// unlocked keystore.
if (mUserManager.getUserInfo(unlockedUser).isPrimary() &&
LockdownVpnTracker.isEnabled()) {
updateLockdownVpn();
} else {
updateAlwaysOnVpn(unlockedUser);
}
}
};
/**
* Setup data activity tracking for the given network.
*
@@ -3206,11 +3188,6 @@ public class ConnectivityService extends IConnectivityManager.Stub
// Tear down existing lockdown if profile was removed
mLockdownEnabled = LockdownVpnTracker.isEnabled();
if (mLockdownEnabled) {
if (!mKeyStore.isUnlocked()) {
Slog.w(TAG, "KeyStore locked; unable to create LockdownTracker");
return false;
}
final String profileName = new String(mKeyStore.get(Credentials.LOCKDOWN_VPN));
final VpnProfile profile = VpnProfile.decode(
profileName, mKeyStore.get(Credentials.VPN + profileName));
@@ -3589,6 +3566,11 @@ public class ConnectivityService extends IConnectivityManager.Stub
userVpn = new Vpn(mHandler.getLooper(), mContext, mNetd, userId);
mVpns.put(userId, userVpn);
}
if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) {
updateLockdownVpn();
} else {
updateAlwaysOnVpn(userId);
}
}
private void onUserStop(int userId) {
@@ -3622,6 +3604,15 @@ public class ConnectivityService extends IConnectivityManager.Stub
}
}
private void onUserPresent(int userId) {
// User present may be sent because of an unlock, which might mean an unlocked keystore.
if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) {
updateLockdownVpn();
} else {
updateAlwaysOnVpn(userId);
}
}
private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
@@ -3637,6 +3628,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
onUserAdded(userId);
} else if (Intent.ACTION_USER_REMOVED.equals(action)) {
onUserRemoved(userId);
} else if (Intent.ACTION_USER_PRESENT.equals(action)) {
onUserPresent(userId);
}
}
};