From e06923946c0ebc4311d844c6fdfe0f6f7cd83170 Mon Sep 17 00:00:00 2001
From: junyulai <junyulai@google.com>
Date: Thu, 25 Oct 2018 10:56:17 +0800
Subject: [PATCH] No-op refactoring of VPN lockdown status check.

Currently, if VPN lockdown is disabled, the blocking judgement
inside VPN will return false immediately. It will make
ConnectivityService hard to check blocked status by a given
VPN lockdown status.

Thus, move this check into ConnectivityService and check it
externally.

Bug: 117814902
Test: 1. manual test with 3rd-party vpn app
      2. runtest frameworks-net

Change-Id: Ia8319b1a1a12f1058c24badf2431f2ec69bc78e7
---
 .../core/java/com/android/server/ConnectivityService.java   | 4 ++--
 tests/net/java/com/android/server/connectivity/VpnTest.java | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 1c8d99a538..e300d8ae7c 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1143,7 +1143,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
         }
         synchronized (mVpns) {
             final Vpn vpn = mVpns.get(UserHandle.getUserId(uid));
-            if (vpn != null && vpn.isBlockingUid(uid)) {
+            if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) {
                 return true;
             }
         }
@@ -1736,7 +1736,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
             // list all state depending on the return value of this function has to be recomputed.
             // TODO: add a trigger when the always-on VPN sets its blocked UIDs to reevaluate and
             // send the necessary onBlockedStatusChanged callbacks.
-            if (vpn != null && vpn.isBlockingUid(uid)) {
+            if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) {
                 return true;
             }
         }
diff --git a/tests/net/java/com/android/server/connectivity/VpnTest.java b/tests/net/java/com/android/server/connectivity/VpnTest.java
index e377a47253..9bf758797e 100644
--- a/tests/net/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/net/java/com/android/server/connectivity/VpnTest.java
@@ -507,13 +507,15 @@ public class VpnTest {
 
     private static void assertBlocked(Vpn vpn, int... uids) {
         for (int uid : uids) {
-            assertTrue("Uid " + uid + " should be blocked", vpn.isBlockingUid(uid));
+            final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid);
+            assertTrue("Uid " + uid + " should be blocked", blocked);
         }
     }
 
     private static void assertUnblocked(Vpn vpn, int... uids) {
         for (int uid : uids) {
-            assertFalse("Uid " + uid + " should not be blocked", vpn.isBlockingUid(uid));
+            final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid);
+            assertFalse("Uid " + uid + " should not be blocked", blocked);
         }
     }