LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add API for VPN apps to query always-on and lockdown.

Browse Source 
Test: atest MixedDeviceOwnerTest#testAlwaysOnVpn
Bug: 72628179
Change-Id: I73cb0888f7049b12ab0cdfa62678c3846e074d3b
This commit is contained in:
Pavel Grafov
2018-12-14 13:51:07 +00:00
parent 8621e44c39
commit e87b7ceaa6
3 changed files with 59 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/java/android/net/IConnectivityManager.aidl
View File

@@ -187,4 +187,6 @@ interface IConnectivityManager
byte[] getNetworkWatchlistConfigHash(); byte[] getNetworkWatchlistConfigHash();
int getConnectionOwnerUid(in ConnectionInfo connectionInfo); int getConnectionOwnerUid(in ConnectionInfo connectionInfo);
boolean isCallerCurrentAlwaysOnVpnApp();
boolean isCallerCurrentAlwaysOnVpnLockdownApp();
} }

40
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -6342,6 +6342,20 @@ public class ConnectivityService extends IConnectivityManager.Stub
} }
} }
@GuardedBy("mVpns")
private Vpn getVpnIfOwner() {
final int uid = Binder.getCallingUid();
final int user = UserHandle.getUserId(uid);
final Vpn vpn = mVpns.get(user);
if (vpn == null) {
return null;
} else {
final VpnInfo info = vpn.getVpnInfo();
return (info == null || info.ownerUid != uid) ? null : vpn;
}
}
/** /**
* Caller either needs to be an active VPN, or hold the NETWORK_STACK permission * Caller either needs to be an active VPN, or hold the NETWORK_STACK permission
* for testing. * for testing.
@@ -6350,14 +6364,10 @@ public class ConnectivityService extends IConnectivityManager.Stub
if (checkNetworkStackPermission()) { if (checkNetworkStackPermission()) {
return null; return null;
} }
final int uid = Binder.getCallingUid();
final int user = UserHandle.getUserId(uid);
synchronized (mVpns) { synchronized (mVpns) {
Vpn vpn = mVpns.get(user); Vpn vpn = getVpnIfOwner();
try { if (vpn != null) {
if (vpn.getVpnInfo().ownerUid == uid) return vpn; return vpn;
} catch (NullPointerException e) {
/* vpn is null, or VPN is not connected and getVpnInfo() is null. */
} }
} }
throw new SecurityException("App must either be an active VPN or have the NETWORK_STACK " throw new SecurityException("App must either be an active VPN or have the NETWORK_STACK "
@@ -6386,4 +6396,20 @@ public class ConnectivityService extends IConnectivityManager.Stub
return uid; return uid;
} }
@Override
public boolean isCallerCurrentAlwaysOnVpnApp() {
synchronized (mVpns) {
Vpn vpn = getVpnIfOwner();
return vpn != null && vpn.getAlwaysOn();
}
}
@Override
public boolean isCallerCurrentAlwaysOnVpnLockdownApp() {
synchronized (mVpns) {
Vpn vpn = getVpnIfOwner();
return vpn != null && vpn.getLockdown();
}
}
} }

26
tests/net/java/com/android/server/connectivity/VpnTest.java
View File

@@ -57,7 +57,6 @@ import android.content.pm.ServiceInfo;
import android.content.pm.UserInfo; import android.content.pm.UserInfo;
import android.content.res.Resources; import android.content.res.Resources;
import android.net.ConnectivityManager; import android.net.ConnectivityManager;
import android.net.IConnectivityManager;
import android.net.IpPrefix; import android.net.IpPrefix;
import android.net.LinkProperties; import android.net.LinkProperties;
import android.net.Network; import android.net.Network;
@@ -97,7 +96,6 @@ import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream; import java.util.stream.Stream;
/** /**
@@ -239,6 +237,30 @@ public class VpnTest {
})), disallow); })), disallow);
} }
@Test
public void testGetAlwaysAndOnGetLockDown() throws Exception {
final Vpn vpn = createVpn(primaryUser.id);
// Default state.
assertFalse(vpn.getAlwaysOn());
assertFalse(vpn.getLockdown());
// Set always-on without lockdown.
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], false));
assertTrue(vpn.getAlwaysOn());
assertFalse(vpn.getLockdown());
// Set always-on with lockdown.
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true));
assertTrue(vpn.getAlwaysOn());
assertTrue(vpn.getLockdown());
// Remove always-on configuration.
assertTrue(vpn.setAlwaysOnPackage(null, false));
assertFalse(vpn.getAlwaysOn());
assertFalse(vpn.getLockdown());
}
@Test @Test
public void testLockdownChangingPackage() throws Exception { public void testLockdownChangingPackage() throws Exception {
final Vpn vpn = createVpn(primaryUser.id); final Vpn vpn = createVpn(primaryUser.id);