Skip to content

Fix VPN app update disabling always on and leak blocking #384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
liamsmith827 wants to merge 1 commit into
base: 17
Choose a base branch
from
+14 −1
Draft

Fix VPN app update disabling always on and leak blocking #384

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion services/core/java/com/android/server/VpnManagerService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -625,7 +625,7 @@ public boolean setAlwaysOnVpnPackage(
if (!vpn.setAlwaysOnPackage(packageName, lockdown, lockdownAllowlist)) {
return false;
}
if (!startAlwaysOnVpn(userId)) {
if (mUserManager.isUserUnlocked(userId) && !startAlwaysOnVpn(userId)) {
vpn.setAlwaysOnPackage(null, false, null);
return false;
}
Expand Down Expand Up @@ -879,6 +879,9 @@ private void onPackageReplaced(String packageName, int uid) {
return;
}
final int userId = UserHandle.getUserId(uid);
if (!mUserManager.isUserUnlocked()) {
return;
}
synchronized (mVpns) {
final Vpn vpn = mVpns.get(userId);
if (vpn == null) {
Expand Down
8 changes: 8 additions & 0 deletions services/core/java/com/android/server/connectivity/Vpn.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1146,6 +1146,14 @@ private void loadAlwaysOnPackage() {
* was no always-on VPN to start. {@code false} otherwise.
*/
public boolean startAlwaysOnVpn() {
// If the user is locked and the always-on package has not marked its VpnService as
// directBootAware then isAlwaysOnPackageSupported() will return false. As a result, the
// package will be erroneously removed as the always-on package and in turn leak blocking
// will be disabled too.
if (!mUserManager.isUserUnlocked(mUserId)) {
throw new IllegalStateException("attempted to start VPN prior to unlocking user");
}

final String alwaysOnPackage;
synchronized (this) {
alwaysOnPackage = getAlwaysOnPackage();
Expand Down
2 changes: 2 additions & 0 deletions services/tests/VpnTests/java/com/android/server/connectivity/VpnTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3692,6 +3692,8 @@ private void setMockedUsers(UserInfo... users) {
final int id = (int) invocation.getArguments()[0];
return userMap.get(id);
}).when(mUserManager).getUserInfo(anyInt());

doAnswer(invocation -> true).when(mUserManager).isUserUnlocked(anyInt());
}

/**
Expand Down