Merge "No-op refactoring of VPN lockdown status check." am: 5c67de8417 am: f03247ac4e
am: 4c2b34797e
Change-Id: I3fb09861c6e6d4c6db2a4105b464018d0b1d8224
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 26b5a99..4478889 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1143,7 +1143,7 @@
}
synchronized (mVpns) {
final Vpn vpn = mVpns.get(UserHandle.getUserId(uid));
- if (vpn != null && vpn.isBlockingUid(uid)) {
+ if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) {
return true;
}
}
@@ -1736,7 +1736,7 @@
// list all state depending on the return value of this function has to be recomputed.
// TODO: add a trigger when the always-on VPN sets its blocked UIDs to reevaluate and
// send the necessary onBlockedStatusChanged callbacks.
- if (vpn != null && vpn.isBlockingUid(uid)) {
+ if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) {
return true;
}
}
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 48082b6..b7ed2f9 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -381,6 +381,15 @@
}
/**
+ * Check whether to prevent all traffic outside of a VPN even when the VPN is not connected.
+ *
+ * @return {@code true} if VPN lockdown is enabled.
+ */
+ public boolean getLockdown() {
+ return mLockdown;
+ }
+
+ /**
* Checks if a VPN app supports always-on mode.
*
* In order to support the always-on feature, an app has to
@@ -1533,17 +1542,15 @@
}
/**
- * @return {@code true} if {@param uid} is blocked by an always-on VPN.
- * A UID is blocked if it's included in one of the mBlockedUsers ranges and the VPN is
- * not connected, or if the VPN is connected but does not apply to the UID.
+ * @param uid The target uid.
*
+ * @return {@code true} if {@code uid} is included in one of the mBlockedUsers ranges and the
+ * VPN is not connected, or if the VPN is connected but does not apply to the {@code uid}.
+ *
+ * @apiNote This method don't check VPN lockdown status.
* @see #mBlockedUsers
*/
public synchronized boolean isBlockingUid(int uid) {
- if (!mLockdown) {
- return false;
- }
-
if (mNetworkInfo.isConnected()) {
return !appliesToUid(uid);
} else {
diff --git a/tests/net/java/com/android/server/connectivity/VpnTest.java b/tests/net/java/com/android/server/connectivity/VpnTest.java
index e377a47..9bf7587 100644
--- a/tests/net/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/net/java/com/android/server/connectivity/VpnTest.java
@@ -507,13 +507,15 @@
private static void assertBlocked(Vpn vpn, int... uids) {
for (int uid : uids) {
- assertTrue("Uid " + uid + " should be blocked", vpn.isBlockingUid(uid));
+ final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid);
+ assertTrue("Uid " + uid + " should be blocked", blocked);
}
}
private static void assertUnblocked(Vpn vpn, int... uids) {
for (int uid : uids) {
- assertFalse("Uid " + uid + " should not be blocked", vpn.isBlockingUid(uid));
+ final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid);
+ assertFalse("Uid " + uid + " should not be blocked", blocked);
}
}