2 * Copyright (C) 2011 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package com.android.server.connectivity;
19 import static android.Manifest.permission.BIND_VPN_SERVICE;
20 import static android.net.ConnectivityManager.NETID_UNSET;
21 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_CONGESTED;
22 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;
23 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_ROAMING;
24 import static android.net.RouteInfo.RTN_THROW;
25 import static android.net.RouteInfo.RTN_UNREACHABLE;
27 import android.Manifest;
28 import android.annotation.NonNull;
29 import android.annotation.Nullable;
30 import android.annotation.UserIdInt;
31 import android.app.AppGlobals;
32 import android.app.AppOpsManager;
33 import android.app.Notification;
34 import android.app.NotificationManager;
35 import android.app.PendingIntent;
36 import android.content.BroadcastReceiver;
37 import android.content.ComponentName;
38 import android.content.Context;
39 import android.content.Intent;
40 import android.content.IntentFilter;
41 import android.content.ServiceConnection;
42 import android.content.pm.ApplicationInfo;
43 import android.content.pm.PackageManager;
44 import android.content.pm.PackageManager.NameNotFoundException;
45 import android.content.pm.ResolveInfo;
46 import android.content.pm.UserInfo;
47 import android.net.ConnectivityManager;
48 import android.net.INetworkManagementEventObserver;
49 import android.net.IpPrefix;
50 import android.net.LinkAddress;
51 import android.net.LinkProperties;
52 import android.net.LocalSocket;
53 import android.net.LocalSocketAddress;
54 import android.net.Network;
55 import android.net.NetworkAgent;
56 import android.net.NetworkCapabilities;
57 import android.net.NetworkInfo;
58 import android.net.NetworkInfo.DetailedState;
59 import android.net.NetworkMisc;
60 import android.net.NetworkUtils;
61 import android.net.RouteInfo;
62 import android.net.UidRange;
63 import android.net.Uri;
64 import android.net.VpnService;
65 import android.os.Binder;
66 import android.os.Build.VERSION_CODES;
67 import android.os.Bundle;
68 import android.os.FileUtils;
69 import android.os.IBinder;
70 import android.os.INetworkManagementService;
71 import android.os.Looper;
72 import android.os.Parcel;
73 import android.os.ParcelFileDescriptor;
74 import android.os.PatternMatcher;
75 import android.os.Process;
76 import android.os.RemoteException;
77 import android.os.SystemClock;
78 import android.os.SystemService;
79 import android.os.UserHandle;
80 import android.os.UserManager;
81 import android.provider.Settings;
82 import android.security.Credentials;
83 import android.security.KeyStore;
84 import android.text.TextUtils;
85 import android.util.ArraySet;
86 import android.util.Log;
88 import com.android.internal.R;
89 import com.android.internal.annotations.GuardedBy;
90 import com.android.internal.annotations.VisibleForTesting;
91 import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;
92 import com.android.internal.net.LegacyVpnInfo;
93 import com.android.internal.net.VpnConfig;
94 import com.android.internal.net.VpnInfo;
95 import com.android.internal.net.VpnProfile;
96 import com.android.internal.notification.SystemNotificationChannels;
97 import com.android.internal.util.ArrayUtils;
98 import com.android.server.ConnectivityService;
99 import com.android.server.DeviceIdleController;
100 import com.android.server.LocalServices;
101 import com.android.server.net.BaseNetworkObserver;
104 import java.io.IOException;
105 import java.io.InputStream;
106 import java.io.OutputStream;
107 import java.math.BigInteger;
108 import java.net.Inet4Address;
109 import java.net.Inet6Address;
110 import java.net.InetAddress;
111 import java.nio.charset.StandardCharsets;
112 import java.util.ArrayList;
113 import java.util.Arrays;
114 import java.util.Collection;
115 import java.util.Collections;
116 import java.util.Comparator;
117 import java.util.List;
118 import java.util.Objects;
119 import java.util.Set;
120 import java.util.SortedSet;
121 import java.util.TreeSet;
122 import java.util.concurrent.atomic.AtomicInteger;
124 import libcore.io.IoUtils;
130 private static final String NETWORKTYPE = "VPN";
131 private static final String TAG = "Vpn";
132 private static final boolean LOGD = true;
134 // Length of time (in milliseconds) that an app hosting an always-on VPN is placed on
135 // the device idle whitelist during service launch and VPN bootstrap.
136 private static final long VPN_LAUNCH_IDLE_WHITELIST_DURATION_MS = 60 * 1000;
138 // Settings for how much of the address space should be routed so that Vpn considers
139 // "most" of the address space is routed. This is used to determine whether this Vpn
140 // should be marked with the INTERNET capability.
141 private static final long MOST_IPV4_ADDRESSES_COUNT;
142 private static final BigInteger MOST_IPV6_ADDRESSES_COUNT;
144 // 85% of the address space must be routed for Vpn to consider this VPN to provide
146 final int howManyPercentIsMost = 85;
148 final long twoPower32 = 1L << 32;
149 MOST_IPV4_ADDRESSES_COUNT = twoPower32 * howManyPercentIsMost / 100;
150 final BigInteger twoPower128 = BigInteger.ONE.shiftLeft(128);
151 MOST_IPV6_ADDRESSES_COUNT = twoPower128
152 .multiply(BigInteger.valueOf(howManyPercentIsMost))
153 .divide(BigInteger.valueOf(100));
155 // How many routes to evaluate before bailing and declaring this Vpn should provide
156 // the INTERNET capability. This is necessary because computing the adress space is
157 // O(n²) and this is running in the system service, so a limit is needed to alleviate
158 // the risk of attack.
159 // This is taken as a total of IPv4 + IPV6 routes for simplicity, but the algorithm
160 // is actually O(n²)+O(n²).
161 private static final int MAX_ROUTES_TO_EVALUATE = 150;
163 // TODO: create separate trackers for each unique VPN to support
164 // automated reconnection
166 private Context mContext;
167 private NetworkInfo mNetworkInfo;
168 private String mPackage;
169 private int mOwnerUID;
170 private String mInterface;
171 private Connection mConnection;
172 private LegacyVpnRunner mLegacyVpnRunner;
173 private PendingIntent mStatusIntent;
174 private volatile boolean mEnableTeardown = true;
175 private final INetworkManagementService mNetd;
177 protected VpnConfig mConfig;
179 protected NetworkAgent mNetworkAgent;
180 private final Looper mLooper;
182 protected final NetworkCapabilities mNetworkCapabilities;
183 private final SystemServices mSystemServices;
186 * Whether to keep the connection active after rebooting, or upgrading or reinstalling. This
187 * only applies to {@link VpnService} connections.
189 private boolean mAlwaysOn = false;
192 * Whether to disable traffic outside of this VPN even when the VPN is not connected. System
193 * apps can still bypass by choosing explicit networks. Has no effect if {@link mAlwaysOn} is
196 private boolean mLockdown = false;
199 * List of UIDs for which networking should be blocked until VPN is ready, during brief periods
200 * when VPN is not running. For example, during system startup or after a crash.
204 private Set<UidRange> mBlockedUsers = new ArraySet<>();
206 // Handle of the user initiating VPN.
207 private final int mUserHandle;
209 // Listen to package removal and change events (update/uninstall) for this user
210 private final BroadcastReceiver mPackageIntentReceiver = new BroadcastReceiver() {
212 public void onReceive(Context context, Intent intent) {
213 final Uri data = intent.getData();
214 final String packageName = data == null ? null : data.getSchemeSpecificPart();
215 if (packageName == null) {
219 synchronized (Vpn.this) {
220 // Avoid race where always-on package has been unset
221 if (!packageName.equals(getAlwaysOnPackage())) {
225 final String action = intent.getAction();
226 Log.i(TAG, "Received broadcast " + action + " for always-on VPN package "
227 + packageName + " in user " + mUserHandle);
230 case Intent.ACTION_PACKAGE_REPLACED:
231 // Start vpn after app upgrade
234 case Intent.ACTION_PACKAGE_REMOVED:
235 final boolean isPackageRemoved = !intent.getBooleanExtra(
236 Intent.EXTRA_REPLACING, false);
237 if (isPackageRemoved) {
238 setAlwaysOnPackage(null, false);
246 private boolean mIsPackageIntentReceiverRegistered = false;
248 public Vpn(Looper looper, Context context, INetworkManagementService netService,
249 @UserIdInt int userHandle) {
250 this(looper, context, netService, userHandle, new SystemServices(context));
254 protected Vpn(Looper looper, Context context, INetworkManagementService netService,
255 int userHandle, SystemServices systemServices) {
258 mUserHandle = userHandle;
260 mSystemServices = systemServices;
262 mPackage = VpnConfig.LEGACY_VPN;
263 mOwnerUID = getAppUid(mPackage, mUserHandle);
266 netService.registerObserver(mObserver);
267 } catch (RemoteException e) {
268 Log.wtf(TAG, "Problem registering observer", e);
271 mNetworkInfo = new NetworkInfo(ConnectivityManager.TYPE_VPN, 0 /* subtype */, NETWORKTYPE,
272 "" /* subtypeName */);
273 mNetworkCapabilities = new NetworkCapabilities();
274 mNetworkCapabilities.addTransportType(NetworkCapabilities.TRANSPORT_VPN);
275 mNetworkCapabilities.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN);
276 updateCapabilities();
278 loadAlwaysOnPackage();
282 * Set whether this object is responsible for watching for {@link NetworkInfo}
283 * teardown. When {@code false}, teardown is handled externally by someone
286 public void setEnableTeardown(boolean enableTeardown) {
287 mEnableTeardown = enableTeardown;
291 * Update current state, dispaching event to listeners.
294 protected void updateState(DetailedState detailedState, String reason) {
295 if (LOGD) Log.d(TAG, "setting state=" + detailedState + ", reason=" + reason);
296 mNetworkInfo.setDetailedState(detailedState, reason, null);
297 if (mNetworkAgent != null) {
298 mNetworkAgent.sendNetworkInfo(mNetworkInfo);
300 updateAlwaysOnNotification(detailedState);
303 public void updateCapabilities() {
304 final Network[] underlyingNetworks = (mConfig != null) ? mConfig.underlyingNetworks : null;
305 updateCapabilities(mContext.getSystemService(ConnectivityManager.class), underlyingNetworks,
306 mNetworkCapabilities);
308 if (mNetworkAgent != null) {
309 mNetworkAgent.sendNetworkCapabilities(mNetworkCapabilities);
314 public static void updateCapabilities(ConnectivityManager cm, Network[] underlyingNetworks,
315 NetworkCapabilities caps) {
316 int[] transportTypes = new int[] { NetworkCapabilities.TRANSPORT_VPN };
317 int downKbps = NetworkCapabilities.LINK_BANDWIDTH_UNSPECIFIED;
318 int upKbps = NetworkCapabilities.LINK_BANDWIDTH_UNSPECIFIED;
319 boolean metered = false;
320 boolean roaming = false;
321 boolean congested = false;
323 boolean hadUnderlyingNetworks = false;
324 if (null != underlyingNetworks) {
325 for (Network underlying : underlyingNetworks) {
326 final NetworkCapabilities underlyingCaps = cm.getNetworkCapabilities(underlying);
327 if (underlyingCaps == null) continue;
328 hadUnderlyingNetworks = true;
329 for (int underlyingType : underlyingCaps.getTransportTypes()) {
330 transportTypes = ArrayUtils.appendInt(transportTypes, underlyingType);
333 // When we have multiple networks, we have to assume the
334 // worst-case link speed and restrictions.
335 downKbps = NetworkCapabilities.minBandwidth(downKbps,
336 underlyingCaps.getLinkDownstreamBandwidthKbps());
337 upKbps = NetworkCapabilities.minBandwidth(upKbps,
338 underlyingCaps.getLinkUpstreamBandwidthKbps());
339 metered |= !underlyingCaps.hasCapability(NET_CAPABILITY_NOT_METERED);
340 roaming |= !underlyingCaps.hasCapability(NET_CAPABILITY_NOT_ROAMING);
341 congested |= !underlyingCaps.hasCapability(NET_CAPABILITY_NOT_CONGESTED);
344 if (!hadUnderlyingNetworks) {
345 // No idea what the underlying networks are; assume sane defaults
351 caps.setTransportTypes(transportTypes);
352 caps.setLinkDownstreamBandwidthKbps(downKbps);
353 caps.setLinkUpstreamBandwidthKbps(upKbps);
354 caps.setCapability(NET_CAPABILITY_NOT_METERED, !metered);
355 caps.setCapability(NET_CAPABILITY_NOT_ROAMING, !roaming);
356 caps.setCapability(NET_CAPABILITY_NOT_CONGESTED, !congested);
360 * Chooses whether to force all connections to go though VPN.
362 * Used to enable/disable legacy VPN lockdown.
364 * This uses the same ip rule mechanism as {@link #setAlwaysOnPackage(String, boolean)};
365 * previous settings from calling that function will be replaced and saved with the
368 * @param lockdown whether to prevent all traffic outside of a VPN.
370 public synchronized void setLockdown(boolean lockdown) {
371 enforceControlPermissionOrInternalCaller();
373 setVpnForcedLocked(lockdown);
374 mLockdown = lockdown;
376 // Update app lockdown setting if it changed. Legacy VPN lockdown status is controlled by
377 // LockdownVpnTracker.isEnabled() which keeps track of its own state.
379 saveAlwaysOnPackage();
384 * Checks if a VPN app supports always-on mode.
386 * In order to support the always-on feature, an app has to
388 * <li>target {@link VERSION_CODES#N API 24} or above, and
389 * <li>not opt out through the {@link VpnService#SERVICE_META_DATA_SUPPORTS_ALWAYS_ON}
393 * @param packageName the canonical package name of the VPN app
394 * @return {@code true} if and only if the VPN app exists and supports always-on mode
396 public boolean isAlwaysOnPackageSupported(String packageName) {
397 enforceSettingsPermission();
399 if (packageName == null) {
403 PackageManager pm = mContext.getPackageManager();
404 ApplicationInfo appInfo = null;
406 appInfo = pm.getApplicationInfoAsUser(packageName, 0 /*flags*/, mUserHandle);
407 } catch (NameNotFoundException unused) {
408 Log.w(TAG, "Can't find \"" + packageName + "\" when checking always-on support");
410 if (appInfo == null || appInfo.targetSdkVersion < VERSION_CODES.N) {
414 final Intent intent = new Intent(VpnConfig.SERVICE_INTERFACE);
415 intent.setPackage(packageName);
416 List<ResolveInfo> services =
417 pm.queryIntentServicesAsUser(intent, PackageManager.GET_META_DATA, mUserHandle);
418 if (services == null || services.size() == 0) {
422 for (ResolveInfo rInfo : services) {
423 final Bundle metaData = rInfo.serviceInfo.metaData;
424 if (metaData != null &&
425 !metaData.getBoolean(VpnService.SERVICE_META_DATA_SUPPORTS_ALWAYS_ON, true)) {
434 * Configures an always-on VPN connection through a specific application.
435 * This connection is automatically granted and persisted after a reboot.
437 * <p>The designated package should exist and declare a {@link VpnService} in its
438 * manifest guarded by {@link android.Manifest.permission.BIND_VPN_SERVICE},
439 * otherwise the call will fail.
441 * <p>Note that this method does not check if the VPN app supports always-on mode. The check is
442 * delayed to {@link #startAlwaysOnVpn()}, which is always called immediately after this
443 * method in {@link android.net.IConnectivityManager#setAlwaysOnVpnPackage}.
445 * @param packageName the package to designate as always-on VPN supplier.
446 * @param lockdown whether to prevent traffic outside of a VPN, for example while connecting.
447 * @return {@code true} if the package has been set as always-on, {@code false} otherwise.
449 public synchronized boolean setAlwaysOnPackage(String packageName, boolean lockdown) {
450 enforceControlPermissionOrInternalCaller();
452 if (setAlwaysOnPackageInternal(packageName, lockdown)) {
453 saveAlwaysOnPackage();
460 * Configures an always-on VPN connection through a specific application, the same as
461 * {@link #setAlwaysOnPackage}.
463 * Does not perform permission checks. Does not persist any of the changes to storage.
465 * @param packageName the package to designate as always-on VPN supplier.
466 * @param lockdown whether to prevent traffic outside of a VPN, for example while connecting.
467 * @return {@code true} if the package has been set as always-on, {@code false} otherwise.
470 private boolean setAlwaysOnPackageInternal(String packageName, boolean lockdown) {
471 if (VpnConfig.LEGACY_VPN.equals(packageName)) {
472 Log.w(TAG, "Not setting legacy VPN \"" + packageName + "\" as always-on.");
476 if (packageName != null) {
477 // Pre-authorize new always-on VPN package.
478 if (!setPackageAuthorization(packageName, true)) {
483 packageName = VpnConfig.LEGACY_VPN;
487 mLockdown = (mAlwaysOn && lockdown);
488 if (isCurrentPreparedPackage(packageName)) {
489 updateAlwaysOnNotification(mNetworkInfo.getDetailedState());
491 // Prepare this app. The notification will update as a side-effect of updateState().
492 prepareInternal(packageName);
494 maybeRegisterPackageChangeReceiverLocked(packageName);
495 setVpnForcedLocked(mLockdown);
499 private static boolean isNullOrLegacyVpn(String packageName) {
500 return packageName == null || VpnConfig.LEGACY_VPN.equals(packageName);
503 private void unregisterPackageChangeReceiverLocked() {
504 if (mIsPackageIntentReceiverRegistered) {
505 mContext.unregisterReceiver(mPackageIntentReceiver);
506 mIsPackageIntentReceiverRegistered = false;
510 private void maybeRegisterPackageChangeReceiverLocked(String packageName) {
511 // Unregister IntentFilter listening for previous always-on package change
512 unregisterPackageChangeReceiverLocked();
514 if (!isNullOrLegacyVpn(packageName)) {
515 mIsPackageIntentReceiverRegistered = true;
517 IntentFilter intentFilter = new IntentFilter();
518 // Protected intent can only be sent by system. No permission required in register.
519 intentFilter.addAction(Intent.ACTION_PACKAGE_REPLACED);
520 intentFilter.addAction(Intent.ACTION_PACKAGE_REMOVED);
521 intentFilter.addDataScheme("package");
522 intentFilter.addDataSchemeSpecificPart(packageName, PatternMatcher.PATTERN_LITERAL);
523 mContext.registerReceiverAsUser(
524 mPackageIntentReceiver, UserHandle.of(mUserHandle), intentFilter, null, null);
529 * @return the package name of the VPN controller responsible for always-on VPN,
530 * or {@code null} if none is set or always-on VPN is controlled through
534 public synchronized String getAlwaysOnPackage() {
535 enforceControlPermissionOrInternalCaller();
536 return (mAlwaysOn ? mPackage : null);
540 * Save the always-on package and lockdown config into Settings.Secure
543 private void saveAlwaysOnPackage() {
544 final long token = Binder.clearCallingIdentity();
546 mSystemServices.settingsSecurePutStringForUser(Settings.Secure.ALWAYS_ON_VPN_APP,
547 getAlwaysOnPackage(), mUserHandle);
548 mSystemServices.settingsSecurePutIntForUser(Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN,
549 (mAlwaysOn && mLockdown ? 1 : 0), mUserHandle);
551 Binder.restoreCallingIdentity(token);
556 * Load the always-on package and lockdown config from Settings.Secure
559 private void loadAlwaysOnPackage() {
560 final long token = Binder.clearCallingIdentity();
562 final String alwaysOnPackage = mSystemServices.settingsSecureGetStringForUser(
563 Settings.Secure.ALWAYS_ON_VPN_APP, mUserHandle);
564 final boolean alwaysOnLockdown = mSystemServices.settingsSecureGetIntForUser(
565 Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN, 0 /*default*/, mUserHandle) != 0;
566 setAlwaysOnPackageInternal(alwaysOnPackage, alwaysOnLockdown);
568 Binder.restoreCallingIdentity(token);
573 * @return {@code true} if the service was started, the service was already connected, or there
574 * was no always-on VPN to start. {@code false} otherwise.
576 public boolean startAlwaysOnVpn() {
577 final String alwaysOnPackage;
578 synchronized (this) {
579 alwaysOnPackage = getAlwaysOnPackage();
580 // Skip if there is no service to start.
581 if (alwaysOnPackage == null) {
584 // Remove always-on VPN if it's not supported.
585 if (!isAlwaysOnPackageSupported(alwaysOnPackage)) {
586 setAlwaysOnPackage(null, false);
589 // Skip if the service is already established. This isn't bulletproof: it's not bound
590 // until after establish(), so if it's mid-setup onStartCommand will be sent twice,
591 // which may restart the connection.
592 if (getNetworkInfo().isConnected()) {
597 // Tell the OS that background services in this app need to be allowed for
598 // a short time, so we can bootstrap the VPN service.
599 final long oldId = Binder.clearCallingIdentity();
601 DeviceIdleController.LocalService idleController =
602 LocalServices.getService(DeviceIdleController.LocalService.class);
603 idleController.addPowerSaveTempWhitelistApp(Process.myUid(), alwaysOnPackage,
604 VPN_LAUNCH_IDLE_WHITELIST_DURATION_MS, mUserHandle, false, "vpn");
606 // Start the VPN service declared in the app's manifest.
607 Intent serviceIntent = new Intent(VpnConfig.SERVICE_INTERFACE);
608 serviceIntent.setPackage(alwaysOnPackage);
610 return mContext.startServiceAsUser(serviceIntent, UserHandle.of(mUserHandle)) != null;
611 } catch (RuntimeException e) {
612 Log.e(TAG, "VpnService " + serviceIntent + " failed to start", e);
616 Binder.restoreCallingIdentity(oldId);
621 * Prepare for a VPN application. This method is designed to solve
622 * race conditions. It first compares the current prepared package
623 * with {@code oldPackage}. If they are the same, the prepared
624 * package is revoked and replaced with {@code newPackage}. If
625 * {@code oldPackage} is {@code null}, the comparison is omitted.
626 * If {@code newPackage} is the same package or {@code null}, the
627 * revocation is omitted. This method returns {@code true} if the
628 * operation is succeeded.
630 * Legacy VPN is handled specially since it is not a real package.
631 * It uses {@link VpnConfig#LEGACY_VPN} as its package name, and
632 * it can be revoked by itself.
634 * Note: when we added VPN pre-consent in
635 * https://android.googlesource.com/platform/frameworks/base/+/0554260
636 * the names oldPackage and newPackage became misleading, because when
637 * an app is pre-consented, we actually prepare oldPackage, not newPackage.
639 * Their meanings actually are:
641 * - oldPackage non-null, newPackage null: App calling VpnService#prepare().
642 * - oldPackage null, newPackage non-null: ConfirmDialog calling prepareVpn().
643 * - oldPackage null, newPackage=LEGACY_VPN: Used internally to disconnect
644 * and revoke any current app VPN and re-prepare legacy vpn.
646 * TODO: Rename the variables - or split this method into two - and end this confusion.
647 * TODO: b/29032008 Migrate code from prepare(oldPackage=non-null, newPackage=LEGACY_VPN)
648 * to prepare(oldPackage=null, newPackage=LEGACY_VPN)
650 * @param oldPackage The package name of the old VPN application
651 * @param newPackage The package name of the new VPN application
653 * @return true if the operation succeeded.
655 public synchronized boolean prepare(String oldPackage, String newPackage) {
656 if (oldPackage != null) {
657 // Stop an existing always-on VPN from being dethroned by other apps.
658 if (mAlwaysOn && !isCurrentPreparedPackage(oldPackage)) {
662 // Package is not the same or old package was reinstalled.
663 if (!isCurrentPreparedPackage(oldPackage)) {
664 // The package doesn't match. We return false (to obtain user consent) unless the
665 // user has already consented to that VPN package.
666 if (!oldPackage.equals(VpnConfig.LEGACY_VPN) && isVpnUserPreConsented(oldPackage)) {
667 prepareInternal(oldPackage);
671 } else if (!oldPackage.equals(VpnConfig.LEGACY_VPN)
672 && !isVpnUserPreConsented(oldPackage)) {
673 // Currently prepared VPN is revoked, so unprepare it and return false.
674 prepareInternal(VpnConfig.LEGACY_VPN);
679 // Return true if we do not need to revoke.
680 if (newPackage == null || (!newPackage.equals(VpnConfig.LEGACY_VPN) &&
681 isCurrentPreparedPackage(newPackage))) {
685 // Check that the caller is authorized.
686 enforceControlPermission();
688 // Stop an existing always-on VPN from being dethroned by other apps.
689 if (mAlwaysOn && !isCurrentPreparedPackage(newPackage)) {
693 prepareInternal(newPackage);
697 private boolean isCurrentPreparedPackage(String packageName) {
698 // We can't just check that packageName matches mPackage, because if the app was uninstalled
699 // and reinstalled it will no longer be prepared. Instead check the UID.
700 return getAppUid(packageName, mUserHandle) == mOwnerUID;
703 /** Prepare the VPN for the given package. Does not perform permission checks. */
704 private void prepareInternal(String newPackage) {
705 long token = Binder.clearCallingIdentity();
707 // Reset the interface.
708 if (mInterface != null) {
709 mStatusIntent = null;
711 jniReset(mInterface);
713 mNetworkCapabilities.setUids(null);
716 // Revoke the connection or stop LegacyVpnRunner.
717 if (mConnection != null) {
719 mConnection.mService.transact(IBinder.LAST_CALL_TRANSACTION,
720 Parcel.obtain(), null, IBinder.FLAG_ONEWAY);
721 } catch (Exception e) {
724 mContext.unbindService(mConnection);
726 } else if (mLegacyVpnRunner != null) {
727 mLegacyVpnRunner.exit();
728 mLegacyVpnRunner = null;
732 mNetd.denyProtect(mOwnerUID);
733 } catch (Exception e) {
734 Log.wtf(TAG, "Failed to disallow UID " + mOwnerUID + " to call protect() " + e);
737 Log.i(TAG, "Switched from " + mPackage + " to " + newPackage);
738 mPackage = newPackage;
739 mOwnerUID = getAppUid(newPackage, mUserHandle);
741 mNetd.allowProtect(mOwnerUID);
742 } catch (Exception e) {
743 Log.wtf(TAG, "Failed to allow UID " + mOwnerUID + " to call protect() " + e);
747 updateState(DetailedState.IDLE, "prepare");
748 setVpnForcedLocked(mLockdown);
750 Binder.restoreCallingIdentity(token);
755 * Set whether a package has the ability to launch VPNs without user intervention.
757 public boolean setPackageAuthorization(String packageName, boolean authorized) {
758 // Check if the caller is authorized.
759 enforceControlPermissionOrInternalCaller();
761 int uid = getAppUid(packageName, mUserHandle);
762 if (uid == -1 || VpnConfig.LEGACY_VPN.equals(packageName)) {
763 // Authorization for nonexistent packages (or fake ones) can't be updated.
767 long token = Binder.clearCallingIdentity();
769 AppOpsManager appOps =
770 (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
771 appOps.setMode(AppOpsManager.OP_ACTIVATE_VPN, uid, packageName,
772 authorized ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED);
774 } catch (Exception e) {
775 Log.wtf(TAG, "Failed to set app ops for package " + packageName + ", uid " + uid, e);
777 Binder.restoreCallingIdentity(token);
782 private boolean isVpnUserPreConsented(String packageName) {
783 AppOpsManager appOps =
784 (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
786 // Verify that the caller matches the given package and has permission to activate VPNs.
787 return appOps.noteOpNoThrow(AppOpsManager.OP_ACTIVATE_VPN, Binder.getCallingUid(),
788 packageName) == AppOpsManager.MODE_ALLOWED;
791 private int getAppUid(String app, int userHandle) {
792 if (VpnConfig.LEGACY_VPN.equals(app)) {
793 return Process.myUid();
795 PackageManager pm = mContext.getPackageManager();
798 result = pm.getPackageUidAsUser(app, userHandle);
799 } catch (NameNotFoundException e) {
805 public NetworkInfo getNetworkInfo() {
809 public int getNetId() {
810 return mNetworkAgent != null ? mNetworkAgent.netId : NETID_UNSET;
813 private LinkProperties makeLinkProperties() {
814 boolean allowIPv4 = mConfig.allowIPv4;
815 boolean allowIPv6 = mConfig.allowIPv6;
817 LinkProperties lp = new LinkProperties();
819 lp.setInterfaceName(mInterface);
821 if (mConfig.addresses != null) {
822 for (LinkAddress address : mConfig.addresses) {
823 lp.addLinkAddress(address);
824 allowIPv4 |= address.getAddress() instanceof Inet4Address;
825 allowIPv6 |= address.getAddress() instanceof Inet6Address;
829 if (mConfig.routes != null) {
830 for (RouteInfo route : mConfig.routes) {
832 InetAddress address = route.getDestination().getAddress();
833 allowIPv4 |= address instanceof Inet4Address;
834 allowIPv6 |= address instanceof Inet6Address;
838 if (mConfig.dnsServers != null) {
839 for (String dnsServer : mConfig.dnsServers) {
840 InetAddress address = InetAddress.parseNumericAddress(dnsServer);
841 lp.addDnsServer(address);
842 allowIPv4 |= address instanceof Inet4Address;
843 allowIPv6 |= address instanceof Inet6Address;
848 lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), RTN_UNREACHABLE));
851 lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), RTN_UNREACHABLE));
854 // Concatenate search domains into a string.
855 StringBuilder buffer = new StringBuilder();
856 if (mConfig.searchDomains != null) {
857 for (String domain : mConfig.searchDomains) {
858 buffer.append(domain).append(' ');
861 lp.setDomains(buffer.toString().trim());
863 // TODO: Stop setting the MTU in jniCreate and set it here.
869 * Analyzes the passed LinkedProperties to figure out whether it routes to most of the IP space.
871 * This returns true if the passed LinkedProperties contains routes to either most of the IPv4
872 * space or to most of the IPv6 address space, where "most" is defined by the value of the
873 * MOST_IPV{4,6}_ADDRESSES_COUNT constants : if more than this number of addresses are matched
874 * by any of the routes, then it's decided that most of the space is routed.
878 static boolean providesRoutesToMostDestinations(LinkProperties lp) {
879 final List<RouteInfo> routes = lp.getAllRoutes();
880 if (routes.size() > MAX_ROUTES_TO_EVALUATE) return true;
881 final Comparator<IpPrefix> prefixLengthComparator = IpPrefix.lengthComparator();
882 TreeSet<IpPrefix> ipv4Prefixes = new TreeSet<>(prefixLengthComparator);
883 TreeSet<IpPrefix> ipv6Prefixes = new TreeSet<>(prefixLengthComparator);
884 for (final RouteInfo route : routes) {
885 IpPrefix destination = route.getDestination();
886 if (destination.isIPv4()) {
887 ipv4Prefixes.add(destination);
889 ipv6Prefixes.add(destination);
892 if (NetworkUtils.routedIPv4AddressCount(ipv4Prefixes) > MOST_IPV4_ADDRESSES_COUNT) {
895 return NetworkUtils.routedIPv6AddressCount(ipv6Prefixes)
896 .compareTo(MOST_IPV6_ADDRESSES_COUNT) >= 0;
900 * Attempt to perform a seamless handover of VPNs by only updating LinkProperties without
901 * registering a new NetworkAgent. This is not always possible if the new VPN configuration
902 * has certain changes, in which case this method would just return {@code false}.
904 private boolean updateLinkPropertiesInPlaceIfPossible(NetworkAgent agent, VpnConfig oldConfig) {
905 // NetworkMisc cannot be updated without registering a new NetworkAgent.
906 if (oldConfig.allowBypass != mConfig.allowBypass) {
907 Log.i(TAG, "Handover not possible due to changes to allowBypass");
911 // TODO: we currently do not support seamless handover if the allowed or disallowed
912 // applications have changed. Consider diffing UID ranges and only applying the delta.
913 if (!Objects.equals(oldConfig.allowedApplications, mConfig.allowedApplications) ||
914 !Objects.equals(oldConfig.disallowedApplications, mConfig.disallowedApplications)) {
915 Log.i(TAG, "Handover not possible due to changes to whitelisted/blacklisted apps");
919 LinkProperties lp = makeLinkProperties();
920 final boolean hadInternetCapability = mNetworkCapabilities.hasCapability(
921 NetworkCapabilities.NET_CAPABILITY_INTERNET);
922 final boolean willHaveInternetCapability = providesRoutesToMostDestinations(lp);
923 if (hadInternetCapability != willHaveInternetCapability) {
924 // A seamless handover would have led to a change to INTERNET capability, which
925 // is supposed to be immutable for a given network. In this case bail out and do not
927 Log.i(TAG, "Handover not possible due to changes to INTERNET capability");
931 agent.sendLinkProperties(lp);
935 private void agentConnect() {
936 LinkProperties lp = makeLinkProperties();
938 if (providesRoutesToMostDestinations(lp)) {
939 mNetworkCapabilities.addCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET);
941 mNetworkCapabilities.removeCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET);
944 mNetworkInfo.setDetailedState(DetailedState.CONNECTING, null, null);
946 NetworkMisc networkMisc = new NetworkMisc();
947 networkMisc.allowBypass = mConfig.allowBypass && !mLockdown;
949 mNetworkCapabilities.setEstablishingVpnAppUid(Binder.getCallingUid());
950 mNetworkCapabilities.setUids(createUserAndRestrictedProfilesRanges(mUserHandle,
951 mConfig.allowedApplications, mConfig.disallowedApplications));
952 long token = Binder.clearCallingIdentity();
954 mNetworkAgent = new NetworkAgent(mLooper, mContext, NETWORKTYPE /* logtag */,
955 mNetworkInfo, mNetworkCapabilities, lp,
956 ConnectivityConstants.VPN_DEFAULT_SCORE, networkMisc) {
958 public void unwanted() {
959 // We are user controlled, not driven by NetworkRequest.
963 Binder.restoreCallingIdentity(token);
965 mNetworkInfo.setIsAvailable(true);
966 updateState(DetailedState.CONNECTED, "agentConnect");
969 private boolean canHaveRestrictedProfile(int userId) {
970 long token = Binder.clearCallingIdentity();
972 return UserManager.get(mContext).canHaveRestrictedProfile(userId);
974 Binder.restoreCallingIdentity(token);
978 private void agentDisconnect(NetworkAgent networkAgent) {
979 if (networkAgent != null) {
980 NetworkInfo networkInfo = new NetworkInfo(mNetworkInfo);
981 networkInfo.setIsAvailable(false);
982 networkInfo.setDetailedState(DetailedState.DISCONNECTED, null, null);
983 networkAgent.sendNetworkInfo(networkInfo);
987 private void agentDisconnect() {
988 if (mNetworkInfo.isConnected()) {
989 mNetworkInfo.setIsAvailable(false);
990 updateState(DetailedState.DISCONNECTED, "agentDisconnect");
991 mNetworkAgent = null;
996 * Establish a VPN network and return the file descriptor of the VPN
997 * interface. This methods returns {@code null} if the application is
998 * revoked or not prepared.
1000 * @param config The parameters to configure the network.
1001 * @return The file descriptor of the VPN interface.
1003 public synchronized ParcelFileDescriptor establish(VpnConfig config) {
1004 // Check if the caller is already prepared.
1005 UserManager mgr = UserManager.get(mContext);
1006 if (Binder.getCallingUid() != mOwnerUID) {
1009 // Check to ensure consent hasn't been revoked since we were prepared.
1010 if (!isVpnUserPreConsented(mPackage)) {
1013 // Check if the service is properly declared.
1014 Intent intent = new Intent(VpnConfig.SERVICE_INTERFACE);
1015 intent.setClassName(mPackage, config.user);
1016 long token = Binder.clearCallingIdentity();
1018 // Restricted users are not allowed to create VPNs, they are tied to Owner
1019 UserInfo user = mgr.getUserInfo(mUserHandle);
1020 if (user.isRestricted()) {
1021 throw new SecurityException("Restricted users cannot establish VPNs");
1024 ResolveInfo info = AppGlobals.getPackageManager().resolveService(intent,
1025 null, 0, mUserHandle);
1027 throw new SecurityException("Cannot find " + config.user);
1029 if (!BIND_VPN_SERVICE.equals(info.serviceInfo.permission)) {
1030 throw new SecurityException(config.user + " does not require " + BIND_VPN_SERVICE);
1032 } catch (RemoteException e) {
1033 throw new SecurityException("Cannot find " + config.user);
1035 Binder.restoreCallingIdentity(token);
1038 // Save the old config in case we need to go back.
1039 VpnConfig oldConfig = mConfig;
1040 String oldInterface = mInterface;
1041 Connection oldConnection = mConnection;
1042 NetworkAgent oldNetworkAgent = mNetworkAgent;
1043 Set<UidRange> oldUsers = mNetworkCapabilities.getUids();
1045 // Configure the interface. Abort if any of these steps fails.
1046 ParcelFileDescriptor tun = ParcelFileDescriptor.adoptFd(jniCreate(config.mtu));
1048 String interfaze = jniGetName(tun.getFd());
1050 // TEMP use the old jni calls until there is support for netd address setting
1051 StringBuilder builder = new StringBuilder();
1052 for (LinkAddress address : config.addresses) {
1053 builder.append(" " + address);
1055 if (jniSetAddresses(interfaze, builder.toString()) < 1) {
1056 throw new IllegalArgumentException("At least one address must be specified");
1058 Connection connection = new Connection();
1059 if (!mContext.bindServiceAsUser(intent, connection,
1060 Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE,
1061 new UserHandle(mUserHandle))) {
1062 throw new IllegalStateException("Cannot bind " + config.user);
1065 mConnection = connection;
1066 mInterface = interfaze;
1068 // Fill more values.
1069 config.user = mPackage;
1070 config.interfaze = mInterface;
1071 config.startTime = SystemClock.elapsedRealtime();
1074 // Set up forwarding and DNS rules.
1075 // First attempt to do a seamless handover that only changes the interface name and
1076 // parameters. If that fails, disconnect.
1077 if (oldConfig != null
1078 && updateLinkPropertiesInPlaceIfPossible(mNetworkAgent, oldConfig)) {
1079 // Keep mNetworkAgent unchanged
1081 mNetworkAgent = null;
1082 updateState(DetailedState.CONNECTING, "establish");
1083 // Set up forwarding and DNS rules.
1085 // Remove the old tun's user forwarding rules
1086 // The new tun's user rules have already been added above so they will take over
1087 // as rules are deleted. This prevents data leakage as the rules are moved over.
1088 agentDisconnect(oldNetworkAgent);
1091 if (oldConnection != null) {
1092 mContext.unbindService(oldConnection);
1095 if (oldInterface != null && !oldInterface.equals(interfaze)) {
1096 jniReset(oldInterface);
1100 IoUtils.setBlocking(tun.getFileDescriptor(), config.blocking);
1101 } catch (IOException e) {
1102 throw new IllegalStateException(
1103 "Cannot set tunnel's fd as blocking=" + config.blocking, e);
1105 } catch (RuntimeException e) {
1106 IoUtils.closeQuietly(tun);
1108 // restore old state
1109 mConfig = oldConfig;
1110 mConnection = oldConnection;
1111 mNetworkCapabilities.setUids(oldUsers);
1112 mNetworkAgent = oldNetworkAgent;
1113 mInterface = oldInterface;
1116 Log.i(TAG, "Established by " + config.user + " on " + mInterface);
1120 private boolean isRunningLocked() {
1121 return mNetworkAgent != null && mInterface != null;
1124 // Returns true if the VPN has been established and the calling UID is its owner. Used to check
1125 // that a call to mutate VPN state is admissible.
1127 protected boolean isCallerEstablishedOwnerLocked() {
1128 return isRunningLocked() && Binder.getCallingUid() == mOwnerUID;
1131 // Note: Return type guarantees results are deduped and sorted, which callers require.
1132 private SortedSet<Integer> getAppsUids(List<String> packageNames, int userHandle) {
1133 SortedSet<Integer> uids = new TreeSet<Integer>();
1134 for (String app : packageNames) {
1135 int uid = getAppUid(app, userHandle);
1136 if (uid != -1) uids.add(uid);
1142 * Creates a {@link Set} of non-intersecting {@link UidRange} objects including all UIDs
1143 * associated with one user, and any restricted profiles attached to that user.
1145 * <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
1146 * the UID ranges will match the app whitelist or blacklist specified there. Otherwise, all UIDs
1147 * in each user and profile will be included.
1149 * @param userHandle The userId to create UID ranges for along with any of its restricted
1151 * @param allowedApplications (optional) whitelist of applications to include.
1152 * @param disallowedApplications (optional) blacklist of applications to exclude.
1155 Set<UidRange> createUserAndRestrictedProfilesRanges(@UserIdInt int userHandle,
1156 @Nullable List<String> allowedApplications,
1157 @Nullable List<String> disallowedApplications) {
1158 final Set<UidRange> ranges = new ArraySet<>();
1160 // Assign the top-level user to the set of ranges
1161 addUserToRanges(ranges, userHandle, allowedApplications, disallowedApplications);
1163 // If the user can have restricted profiles, assign all its restricted profiles too
1164 if (canHaveRestrictedProfile(userHandle)) {
1165 final long token = Binder.clearCallingIdentity();
1166 List<UserInfo> users;
1168 users = UserManager.get(mContext).getUsers(true);
1170 Binder.restoreCallingIdentity(token);
1172 for (UserInfo user : users) {
1173 if (user.isRestricted() && (user.restrictedProfileParentId == userHandle)) {
1174 addUserToRanges(ranges, user.id, allowedApplications, disallowedApplications);
1182 * Updates a {@link Set} of non-intersecting {@link UidRange} objects to include all UIDs
1183 * associated with one user.
1185 * <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
1186 * the UID ranges will match the app whitelist or blacklist specified there. Otherwise, all UIDs
1187 * in the user will be included.
1189 * @param ranges {@link Set} of {@link UidRange}s to which to add.
1190 * @param userHandle The userId to add to {@param ranges}.
1191 * @param allowedApplications (optional) whitelist of applications to include.
1192 * @param disallowedApplications (optional) blacklist of applications to exclude.
1195 void addUserToRanges(@NonNull Set<UidRange> ranges, @UserIdInt int userHandle,
1196 @Nullable List<String> allowedApplications,
1197 @Nullable List<String> disallowedApplications) {
1198 if (allowedApplications != null) {
1199 // Add ranges covering all UIDs for allowedApplications.
1200 int start = -1, stop = -1;
1201 for (int uid : getAppsUids(allowedApplications, userHandle)) {
1204 } else if (uid != stop + 1) {
1205 ranges.add(new UidRange(start, stop));
1210 if (start != -1) ranges.add(new UidRange(start, stop));
1211 } else if (disallowedApplications != null) {
1212 // Add all ranges for user skipping UIDs for disallowedApplications.
1213 final UidRange userRange = UidRange.createForUser(userHandle);
1214 int start = userRange.start;
1215 for (int uid : getAppsUids(disallowedApplications, userHandle)) {
1219 ranges.add(new UidRange(start, uid - 1));
1223 if (start <= userRange.stop) ranges.add(new UidRange(start, userRange.stop));
1225 // Add all UIDs for the user.
1226 ranges.add(UidRange.createForUser(userHandle));
1230 // Returns the subset of the full list of active UID ranges the VPN applies to (mVpnUsers) that
1231 // apply to userHandle.
1232 static private List<UidRange> uidRangesForUser(int userHandle, Set<UidRange> existingRanges) {
1233 // UidRange#createForUser returns the entire range of UIDs available to a macro-user.
1234 // This is something like 0-99999 ; {@see UserHandle#PER_USER_RANGE}
1235 final UidRange userRange = UidRange.createForUser(userHandle);
1236 final List<UidRange> ranges = new ArrayList<UidRange>();
1237 for (UidRange range : existingRanges) {
1238 if (userRange.containsRange(range)) {
1245 public void onUserAdded(int userHandle) {
1246 // If the user is restricted tie them to the parent user's VPN
1247 UserInfo user = UserManager.get(mContext).getUserInfo(userHandle);
1248 if (user.isRestricted() && user.restrictedProfileParentId == mUserHandle) {
1249 synchronized(Vpn.this) {
1250 final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
1251 if (existingRanges != null) {
1253 addUserToRanges(existingRanges, userHandle, mConfig.allowedApplications,
1254 mConfig.disallowedApplications);
1255 mNetworkCapabilities.setUids(existingRanges);
1256 updateCapabilities();
1257 } catch (Exception e) {
1258 Log.wtf(TAG, "Failed to add restricted user to owner", e);
1261 setVpnForcedLocked(mLockdown);
1266 public void onUserRemoved(int userHandle) {
1267 // clean up if restricted
1268 UserInfo user = UserManager.get(mContext).getUserInfo(userHandle);
1269 if (user.isRestricted() && user.restrictedProfileParentId == mUserHandle) {
1270 synchronized(Vpn.this) {
1271 final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
1272 if (existingRanges != null) {
1274 final List<UidRange> removedRanges =
1275 uidRangesForUser(userHandle, existingRanges);
1276 existingRanges.removeAll(removedRanges);
1277 mNetworkCapabilities.setUids(existingRanges);
1278 updateCapabilities();
1279 } catch (Exception e) {
1280 Log.wtf(TAG, "Failed to remove restricted user to owner", e);
1283 setVpnForcedLocked(mLockdown);
1289 * Called when the user associated with this VPN has just been stopped.
1291 public synchronized void onUserStopped() {
1292 // Switch off networking lockdown (if it was enabled)
1296 unregisterPackageChangeReceiverLocked();
1297 // Quit any active connections
1302 * Restrict network access from all UIDs affected by this {@link Vpn}, apart from the VPN
1303 * service app itself, to only sockets that have had {@code protect()} called on them. All
1304 * non-VPN traffic is blocked via a {@code PROHIBIT} response from the kernel.
1306 * The exception for the VPN UID isn't technically necessary -- setup should use protected
1307 * sockets -- but in practice it saves apps that don't protect their sockets from breaking.
1309 * Calling multiple times with {@param enforce} = {@code true} will recreate the set of UIDs to
1310 * block every time, and if anything has changed update using {@link #setAllowOnlyVpnForUids}.
1312 * @param enforce {@code true} to require that all traffic under the jurisdiction of this
1313 * {@link Vpn} goes through a VPN connection or is blocked until one is
1314 * available, {@code false} to lift the requirement.
1316 * @see #mBlockedUsers
1319 private void setVpnForcedLocked(boolean enforce) {
1320 final List<String> exemptedPackages =
1321 isNullOrLegacyVpn(mPackage) ? null : Collections.singletonList(mPackage);
1322 final Set<UidRange> removedRanges = new ArraySet<>(mBlockedUsers);
1324 Set<UidRange> addedRanges = Collections.emptySet();
1326 addedRanges = createUserAndRestrictedProfilesRanges(mUserHandle,
1327 /* allowedApplications */ null,
1328 /* disallowedApplications */ exemptedPackages);
1330 // The UID range of the first user (0-99999) would block the IPSec traffic, which comes
1331 // directly from the kernel and is marked as uid=0. So we adjust the range to allow
1332 // it through (b/69873852).
1333 for (UidRange range : addedRanges) {
1334 if (range.start == 0) {
1335 addedRanges.remove(range);
1336 if (range.stop != 0) {
1337 addedRanges.add(new UidRange(1, range.stop));
1342 removedRanges.removeAll(addedRanges);
1343 addedRanges.removeAll(mBlockedUsers);
1346 setAllowOnlyVpnForUids(false, removedRanges);
1347 setAllowOnlyVpnForUids(true, addedRanges);
1351 * Either add or remove a list of {@link UidRange}s to the list of UIDs that are only allowed
1352 * to make connections through sockets that have had {@code protect()} called on them.
1354 * @param enforce {@code true} to add to the blacklist, {@code false} to remove.
1355 * @param ranges {@link Collection} of {@link UidRange}s to add (if {@param enforce} is
1356 * {@code true}) or to remove.
1357 * @return {@code true} if all of the UIDs were added/removed. {@code false} otherwise,
1358 * including added ranges that already existed or removed ones that didn't.
1361 private boolean setAllowOnlyVpnForUids(boolean enforce, Collection<UidRange> ranges) {
1362 if (ranges.size() == 0) {
1365 final UidRange[] rangesArray = ranges.toArray(new UidRange[ranges.size()]);
1367 mNetd.setAllowOnlyVpnForUids(enforce, rangesArray);
1368 } catch (RemoteException | RuntimeException e) {
1369 Log.e(TAG, "Updating blocked=" + enforce
1370 + " for UIDs " + Arrays.toString(ranges.toArray()) + " failed", e);
1374 mBlockedUsers.addAll(ranges);
1376 mBlockedUsers.removeAll(ranges);
1382 * Return the configuration of the currently running VPN.
1384 public VpnConfig getVpnConfig() {
1385 enforceControlPermission();
1390 public synchronized void interfaceStatusChanged(String iface, boolean up) {
1392 mObserver.interfaceStatusChanged(iface, up);
1393 } catch (RemoteException e) {
1394 // ignored; target is local
1398 private INetworkManagementEventObserver mObserver = new BaseNetworkObserver() {
1400 public void interfaceStatusChanged(String interfaze, boolean up) {
1401 synchronized (Vpn.this) {
1402 if (!up && mLegacyVpnRunner != null) {
1403 mLegacyVpnRunner.check(interfaze);
1409 public void interfaceRemoved(String interfaze) {
1410 synchronized (Vpn.this) {
1411 if (interfaze.equals(mInterface) && jniCheck(interfaze) == 0) {
1412 mStatusIntent = null;
1413 mNetworkCapabilities.setUids(null);
1416 if (mConnection != null) {
1417 mContext.unbindService(mConnection);
1420 } else if (mLegacyVpnRunner != null) {
1421 mLegacyVpnRunner.exit();
1422 mLegacyVpnRunner = null;
1429 private void enforceControlPermission() {
1430 mContext.enforceCallingPermission(Manifest.permission.CONTROL_VPN, "Unauthorized Caller");
1433 private void enforceControlPermissionOrInternalCaller() {
1434 // Require the caller to be either an application with CONTROL_VPN permission or a process
1435 // in the system server.
1436 mContext.enforceCallingOrSelfPermission(Manifest.permission.CONTROL_VPN,
1437 "Unauthorized Caller");
1440 private void enforceSettingsPermission() {
1441 mContext.enforceCallingOrSelfPermission(Manifest.permission.NETWORK_SETTINGS,
1442 "Unauthorized Caller");
1445 private class Connection implements ServiceConnection {
1446 private IBinder mService;
1449 public void onServiceConnected(ComponentName name, IBinder service) {
1454 public void onServiceDisconnected(ComponentName name) {
1459 private void prepareStatusIntent() {
1460 final long token = Binder.clearCallingIdentity();
1462 mStatusIntent = VpnConfig.getIntentForStatusPanel(mContext);
1464 Binder.restoreCallingIdentity(token);
1468 public synchronized boolean addAddress(String address, int prefixLength) {
1469 if (!isCallerEstablishedOwnerLocked()) {
1472 boolean success = jniAddAddress(mInterface, address, prefixLength);
1473 mNetworkAgent.sendLinkProperties(makeLinkProperties());
1477 public synchronized boolean removeAddress(String address, int prefixLength) {
1478 if (!isCallerEstablishedOwnerLocked()) {
1481 boolean success = jniDelAddress(mInterface, address, prefixLength);
1482 mNetworkAgent.sendLinkProperties(makeLinkProperties());
1486 public synchronized boolean setUnderlyingNetworks(Network[] networks) {
1487 if (!isCallerEstablishedOwnerLocked()) {
1490 if (networks == null) {
1491 mConfig.underlyingNetworks = null;
1493 mConfig.underlyingNetworks = new Network[networks.length];
1494 for (int i = 0; i < networks.length; ++i) {
1495 if (networks[i] == null) {
1496 mConfig.underlyingNetworks[i] = null;
1498 mConfig.underlyingNetworks[i] = new Network(networks[i].netId);
1502 updateCapabilities();
1506 public synchronized Network[] getUnderlyingNetworks() {
1507 if (!isRunningLocked()) {
1510 return mConfig.underlyingNetworks;
1514 * This method should only be called by ConnectivityService because it doesn't
1515 * have enough data to fill VpnInfo.primaryUnderlyingIface field.
1517 public synchronized VpnInfo getVpnInfo() {
1518 if (!isRunningLocked()) {
1522 VpnInfo info = new VpnInfo();
1523 info.ownerUid = mOwnerUID;
1524 info.vpnIface = mInterface;
1528 public synchronized boolean appliesToUid(int uid) {
1529 if (!isRunningLocked()) {
1532 return mNetworkCapabilities.appliesToUid(uid);
1536 * @return {@code true} if {@param uid} is blocked by an always-on VPN.
1537 * A UID is blocked if it's included in one of the mBlockedUsers ranges and the VPN is
1538 * not connected, or if the VPN is connected but does not apply to the UID.
1540 * @see #mBlockedUsers
1542 public synchronized boolean isBlockingUid(int uid) {
1547 if (mNetworkInfo.isConnected()) {
1548 return !appliesToUid(uid);
1550 for (UidRange uidRange : mBlockedUsers) {
1551 if (uidRange.contains(uid)) {
1559 private void updateAlwaysOnNotification(DetailedState networkState) {
1560 final boolean visible = (mAlwaysOn && networkState != DetailedState.CONNECTED);
1562 final UserHandle user = UserHandle.of(mUserHandle);
1563 final long token = Binder.clearCallingIdentity();
1565 final NotificationManager notificationManager = NotificationManager.from(mContext);
1567 notificationManager.cancelAsUser(TAG, SystemMessage.NOTE_VPN_DISCONNECTED, user);
1570 final Intent intent = new Intent();
1571 intent.setComponent(ComponentName.unflattenFromString(mContext.getString(
1572 R.string.config_customVpnAlwaysOnDisconnectedDialogComponent)));
1573 intent.putExtra("lockdown", mLockdown);
1574 intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
1575 final PendingIntent configIntent = mSystemServices.pendingIntentGetActivityAsUser(
1576 intent, PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_UPDATE_CURRENT, user);
1577 final Notification.Builder builder =
1578 new Notification.Builder(mContext, SystemNotificationChannels.VPN)
1579 .setSmallIcon(R.drawable.vpn_connected)
1580 .setContentTitle(mContext.getString(R.string.vpn_lockdown_disconnected))
1581 .setContentText(mContext.getString(R.string.vpn_lockdown_config))
1582 .setContentIntent(configIntent)
1583 .setCategory(Notification.CATEGORY_SYSTEM)
1584 .setVisibility(Notification.VISIBILITY_PUBLIC)
1586 .setColor(mContext.getColor(R.color.system_notification_accent_color));
1587 notificationManager.notifyAsUser(TAG, SystemMessage.NOTE_VPN_DISCONNECTED,
1588 builder.build(), user);
1590 Binder.restoreCallingIdentity(token);
1595 * Facade for system service calls that change, or depend on, state outside of
1596 * {@link ConnectivityService} and have hard-to-mock interfaces.
1598 * @see com.android.server.connectivity.VpnTest
1601 public static class SystemServices {
1602 private final Context mContext;
1604 public SystemServices(@NonNull Context context) {
1609 * @see PendingIntent#getActivityAsUser()
1611 public PendingIntent pendingIntentGetActivityAsUser(
1612 Intent intent, int flags, UserHandle user) {
1613 return PendingIntent.getActivityAsUser(mContext, 0 /*request*/, intent, flags,
1614 null /*options*/, user);
1618 * @see Settings.Secure#putStringForUser
1620 public void settingsSecurePutStringForUser(String key, String value, int userId) {
1621 Settings.Secure.putStringForUser(mContext.getContentResolver(), key, value, userId);
1625 * @see Settings.Secure#putIntForUser
1627 public void settingsSecurePutIntForUser(String key, int value, int userId) {
1628 Settings.Secure.putIntForUser(mContext.getContentResolver(), key, value, userId);
1632 * @see Settings.Secure#getStringForUser
1634 public String settingsSecureGetStringForUser(String key, int userId) {
1635 return Settings.Secure.getStringForUser(mContext.getContentResolver(), key, userId);
1639 * @see Settings.Secure#getIntForUser
1641 public int settingsSecureGetIntForUser(String key, int def, int userId) {
1642 return Settings.Secure.getIntForUser(mContext.getContentResolver(), key, def, userId);
1646 private native int jniCreate(int mtu);
1647 private native String jniGetName(int tun);
1648 private native int jniSetAddresses(String interfaze, String addresses);
1649 private native void jniReset(String interfaze);
1650 private native int jniCheck(String interfaze);
1651 private native boolean jniAddAddress(String interfaze, String address, int prefixLen);
1652 private native boolean jniDelAddress(String interfaze, String address, int prefixLen);
1654 private static RouteInfo findIPv4DefaultRoute(LinkProperties prop) {
1655 for (RouteInfo route : prop.getAllRoutes()) {
1656 // Currently legacy VPN only works on IPv4.
1657 if (route.isDefaultRoute() && route.getGateway() instanceof Inet4Address) {
1662 throw new IllegalStateException("Unable to find IPv4 default gateway");
1666 * Start legacy VPN, controlling native daemons as needed. Creates a
1667 * secondary thread to perform connection work, returning quickly.
1669 * Should only be called to respond to Binder requests as this enforces caller permission. Use
1670 * {@link #startLegacyVpnPrivileged(VpnProfile, KeyStore, LinkProperties)} to skip the
1671 * permission check only when the caller is trusted (or the call is initiated by the system).
1673 public void startLegacyVpn(VpnProfile profile, KeyStore keyStore, LinkProperties egress) {
1674 enforceControlPermission();
1675 long token = Binder.clearCallingIdentity();
1677 startLegacyVpnPrivileged(profile, keyStore, egress);
1679 Binder.restoreCallingIdentity(token);
1684 * Like {@link #startLegacyVpn(VpnProfile, KeyStore, LinkProperties)}, but does not check
1685 * permissions under the assumption that the caller is the system.
1687 * Callers are responsible for checking permissions if needed.
1689 public void startLegacyVpnPrivileged(VpnProfile profile, KeyStore keyStore,
1690 LinkProperties egress) {
1691 UserManager mgr = UserManager.get(mContext);
1692 UserInfo user = mgr.getUserInfo(mUserHandle);
1693 if (user.isRestricted() || mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN,
1694 new UserHandle(mUserHandle))) {
1695 throw new SecurityException("Restricted users cannot establish VPNs");
1698 final RouteInfo ipv4DefaultRoute = findIPv4DefaultRoute(egress);
1699 final String gateway = ipv4DefaultRoute.getGateway().getHostAddress();
1700 final String iface = ipv4DefaultRoute.getInterface();
1702 // Load certificates.
1703 String privateKey = "";
1704 String userCert = "";
1706 String serverCert = "";
1707 if (!profile.ipsecUserCert.isEmpty()) {
1708 privateKey = Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert;
1709 byte[] value = keyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert);
1710 userCert = (value == null) ? null : new String(value, StandardCharsets.UTF_8);
1712 if (!profile.ipsecCaCert.isEmpty()) {
1713 byte[] value = keyStore.get(Credentials.CA_CERTIFICATE + profile.ipsecCaCert);
1714 caCert = (value == null) ? null : new String(value, StandardCharsets.UTF_8);
1716 if (!profile.ipsecServerCert.isEmpty()) {
1717 byte[] value = keyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecServerCert);
1718 serverCert = (value == null) ? null : new String(value, StandardCharsets.UTF_8);
1720 if (privateKey == null || userCert == null || caCert == null || serverCert == null) {
1721 throw new IllegalStateException("Cannot load credentials");
1724 // Prepare arguments for racoon.
1725 String[] racoon = null;
1726 switch (profile.type) {
1727 case VpnProfile.TYPE_L2TP_IPSEC_PSK:
1728 racoon = new String[] {
1729 iface, profile.server, "udppsk", profile.ipsecIdentifier,
1730 profile.ipsecSecret, "1701",
1733 case VpnProfile.TYPE_L2TP_IPSEC_RSA:
1734 racoon = new String[] {
1735 iface, profile.server, "udprsa", privateKey, userCert,
1736 caCert, serverCert, "1701",
1739 case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
1740 racoon = new String[] {
1741 iface, profile.server, "xauthpsk", profile.ipsecIdentifier,
1742 profile.ipsecSecret, profile.username, profile.password, "", gateway,
1745 case VpnProfile.TYPE_IPSEC_XAUTH_RSA:
1746 racoon = new String[] {
1747 iface, profile.server, "xauthrsa", privateKey, userCert,
1748 caCert, serverCert, profile.username, profile.password, "", gateway,
1751 case VpnProfile.TYPE_IPSEC_HYBRID_RSA:
1752 racoon = new String[] {
1753 iface, profile.server, "hybridrsa",
1754 caCert, serverCert, profile.username, profile.password, "", gateway,
1759 // Prepare arguments for mtpd.
1760 String[] mtpd = null;
1761 switch (profile.type) {
1762 case VpnProfile.TYPE_PPTP:
1763 mtpd = new String[] {
1764 iface, "pptp", profile.server, "1723",
1765 "name", profile.username, "password", profile.password,
1766 "linkname", "vpn", "refuse-eap", "nodefaultroute",
1767 "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400",
1768 (profile.mppe ? "+mppe" : "nomppe"),
1771 case VpnProfile.TYPE_L2TP_IPSEC_PSK:
1772 case VpnProfile.TYPE_L2TP_IPSEC_RSA:
1773 mtpd = new String[] {
1774 iface, "l2tp", profile.server, "1701", profile.l2tpSecret,
1775 "name", profile.username, "password", profile.password,
1776 "linkname", "vpn", "refuse-eap", "nodefaultroute",
1777 "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400",
1782 VpnConfig config = new VpnConfig();
1783 config.legacy = true;
1784 config.user = profile.key;
1785 config.interfaze = iface;
1786 config.session = profile.name;
1788 config.addLegacyRoutes(profile.routes);
1789 if (!profile.dnsServers.isEmpty()) {
1790 config.dnsServers = Arrays.asList(profile.dnsServers.split(" +"));
1792 if (!profile.searchDomains.isEmpty()) {
1793 config.searchDomains = Arrays.asList(profile.searchDomains.split(" +"));
1795 startLegacyVpn(config, racoon, mtpd);
1798 private synchronized void startLegacyVpn(VpnConfig config, String[] racoon, String[] mtpd) {
1799 stopLegacyVpnPrivileged();
1801 // Prepare for the new request.
1802 prepareInternal(VpnConfig.LEGACY_VPN);
1803 updateState(DetailedState.CONNECTING, "startLegacyVpn");
1805 // Start a new LegacyVpnRunner and we are done!
1806 mLegacyVpnRunner = new LegacyVpnRunner(config, racoon, mtpd);
1807 mLegacyVpnRunner.start();
1810 /** Stop legacy VPN. Permissions must be checked by callers. */
1811 public synchronized void stopLegacyVpnPrivileged() {
1812 if (mLegacyVpnRunner != null) {
1813 mLegacyVpnRunner.exit();
1814 mLegacyVpnRunner = null;
1816 synchronized (LegacyVpnRunner.TAG) {
1817 // wait for old thread to completely finish before spinning up
1818 // new instance, otherwise state updates can be out of order.
1824 * Return the information of the current ongoing legacy VPN.
1826 public synchronized LegacyVpnInfo getLegacyVpnInfo() {
1827 // Check if the caller is authorized.
1828 enforceControlPermission();
1829 return getLegacyVpnInfoPrivileged();
1833 * Return the information of the current ongoing legacy VPN.
1834 * Callers are responsible for checking permissions if needed.
1836 public synchronized LegacyVpnInfo getLegacyVpnInfoPrivileged() {
1837 if (mLegacyVpnRunner == null) return null;
1839 final LegacyVpnInfo info = new LegacyVpnInfo();
1840 info.key = mConfig.user;
1841 info.state = LegacyVpnInfo.stateFromNetworkInfo(mNetworkInfo);
1842 if (mNetworkInfo.isConnected()) {
1843 info.intent = mStatusIntent;
1848 public VpnConfig getLegacyVpnConfig() {
1849 if (mLegacyVpnRunner != null) {
1857 * Bringing up a VPN connection takes time, and that is all this thread
1858 * does. Here we have plenty of time. The only thing we need to take
1859 * care of is responding to interruptions as soon as possible. Otherwise
1860 * requests will pile up. This could be done in a Handler as a state
1861 * machine, but it is much easier to read in the current form.
1863 private class LegacyVpnRunner extends Thread {
1864 private static final String TAG = "LegacyVpnRunner";
1866 private final String[] mDaemons;
1867 private final String[][] mArguments;
1868 private final LocalSocket[] mSockets;
1869 private final String mOuterInterface;
1870 private final AtomicInteger mOuterConnection =
1871 new AtomicInteger(ConnectivityManager.TYPE_NONE);
1873 private long mBringupStartTime = -1;
1876 * Watch for the outer connection (passing in the constructor) going away.
1878 private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() {
1880 public void onReceive(Context context, Intent intent) {
1881 if (!mEnableTeardown) return;
1883 if (intent.getAction().equals(ConnectivityManager.CONNECTIVITY_ACTION)) {
1884 if (intent.getIntExtra(ConnectivityManager.EXTRA_NETWORK_TYPE,
1885 ConnectivityManager.TYPE_NONE) == mOuterConnection.get()) {
1886 NetworkInfo info = (NetworkInfo)intent.getExtra(
1887 ConnectivityManager.EXTRA_NETWORK_INFO);
1888 if (info != null && !info.isConnectedOrConnecting()) {
1890 mObserver.interfaceStatusChanged(mOuterInterface, false);
1891 } catch (RemoteException e) {}
1898 public LegacyVpnRunner(VpnConfig config, String[] racoon, String[] mtpd) {
1901 mDaemons = new String[] {"racoon", "mtpd"};
1902 // TODO: clear arguments from memory once launched
1903 mArguments = new String[][] {racoon, mtpd};
1904 mSockets = new LocalSocket[mDaemons.length];
1906 // This is the interface which VPN is running on,
1907 // mConfig.interfaze will change to point to OUR
1908 // internal interface soon. TODO - add inner/outer to mconfig
1909 // TODO - we have a race - if the outer iface goes away/disconnects before we hit this
1910 // we will leave the VPN up. We should check that it's still there/connected after
1912 mOuterInterface = mConfig.interfaze;
1914 if (!TextUtils.isEmpty(mOuterInterface)) {
1915 final ConnectivityManager cm = ConnectivityManager.from(mContext);
1916 for (Network network : cm.getAllNetworks()) {
1917 final LinkProperties lp = cm.getLinkProperties(network);
1918 if (lp != null && lp.getAllInterfaceNames().contains(mOuterInterface)) {
1919 final NetworkInfo networkInfo = cm.getNetworkInfo(network);
1920 if (networkInfo != null) mOuterConnection.set(networkInfo.getType());
1925 IntentFilter filter = new IntentFilter();
1926 filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
1927 mContext.registerReceiver(mBroadcastReceiver, filter);
1930 public void check(String interfaze) {
1931 if (interfaze.equals(mOuterInterface)) {
1932 Log.i(TAG, "Legacy VPN is going down with " + interfaze);
1937 public void exit() {
1938 // We assume that everything is reset after stopping the daemons.
1942 mContext.unregisterReceiver(mBroadcastReceiver);
1943 } catch (IllegalArgumentException e) {}
1948 // Wait for the previous thread since it has been interrupted.
1949 Log.v(TAG, "Waiting");
1950 synchronized (TAG) {
1951 Log.v(TAG, "Executing");
1954 waitForDaemonsToStop();
1955 interrupted(); // Clear interrupt flag if execute called exit.
1956 } catch (InterruptedException e) {
1958 for (LocalSocket socket : mSockets) {
1959 IoUtils.closeQuietly(socket);
1961 // This sleep is necessary for racoon to successfully complete sending delete
1962 // message to server.
1965 } catch (InterruptedException e) {
1967 for (String daemon : mDaemons) {
1968 SystemService.stop(daemon);
1975 private void checkInterruptAndDelay(boolean sleepLonger) throws InterruptedException {
1976 long now = SystemClock.elapsedRealtime();
1977 if (now - mBringupStartTime <= 60000) {
1978 Thread.sleep(sleepLonger ? 200 : 1);
1980 updateState(DetailedState.FAILED, "checkpoint");
1981 throw new IllegalStateException("VPN bringup took too long");
1985 private void bringup() {
1986 // Catch all exceptions so we can clean up a few things.
1987 boolean initFinished = false;
1989 // Initialize the timer.
1990 mBringupStartTime = SystemClock.elapsedRealtime();
1992 // Wait for the daemons to stop.
1993 for (String daemon : mDaemons) {
1994 while (!SystemService.isStopped(daemon)) {
1995 checkInterruptAndDelay(true);
1999 // Clear the previous state.
2000 File state = new File("/data/misc/vpn/state");
2002 if (state.exists()) {
2003 throw new IllegalStateException("Cannot delete the state");
2005 new File("/data/misc/vpn/abort").delete();
2006 initFinished = true;
2008 // Check if we need to restart any of the daemons.
2009 boolean restart = false;
2010 for (String[] arguments : mArguments) {
2011 restart = restart || (arguments != null);
2017 updateState(DetailedState.CONNECTING, "execute");
2019 // Start the daemon with arguments.
2020 for (int i = 0; i < mDaemons.length; ++i) {
2021 String[] arguments = mArguments[i];
2022 if (arguments == null) {
2026 // Start the daemon.
2027 String daemon = mDaemons[i];
2028 SystemService.start(daemon);
2030 // Wait for the daemon to start.
2031 while (!SystemService.isRunning(daemon)) {
2032 checkInterruptAndDelay(true);
2035 // Create the control socket.
2036 mSockets[i] = new LocalSocket();
2037 LocalSocketAddress address = new LocalSocketAddress(
2038 daemon, LocalSocketAddress.Namespace.RESERVED);
2040 // Wait for the socket to connect.
2043 mSockets[i].connect(address);
2045 } catch (Exception e) {
2048 checkInterruptAndDelay(true);
2050 mSockets[i].setSoTimeout(500);
2052 // Send over the arguments.
2053 OutputStream out = mSockets[i].getOutputStream();
2054 for (String argument : arguments) {
2055 byte[] bytes = argument.getBytes(StandardCharsets.UTF_8);
2056 if (bytes.length >= 0xFFFF) {
2057 throw new IllegalArgumentException("Argument is too large");
2059 out.write(bytes.length >> 8);
2060 out.write(bytes.length);
2062 checkInterruptAndDelay(false);
2068 // Wait for End-of-File.
2069 InputStream in = mSockets[i].getInputStream();
2072 if (in.read() == -1) {
2075 } catch (Exception e) {
2078 checkInterruptAndDelay(true);
2082 // Wait for the daemons to create the new state.
2083 while (!state.exists()) {
2084 // Check if a running daemon is dead.
2085 for (int i = 0; i < mDaemons.length; ++i) {
2086 String daemon = mDaemons[i];
2087 if (mArguments[i] != null && !SystemService.isRunning(daemon)) {
2088 throw new IllegalStateException(daemon + " is dead");
2091 checkInterruptAndDelay(true);
2094 // Now we are connected. Read and parse the new state.
2095 String[] parameters = FileUtils.readTextFile(state, 0, null).split("\n", -1);
2096 if (parameters.length != 7) {
2097 throw new IllegalStateException("Cannot parse the state");
2100 // Set the interface and the addresses in the config.
2101 mConfig.interfaze = parameters[0].trim();
2103 mConfig.addLegacyAddresses(parameters[1]);
2104 // Set the routes if they are not set in the config.
2105 if (mConfig.routes == null || mConfig.routes.isEmpty()) {
2106 mConfig.addLegacyRoutes(parameters[2]);
2109 // Set the DNS servers if they are not set in the config.
2110 if (mConfig.dnsServers == null || mConfig.dnsServers.size() == 0) {
2111 String dnsServers = parameters[3].trim();
2112 if (!dnsServers.isEmpty()) {
2113 mConfig.dnsServers = Arrays.asList(dnsServers.split(" "));
2117 // Set the search domains if they are not set in the config.
2118 if (mConfig.searchDomains == null || mConfig.searchDomains.size() == 0) {
2119 String searchDomains = parameters[4].trim();
2120 if (!searchDomains.isEmpty()) {
2121 mConfig.searchDomains = Arrays.asList(searchDomains.split(" "));
2125 // Add a throw route for the VPN server endpoint, if one was specified.
2126 String endpoint = parameters[5];
2127 if (!endpoint.isEmpty()) {
2129 InetAddress addr = InetAddress.parseNumericAddress(endpoint);
2130 if (addr instanceof Inet4Address) {
2131 mConfig.routes.add(new RouteInfo(new IpPrefix(addr, 32), RTN_THROW));
2132 } else if (addr instanceof Inet6Address) {
2133 mConfig.routes.add(new RouteInfo(new IpPrefix(addr, 128), RTN_THROW));
2135 Log.e(TAG, "Unknown IP address family for VPN endpoint: " + endpoint);
2137 } catch (IllegalArgumentException e) {
2138 Log.e(TAG, "Exception constructing throw route to " + endpoint + ": " + e);
2142 // Here is the last step and it must be done synchronously.
2143 synchronized (Vpn.this) {
2144 // Set the start time
2145 mConfig.startTime = SystemClock.elapsedRealtime();
2147 // Check if the thread was interrupted while we were waiting on the lock.
2148 checkInterruptAndDelay(false);
2150 // Check if the interface is gone while we are waiting.
2151 if (jniCheck(mConfig.interfaze) == 0) {
2152 throw new IllegalStateException(mConfig.interfaze + " is gone");
2155 // Now INetworkManagementEventObserver is watching our back.
2156 mInterface = mConfig.interfaze;
2157 prepareStatusIntent();
2161 Log.i(TAG, "Connected!");
2163 } catch (Exception e) {
2164 Log.i(TAG, "Aborting", e);
2165 updateState(DetailedState.FAILED, e.getMessage());
2171 * Check all daemons every two seconds. Return when one of them is stopped.
2172 * The caller will move to the disconnected state when this function returns,
2173 * which can happen if a daemon failed or if the VPN was torn down.
2175 private void waitForDaemonsToStop() throws InterruptedException {
2176 if (!mNetworkInfo.isConnected()) {
2181 for (int i = 0; i < mDaemons.length; i++) {
2182 if (mArguments[i] != null && SystemService.isStopped(mDaemons[i])) {