From: Pavel Grafov <pgrafov@google.com>
Date: Tue, 29 Jan 2019 22:13:19 +0000 (-0800)
Subject: Merge "Whitelist packages from VPN lockdown: DPM API." into pi-dev-plus-aosp
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=0c0af4b0cc6f945748afb2e009badb2725c5a1de;p=android-x86%2Fframeworks-base.git

Merge "Whitelist packages from VPN lockdown: DPM API." into pi-dev-plus-aosp
am: 299f825678

Change-Id: I3deb4a865e109e2b2e67dc7d8ffc775747f34303
---

0c0af4b0cc6f945748afb2e009badb2725c5a1de
diff --cc api/current.txt
index fa147db76e64,6d9c3c7a2a60..9cd496ca81dd
mode 100644,100755..100644
--- a/api/current.txt
+++ b/api/current.txt
diff --cc services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index f79f9bc4ef86,9c6b52fb2349..51bdbb38d582
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@@ -6316,20 -5890,25 +6321,32 @@@ public class DevicePolicyManagerServic
          final long token = mInjector.binderClearCallingIdentity();
          try {
              if (vpnPackage != null && !isPackageInstalledForUser(vpnPackage, userId)) {
-                 return false;
+                 Slog.w(LOG_TAG, "Non-existent VPN package specified: " + vpnPackage);
+                 throw new ServiceSpecificException(
+                         DevicePolicyManager.ERROR_VPN_PACKAGE_NOT_FOUND, vpnPackage);
+             }
+ 
+             if (vpnPackage != null && lockdown && lockdownWhitelist != null) {
+                 for (String packageName : lockdownWhitelist) {
+                     if (!isPackageInstalledForUser(packageName, userId)) {
+                         Slog.w(LOG_TAG, "Non-existent package in VPN whitelist: " + packageName);
+                         throw new ServiceSpecificException(
+                                 DevicePolicyManager.ERROR_VPN_PACKAGE_NOT_FOUND, packageName);
+                     }
+                 }
              }
-             ConnectivityManager connectivityManager = (ConnectivityManager)
-                     mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
-             if (!connectivityManager.setAlwaysOnVpnPackageForUser(userId, vpnPackage, lockdown)) {
+             // If some package is uninstalled after the check above, it will be ignored by CM.
+             if (!mInjector.getConnectivityManager().setAlwaysOnVpnPackageForUser(
+                     userId, vpnPackage, lockdown, lockdownWhitelist)) {
                  throw new UnsupportedOperationException();
              }
 +            DevicePolicyEventLogger
 +                    .createEvent(DevicePolicyEnums.SET_ALWAYS_ON_VPN_PACKAGE)
 +                    .setAdmin(admin)
 +                    .setStrings(vpnPackage)
 +                    .setBoolean(lockdown)
 +                    .setInt(/* number of vpn packages */ 0)
 +                    .write();
          } finally {
              mInjector.binderRestoreCallingIdentity(token);
          }
@@@ -6816,12 -6414,12 +6857,10 @@@
  
      @Override
      public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) {
 -        synchronized (getLockObject()) {
 -            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
 -        }
 +        enforceDeviceOwner(who);
          long token = mInjector.binderClearCallingIdentity();
          try {
-             ConnectivityManager connectivityManager = (ConnectivityManager)
-                     mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
-             connectivityManager.setGlobalProxy(proxyInfo);
+             mInjector.getConnectivityManager().setGlobalProxy(proxyInfo);
          } finally {
              mInjector.binderRestoreCallingIdentity(token);
          }