Unconfigure the lockdown VPN if the user forgets its profile.

Currently, if the user clicks "forget" on the configuration
dialog for the profile that is currently being used by the
always-on VPN, we don't disable the lockdown VPN, and we crash
on next boot because ConnectivityService tries to start
LockdownVpnTracker with an invalid configuration.

Fix this by removing the LOCKDOWN_VPN variable in the keystore
(which disables the always-on VPN), and notifying
ConnectivityService.

Bug: 23625458
Change-Id: I3545286c9fc23517306aa94607a4b2cb55cc56c4

diff --git a/src/com/android/settings/vpn2/ConfigDialogFragment.java b/src/com/android/settings/vpn2/ConfigDialogFragment.java
index 80f9fcd..a6189a9 100644 (file)
--- a/src/com/android/settings/vpn2/ConfigDialogFragment.java
+++ b/src/com/android/settings/vpn2/ConfigDialogFragment.java
@@ -16,6 +16,8 @@
 
 package com.android.settings.vpn2;
 
+import java.util.Arrays;
+
 import android.app.Dialog;
 import android.app.DialogFragment;
 import android.content.Context;
@@ -123,7 +125,18 @@ public class ConfigDialogFragment extends DialogFragment implements
             disconnect(profile);
 
             // Delete from KeyStore
-            KeyStore.getInstance().delete(Credentials.VPN + profile.key, KeyStore.UID_SELF);
+            KeyStore keyStore = KeyStore.getInstance();
+            keyStore.delete(Credentials.VPN + profile.key, KeyStore.UID_SELF);
+
+            // If this was the current lockdown VPN, clear it.
+            if (Arrays.equals(profile.key.getBytes(), keyStore.get(Credentials.LOCKDOWN_VPN))) {
+                keyStore.delete(Credentials.LOCKDOWN_VPN);
+                try {
+                    mService.updateLockdownVpn();
+                } catch (RemoteException e) {
+                    Log.e(TAG, "Failed to clear lockdown VPN configuration");
+                }
+            }
         }
         dismiss();
     }