From 6795a2aeafa6df8a5e8e3045d29991d33c8db33f Mon Sep 17 00:00:00 2001
From: Robin Lee <rgl@google.com>
Date: Mon, 6 Jul 2015 19:20:59 -0700
Subject: [PATCH] Check legacy VPN is connected before alerting

Legacy VPN does nothing if the device has no underlying network
connection, so showing this warning in that case is confusing.

Conversely third-party VPN can still be dangerous since a malicious
app will store sensitive information and upload it later.

Bug: 21499103
Change-Id: I25a0d4e1e5b10198cb067f06645f0e5ecf81bf56
---
 .../statusbar/policy/SecurityControllerImpl.java  | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
index b505d9d32383e..6af98543b2143 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
@@ -25,7 +25,9 @@ import android.net.ConnectivityManager.NetworkCallback;
 import android.net.IConnectivityManager;
 import android.net.Network;
 import android.net.NetworkCapabilities;
+import android.net.NetworkInfo;
 import android.net.NetworkRequest;
+import android.os.Process;
 import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.os.UserHandle;
@@ -34,6 +36,7 @@ import android.text.TextUtils;
 import android.util.Log;
 import android.util.SparseArray;
 
+import com.android.internal.net.LegacyVpnInfo;
 import com.android.internal.net.VpnConfig;
 import com.android.internal.net.VpnInfo;
 import com.android.systemui.R;
@@ -210,9 +213,17 @@ public class SecurityControllerImpl implements SecurityController {
         try {
             for (UserInfo user : mUserManager.getUsers()) {
                 VpnConfig cfg = mConnectivityManagerService.getVpnConfig(user.id);
-                if (cfg != null) {
-                    vpns.put(user.id, cfg);
+                if (cfg == null) {
+                    continue;
+                } else if (cfg.legacy) {
+                    // Legacy VPNs should do nothing if the network is disconnected. Third-party
+                    // VPN warnings need to continue as traffic can still go to the app.
+                    LegacyVpnInfo legacyVpn = mConnectivityManagerService.getLegacyVpnInfo(user.id);
+                    if (legacyVpn == null || legacyVpn.state != LegacyVpnInfo.STATE_CONNECTED) {
+                        continue;
+                    }
                 }
+                vpns.put(user.id, cfg);
             }
         } catch (RemoteException rme) {
             // Roll back to previous state