Merge "No-op refactoring of VPN lockdown status check."

am: 5c67de8417 Change-Id: I8aab0dd1556b49cafc08d57a8981051ba437fe44
2018-10-25 22:50:34 -07:00
parent 2e738cf4ce 5c67de8417
commit f03247ac4e
3 changed files with 20 additions and 11 deletions
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1143,7 +1143,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
        }
        synchronized (mVpns) {
            final Vpn vpn = mVpns.get(UserHandle.getUserId(uid));
-            if (vpn != null && vpn.isBlockingUid(uid)) {
+            if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) {
                return true;
            }
        }
@@ -1736,7 +1736,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
            // list all state depending on the return value of this function has to be recomputed.
            // TODO: add a trigger when the always-on VPN sets its blocked UIDs to reevaluate and
            // send the necessary onBlockedStatusChanged callbacks.
-            if (vpn != null && vpn.isBlockingUid(uid)) {
+            if (vpn != null && vpn.getLockdown() && vpn.isBlockingUid(uid)) {
                return true;
            }
        }
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -380,6 +380,15 @@ public class Vpn {
        }
    }

+    /**
+     * Check whether to prevent all traffic outside of a VPN even when the VPN is not connected.
+     *
+     * @return {@code true} if VPN lockdown is enabled.
+     */
+    public boolean getLockdown() {
+        return mLockdown;
+    }
+
    /**
     * Checks if a VPN app supports always-on mode.
     *
@@ -1533,17 +1542,15 @@ public class Vpn {
    }

    /**
-     * @return {@code true} if {@param uid} is blocked by an always-on VPN.
-     *         A UID is blocked if it's included in one of the mBlockedUsers ranges and the VPN is
-     *         not connected, or if the VPN is connected but does not apply to the UID.
+     * @param uid The target uid.
     *
+     * @return {@code true} if {@code uid} is included in one of the mBlockedUsers ranges and the
+     * VPN is not connected, or if the VPN is connected but does not apply to the {@code uid}.
+     *
+     * @apiNote This method don't check VPN lockdown status.
     * @see #mBlockedUsers
     */
    public synchronized boolean isBlockingUid(int uid) {
-        if (!mLockdown) {
-            return false;
-        }
-
        if (mNetworkInfo.isConnected()) {
            return !appliesToUid(uid);
        } else {
--- a/tests/net/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/net/java/com/android/server/connectivity/VpnTest.java
@@ -507,13 +507,15 @@ public class VpnTest {

    private static void assertBlocked(Vpn vpn, int... uids) {
        for (int uid : uids) {
-            assertTrue("Uid " + uid + " should be blocked", vpn.isBlockingUid(uid));
+            final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid);
+            assertTrue("Uid " + uid + " should be blocked", blocked);
        }
    }

    private static void assertUnblocked(Vpn vpn, int... uids) {
        for (int uid : uids) {
-            assertFalse("Uid " + uid + " should not be blocked", vpn.isBlockingUid(uid));
+            final boolean blocked = vpn.getLockdown() && vpn.isBlockingUid(uid);
+            assertFalse("Uid " + uid + " should not be blocked", blocked);
        }
    }