Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1b0ca9dace3fb3b84f8a87e539c0179e6093b423
frameworks_base/services/java/com/android/server/connectivity/Vpn.java
Robert Greenwalt 1b0ca9dace Listen for network disconnect. 
VPN used to just watch the interface, but that is insufficient.  There
is no promise that the interface will go down when we're done with it.
Now that wifi stays on in scan-only mode despite user turning it off
it seems that the interface is left up, even in AP mode.

Now listening for ConnectivityService broadcast that the network we were on
has disconnected and tearing down the VPN then or when the interface
goes away.

bug:8550083
Change-Id: Icf414497bc55bead69de04e91f39f90ac2e6578a
2013-04-22 14:13:51 -07:00

946 lines
36 KiB
Java
Raw Blame History

/*
* Copyright (C) 2011 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.connectivity;
import static android.Manifest.permission.BIND_VPN_SERVICE;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.content.ServiceConnection;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.graphics.Bitmap;
import android.graphics.Canvas;
import android.graphics.drawable.Drawable;
import android.net.BaseNetworkStateTracker;
import android.net.ConnectivityManager;
import android.net.IConnectivityManager;
import android.net.INetworkManagementEventObserver;
import android.net.LinkProperties;
import android.net.LocalSocket;
import android.net.LocalSocketAddress;
import android.net.NetworkInfo;
import android.net.RouteInfo;
import android.net.NetworkInfo.DetailedState;
import android.os.Binder;
import android.os.FileUtils;
import android.os.IBinder;
import android.os.INetworkManagementService;
import android.os.Parcel;
import android.os.ParcelFileDescriptor;
import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
import android.os.SystemService;
import android.os.UserHandle;
import android.security.Credentials;
import android.security.KeyStore;
import android.util.Log;
import android.widget.Toast;
import com.android.internal.R;
import com.android.internal.net.LegacyVpnInfo;
import com.android.internal.net.VpnConfig;
import com.android.internal.net.VpnProfile;
import com.android.internal.util.Preconditions;
import com.android.server.ConnectivityService.VpnCallback;
import com.android.server.net.BaseNetworkObserver;
import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.nio.charset.Charsets;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicInteger;
import libcore.io.IoUtils;
/**
* @hide
*/
public class Vpn extends BaseNetworkStateTracker {
private static final String TAG = "Vpn";
private static final boolean LOGD = true;
// TODO: create separate trackers for each unique VPN to support
// automated reconnection
private final VpnCallback mCallback;
private String mPackage = VpnConfig.LEGACY_VPN;
private String mInterface;
private Connection mConnection;
private LegacyVpnRunner mLegacyVpnRunner;
private PendingIntent mStatusIntent;
private boolean mEnableNotif = true;
private final IConnectivityManager mConnService;
public Vpn(Context context, VpnCallback callback, INetworkManagementService netService,
IConnectivityManager connService) {
// TODO: create dedicated TYPE_VPN network type
super(ConnectivityManager.TYPE_DUMMY);
mContext = context;
mCallback = callback;
mConnService = connService;
try {
netService.registerObserver(mObserver);
} catch (RemoteException e) {
Log.wtf(TAG, "Problem registering observer", e);
}
}
public void setEnableNotifications(boolean enableNotif) {
mEnableNotif = enableNotif;
}
@Override
protected void startMonitoringInternal() {
// Ignored; events are sent through callbacks for now
}
@Override
public boolean teardown() {
// TODO: finish migration to unique tracker for each VPN
throw new UnsupportedOperationException();
}
@Override
public boolean reconnect() {
// TODO: finish migration to unique tracker for each VPN
throw new UnsupportedOperationException();
}
@Override
public String getTcpBufferSizesPropName() {
return PROP_TCP_BUFFER_UNKNOWN;
}
/**
* Update current state, dispaching event to listeners.
*/
private void updateState(DetailedState detailedState, String reason) {
if (LOGD) Log.d(TAG, "setting state=" + detailedState + ", reason=" + reason);
mNetworkInfo.setDetailedState(detailedState, reason, null);
mCallback.onStateChanged(new NetworkInfo(mNetworkInfo));
}
/**
* Prepare for a VPN application. This method is designed to solve
* race conditions. It first compares the current prepared package
* with {@code oldPackage}. If they are the same, the prepared
* package is revoked and replaced with {@code newPackage}. If
* {@code oldPackage} is {@code null}, the comparison is omitted.
* If {@code newPackage} is the same package or {@code null}, the
* revocation is omitted. This method returns {@code true} if the
* operation is succeeded.
*
* Legacy VPN is handled specially since it is not a real package.
* It uses {@link VpnConfig#LEGACY_VPN} as its package name, and
* it can be revoked by itself.
*
* @param oldPackage The package name of the old VPN application.
* @param newPackage The package name of the new VPN application.
* @return true if the operation is succeeded.
*/
public synchronized boolean prepare(String oldPackage, String newPackage) {
// Return false if the package does not match.
if (oldPackage != null && !oldPackage.equals(mPackage)) {
return false;
}
// Return true if we do not need to revoke.
if (newPackage == null ||
(newPackage.equals(mPackage) && !newPackage.equals(VpnConfig.LEGACY_VPN))) {
return true;
}
// Check if the caller is authorized.
enforceControlPermission();
// Reset the interface and hide the notification.
if (mInterface != null) {
jniReset(mInterface);
final long token = Binder.clearCallingIdentity();
try {
mCallback.restore();
hideNotification();
} finally {
Binder.restoreCallingIdentity(token);
}
mInterface = null;
}
// Revoke the connection or stop LegacyVpnRunner.
if (mConnection != null) {
try {
mConnection.mService.transact(IBinder.LAST_CALL_TRANSACTION,
Parcel.obtain(), null, IBinder.FLAG_ONEWAY);
} catch (Exception e) {
// ignore
}
mContext.unbindService(mConnection);
mConnection = null;
} else if (mLegacyVpnRunner != null) {
mLegacyVpnRunner.exit();
mLegacyVpnRunner = null;
}
Log.i(TAG, "Switched from " + mPackage + " to " + newPackage);
mPackage = newPackage;
updateState(DetailedState.IDLE, "prepare");
return true;
}
/**
* Protect a socket from routing changes by binding it to the given
* interface. The socket is NOT closed by this method.
*
* @param socket The socket to be bound.
* @param interfaze The name of the interface.
*/
public void protect(ParcelFileDescriptor socket, String interfaze) throws Exception {
PackageManager pm = mContext.getPackageManager();
ApplicationInfo app = pm.getApplicationInfo(mPackage, 0);
if (Binder.getCallingUid() != app.uid) {
throw new SecurityException("Unauthorized Caller");
}
jniProtect(socket.getFd(), interfaze);
}
/**
* Establish a VPN network and return the file descriptor of the VPN
* interface. This methods returns {@code null} if the application is
* revoked or not prepared.
*
* @param config The parameters to configure the network.
* @return The file descriptor of the VPN interface.
*/
public synchronized ParcelFileDescriptor establish(VpnConfig config) {
// Check if the caller is already prepared.
PackageManager pm = mContext.getPackageManager();
ApplicationInfo app = null;
try {
app = pm.getApplicationInfo(mPackage, 0);
} catch (Exception e) {
return null;
}
if (Binder.getCallingUid() != app.uid) {
return null;
}
// Check if the service is properly declared.
Intent intent = new Intent(VpnConfig.SERVICE_INTERFACE);
intent.setClassName(mPackage, config.user);
ResolveInfo info = pm.resolveService(intent, 0);
if (info == null) {
throw new SecurityException("Cannot find " + config.user);
}
if (!BIND_VPN_SERVICE.equals(info.serviceInfo.permission)) {
throw new SecurityException(config.user + " does not require " + BIND_VPN_SERVICE);
}
// Load the label.
String label = app.loadLabel(pm).toString();
// Load the icon and convert it into a bitmap.
Drawable icon = app.loadIcon(pm);
Bitmap bitmap = null;
if (icon.getIntrinsicWidth() > 0 && icon.getIntrinsicHeight() > 0) {
int width = mContext.getResources().getDimensionPixelSize(
android.R.dimen.notification_large_icon_width);
int height = mContext.getResources().getDimensionPixelSize(
android.R.dimen.notification_large_icon_height);
icon.setBounds(0, 0, width, height);
bitmap = Bitmap.createBitmap(width, height, Bitmap.Config.ARGB_8888);
Canvas c = new Canvas(bitmap);
icon.draw(c);
c.setBitmap(null);
}
// Configure the interface. Abort if any of these steps fails.
ParcelFileDescriptor tun = ParcelFileDescriptor.adoptFd(jniCreate(config.mtu));
try {
updateState(DetailedState.CONNECTING, "establish");
String interfaze = jniGetName(tun.getFd());
if (jniSetAddresses(interfaze, config.addresses) < 1) {
throw new IllegalArgumentException("At least one address must be specified");
}
if (config.routes != null) {
jniSetRoutes(interfaze, config.routes);
}
Connection connection = new Connection();
if (!mContext.bindService(intent, connection, Context.BIND_AUTO_CREATE)) {
throw new IllegalStateException("Cannot bind " + config.user);
}
if (mConnection != null) {
mContext.unbindService(mConnection);
}
if (mInterface != null && !mInterface.equals(interfaze)) {
jniReset(mInterface);
}
mConnection = connection;
mInterface = interfaze;
} catch (RuntimeException e) {
updateState(DetailedState.FAILED, "establish");
IoUtils.closeQuietly(tun);
throw e;
}
Log.i(TAG, "Established by " + config.user + " on " + mInterface);
// Fill more values.
config.user = mPackage;
config.interfaze = mInterface;
// Override DNS servers and show the notification.
final long token = Binder.clearCallingIdentity();
try {
mCallback.override(config.dnsServers, config.searchDomains);
showNotification(config, label, bitmap);
} finally {
Binder.restoreCallingIdentity(token);
}
// TODO: ensure that contract class eventually marks as connected
updateState(DetailedState.AUTHENTICATING, "establish");
return tun;
}
@Deprecated
public synchronized void interfaceStatusChanged(String iface, boolean up) {
try {
mObserver.interfaceStatusChanged(iface, up);
} catch (RemoteException e) {
// ignored; target is local
}
}
private INetworkManagementEventObserver mObserver = new BaseNetworkObserver() {
@Override
public void interfaceStatusChanged(String interfaze, boolean up) {
synchronized (Vpn.this) {
if (!up && mLegacyVpnRunner != null) {
mLegacyVpnRunner.check(interfaze);
}
}
}
@Override
public void interfaceRemoved(String interfaze) {
synchronized (Vpn.this) {
if (interfaze.equals(mInterface) && jniCheck(interfaze) == 0) {
final long token = Binder.clearCallingIdentity();
try {
mCallback.restore();
hideNotification();
} finally {
Binder.restoreCallingIdentity(token);
}
mInterface = null;
if (mConnection != null) {
mContext.unbindService(mConnection);
mConnection = null;
updateState(DetailedState.DISCONNECTED, "interfaceRemoved");
} else if (mLegacyVpnRunner != null) {
mLegacyVpnRunner.exit();
mLegacyVpnRunner = null;
}
}
}
}
};
private void enforceControlPermission() {
// System user is allowed to control VPN.
if (Binder.getCallingUid() == Process.SYSTEM_UID) {
return;
}
try {
// System dialogs are also allowed to control VPN.
PackageManager pm = mContext.getPackageManager();
ApplicationInfo app = pm.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0);
if (Binder.getCallingUid() == app.uid) {
return;
}
} catch (Exception e) {
// ignore
}
throw new SecurityException("Unauthorized Caller");
}
private class Connection implements ServiceConnection {
private IBinder mService;
@Override
public void onServiceConnected(ComponentName name, IBinder service) {
mService = service;
}
@Override
public void onServiceDisconnected(ComponentName name) {
mService = null;
}
}
private void showNotification(VpnConfig config, String label, Bitmap icon) {
if (!mEnableNotif) return;
mStatusIntent = VpnConfig.getIntentForStatusPanel(mContext, config);
NotificationManager nm = (NotificationManager)
mContext.getSystemService(Context.NOTIFICATION_SERVICE);
if (nm != null) {
String title = (label == null) ? mContext.getString(R.string.vpn_title) :
mContext.getString(R.string.vpn_title_long, label);
String text = (config.session == null) ? mContext.getString(R.string.vpn_text) :
mContext.getString(R.string.vpn_text_long, config.session);
config.startTime = SystemClock.elapsedRealtime();
Notification notification = new Notification.Builder(mContext)
.setSmallIcon(R.drawable.vpn_connected)
.setLargeIcon(icon)
.setContentTitle(title)
.setContentText(text)
.setContentIntent(mStatusIntent)
.setDefaults(0)
.setOngoing(true)
.build();
nm.notifyAsUser(null, R.drawable.vpn_connected, notification, UserHandle.ALL);
}
}
private void hideNotification() {
if (!mEnableNotif) return;
mStatusIntent = null;
NotificationManager nm = (NotificationManager)
mContext.getSystemService(Context.NOTIFICATION_SERVICE);
if (nm != null) {
nm.cancelAsUser(null, R.drawable.vpn_connected, UserHandle.ALL);
}
}
private native int jniCreate(int mtu);
private native String jniGetName(int tun);
private native int jniSetAddresses(String interfaze, String addresses);
private native int jniSetRoutes(String interfaze, String routes);
private native void jniReset(String interfaze);
private native int jniCheck(String interfaze);
private native void jniProtect(int socket, String interfaze);
private static String findLegacyVpnGateway(LinkProperties prop) {
for (RouteInfo route : prop.getRoutes()) {
// Currently legacy VPN only works on IPv4.
if (route.isDefaultRoute() && route.getGateway() instanceof Inet4Address) {
return route.getGateway().getHostAddress();
}
}
throw new IllegalStateException("Unable to find suitable gateway");
}
/**
* Start legacy VPN, controlling native daemons as needed. Creates a
* secondary thread to perform connection work, returning quickly.
*/
public void startLegacyVpn(VpnProfile profile, KeyStore keyStore, LinkProperties egress) {
enforceControlPermission();
if (!keyStore.isUnlocked()) {
throw new IllegalStateException("KeyStore isn't unlocked");
}
final String iface = egress.getInterfaceName();
final String gateway = findLegacyVpnGateway(egress);
// Load certificates.
String privateKey = "";
String userCert = "";
String caCert = "";
String serverCert = "";
if (!profile.ipsecUserCert.isEmpty()) {
privateKey = Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert;
byte[] value = keyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert);
userCert = (value == null) ? null : new String(value, Charsets.UTF_8);
}
if (!profile.ipsecCaCert.isEmpty()) {
byte[] value = keyStore.get(Credentials.CA_CERTIFICATE + profile.ipsecCaCert);
caCert = (value == null) ? null : new String(value, Charsets.UTF_8);
}
if (!profile.ipsecServerCert.isEmpty()) {
byte[] value = keyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecServerCert);
serverCert = (value == null) ? null : new String(value, Charsets.UTF_8);
}
if (privateKey == null || userCert == null || caCert == null || serverCert == null) {
throw new IllegalStateException("Cannot load credentials");
}
// Prepare arguments for racoon.
String[] racoon = null;
switch (profile.type) {
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
racoon = new String[] {
iface, profile.server, "udppsk", profile.ipsecIdentifier,
profile.ipsecSecret, "1701",
};
break;
case VpnProfile.TYPE_L2TP_IPSEC_RSA:
racoon = new String[] {
iface, profile.server, "udprsa", privateKey, userCert,
caCert, serverCert, "1701",
};
break;
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
racoon = new String[] {
iface, profile.server, "xauthpsk", profile.ipsecIdentifier,
profile.ipsecSecret, profile.username, profile.password, "", gateway,
};
break;
case VpnProfile.TYPE_IPSEC_XAUTH_RSA:
racoon = new String[] {
iface, profile.server, "xauthrsa", privateKey, userCert,
caCert, serverCert, profile.username, profile.password, "", gateway,
};
break;
case VpnProfile.TYPE_IPSEC_HYBRID_RSA:
racoon = new String[] {
iface, profile.server, "hybridrsa",
caCert, serverCert, profile.username, profile.password, "", gateway,
};
break;
}
// Prepare arguments for mtpd.
String[] mtpd = null;
switch (profile.type) {
case VpnProfile.TYPE_PPTP:
mtpd = new String[] {
iface, "pptp", profile.server, "1723",
"name", profile.username, "password", profile.password,
"linkname", "vpn", "refuse-eap", "nodefaultroute",
"usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400",
(profile.mppe ? "+mppe" : "nomppe"),
};
break;
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
case VpnProfile.TYPE_L2TP_IPSEC_RSA:
mtpd = new String[] {
iface, "l2tp", profile.server, "1701", profile.l2tpSecret,
"name", profile.username, "password", profile.password,
"linkname", "vpn", "refuse-eap", "nodefaultroute",
"usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400",
};
break;
}
VpnConfig config = new VpnConfig();
config.legacy = true;
config.user = profile.key;
config.interfaze = iface;
config.session = profile.name;
config.routes = profile.routes;
if (!profile.dnsServers.isEmpty()) {
config.dnsServers = Arrays.asList(profile.dnsServers.split(" +"));
}
if (!profile.searchDomains.isEmpty()) {
config.searchDomains = Arrays.asList(profile.searchDomains.split(" +"));
}
startLegacyVpn(config, racoon, mtpd);
}
private synchronized void startLegacyVpn(VpnConfig config, String[] racoon, String[] mtpd) {
stopLegacyVpn();
// Prepare for the new request. This also checks the caller.
prepare(null, VpnConfig.LEGACY_VPN);
updateState(DetailedState.CONNECTING, "startLegacyVpn");
// Start a new LegacyVpnRunner and we are done!
mLegacyVpnRunner = new LegacyVpnRunner(config, racoon, mtpd);
mLegacyVpnRunner.start();
}
public synchronized void stopLegacyVpn() {
if (mLegacyVpnRunner != null) {
mLegacyVpnRunner.exit();
mLegacyVpnRunner = null;
synchronized (LegacyVpnRunner.TAG) {
// wait for old thread to completely finish before spinning up
// new instance, otherwise state updates can be out of order.
}
}
}
/**
* Return the information of the current ongoing legacy VPN.
*/
public synchronized LegacyVpnInfo getLegacyVpnInfo() {
// Check if the caller is authorized.
enforceControlPermission();
if (mLegacyVpnRunner == null) return null;
final LegacyVpnInfo info = new LegacyVpnInfo();
info.key = mLegacyVpnRunner.mConfig.user;
info.state = LegacyVpnInfo.stateFromNetworkInfo(mNetworkInfo);
if (mNetworkInfo.isConnected()) {
info.intent = mStatusIntent;
}
return info;
}
public VpnConfig getLegacyVpnConfig() {
if (mLegacyVpnRunner != null) {
return mLegacyVpnRunner.mConfig;
} else {
return null;
}
}
/**
* Bringing up a VPN connection takes time, and that is all this thread
* does. Here we have plenty of time. The only thing we need to take
* care of is responding to interruptions as soon as possible. Otherwise
* requests will be piled up. This can be done in a Handler as a state
* machine, but it is much easier to read in the current form.
*/
private class LegacyVpnRunner extends Thread {
private static final String TAG = "LegacyVpnRunner";
private final VpnConfig mConfig;
private final String[] mDaemons;
private final String[][] mArguments;
private final LocalSocket[] mSockets;
private final String mOuterInterface;
private final AtomicInteger mOuterConnection =
new AtomicInteger(ConnectivityManager.TYPE_NONE);
private long mTimer = -1;
/**
* Watch for the outer connection (passing in the constructor) going away.
*/
private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
if (intent.getAction().equals(ConnectivityManager.CONNECTIVITY_ACTION)) {
if (intent.getIntExtra(ConnectivityManager.EXTRA_NETWORK_TYPE,
ConnectivityManager.TYPE_NONE) == mOuterConnection.get()) {
NetworkInfo info = (NetworkInfo)intent.getExtra(
ConnectivityManager.EXTRA_NETWORK_INFO);
if (info != null && !info.isConnectedOrConnecting()) {
try {
mObserver.interfaceStatusChanged(mOuterInterface, false);
} catch (RemoteException e) {}
}
}
}
}
};
public LegacyVpnRunner(VpnConfig config, String[] racoon, String[] mtpd) {
super(TAG);
mConfig = config;
mDaemons = new String[] {"racoon", "mtpd"};
// TODO: clear arguments from memory once launched
mArguments = new String[][] {racoon, mtpd};
mSockets = new LocalSocket[mDaemons.length];
// This is the interface which VPN is running on,
// mConfig.interfaze will change to point to OUR
// internal interface soon. TODO - add inner/outer to mconfig
// TODO - we have a race - if the outer iface goes away/disconnects before we hit this
// we will leave the VPN up. We should check that it's still there/connected after
// registering
mOuterInterface = mConfig.interfaze;
try {
mOuterConnection.set(
mConnService.findConnectionTypeForIface(mOuterInterface));
} catch (Exception e) {
mOuterConnection.set(ConnectivityManager.TYPE_NONE);
}
IntentFilter filter = new IntentFilter();
filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
mContext.registerReceiver(mBroadcastReceiver, filter);
}
public void check(String interfaze) {
if (interfaze.equals(mOuterInterface)) {
Log.i(TAG, "Legacy VPN is going down with " + interfaze);
exit();
}
}
public void exit() {
// We assume that everything is reset after stopping the daemons.
interrupt();
for (LocalSocket socket : mSockets) {
IoUtils.closeQuietly(socket);
}
updateState(DetailedState.DISCONNECTED, "exit");
try {
mContext.unregisterReceiver(mBroadcastReceiver);
} catch (IllegalArgumentException e) {}
}
@Override
public void run() {
// Wait for the previous thread since it has been interrupted.
Log.v(TAG, "Waiting");
synchronized (TAG) {
Log.v(TAG, "Executing");
execute();
monitorDaemons();
}
}
private void checkpoint(boolean yield) throws InterruptedException {
long now = SystemClock.elapsedRealtime();
if (mTimer == -1) {
mTimer = now;
Thread.sleep(1);
} else if (now - mTimer <= 60000) {
Thread.sleep(yield ? 200 : 1);
} else {
updateState(DetailedState.FAILED, "checkpoint");
throw new IllegalStateException("Time is up");
}
}
private void execute() {
// Catch all exceptions so we can clean up few things.
boolean initFinished = false;
try {
// Initialize the timer.
checkpoint(false);
// Wait for the daemons to stop.
for (String daemon : mDaemons) {
while (!SystemService.isStopped(daemon)) {
checkpoint(true);
}
}
// Clear the previous state.
File state = new File("/data/misc/vpn/state");
state.delete();
if (state.exists()) {
throw new IllegalStateException("Cannot delete the state");
}
new File("/data/misc/vpn/abort").delete();
initFinished = true;
// Check if we need to restart any of the daemons.
boolean restart = false;
for (String[] arguments : mArguments) {
restart = restart || (arguments != null);
}
if (!restart) {
updateState(DetailedState.DISCONNECTED, "execute");
return;
}
updateState(DetailedState.CONNECTING, "execute");
// Start the daemon with arguments.
for (int i = 0; i < mDaemons.length; ++i) {
String[] arguments = mArguments[i];
if (arguments == null) {
continue;
}
// Start the daemon.
String daemon = mDaemons[i];
SystemService.start(daemon);
// Wait for the daemon to start.
while (!SystemService.isRunning(daemon)) {
checkpoint(true);
}
// Create the control socket.
mSockets[i] = new LocalSocket();
LocalSocketAddress address = new LocalSocketAddress(
daemon, LocalSocketAddress.Namespace.RESERVED);
// Wait for the socket to connect.
while (true) {
try {
mSockets[i].connect(address);
break;
} catch (Exception e) {
// ignore
}
checkpoint(true);
}
mSockets[i].setSoTimeout(500);
// Send over the arguments.
OutputStream out = mSockets[i].getOutputStream();
for (String argument : arguments) {
byte[] bytes = argument.getBytes(Charsets.UTF_8);
if (bytes.length >= 0xFFFF) {
throw new IllegalArgumentException("Argument is too large");
}
out.write(bytes.length >> 8);
out.write(bytes.length);
out.write(bytes);
checkpoint(false);
}
out.write(0xFF);
out.write(0xFF);
out.flush();
// Wait for End-of-File.
InputStream in = mSockets[i].getInputStream();
while (true) {
try {
if (in.read() == -1) {
break;
}
} catch (Exception e) {
// ignore
}
checkpoint(true);
}
}
// Wait for the daemons to create the new state.
while (!state.exists()) {
// Check if a running daemon is dead.
for (int i = 0; i < mDaemons.length; ++i) {
String daemon = mDaemons[i];
if (mArguments[i] != null && !SystemService.isRunning(daemon)) {
throw new IllegalStateException(daemon + " is dead");
}
}
checkpoint(true);
}
// Now we are connected. Read and parse the new state.
String[] parameters = FileUtils.readTextFile(state, 0, null).split("\n", -1);
if (parameters.length != 6) {
throw new IllegalStateException("Cannot parse the state");
}
// Set the interface and the addresses in the config.
mConfig.interfaze = parameters[0].trim();
mConfig.addresses = parameters[1].trim();
// Set the routes if they are not set in the config.
if (mConfig.routes == null || mConfig.routes.isEmpty()) {
mConfig.routes = parameters[2].trim();
}
// Set the DNS servers if they are not set in the config.
if (mConfig.dnsServers == null || mConfig.dnsServers.size() == 0) {
String dnsServers = parameters[3].trim();
if (!dnsServers.isEmpty()) {
mConfig.dnsServers = Arrays.asList(dnsServers.split(" "));
}
}
// Set the search domains if they are not set in the config.
if (mConfig.searchDomains == null || mConfig.searchDomains.size() == 0) {
String searchDomains = parameters[4].trim();
if (!searchDomains.isEmpty()) {
mConfig.searchDomains = Arrays.asList(searchDomains.split(" "));
}
}
// Set the routes.
jniSetRoutes(mConfig.interfaze, mConfig.routes);
// Here is the last step and it must be done synchronously.
synchronized (Vpn.this) {
// Check if the thread is interrupted while we are waiting.
checkpoint(false);
// Check if the interface is gone while we are waiting.
if (jniCheck(mConfig.interfaze) == 0) {
throw new IllegalStateException(mConfig.interfaze + " is gone");
}
// Now INetworkManagementEventObserver is watching our back.
mInterface = mConfig.interfaze;
mCallback.override(mConfig.dnsServers, mConfig.searchDomains);
showNotification(mConfig, null, null);
Log.i(TAG, "Connected!");
updateState(DetailedState.CONNECTED, "execute");
}
} catch (Exception e) {
Log.i(TAG, "Aborting", e);
exit();
} finally {
// Kill the daemons if they fail to stop.
if (!initFinished) {
for (String daemon : mDaemons) {
SystemService.stop(daemon);
}
}
// Do not leave an unstable state.
if (!initFinished || mNetworkInfo.getDetailedState() == DetailedState.CONNECTING) {
updateState(DetailedState.FAILED, "execute");
}
}
}
/**
* Monitor the daemons we started, moving to disconnected state if the
* underlying services fail.
*/
private void monitorDaemons() {
if (!mNetworkInfo.isConnected()) {
return;
}
try {
while (true) {
Thread.sleep(2000);
for (int i = 0; i < mDaemons.length; i++) {
if (mArguments[i] != null && SystemService.isStopped(mDaemons[i])) {
return;
}
}
}
} catch (InterruptedException e) {
Log.d(TAG, "interrupted during monitorDaemons(); stopping services");
} finally {
for (String daemon : mDaemons) {
SystemService.stop(daemon);
}
updateState(DetailedState.DISCONNECTED, "babysit");
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink