Skip sending VpnManager events for Settings VPNs

This change early-exits from the sendEventToVpnManagerApp() method if the profile was not a VPN app. Otherwise the sendEventToVpnManagerApp() will call getRedactedNetworkCapabilities() which will call AppOpsManager#checkPackage() eventually. And AppOpsManager#checkPackage() will check if the given package is the same as the given uid. In this case, VPN sends "[Legacy VPN]" as the package and sends 1000 as the uid, but there is no package named "[Legacy VPN], so the SecurityException is thrown. Bug: 236315805 Test: atest FrameworksNetTests:VpnTest Change-Id: I486398111106b1a9551fb29f92ba7b4fe85f68c1 Merged-In: I486398111106b1a9551fb29f92ba7b4fe85f68c1 Merged-In: I228f62a5e09017dbf985a614f2e42434238a220c (cherry picked from commit a7ec0cbe45dd75301b19290174ecf2da6421cf97) Merged-In: I486398111106b1a9551fb29f92ba7b4fe85f68c1
author: lucaslin <lucaslin@google.com> 2022-07-25 15:07:52 +0800
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2022-09-02 02:54:13 +0000
commit: ff1c673515cb0f679e21b8d1df1d93f1e80cd586 (patch)
tree: 7ac95735007d664cadefc0eb686d446a3c415ab8
parent: f600ab436176d973cea7aeae7ce77735c81d612e (diff)
download: base-ff1c673515cb0f679e21b8d1df1d93f1e80cd586.tar.gz
1 files changed, 6 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 77d3392da993..15aa07f40641 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -2944,7 +2944,7 @@ public class Vpn {
                             // All the above failures are configuration errors, and are terminal
                             // TODO(b/230548427): Remove SDK check once VPN related stuff are
                             //  decoupled from ConnectivityServiceTest.
-                            if (SdkLevel.isAtLeastT()) {
+                            if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {
                                 sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_IKE_ERROR,
                                         VpnManager.ERROR_CLASS_NOT_RECOVERABLE,
                                         ikeException.getErrorType(),
@@ -2962,7 +2962,7 @@ public class Vpn {
                             // All the above failures are configuration errors, and are terminal
                             // TODO(b/230548427): Remove SDK check once VPN related stuff are
                             //  decoupled from ConnectivityServiceTest.
-                            if (SdkLevel.isAtLeastT()) {
+                            if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {
                                 sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_IKE_ERROR,
                                         VpnManager.ERROR_CLASS_RECOVERABLE,
                                         ikeException.getErrorType(),
@@ -2981,7 +2981,7 @@ public class Vpn {
                 } else if (exception instanceof IkeNetworkLostException) {
                     // TODO(b/230548427): Remove SDK check once VPN related stuff are
                     //  decoupled from ConnectivityServiceTest.
-                    if (SdkLevel.isAtLeastT()) {
+                    if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {
                         sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,
                                 VpnManager.ERROR_CLASS_RECOVERABLE,
                                 VpnManager.ERROR_CODE_NETWORK_LOST,
@@ -2996,7 +2996,7 @@ public class Vpn {
                     if (exception.getCause() instanceof UnknownHostException) {
                         // TODO(b/230548427): Remove SDK check once VPN related stuff are
                         //  decoupled from ConnectivityServiceTest.
-                        if (SdkLevel.isAtLeastT()) {
+                        if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {
                             sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,
                                     VpnManager.ERROR_CLASS_RECOVERABLE,
                                     VpnManager.ERROR_CODE_NETWORK_UNKNOWN_HOST,
@@ -3010,7 +3010,7 @@ public class Vpn {
                     } else if (exception.getCause() instanceof IkeTimeoutException) {
                         // TODO(b/230548427): Remove SDK check once VPN related stuff are
                         //  decoupled from ConnectivityServiceTest.
-                        if (SdkLevel.isAtLeastT()) {
+                        if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {
                             sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,
                                     VpnManager.ERROR_CLASS_RECOVERABLE,
                                     VpnManager.ERROR_CODE_NETWORK_PROTOCOL_TIMEOUT,
@@ -3024,7 +3024,7 @@ public class Vpn {
                     } else if (exception.getCause() instanceof IOException) {
                         // TODO(b/230548427): Remove SDK check once VPN related stuff are
                         //  decoupled from ConnectivityServiceTest.
-                        if (SdkLevel.isAtLeastT()) {
+                        if (SdkLevel.isAtLeastT() && isVpnApp(mPackage)) {
                             sendEventToVpnManagerApp(VpnManager.CATEGORY_EVENT_NETWORK_ERROR,
                                     VpnManager.ERROR_CLASS_RECOVERABLE,
                                     VpnManager.ERROR_CODE_NETWORK_IO,
author	lucaslin <lucaslin@google.com>	2022-07-25 15:07:52 +0800
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2022-09-02 02:54:13 +0000
commit	ff1c673515cb0f679e21b8d1df1d93f1e80cd586 (patch)
tree	7ac95735007d664cadefc0eb686d446a3c415ab8
parent	f600ab436176d973cea7aeae7ce77735c81d612e (diff)
download	base-ff1c673515cb0f679e21b8d1df1d93f1e80cd586.tar.gz