1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.settings.vpn2; 18 19 import android.app.Dialog; 20 import android.app.settings.SettingsEnums; 21 import android.content.Context; 22 import android.content.DialogInterface; 23 import android.net.VpnManager; 24 import android.os.Bundle; 25 import android.os.RemoteException; 26 import android.os.UserHandle; 27 import android.security.Credentials; 28 import android.security.LegacyVpnProfileStore; 29 import android.util.Log; 30 import android.view.View; 31 import android.widget.Toast; 32 33 import androidx.appcompat.app.AlertDialog; 34 35 import com.android.internal.net.LegacyVpnInfo; 36 import com.android.internal.net.VpnProfile; 37 import com.android.settings.R; 38 import com.android.settings.core.instrumentation.InstrumentedDialogFragment; 39 40 /** 41 * Fragment wrapper around a {@link ConfigDialog}. 42 */ 43 public class ConfigDialogFragment extends InstrumentedDialogFragment implements 44 DialogInterface.OnClickListener, DialogInterface.OnShowListener, View.OnClickListener, 45 ConfirmLockdownFragment.ConfirmLockdownListener { 46 private static final String TAG_CONFIG_DIALOG = "vpnconfigdialog"; 47 private static final String TAG = "ConfigDialogFragment"; 48 49 private static final String ARG_PROFILE = "profile"; 50 private static final String ARG_EDITING = "editing"; 51 private static final String ARG_EXISTS = "exists"; 52 53 private Context mContext; 54 private VpnManager mService; 55 56 57 @Override getMetricsCategory()58 public int getMetricsCategory() { 59 return SettingsEnums.DIALOG_LEGACY_VPN_CONFIG; 60 } 61 show(VpnSettings parent, VpnProfile profile, boolean edit, boolean exists)62 public static void show(VpnSettings parent, VpnProfile profile, boolean edit, boolean exists) { 63 if (!parent.isAdded()) return; 64 65 Bundle args = new Bundle(); 66 args.putParcelable(ARG_PROFILE, profile); 67 args.putBoolean(ARG_EDITING, edit); 68 args.putBoolean(ARG_EXISTS, exists); 69 70 final ConfigDialogFragment frag = new ConfigDialogFragment(); 71 frag.setArguments(args); 72 frag.setTargetFragment(parent, 0); 73 frag.show(parent.getFragmentManager(), TAG_CONFIG_DIALOG); 74 } 75 76 @Override onAttach(final Context context)77 public void onAttach(final Context context) { 78 super.onAttach(context); 79 mContext = context; 80 mService = context.getSystemService(VpnManager.class); 81 } 82 83 @Override onCreateDialog(Bundle savedInstanceState)84 public Dialog onCreateDialog(Bundle savedInstanceState) { 85 Bundle args = getArguments(); 86 VpnProfile profile = (VpnProfile) args.getParcelable(ARG_PROFILE); 87 boolean editing = args.getBoolean(ARG_EDITING); 88 boolean exists = args.getBoolean(ARG_EXISTS); 89 90 final Dialog dialog = new ConfigDialog(getActivity(), this, profile, editing, exists); 91 dialog.setOnShowListener(this); 92 return dialog; 93 } 94 95 /** 96 * Override for the default onClick handler which also calls dismiss(). 97 * 98 * @see DialogInterface.OnClickListener#onClick(DialogInterface, int) 99 */ 100 @Override onShow(DialogInterface dialogInterface)101 public void onShow(DialogInterface dialogInterface) { 102 ((AlertDialog) getDialog()).getButton(AlertDialog.BUTTON_POSITIVE).setOnClickListener(this); 103 } 104 105 @Override onClick(View positiveButton)106 public void onClick(View positiveButton) { 107 onClick(getDialog(), AlertDialog.BUTTON_POSITIVE); 108 } 109 110 @Override onConfirmLockdown(Bundle options, boolean isAlwaysOn, boolean isLockdown)111 public void onConfirmLockdown(Bundle options, boolean isAlwaysOn, boolean isLockdown) { 112 VpnProfile profile = (VpnProfile) options.getParcelable(ARG_PROFILE); 113 connect(profile, isAlwaysOn); 114 dismiss(); 115 } 116 117 @Override onClick(DialogInterface dialogInterface, int button)118 public void onClick(DialogInterface dialogInterface, int button) { 119 ConfigDialog dialog = (ConfigDialog) getDialog(); 120 if (dialog == null) { 121 Log.e(TAG, "ConfigDialog object is null"); 122 return; 123 } 124 VpnProfile profile = dialog.getProfile(); 125 126 if (button == DialogInterface.BUTTON_POSITIVE) { 127 if (!dialog.validate()) return; 128 // Possibly throw up a dialog to explain lockdown VPN. 129 final boolean shouldLockdown = dialog.isVpnAlwaysOn(); 130 final boolean shouldConnect = shouldLockdown || !dialog.isEditing(); 131 final boolean wasLockdown = VpnUtils.isAnyLockdownActive(mContext); 132 try { 133 final boolean replace = VpnUtils.isVpnActive(mContext); 134 if (shouldConnect && !isConnected(profile) && 135 ConfirmLockdownFragment.shouldShow(replace, wasLockdown, shouldLockdown)) { 136 final Bundle opts = new Bundle(); 137 opts.putParcelable(ARG_PROFILE, profile); 138 ConfirmLockdownFragment.show(this, replace, /* alwaysOn */ shouldLockdown, 139 /* from */ wasLockdown, /* to */ shouldLockdown, opts); 140 } else if (shouldConnect) { 141 connect(profile, shouldLockdown); 142 } else { 143 save(profile, false); 144 } 145 } catch (RemoteException e) { 146 Log.w(TAG, "Failed to check active VPN state. Skipping.", e); 147 } 148 } else if (button == DialogInterface.BUTTON_NEUTRAL) { 149 // Disable profile if connected 150 if (!disconnect(profile)) { 151 Log.e(TAG, "Failed to disconnect VPN. Leaving profile in keystore."); 152 return; 153 } 154 155 // Delete from profile store. 156 LegacyVpnProfileStore.remove(Credentials.VPN + profile.key); 157 158 updateLockdownVpn(false, profile); 159 } 160 dismiss(); 161 } 162 163 @Override onCancel(DialogInterface dialog)164 public void onCancel(DialogInterface dialog) { 165 dismiss(); 166 super.onCancel(dialog); 167 } 168 updateLockdownVpn(boolean isVpnAlwaysOn, VpnProfile profile)169 private void updateLockdownVpn(boolean isVpnAlwaysOn, VpnProfile profile) { 170 // Save lockdown vpn 171 if (isVpnAlwaysOn) { 172 // Show toast if vpn profile is not valid 173 if (!profile.isValidLockdownProfile()) { 174 Toast.makeText(mContext, R.string.vpn_lockdown_config_error, 175 Toast.LENGTH_LONG).show(); 176 return; 177 } 178 179 mService.setAlwaysOnVpnPackageForUser(UserHandle.myUserId(), null, 180 /* lockdownEnabled */ false, /* lockdownAllowlist */ null); 181 VpnUtils.setLockdownVpn(mContext, profile.key); 182 } else { 183 // update only if lockdown vpn has been changed 184 if (VpnUtils.isVpnLockdown(profile.key)) { 185 VpnUtils.clearLockdownVpn(mContext); 186 } 187 } 188 } 189 save(VpnProfile profile, boolean lockdown)190 private void save(VpnProfile profile, boolean lockdown) { 191 LegacyVpnProfileStore.put(Credentials.VPN + profile.key, profile.encode()); 192 193 // Flush out old version of profile 194 disconnect(profile); 195 196 // Notify lockdown VPN that the profile has changed. 197 updateLockdownVpn(lockdown, profile); 198 } 199 connect(VpnProfile profile, boolean lockdown)200 private void connect(VpnProfile profile, boolean lockdown) { 201 save(profile, lockdown); 202 203 // Now try to start the VPN - this is not necessary if the profile is set as lockdown, 204 // because just saving the profile in this mode will start a connection. 205 if (!VpnUtils.isVpnLockdown(profile.key)) { 206 VpnUtils.clearLockdownVpn(mContext); 207 try { 208 mService.startLegacyVpn(profile); 209 } catch (IllegalStateException e) { 210 Toast.makeText(mContext, R.string.vpn_no_network, Toast.LENGTH_LONG).show(); 211 } catch (UnsupportedOperationException e) { 212 Log.e(TAG, "Attempted to start an unsupported VPN type."); 213 final AlertDialog unusedDialog = new AlertDialog.Builder(mContext) 214 .setMessage(R.string.vpn_start_unsupported) 215 .setPositiveButton(android.R.string.ok, null) 216 .show(); 217 } 218 } 219 } 220 221 /** 222 * Ensure that the VPN profile pointed at by {@param profile} is disconnected. 223 * 224 * @return {@code true} iff this VPN profile is no longer connected. Note that another profile 225 * may still be active - this function will then do nothing but still return success. 226 */ disconnect(VpnProfile profile)227 private boolean disconnect(VpnProfile profile) { 228 try { 229 if (!isConnected(profile)) { 230 return true; 231 } 232 return VpnUtils.disconnectLegacyVpn(getContext()); 233 } catch (RemoteException e) { 234 Log.e(TAG, "Failed to disconnect", e); 235 return false; 236 } 237 } 238 isConnected(VpnProfile profile)239 private boolean isConnected(VpnProfile profile) throws RemoteException { 240 LegacyVpnInfo connected = mService.getLegacyVpnInfo(UserHandle.myUserId()); 241 return connected != null && profile.key.equals(connected.key); 242 } 243 } 244