| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.cts.vpnfirewall; |
| |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.pm.PackageManager.NameNotFoundException; |
| import android.net.VpnService; |
| import android.os.Bundle; |
| import android.os.ParcelFileDescriptor; |
| import android.os.UserManager; |
| import android.text.TextUtils; |
| import android.util.Log; |
| |
| import java.io.IOException; |
| import java.net.InetAddress; |
| import java.net.UnknownHostException; |
| |
| public class ReflectorVpnService extends VpnService { |
| |
| private static String TAG = "ReflectorVpnService"; |
| private static int MTU = 1799; |
| |
| private ParcelFileDescriptor mFd = null; |
| private PingReflector mPingReflector = null; |
| |
| public static final String RESTRICTION_ADDRESSES = "vpn.addresses"; |
| public static final String RESTRICTION_ROUTES = "vpn.routes"; |
| public static final String RESTRICTION_ALLOWED = "vpn.allowed"; |
| public static final String RESTRICTION_DISALLOWED = "vpn.disallowed"; |
| |
| @Override |
| public int onStartCommand(Intent intent, int flags, int startId) { |
| start(); |
| return START_NOT_STICKY; |
| } |
| |
| @Override |
| public void onDestroy() { |
| stop(); |
| super.onDestroy(); |
| } |
| |
| private void start() { |
| VpnService.prepare(this); |
| Builder builder = new Builder(); |
| |
| final UserManager um = (UserManager) getSystemService(Context.USER_SERVICE); |
| final Bundle restrictions = um.getApplicationRestrictions(getPackageName()); |
| |
| String[] addressArray = restrictions.getStringArray(RESTRICTION_ADDRESSES); |
| if (addressArray == null) { |
| // Addresses for IPv4/IPv6 documentation purposes according to rfc5737/rfc3849. |
| addressArray = new String[] {"192.0.2.3/32", "2001:db8:1:2::/128"}; |
| }; |
| for (int i = 0; i < addressArray.length; i++) { |
| String[] prefixAndMask = addressArray[i].split("/"); |
| try { |
| InetAddress address = InetAddress.getByName(prefixAndMask[0]); |
| int prefixLength = Integer.parseInt(prefixAndMask[1]); |
| builder.addAddress(address, prefixLength); |
| } catch (NumberFormatException | UnknownHostException e) { |
| Log.w(TAG, "Ill-formed address: " + addressArray[i]); |
| continue; |
| } |
| } |
| |
| String[] routeArray = restrictions.getStringArray(RESTRICTION_ROUTES); |
| if (routeArray == null) { |
| routeArray = new String[] {"0.0.0.0/0", "::/0"}; |
| } |
| for (int i = 0; i < routeArray.length; i++) { |
| String[] prefixAndMask = routeArray[i].split("/"); |
| try { |
| InetAddress address = InetAddress.getByName(prefixAndMask[0]); |
| int prefixLength = Integer.parseInt(prefixAndMask[1]); |
| builder.addRoute(address, prefixLength); |
| } catch (NumberFormatException | UnknownHostException e) { |
| Log.w(TAG, "Ill-formed route: " + routeArray[i]); |
| continue; |
| } |
| } |
| |
| String[] allowedArray = restrictions.getStringArray(RESTRICTION_ALLOWED); |
| if (allowedArray != null) { |
| for (int i = 0; i < allowedArray.length; i++) { |
| String allowedPackage = allowedArray[i]; |
| if (!TextUtils.isEmpty(allowedPackage)) { |
| try { |
| builder.addAllowedApplication(allowedPackage); |
| } catch(NameNotFoundException e) { |
| Log.w(TAG, "Allowed package not found: " + allowedPackage); |
| continue; |
| } |
| } |
| } |
| } |
| |
| String[] disallowedArray = restrictions.getStringArray(RESTRICTION_DISALLOWED); |
| if (disallowedArray != null) { |
| for (int i = 0; i < disallowedArray.length; i++) { |
| String disallowedPackage = disallowedArray[i]; |
| if (!TextUtils.isEmpty(disallowedPackage)) { |
| try { |
| builder.addDisallowedApplication(disallowedPackage); |
| } catch(NameNotFoundException e) { |
| Log.w(TAG, "Disallowed package not found: " + disallowedPackage); |
| continue; |
| } |
| } |
| } |
| } |
| |
| builder.setMtu(MTU); |
| builder.setBlocking(true); |
| builder.setSession(TAG); |
| |
| mFd = builder.establish(); |
| if (mFd == null) { |
| Log.e(TAG, "Unable to establish file descriptor for VPN connection"); |
| return; |
| } |
| Log.i(TAG, "Established, fd=" + mFd.getFd()); |
| |
| mPingReflector = new PingReflector(mFd.getFileDescriptor(), MTU); |
| mPingReflector.start(); |
| } |
| |
| private void stop() { |
| if (mPingReflector != null) { |
| mPingReflector.interrupt(); |
| mPingReflector = null; |
| } |
| try { |
| if (mFd != null) { |
| Log.i(TAG, "Closing filedescriptor"); |
| mFd.close(); |
| } |
| } catch(IOException e) { |
| Log.w(TAG, "Closing filedescriptor failed", e); |
| } finally { |
| mFd = null; |
| } |
| } |
| } |