Check legacy VPN is connected before alerting
Legacy VPN does nothing if the device has no underlying network
connection, so showing this warning in that case is confusing.
Conversely third-party VPN can still be dangerous since a malicious
app will store sensitive information and upload it later.
Bug: 21499103
Change-Id: I25a0d4e1e5b10198cb067f06645f0e5ecf81bf56
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
index b505d9d..6af9854 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/policy/SecurityControllerImpl.java
@@ -25,7 +25,9 @@
import android.net.IConnectivityManager;
import android.net.Network;
import android.net.NetworkCapabilities;
+import android.net.NetworkInfo;
import android.net.NetworkRequest;
+import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.UserHandle;
@@ -34,6 +36,7 @@
import android.util.Log;
import android.util.SparseArray;
+import com.android.internal.net.LegacyVpnInfo;
import com.android.internal.net.VpnConfig;
import com.android.internal.net.VpnInfo;
import com.android.systemui.R;
@@ -210,9 +213,17 @@
try {
for (UserInfo user : mUserManager.getUsers()) {
VpnConfig cfg = mConnectivityManagerService.getVpnConfig(user.id);
- if (cfg != null) {
- vpns.put(user.id, cfg);
+ if (cfg == null) {
+ continue;
+ } else if (cfg.legacy) {
+ // Legacy VPNs should do nothing if the network is disconnected. Third-party
+ // VPN warnings need to continue as traffic can still go to the app.
+ LegacyVpnInfo legacyVpn = mConnectivityManagerService.getLegacyVpnInfo(user.id);
+ if (legacyVpn == null || legacyVpn.state != LegacyVpnInfo.STATE_CONNECTED) {
+ continue;
+ }
}
+ vpns.put(user.id, cfg);
}
} catch (RemoteException rme) {
// Roll back to previous state