1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.settings.vpn2;
18 
19 import android.app.Dialog;
20 import android.app.settings.SettingsEnums;
21 import android.content.Context;
22 import android.content.DialogInterface;
23 import android.net.VpnManager;
24 import android.os.Bundle;
25 import android.os.RemoteException;
26 import android.os.UserHandle;
27 import android.security.Credentials;
28 import android.security.LegacyVpnProfileStore;
29 import android.util.Log;
30 import android.view.View;
31 import android.widget.Toast;
32 
33 import androidx.appcompat.app.AlertDialog;
34 
35 import com.android.internal.net.LegacyVpnInfo;
36 import com.android.internal.net.VpnProfile;
37 import com.android.settings.R;
38 import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
39 
40 /**
41  * Fragment wrapper around a {@link ConfigDialog}.
42  */
43 public class ConfigDialogFragment extends InstrumentedDialogFragment implements
44         DialogInterface.OnClickListener, DialogInterface.OnShowListener, View.OnClickListener,
45         ConfirmLockdownFragment.ConfirmLockdownListener {
46     private static final String TAG_CONFIG_DIALOG = "vpnconfigdialog";
47     private static final String TAG = "ConfigDialogFragment";
48 
49     private static final String ARG_PROFILE = "profile";
50     private static final String ARG_EDITING = "editing";
51     private static final String ARG_EXISTS = "exists";
52 
53     private Context mContext;
54     private VpnManager mService;
55 
56 
57     @Override
getMetricsCategory()58     public int getMetricsCategory() {
59         return SettingsEnums.DIALOG_LEGACY_VPN_CONFIG;
60     }
61 
show(VpnSettings parent, VpnProfile profile, boolean edit, boolean exists)62     public static void show(VpnSettings parent, VpnProfile profile, boolean edit, boolean exists) {
63         if (!parent.isAdded()) return;
64 
65         Bundle args = new Bundle();
66         args.putParcelable(ARG_PROFILE, profile);
67         args.putBoolean(ARG_EDITING, edit);
68         args.putBoolean(ARG_EXISTS, exists);
69 
70         final ConfigDialogFragment frag = new ConfigDialogFragment();
71         frag.setArguments(args);
72         frag.setTargetFragment(parent, 0);
73         frag.show(parent.getFragmentManager(), TAG_CONFIG_DIALOG);
74     }
75 
76     @Override
onAttach(final Context context)77     public void onAttach(final Context context) {
78         super.onAttach(context);
79         mContext = context;
80         mService = context.getSystemService(VpnManager.class);
81     }
82 
83     @Override
onCreateDialog(Bundle savedInstanceState)84     public Dialog onCreateDialog(Bundle savedInstanceState) {
85         Bundle args = getArguments();
86         VpnProfile profile = (VpnProfile) args.getParcelable(ARG_PROFILE);
87         boolean editing = args.getBoolean(ARG_EDITING);
88         boolean exists = args.getBoolean(ARG_EXISTS);
89 
90         final Dialog dialog = new ConfigDialog(getActivity(), this, profile, editing, exists);
91         dialog.setOnShowListener(this);
92         return dialog;
93     }
94 
95     /**
96      * Override for the default onClick handler which also calls dismiss().
97      *
98      * @see DialogInterface.OnClickListener#onClick(DialogInterface, int)
99      */
100     @Override
onShow(DialogInterface dialogInterface)101     public void onShow(DialogInterface dialogInterface) {
102         ((AlertDialog) getDialog()).getButton(AlertDialog.BUTTON_POSITIVE).setOnClickListener(this);
103     }
104 
105     @Override
onClick(View positiveButton)106     public void onClick(View positiveButton) {
107         onClick(getDialog(), AlertDialog.BUTTON_POSITIVE);
108     }
109 
110     @Override
onConfirmLockdown(Bundle options, boolean isAlwaysOn, boolean isLockdown)111     public void onConfirmLockdown(Bundle options, boolean isAlwaysOn, boolean isLockdown) {
112         VpnProfile profile = (VpnProfile) options.getParcelable(ARG_PROFILE);
113         connect(profile, isAlwaysOn);
114         dismiss();
115     }
116 
117     @Override
onClick(DialogInterface dialogInterface, int button)118     public void onClick(DialogInterface dialogInterface, int button) {
119         ConfigDialog dialog = (ConfigDialog) getDialog();
120         if (dialog == null) {
121             Log.e(TAG, "ConfigDialog object is null");
122             return;
123         }
124         VpnProfile profile = dialog.getProfile();
125 
126         if (button == DialogInterface.BUTTON_POSITIVE) {
127             // Possibly throw up a dialog to explain lockdown VPN.
128             final boolean shouldLockdown = dialog.isVpnAlwaysOn();
129             final boolean shouldConnect = shouldLockdown || !dialog.isEditing();
130             final boolean wasLockdown = VpnUtils.isAnyLockdownActive(mContext);
131             try {
132                 final boolean replace = VpnUtils.isVpnActive(mContext);
133                 if (shouldConnect && !isConnected(profile) &&
134                         ConfirmLockdownFragment.shouldShow(replace, wasLockdown, shouldLockdown)) {
135                     final Bundle opts = new Bundle();
136                     opts.putParcelable(ARG_PROFILE, profile);
137                     ConfirmLockdownFragment.show(this, replace, /* alwaysOn */ shouldLockdown,
138                            /* from */  wasLockdown, /* to */ shouldLockdown, opts);
139                 } else if (shouldConnect) {
140                     connect(profile, shouldLockdown);
141                 } else {
142                     save(profile, false);
143                 }
144             } catch (RemoteException e) {
145                 Log.w(TAG, "Failed to check active VPN state. Skipping.", e);
146             }
147         } else if (button == DialogInterface.BUTTON_NEUTRAL) {
148             // Disable profile if connected
149             if (!disconnect(profile)) {
150                 Log.e(TAG, "Failed to disconnect VPN. Leaving profile in keystore.");
151                 return;
152             }
153 
154             // Delete from profile store.
155             LegacyVpnProfileStore.remove(Credentials.VPN + profile.key);
156 
157             updateLockdownVpn(false, profile);
158         }
159         dismiss();
160     }
161 
162     @Override
onCancel(DialogInterface dialog)163     public void onCancel(DialogInterface dialog) {
164         dismiss();
165         super.onCancel(dialog);
166     }
167 
updateLockdownVpn(boolean isVpnAlwaysOn, VpnProfile profile)168     private void updateLockdownVpn(boolean isVpnAlwaysOn, VpnProfile profile) {
169         // Save lockdown vpn
170         if (isVpnAlwaysOn) {
171             // Show toast if vpn profile is not valid
172             if (!profile.isValidLockdownProfile()) {
173                 Toast.makeText(mContext, R.string.vpn_lockdown_config_error,
174                         Toast.LENGTH_LONG).show();
175                 return;
176             }
177 
178             mService.setAlwaysOnVpnPackageForUser(UserHandle.myUserId(), null,
179                     /* lockdownEnabled */ false, /* lockdownAllowlist */ null);
180             VpnUtils.setLockdownVpn(mContext, profile.key);
181         } else {
182             // update only if lockdown vpn has been changed
183             if (VpnUtils.isVpnLockdown(profile.key)) {
184                 VpnUtils.clearLockdownVpn(mContext);
185             }
186         }
187     }
188 
save(VpnProfile profile, boolean lockdown)189     private void save(VpnProfile profile, boolean lockdown) {
190         LegacyVpnProfileStore.put(Credentials.VPN + profile.key, profile.encode());
191 
192         // Flush out old version of profile
193         disconnect(profile);
194 
195         // Notify lockdown VPN that the profile has changed.
196         updateLockdownVpn(lockdown, profile);
197     }
198 
connect(VpnProfile profile, boolean lockdown)199     private void connect(VpnProfile profile, boolean lockdown) {
200         save(profile, lockdown);
201 
202         // Now try to start the VPN - this is not necessary if the profile is set as lockdown,
203         // because just saving the profile in this mode will start a connection.
204         if (!VpnUtils.isVpnLockdown(profile.key)) {
205             VpnUtils.clearLockdownVpn(mContext);
206             try {
207                 mService.startLegacyVpn(profile);
208             } catch (IllegalStateException e) {
209                 Toast.makeText(mContext, R.string.vpn_no_network, Toast.LENGTH_LONG).show();
210             } catch (UnsupportedOperationException e) {
211                 Log.e(TAG, "Attempted to start an unsupported VPN type.");
212                 final AlertDialog unusedDialog = new AlertDialog.Builder(mContext)
213                         .setMessage(R.string.vpn_start_unsupported)
214                         .setPositiveButton(android.R.string.ok, null)
215                         .show();
216             }
217         }
218     }
219 
220     /**
221      * Ensure that the VPN profile pointed at by {@param profile} is disconnected.
222      *
223      * @return {@code true} iff this VPN profile is no longer connected. Note that another profile
224      *         may still be active - this function will then do nothing but still return success.
225      */
disconnect(VpnProfile profile)226     private boolean disconnect(VpnProfile profile) {
227         try {
228             if (!isConnected(profile)) {
229                 return true;
230             }
231             return VpnUtils.disconnectLegacyVpn(getContext());
232         } catch (RemoteException e) {
233             Log.e(TAG, "Failed to disconnect", e);
234             return false;
235         }
236     }
237 
isConnected(VpnProfile profile)238     private boolean isConnected(VpnProfile profile) throws RemoteException {
239         LegacyVpnInfo connected = mService.getLegacyVpnInfo(UserHandle.myUserId());
240         return connected != null && profile.key.equals(connected.key);
241     }
242 }
243