Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | package com.android.systemui.statusbar.policy; |
| 17 | |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 18 | import android.app.ActivityManager; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 19 | import android.app.admin.DevicePolicyManager; |
| 20 | import android.content.Context; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 21 | import android.content.pm.PackageManager.NameNotFoundException; |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 22 | import android.content.pm.UserInfo; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 23 | import android.net.ConnectivityManager; |
| 24 | import android.net.ConnectivityManager.NetworkCallback; |
| 25 | import android.net.IConnectivityManager; |
Jason Monk | 92b5c81 | 2014-08-21 13:44:18 -0400 | [diff] [blame] | 26 | import android.net.Network; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 27 | import android.net.NetworkCapabilities; |
| 28 | import android.net.NetworkRequest; |
| 29 | import android.os.RemoteException; |
| 30 | import android.os.ServiceManager; |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 31 | import android.os.UserHandle; |
| 32 | import android.os.UserManager; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 33 | import android.text.TextUtils; |
| 34 | import android.util.Log; |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 35 | import android.util.SparseArray; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 36 | |
| 37 | import com.android.internal.net.VpnConfig; |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 38 | import com.android.internal.net.VpnInfo; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 39 | |
| 40 | import java.io.FileDescriptor; |
| 41 | import java.io.PrintWriter; |
| 42 | import java.util.ArrayList; |
| 43 | |
| 44 | public class SecurityControllerImpl implements SecurityController { |
| 45 | |
| 46 | private static final String TAG = "SecurityController"; |
| 47 | private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG); |
| 48 | |
| 49 | private static final NetworkRequest REQUEST = new NetworkRequest.Builder() |
| 50 | .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN) |
| 51 | .removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_RESTRICTED) |
| 52 | .removeCapability(NetworkCapabilities.NET_CAPABILITY_TRUSTED) |
| 53 | .build(); |
Jason Monk | 92b5c81 | 2014-08-21 13:44:18 -0400 | [diff] [blame] | 54 | private static final int NO_NETWORK = -1; |
| 55 | |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 56 | private final Context mContext; |
| 57 | private final ConnectivityManager mConnectivityManager; |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 58 | private final IConnectivityManager mConnectivityManagerService; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 59 | private final DevicePolicyManager mDevicePolicyManager; |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 60 | private final UserManager mUserManager; |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 61 | private final ArrayList<SecurityControllerCallback> mCallbacks |
| 62 | = new ArrayList<SecurityControllerCallback>(); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 63 | |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 64 | private SparseArray<Boolean> mCurrentVpnUsers = new SparseArray<>(); |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 65 | private int mCurrentUserId; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 66 | |
| 67 | public SecurityControllerImpl(Context context) { |
| 68 | mContext = context; |
| 69 | mDevicePolicyManager = (DevicePolicyManager) |
| 70 | context.getSystemService(Context.DEVICE_POLICY_SERVICE); |
| 71 | mConnectivityManager = (ConnectivityManager) |
| 72 | context.getSystemService(Context.CONNECTIVITY_SERVICE); |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 73 | mConnectivityManagerService = IConnectivityManager.Stub.asInterface( |
| 74 | ServiceManager.getService(Context.CONNECTIVITY_SERVICE)); |
| 75 | mUserManager = (UserManager) |
| 76 | context.getSystemService(Context.USER_SERVICE); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 77 | |
| 78 | // TODO: re-register network callback on user change. |
| 79 | mConnectivityManager.registerNetworkCallback(REQUEST, mNetworkCallback); |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 80 | mCurrentUserId = ActivityManager.getCurrentUser(); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 81 | } |
| 82 | |
| 83 | public void dump(FileDescriptor fd, PrintWriter pw, String[] args) { |
| 84 | pw.println("SecurityController state:"); |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 85 | pw.print(" mCurrentVpnUsers=" + mCurrentVpnUsers); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 86 | } |
| 87 | |
| 88 | @Override |
| 89 | public boolean hasDeviceOwner() { |
| 90 | return !TextUtils.isEmpty(mDevicePolicyManager.getDeviceOwner()); |
| 91 | } |
| 92 | |
| 93 | @Override |
| 94 | public String getDeviceOwnerName() { |
| 95 | return mDevicePolicyManager.getDeviceOwnerName(); |
| 96 | } |
| 97 | |
| 98 | @Override |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 99 | public boolean hasProfileOwner() { |
| 100 | boolean result = false; |
| 101 | for (UserInfo profile : mUserManager.getProfiles(mCurrentUserId)) { |
| 102 | result |= (mDevicePolicyManager.getProfileOwnerAsUser(profile.id) != null); |
| 103 | } |
| 104 | return result; |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 105 | } |
| 106 | |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 107 | @Override |
| 108 | public String getProfileOwnerName() { |
| 109 | for (UserInfo profile : mUserManager.getProfiles(mCurrentUserId)) { |
| 110 | String name = mDevicePolicyManager.getProfileOwnerNameAsUser(profile.id); |
| 111 | if (name != null) { |
| 112 | return name; |
| 113 | } |
| 114 | } |
| 115 | return null; |
| 116 | } |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 117 | |
| 118 | @Override |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 119 | public boolean isVpnEnabled() { |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 120 | return mCurrentVpnUsers.get(mCurrentUserId) != null; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 121 | } |
| 122 | |
| 123 | @Override |
Jason Monk | 3128f12 | 2014-09-03 13:18:57 -0400 | [diff] [blame] | 124 | public void removeCallback(SecurityControllerCallback callback) { |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 125 | if (callback == null) return; |
| 126 | if (DEBUG) Log.d(TAG, "removeCallback " + callback); |
| 127 | mCallbacks.remove(callback); |
| 128 | } |
| 129 | |
| 130 | @Override |
Jason Monk | 3128f12 | 2014-09-03 13:18:57 -0400 | [diff] [blame] | 131 | public void addCallback(SecurityControllerCallback callback) { |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 132 | if (callback == null || mCallbacks.contains(callback)) return; |
| 133 | if (DEBUG) Log.d(TAG, "addCallback " + callback); |
| 134 | mCallbacks.add(callback); |
| 135 | } |
| 136 | |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 137 | @Override |
| 138 | public void onUserSwitched(int newUserId) { |
| 139 | mCurrentUserId = newUserId; |
| 140 | fireCallbacks(); |
| 141 | } |
| 142 | |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 143 | private void fireCallbacks() { |
Selim Cinek | 24ac55e | 2014-08-27 12:51:45 +0200 | [diff] [blame] | 144 | for (SecurityControllerCallback callback : mCallbacks) { |
| 145 | callback.onStateChanged(); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 146 | } |
| 147 | } |
| 148 | |
| 149 | private void updateState() { |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 150 | // Find all users with an active VPN |
| 151 | SparseArray<Boolean> vpnUsers = new SparseArray<>(); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 152 | try { |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 153 | for (VpnInfo vpn : mConnectivityManagerService.getAllVpnInfo()) { |
| 154 | UserInfo user = mUserManager.getUserInfo(UserHandle.getUserId(vpn.ownerUid)); |
| 155 | int groupId = (user.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID ? |
| 156 | user.profileGroupId : user.id); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 157 | |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 158 | vpnUsers.put(groupId, Boolean.TRUE); |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 159 | } |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 160 | } catch (RemoteException rme) { |
| 161 | // Roll back to previous state |
| 162 | Log.e(TAG, "Unable to list active VPNs", rme); |
| 163 | return; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 164 | } |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 165 | mCurrentVpnUsers = vpnUsers; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 166 | } |
| 167 | |
| 168 | private final NetworkCallback mNetworkCallback = new NetworkCallback() { |
Jason Monk | 92b5c81 | 2014-08-21 13:44:18 -0400 | [diff] [blame] | 169 | @Override |
| 170 | public void onAvailable(Network network) { |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 171 | if (DEBUG) Log.d(TAG, "onAvailable " + network.netId); |
| 172 | updateState(); |
| 173 | fireCallbacks(); |
Jason Monk | 92b5c81 | 2014-08-21 13:44:18 -0400 | [diff] [blame] | 174 | }; |
| 175 | |
| 176 | // TODO Find another way to receive VPN lost. This may be delayed depending on |
| 177 | // how long the VPN connection is held on to. |
| 178 | @Override |
| 179 | public void onLost(Network network) { |
| 180 | if (DEBUG) Log.d(TAG, "onLost " + network.netId); |
Robin Lee | 9cb1d5f | 2015-04-16 17:01:49 +0100 | [diff] [blame] | 181 | updateState(); |
| 182 | fireCallbacks(); |
Jason Monk | 92b5c81 | 2014-08-21 13:44:18 -0400 | [diff] [blame] | 183 | }; |
Jason Monk | 3d5f551 | 2014-07-25 11:17:28 -0400 | [diff] [blame] | 184 | }; |
| 185 | |
| 186 | } |