Merge "Revert "Add APIs that allow to exclude routes from VPN"" am: da37e0f471 am: d48a67e944 am: 05fad87223

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1927301

Change-Id: I84505e56bfdb32ab4dc43559d56390d60bc1ff73

1 files changed, 17 insertions, 106 deletions

diff --git a/core/java/android/net/VpnService.java b/core/java/android/net/VpnService.java
index 1ae1b050d32f..2ced05693755 100644
--- a/core/java/android/net/VpnService.java
+++ b/core/java/android/net/VpnService.java
@@ -41,7 +41,6 @@ import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.os.UserHandle;
 
-import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.net.NetworkUtilsInternal;
 import com.android.internal.net.VpnConfig;
 
@@ -51,7 +50,6 @@ import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
@@ -473,13 +471,6 @@ public class VpnService extends Service {
         }
     }
 
-    private static void checkNonPrefixBytes(@NonNull InetAddress address, int prefixLength) {
-        final IpPrefix prefix = new IpPrefix(address, prefixLength);
-        if (!prefix.getAddress().equals(address)) {
-            throw new IllegalArgumentException("Bad address");
-        }
-    }
-
     /**
      * Helper class to create a VPN interface. This class should be always
      * used within the scope of the outer {@link VpnService}.
@@ -490,9 +481,9 @@ public class VpnService extends Service {
 
         private final VpnConfig mConfig = new VpnConfig();
         @UnsupportedAppUsage
-        private final List<LinkAddress> mAddresses = new ArrayList<>();
+        private final List<LinkAddress> mAddresses = new ArrayList<LinkAddress>();
         @UnsupportedAppUsage
-        private final List<RouteInfo> mRoutes = new ArrayList<>();
+        private final List<RouteInfo> mRoutes = new ArrayList<RouteInfo>();
 
         public Builder() {
             mConfig.user = VpnService.this.getClass().getName();
@@ -564,6 +555,7 @@ public class VpnService extends Service {
                 throw new IllegalArgumentException("Bad address");
             }
             mAddresses.add(new LinkAddress(address, prefixLength));
+            mConfig.updateAllowedFamilies(address);
             return this;
         }
 
@@ -587,68 +579,28 @@ public class VpnService extends Service {
          * Add a network route to the VPN interface. Both IPv4 and IPv6
          * routes are supported.
          *
-         * If a route with the same destination is already present, its type will be updated.
-         *
-         * @throws IllegalArgumentException if the route is invalid.
-         */
-        @NonNull
-        private Builder addRoute(@NonNull IpPrefix prefix, int type) {
-            check(prefix.getAddress(), prefix.getPrefixLength());
-
-            final RouteInfo newRoute = new RouteInfo(prefix, /* gateway */
-                    null, /* interface */ null, type);
-
-            final int index = findRouteIndexByDestination(newRoute);
-
-            if (index == -1) {
-                mRoutes.add(newRoute);
-            } else {
-                mRoutes.set(index, newRoute);
-            }
-
-            return this;
-        }
-
-        /**
-         * Add a network route to the VPN interface. Both IPv4 and IPv6
-         * routes are supported.
-         *
          * Adding a route implicitly allows traffic from that address family
          * (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
          *
-         * Calling this method overrides previous calls to {@link #excludeRoute} for the same
-         * destination.
-         *
-         * If multiple routes match the packet destination, route with the longest prefix takes
-         * precedence.
-         *
          * @throws IllegalArgumentException if the route is invalid.
          */
         @NonNull
         public Builder addRoute(@NonNull InetAddress address, int prefixLength) {
-            checkNonPrefixBytes(address, prefixLength);
-
-            return addRoute(new IpPrefix(address, prefixLength), RouteInfo.RTN_UNICAST);
-        }
+            check(address, prefixLength);
 
-        /**
-         * Add a network route to the VPN interface. Both IPv4 and IPv6
-         * routes are supported.
-         *
-         * Adding a route implicitly allows traffic from that address family
-         * (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
-         *
-         * Calling this method overrides previous calls to {@link #excludeRoute} for the same
-         * destination.
-         *
-         * If multiple routes match the packet destination, route with the longest prefix takes
-         * precedence.
-         *
-         * @throws IllegalArgumentException if the route is invalid.
-         */
-        @NonNull
-        public Builder addRoute(@NonNull IpPrefix prefix) {
-            return addRoute(prefix, RouteInfo.RTN_UNICAST);
+            int offset = prefixLength / 8;
+            byte[] bytes = address.getAddress();
+            if (offset < bytes.length) {
+                for (bytes[offset] <<= prefixLength % 8; offset < bytes.length; ++offset) {
+                    if (bytes[offset] != 0) {
+                        throw new IllegalArgumentException("Bad address");
+                    }
+                }
+            }
+            mRoutes.add(new RouteInfo(new IpPrefix(address, prefixLength), null, null,
+                RouteInfo.RTN_UNICAST));
+            mConfig.updateAllowedFamilies(address);
+            return this;
         }
 
         /**
@@ -659,12 +611,6 @@ public class VpnService extends Service {
          * Adding a route implicitly allows traffic from that address family
          * (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
          *
-         * Calling this method overrides previous calls to {@link #excludeRoute} for the same
-         * destination.
-         *
-         * If multiple routes match the packet destination, route with the longest prefix takes
-         * precedence.
-         *
          * @throws IllegalArgumentException if the route is invalid.
          * @see #addRoute(InetAddress, int)
          */
@@ -674,23 +620,6 @@ public class VpnService extends Service {
         }
 
         /**
-         * Exclude a network route from the VPN interface. Both IPv4 and IPv6
-         * routes are supported.
-         *
-         * Calling this method overrides previous calls to {@link #addRoute} for the same
-         * destination.
-         *
-         * If multiple routes match the packet destination, route with the longest prefix takes
-         * precedence.
-         *
-         * @throws IllegalArgumentException if the route is invalid.
-         */
-        @NonNull
-        public Builder excludeRoute(@NonNull IpPrefix prefix) {
-            return addRoute(prefix, RouteInfo.RTN_THROW);
-        }
-
-        /**
          * Add a DNS server to the VPN connection. Both IPv4 and IPv6
          * addresses are supported. If none is set, the DNS servers of
          * the default network will be used.
@@ -971,23 +900,5 @@ public class VpnService extends Service {
                 throw new IllegalStateException(e);
             }
         }
-
-        private int findRouteIndexByDestination(RouteInfo route) {
-            for (int i = 0; i < mRoutes.size(); i++) {
-                if (mRoutes.get(i).getDestination().equals(route.getDestination())) {
-                    return i;
-                }
-            }
-            return -1;
-        }
-
-        /**
-         * Method for testing, to observe mRoutes while builder is being used.
-         * @hide
-         */
-        @VisibleForTesting
-        public List<RouteInfo> routes() {
-            return Collections.unmodifiableList(mRoutes);
-        }
     }
 }