Disallow non-VPN tethering upstreams on always-on VPN lockdown mode
* This ensures that the Hotspot "Allow clients to use VPN" option respects the VPN "Block connections without VPN" option, to avoid any leaks. Issue: calyxos#555 Change-Id: Ibd690c605a3d87e3c493550039a65862be16848b Signed-off-by: Mohammad Hasan Keramat J <ikeramat@protonmail.com>
This commit is contained in:
parent
a43a85926c
commit
83fae94950
|
@ -91,6 +91,7 @@ public class UpstreamNetworkMonitor {
|
|||
private static final boolean VDBG = false;
|
||||
|
||||
// Copied from frameworks/base/core/java/android/provider/Settings.java
|
||||
private static final String ALWAYS_ON_VPN_LOCKDOWN = "always_on_vpn_lockdown";
|
||||
private static final String TETHERING_ALLOW_VPN_UPSTREAMS = "tethering_allow_vpn_upstreams";
|
||||
|
||||
public static final int EVENT_ON_CAPABILITIES = 1;
|
||||
|
@ -360,8 +361,13 @@ public class UpstreamNetworkMonitor {
|
|||
*/
|
||||
public UpstreamNetworkState getCurrentPreferredUpstream() {
|
||||
// Use VPN upstreams if hotspot settings allow.
|
||||
if (mTetheringUpstreamVpn != null && isAllowedToUseVpnUpstreams()) {
|
||||
if (isAllowedToUseVpnUpstreams()) {
|
||||
if (mTetheringUpstreamVpn != null) {
|
||||
return mNetworkMap.get(mTetheringUpstreamVpn);
|
||||
} else if (Settings.Secure.getInt(mContext.getContentResolver(),
|
||||
ALWAYS_ON_VPN_LOCKDOWN, 0) == 1) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
final UpstreamNetworkState dfltState = (mDefaultInternetNetwork != null)
|
||||
? mNetworkMap.get(mDefaultInternetNetwork)
|
||||
|
|
Loading…
Reference in New Issue