1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77


ash / components / arc / net / always_on_vpn_manager.cc [blame]

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "ash/components/arc/net/always_on_vpn_manager.h"

#include <string>

#include "ash/components/arc/arc_prefs.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/values.h"
#include "chromeos/ash/components/network/network_configuration_handler.h"
#include "chromeos/ash/components/network/network_handler.h"
#include "third_party/cros_system_api/dbus/service_constants.h"

namespace arc {

AlwaysOnVpnManager::AlwaysOnVpnManager(PrefService* pref_service,
                                       bool delay_lockdown_until_vpn_connected)
    : delay_lockdown_until_vpn_connected_(delay_lockdown_until_vpn_connected) {
  registrar_.Init(pref_service);
  registrar_.Add(prefs::kAlwaysOnVpnPackage,
                 base::BindRepeating(&AlwaysOnVpnManager::OnPrefChanged,
                                     base::Unretained(this)));
  registrar_.Add(prefs::kAlwaysOnVpnLockdown,
                 base::BindRepeating(&AlwaysOnVpnManager::OnPrefChanged,
                                     base::Unretained(this)));
  // update once with values before we started listening
  OnPrefChanged();
}

AlwaysOnVpnManager::~AlwaysOnVpnManager() {
  std::string package =
      registrar_.prefs()->GetString(prefs::kAlwaysOnVpnPackage);
  bool lockdown = registrar_.prefs()->GetBoolean(prefs::kAlwaysOnVpnLockdown);
  if (lockdown && !package.empty()) {
    ash::NetworkHandler::Get()
        ->network_configuration_handler()
        ->SetManagerProperty(shill::kAlwaysOnVpnPackageProperty,
                             base::Value(std::string()));
  }
  registrar_.RemoveAll();
}

void AlwaysOnVpnManager::SetDelayLockdownUntilVpnConnectedState(bool enabled) {
  delay_lockdown_until_vpn_connected_ = enabled;
  OnPrefChanged();
}

base::WeakPtr<AlwaysOnVpnManager> AlwaysOnVpnManager::GetWeakPtr() {
  return weak_ptr_factory_.GetWeakPtr();
}

void AlwaysOnVpnManager::OnPrefChanged() {
  std::string always_on_vpn_package;
  bool lockdown = registrar_.prefs()->GetBoolean(prefs::kAlwaysOnVpnLockdown);

  // Only enforce lockdown mode for user traffic on the platform if lockdown
  // mode is enabled for an Android VPN and the browser user traffic is not
  // restricted by the AlwaysOnVpnPreConnectUrlAllowlist preference.
  // Shill enables lockdown mode if the Always-on VPN package name property is
  // set, i.e Shill always assumes that lockdown mode is enabled if Android
  // Always-on is set.
  // TODO(b/188864779): Add a new Always-on VPN Shill property for Android VPN
  // which can be used in Shill to distinguish when lockdown is enabled or not.
  if (lockdown && !delay_lockdown_until_vpn_connected_) {
    always_on_vpn_package =
        registrar_.prefs()->GetString(prefs::kAlwaysOnVpnPackage);
  }
  ash::NetworkHandler::Get()
      ->network_configuration_handler()
      ->SetManagerProperty(shill::kAlwaysOnVpnPackageProperty,
                           base::Value(always_on_vpn_package));
}

}  // namespace arc