From 657656b4603ad158ba9477b8f266625f168d26e3 Mon Sep 17 00:00:00 2001 From: Chiachang Wang Date: Tue, 11 Jan 2022 17:09:47 +0800 Subject: Only set excludeLocalRoutes in the bypassable VpnProfile fromVpnProfile() will be called in the system server directly. If the input VpnProfile does not set excludeLocalRoute with a bypassable VPN, it will crash system server. Thus, only set the excludeLocalRoutes in the bypassable VpnProfile. Bug: 184750836 Test: atest FrameworksNetTests Change-Id: I311cc7e3c46ab4f6721f477f227e76ba4c0712f6 --- core/java/android/net/Ikev2VpnProfile.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/core/java/android/net/Ikev2VpnProfile.java b/core/java/android/net/Ikev2VpnProfile.java index 726d870c7761..1b5ab051610a 100644 --- a/core/java/android/net/Ikev2VpnProfile.java +++ b/core/java/android/net/Ikev2VpnProfile.java @@ -35,6 +35,7 @@ import android.annotation.Nullable; import android.annotation.RequiresFeature; import android.content.pm.PackageManager; import android.security.Credentials; +import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.net.VpnProfile; @@ -70,6 +71,7 @@ import java.util.Objects; * Exchange, Version 2 (IKEv2) */ public final class Ikev2VpnProfile extends PlatformVpnProfile { + private static final String TAG = Ikev2VpnProfile.class.getSimpleName(); /** Prefix for when a Private Key is an alias to look for in KeyStore @hide */ public static final String PREFIX_KEYSTORE_ALIAS = "KEYSTORE_ALIAS:"; /** Prefix for when a Private Key is stored directly in the profile @hide */ @@ -524,7 +526,10 @@ public final class Ikev2VpnProfile extends PlatformVpnProfile { throw new IllegalArgumentException("Invalid auth method set"); } - builder.setExcludeLocalRoutes(profile.excludeLocalRoutes); + if (profile.excludeLocalRoutes && !profile.isBypassable) { + Log.w(TAG, "ExcludeLocalRoutes should only be set in the bypassable VPN"); + } + builder.setExcludeLocalRoutes(profile.excludeLocalRoutes && profile.isBypassable); return builder.build(); } -- cgit v1.2.3-59-g8ed1b