Vpn allowBypass conundrum

#33 - when the Block connections without VPN is enabled in VPN settings, then  Allow-bypass in Settings Fragmentwill be disabled and the allow-bypass will be set to false regardless of the settings in the SettingsFragment while creating the VPN Builder.

app/src/main/java/com/celzero/bravedns/service/PersistentState.kt

@@ -477,7 +477,7 @@ class PersistentState {
  editor.apply()
  }
 
- fun setAllowByPass(context: Context, isEnabled : Boolean){
+ fun setAllowByPass(context: Context, isEnabled: Boolean){
  val editor: SharedPreferences.Editor = getUserPreferences(context).edit()
  editor.putBoolean(ALLOW_BYPASS, isEnabled)
  editor.apply()

app/src/main/java/com/celzero/bravedns/ui/SettingsFragment.kt

@@ -99,6 +99,7 @@ class SettingsFragment : Fragment() {
  private lateinit var autoStartSwitch: SwitchCompat
  private lateinit var killAppSwitch: SwitchCompat
  private lateinit var allowByPassSwitch: SwitchCompat
+ private lateinit var allowByPassDescText : TextView
  private lateinit var allowByPassProgressBar: ProgressBar
 
  //private lateinit var alwaysOnSwitch: SwitchCompat
@@ -144,6 +145,7 @@ class SettingsFragment : Fragment() {
  companion object {
  var enqueue: Long = 0
  var downloadInProgress = -1
+ private const val FILE_LOG_TAG = "Settings"
  }
 
  private fun initView(view: View) {
@@ -179,6 +181,7 @@ class SettingsFragment : Fragment() {
  autoStartSwitch = view.findViewById(R.id.settings_activity_auto_start_switch)
  killAppSwitch = view.findViewById(R.id.settings_activity_kill_app_switch)
  allowByPassSwitch = view.findViewById(R.id.settings_activity_allow_bypass_switch)
+ allowByPassDescText = view.findViewById(R.id.settings_activity_allow_bypass_desc)
  allowByPassProgressBar = view.findViewById(R.id.settings_activity_allow_bypass_progress)
  allowByPassProgressBar.visibility = View.GONE
  //alwaysOnSwitch = view.findViewById(R.id.settings_activity_always_on_vpn_switch)
@@ -206,7 +209,7 @@ class SettingsFragment : Fragment() {
  } else {
  httpProxyContainer.visibility = View.GONE
  }
-
+ allowByPassSwitch.isChecked = PersistentState.getAllowByPass(requireContext())
  timeStamp = PersistentState.getLocalBlockListDownloadTime(requireContext())
 
  if(PersistentState.getDownloadSource(requireContext()) == DOWNLOAD_SOURCE_OTHERS){
@@ -241,7 +244,7 @@ class SettingsFragment : Fragment() {
  privateDNSSwitch.isChecked = PersistentState.getAllowPrivateDNS(requireContext())
  autoStartSwitch.isChecked = PersistentState.getPrefAutoStartBootUp(requireContext())
  killAppSwitch.isChecked = PersistentState.getKillAppOnFirewall(requireContext())
- allowByPassSwitch.isChecked = PersistentState.getAllowByPass(requireContext())
+
  socks5Switch.isChecked = PersistentState.getSocks5Enabled(requireContext())
  if (socks5Switch.isChecked) {
  val sock5Proxy = proxyEndpointRepository.getConnectedProxy()
@@ -282,6 +285,22 @@ class SettingsFragment : Fragment() {
 
  }
 
+ private fun detectLockDownMode() {
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+ val alwaysOn = android.provider.Settings.Secure.getString(requireContext().contentResolver, "always_on_vpn_app")
+ val lockDown = android.provider.Settings.Secure.getInt(requireContext().contentResolver, "always_on_vpn_lockdown", 0)
+ if (DEBUG) Log.d(LOG_TAG, "$FILE_LOG_TAG isLockDownEnabled - $lockDown , $alwaysOn")
+ if (lockDown != 0 && context?.packageName == alwaysOn) {
+ allowByPassSwitch.isEnabled = false
+ allowByPassDescText.text = getString(R.string.settings_allow_bypass_lockdown_desc)
+ } else {
+ allowByPassSwitch.isEnabled = true
+ allowByPassDescText.text = getString(R.string.settings_allow_bypass_desc)
+ }
+ }
+
+ }
+
  private fun initClickListeners() {
  refreshDataRL.setOnClickListener {
  refreshDatabase()
@@ -438,6 +457,7 @@ class SettingsFragment : Fragment() {
 
  override fun onResume() {
  super.onResume()
+ detectLockDownMode()
  if (PersistentState.isLocalBlockListEnabled(requireContext()) && PersistentState.isBlockListFilesDownloaded(requireContext()) && PersistentState.getLocalBlockListStamp(requireContext()).isNullOrEmpty()) {
  onDeviceBlockListDesc.text = "Configure blocklists"
  onDeviceBlockListProgress.visibility = View.GONE

app/src/main/java/com/celzero/bravedns/util/Constants.kt

@@ -63,7 +63,7 @@ class Constants {
 
  const val DELAY_FOR_BLOCK_RESPONSE : Long = 30000
  const val BACKGROUND_DELAY_CHECK : Long = 3000
- const val BACKGROUND_DELAY_CHECK_REMAINING : Long = 27000
+ const val BACKGROUND_DELAY_CHECK_REMAINING : Long = 24000
  const val BACKGROUND_DELAY_CHECK_3 : Long = 12000
 
  const val DNS_TYPE_DOH = 1

app/src/main/res/layout/activity_settings_screen.xml

@@ -296,6 +296,7 @@
  android:text="Allow Bypass" />
 
  <TextView
+ android:id="@+id/settings_activity_allow_bypass_desc"
  android:layout_width="wrap_content"
  android:layout_height="wrap_content"
  android:paddingTop="5dp"

app/src/main/res/values/strings.xml

@@ -375,6 +375,9 @@
  <string name="always_on_dialog_positive_btn">Go to Settings</string>
  <string name="always_on_dialog_negative_btn">Cancel</string>
 
+ <string name="settings_allow_bypass_desc">Allow requesting apps to bypass RethinkDNS firewall on-demand. Some audio/video conference apps like Zoom and WhatsApp may require an on-demand bypass to function properly.</string>
+ <string name="settings_allow_bypass_lockdown_desc">"Disabled. Settings->VPN->Block connections without VPN" is enabled for RethinkDNS, enabling the feature will block the internet connection of the apps which are trying to bypass the VPN.</string>
+
  <string name="system_apps_warning">Some system apps are critical to proper functioning of a device. Block them only if you know what you are doing.</string>
  <string name="system_components_warning">Some system components are critical to proper functioning of a device. Block them only if you know what you are doing.</string>