From 4ec62cf29118f01a069ccb6758cda1425792f1cd Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Fri, 2 Oct 2015 10:15:42 +0200
Subject: Make sure there is at least one app in the allowed app list, closes
 #397

---
 main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java | 11 +++++++++++
 main/src/main/res/values/strings.xml                          |  1 +
 2 files changed, 12 insertions(+)

diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index 9716f020..b88d7090 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -671,12 +671,14 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
 
     @TargetApi(Build.VERSION_CODES.LOLLIPOP)
     private void setAllowedVpnPackages(Builder builder) {
+        boolean atLeastOneAllowedApp=false;
         for (String pkg : mProfile.mAllowedAppsVpn) {
             try {
                 if (mProfile.mAllowedAppsVpnAreDisallowed) {
                     builder.addDisallowedApplication(pkg);
                 } else {
                     builder.addAllowedApplication(pkg);
+                    atLeastOneAllowedApp = true;
                 }
             } catch (PackageManager.NameNotFoundException e) {
                 mProfile.mAllowedAppsVpn.remove(pkg);
@@ -684,6 +686,15 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
             }
         }
 
+        if (!mProfile.mAllowedAppsVpnAreDisallowed && !atLeastOneAllowedApp) {
+            VpnStatus.logDebug(R.string.no_allowed_app, getPackageName());
+            try {
+                builder.addAllowedApplication(getPackageName());
+            } catch (PackageManager.NameNotFoundException e) {
+                VpnStatus.logError("This should not happen: " + e.getLocalizedMessage());
+            }
+        }
+
         if (mProfile.mAllowedAppsVpnAreDisallowed) {
             VpnStatus.logDebug(R.string.disallowed_vpn_apps_info, TextUtils.join(", ", mProfile.mAllowedAppsVpn));
         } else {
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index a4424277..3978c4d1 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -386,5 +386,6 @@
     <string name="lastdumpdate">(Last dump is %1$d:%2$dh old (%3$s))</string>
     <string name="clear_log_on_connect">Clear log on new connection</string>
     <string name="connect_timeout">Connect Timeout</string>
+    <string name="no_allowed_app">No allowed app app added. Addding ourselves (%s) to have at least one app in the allowed app list to not allow all apps</string>
 
 </resources>
-- 
cgit v1.2.3