From 99cc2d82d4c64947c0ae938f0479f0356ff2f355 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 19 Jun 2018 17:01:21 +0200
Subject: [PATCH] android: Exclude our own app from the VPN

Otherwise, a blocking VPN interface would prevent our fetcher from working
as we currently rely on an interface that doesn't allow access to the
underlying socket/FD, which would be required to call VpnService.protect().
---
 .../android/logic/CharonVpnService.java         | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
index 8d9284fcc5..ebccdc0602 100644
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
@@ -955,8 +955,23 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
 			mExcludedSubnets = IPRangeSet.fromString(profile.getExcludedSubnets());
 			Integer splitTunneling = profile.getSplitTunneling();
 			mSplitTunneling = splitTunneling != null ? splitTunneling : 0;
-			mAppHandling = profile.getSelectedAppsHandling();
+			SelectedAppsHandling appHandling = profile.getSelectedAppsHandling();
 			mSelectedApps = profile.getSelectedAppsSet();
+			/* exclude our own app, otherwise the fetcher is blocked */
+			switch (appHandling)
+			{
+				case SELECTED_APPS_DISABLE:
+					appHandling = SelectedAppsHandling.SELECTED_APPS_EXCLUDE;
+					mSelectedApps.clear();
+					/* fall-through */
+				case SELECTED_APPS_EXCLUDE:
+					mSelectedApps.add(getPackageName());
+					break;
+				case SELECTED_APPS_ONLY:
+					mSelectedApps.remove(getPackageName());
+					break;
+			}
+			mAppHandling = appHandling;
 		}
 
 		public void addAddress(String address, int prefixLength)