Fix ending up in blocked state when disabling split tunnel

[MarkusPettersson98]

Fix daemon ending up in blocked state if the user toggled split tunneling without having granted Full Disk Access to mullvad-daemon. This could only ever be accomplished from the CLI.

---

This change is 

[linear]

DES-1567 Connection still in blocked state after disabling split tunneling with FDA off

[Serock3]

Reviewed 3 of 3 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @MarkusPettersson98)

---

mullvad-daemon/src/lib.rs line 1558 at r1 (raw file):

                if cfg!(target_os = "macos") {
                    let split_tunnel_will_be_disabled = !state;
                    if split_tunnel_was_enabled && split_tunnel_will_be_disabled {

My understanding is that if you enable split tunneling without full disk access (via the CLI), you end up in the error state, not the blocked state. If so, could we add a check for being in the error state to this if-statement? That should make it less likely to trigger unnecessarily.

[MarkusPettersson98]

Reviewable status: 2 of 3 files reviewed, 1 unresolved discussion (waiting on @Serock3)

---

mullvad-daemon/src/lib.rs line 1558 at r1 (raw file):

Previously, Serock3 (Sebastian Holmin) wrote…

My understanding is that if you enable split tunneling without full disk access (via the CLI), you end up in the error state, not the blocked state. If so, could we add a check for being in the error state to this if-statement? That should make it less likely to trigger unnecessarily.

That makes sense! Good catch:)

[Serock3]

Reviewed 1 of 1 files at r2, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved

---

mullvad-daemon/src/lib.rs line 1550 at r2 (raw file):

                    .await
                    .map_err(Error::SettingsError);
                // If Full Disk Access (FDA) is disabled, we may want to reconnect after disabling

Nit 🙈 Maybe this could be worded in a way that make it a little more clear how you would end up the error state in the first place, before you try to disable full disk access?

E.g. "On macOS, if split tunneling is enabled without Full Disk Access then the user will enter the error state. This is only possible using either using the CLI or by disabling FDA after activating split tunneling. In these cases, we want to reconnect if split tunneling is disabled."

Or something. I'll leave it up to you if you want to change the text.

[MarkusPettersson98]

Reviewable status: 2 of 3 files reviewed, all discussions resolved (waiting on @Serock3)

---

mullvad-daemon/src/lib.rs line 1550 at r2 (raw file):

Previously, Serock3 (Sebastian Holmin) wrote…

Nit 🙈 Maybe this could be worded in a way that make it a little more clear how you would end up the error state in the first place, before you try to disable full disk access?

E.g. "On macOS, if split tunneling is enabled without Full Disk Access then the user will enter the error state. This is only possible using either using the CLI or by disabling FDA after activating split tunneling. In these cases, we want to reconnect if split tunneling is disabled."

Or something. I'll leave it up to you if you want to change the text.

Nice suggestion, done:)

[Serock3]

Well done! but make sure to test it if you haven't already

Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved

[olmoh]

Reviewed 2 of 3 files at r1, 1 of 1 files at r3, 1 of 1 files at r4, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved

[Serock3]

Reviewed all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved