| b2053114562830369a9d060e79f0c9eff4be27e7 |
|
20-Jan-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Use the proper IpPrefix and LinkAddress constructors in VPN code.
This simplifies the code, and also makes it possible for
users to point multicast routes at the VPN. The LinkAddress
objects we were previously using to construct the RouteInfo do
not accept these, but IpPrefix objects do.
Bug: 18485968
Change-Id: Ie914a2eb359b78161810ee473df725059f944f4e
/frameworks/base/core/java/android/net/VpnService.java
|
| 9e956e9b9aefa3eb30dd2268f7fd347c42e43bce |
|
03-Dec-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix docs per API review.
Bug: 18573918
Change-Id: I639fe2ce40cdef57d904b9ad1ebb28db7d057144
/frameworks/base/core/java/android/net/VpnService.java
|
| 88d2a3c0e1b4a8c53a489db5d627beb80b1b9957 |
|
23-Nov-2014 |
Jeff Sharkey <jsharkey@android.com> |
Introduce revision codes for split APKs.
Apps delivered as multiple split APKs must have identical package
names, version code, and signatures. However, developers may want
to iterate quickly on a subset of splits without having to increment
the version code, which would require delivery of the entire app.
This change introduces "revision codes" which can vary between
split APKs belonging to the same app. An install is valid as long
as the normal version code is identical across all splits. Splits
can be added/removed to an app over time, but if a split is present
across an upgrade the revision code must not decrease.
Since system apps could have been updated with splits, only revert
to the built-in APKs if the version code is strictly greater than the
data version. Also fix bug to enable inheriting from system apps
when adding splits.
Bug: 18481866
Change-Id: I34d8e14c141a8eb95c33ffe24b4e52d6af5c8260
/frameworks/base/core/java/android/net/VpnService.java
|
| c2c0beab79a907f63e109eefe2a5aabcf2e3fd8f |
|
12-Nov-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to specify their underlying networks.
These are used when responding to getActiveNetworkInfo() (and cousins)
when an app is subject to the VPN.
Bug: 17460017
Change-Id: Ief7a840c760777a41d3358aa6b8e4cdd99c29f24
/frameworks/base/core/java/android/net/VpnService.java
|
| 9a1da68bf7980449a5ee5d6fa9d9686b04d667ff |
|
11-Nov-2014 |
Jeff Davidson <jpd@google.com> |
Expose a SystemApi method to prepare a VPN without consent.
This is NOT designed to be called normally. Most apps (even
system-privileged ones) should request user consent before launching a
VPN. However, it is needed to support flows where consent can be
obtained through other means external to the VPN flow itself.
The API requires a system-privileged permission, CONTROL_VPN.
Bug: 18327583
Change-Id: I1bcdcf0fb5707faeb861ec4535e7ccffea369ae7
/frameworks/base/core/java/android/net/VpnService.java
|
| 8afddbe7e91b0c91620c54ccbe057c32ca5dd6bf |
|
12-Sep-2014 |
Jeff Davidson <jpd@google.com> |
Merge "Update VpnService Javadoc to reflect new UX." into lmp-dev
|
| 6d6ea3b6be7c41e18a8f95499e2e31133465ae47 |
|
11-Sep-2014 |
Jeff Davidson <jpd@google.com> |
Update VpnService Javadoc to reflect new UX.
The major change is that consent is now "sticky" and lasts until the
user explicitly disables the VPN connection.
Bug: 17474362
Change-Id: Id4e7807e635bbfc7645741135209d46763e280f9
/frameworks/base/core/java/android/net/VpnService.java
|
| a1e06807eeb6587c3ea12778440226977d63b064 |
|
11-Sep-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Hide mutable VpnService APIs to add/remove IP addresses dynamically.
These APIs were added because we thought we needed them to provide
seamless transition from one server backend to another using local IP
addresses to distinguish between the backends. I.e., connections whose
local IP address was old would be routed to the old backend; connections
whose local IP address was new would be routed to the new backend.
It turns out that's not needed. VpnService already supports seamless
re-establishment, so VPNs just need to call establish() again with a
different IP address. I've verified with a custom VPN app that this
works, and can distinguish traffic based on the old and new addresses.
Nobody is using these APIs at the moment, so we could even consider
removing them altogether, but I prefer just hiding them, just in case.
Bug: 15409819
Change-Id: I30949926a0f859c9d839981ccbc5d8e1e535a3a5
/frameworks/base/core/java/android/net/VpnService.java
|
| 5b62d263a70ad7dceba7a488b11478ad3eaf3f45 |
|
26-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Merge "Implement VpnConfig.addAllowedApplication()." into lmp-dev
|
| fc4f721a87e58c2955628adddcb7dcd441d3196f |
|
25-Aug-2014 |
Robert Greenwalt <rgreenwalt@google.com> |
Update VPN whitelist/blacklist api docs.
Addressing what happens to unwhitelisted or blacklisted apps.
bug:17206162
Change-Id: I0b863946de277e6528675cc5412267a03f7b6841
/frameworks/base/core/java/android/net/VpnService.java
|
| 0784eeab28da094a87437ed454fe3dca01b1f9f2 |
|
19-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Implement VpnConfig.addAllowedApplication().
bug:17109588
bug:13651397
Change-Id: Ibb944794627117728373f0105e24f196f3eeb9e9
/frameworks/base/core/java/android/net/VpnService.java
|
| f4e0c0cb8ef22fdb20ae74b444c9f4b7d15ded8b |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to add/remove link addresses dynamically.
Bug: 15409819
Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8
/frameworks/base/core/java/android/net/VpnService.java
|
| 42065ac64cba166dc0fe602957ea8fe80bf406e2 |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Prohibit address families by default unless a VPN explicitly allows them.
Bug: 15972465
Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
/frameworks/base/core/java/android/net/VpnService.java
|
| 8cd33ed84e94036a5e1201485af7603dc6fb0d9b |
|
24-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement support for bypassable VPNs.
Bypassable VPNs grab all traffic by default (just like secure VPNs), but:
+ They allow all apps to choose other networks using the multinetwork APIs.
If these other networks are insecure ("untrusted"), they will enforce that the
app holds the necessary permissions, such as CHANGE_NETWORK_STATE.
+ They support consistent routing. If an app has an existing connection over
some other network when the bypassable VPN comes up, it's not interrupted.
Bug: 15347374
Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
/frameworks/base/core/java/android/net/VpnService.java
|
| 6bbf39cf6b81222f32d2b66b8fa85d562e0ad71c |
|
23-Jul-2014 |
Jeff Davidson <jpd@google.com> |
Implement VpnService.setBlocking().
Bug: 12879610
Change-Id: I3a0ad9eae5f7dd9c01f75b9da71810bad38f9fec
/frameworks/base/core/java/android/net/VpnService.java
|
| cc26b4cc09720906d5b277fccc62c31714749816 |
|
19-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPN interfaces to be put into blocking mode.
New API with stub implementation to be filled out later.
Bug: 12879610
Change-Id: Iff711994dec4598c74fe11447c8c670004c1188c
/frameworks/base/core/java/android/net/VpnService.java
|
| a9294eb1c9c090f5c896c0212efed0234678d970 |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow a VPN to be declared bypassable.
A VPN declared bypassable allows apps to use the new multinetwork APIs to
send/receive traffic directly over the underlying network, whereas without it,
traffic from those apps would be forced to go via the VPN.
Apps still need the right permissions to access the underlying network. For
example, if the underlying network is "untrusted", only apps with
CHANGE_NETWORK_STATE (or such permission) can actually use it directly.
New API with stub implementation to be filled out later.
Bug: 15347374
Change-Id: I8794715e024e08380a43f7a090613c5897611c5b
/frameworks/base/core/java/android/net/VpnService.java
|
| 633f0e875dd6bda31f575fe4bc0187e9f245403f |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Let VpnService specify a white/black list of apps that are allowed access.
New API with stub implementation to be filled out later.
Bug: 13651397
Change-Id: Ibabd6c22495ce58dc88142bb958c1ef12adcf78e
/frameworks/base/core/java/android/net/VpnService.java
|
| 1384605a89775dcaae48e8d5f0081143f896a8cb |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Update VpnService API documentation.
The goal of blocking an address family by default is to prevent unintended
security holes. For example, a VPN that only deals with IPv4 doesn't know or
care about IPv6 at all, so it doesn't do anything for IPv6. An app shouldn't be
able to get around (bypass) the VPN by using IPv6.
Therefore, it is not necessary to block an address family in removeAddress().
The VPN was clearly aware of the address family (since it had configured such an
address before), so if it wants to block that family, it should add a default
route for that family and explicitly drop/block/reject those packets.
Bug: 15972465
Bug: 15409819
Change-Id: I845426fa90dc2358d3e11bc601db0b4bd5d3b7ac
/frameworks/base/core/java/android/net/VpnService.java
|
| 6bc2c2c34f2b23eae79ad733c97a691734055c4f |
|
07-May-2014 |
Paul Jensen <pauljensen@google.com> |
Convert Vpn from NetworkStateTracker to NetworkAgent.
This eliminates the need for the ConnectivityService.VpnCallback class.
This requires shifting VPNs to the new "network" netd API.
VpnService.protect() is modified to no longer go through ConnectivityService.
NetworkCapabilities is extended to add a transport type for VPNs and a
capability requiring a non-VPN (so the default NetworkRequest isn't satisfied
by a VPN).
bug:15409918
Change-Id: Ic4498f1961582208add6f375ad16ce376ee9eb95
/frameworks/base/core/java/android/net/VpnService.java
|
| d7e71641f6ae7e372795c22fe293d63373a898d2 |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Block address families by default in VpnService.
If a VpnService only configures IPv4 addresses, routes and DNS servers, block
IPv6 by default, and vice versa. Also add an API to unblock a family without
needing to add an address, route or DNS server.
New API with stub implementation to be filled out later.
Bug: 15972465
Change-Id: I70d4d5c30ee71802610f6e16f100db6cbccef42c
/frameworks/base/core/java/android/net/VpnService.java
|
| 81c295e1c843612408d0de26fe383cebc0a80313 |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to dynamically add/remove IP addresses on their tun interface.
New API with stub implementation to be filled out later.
Bug: 15409819
Change-Id: Ic0d2d459953eac86832905115a0d413b9b0b2660
/frameworks/base/core/java/android/net/VpnService.java
|
| bcf12b302cd2715de54493808b2503de05c53757 |
|
11-Feb-2014 |
Chad Brubaker <cbrubaker@google.com> |
Remove SO_BINDTODEVICE from VPN protect
SO_BINDTODEVICE is not needed with policy routing.
SO_BINDTODEVICE was also used on the default iface which causes problems
when the default iface is IPv6 only and the socket tries to connect to a
IPv4 address.
Bug: 12940882
Change-Id: I5b2bde0ac5459433fc5749f509072a548532f730
/frameworks/base/core/java/android/net/VpnService.java
|
| 4ca19e8377f33e8a80684fb4ee67f5a4bdc9ea76 |
|
14-Jun-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add per user VPN support
VPNs are now per user instead of global. A VPN set by user A routes only
user A's traffic and no other user can access it.
Change-Id: Ia66463637b6bd088b05768076a1db897fe95c46c
/frameworks/base/core/java/android/net/VpnService.java
|
| fea17de7aaa5729d3111102b2734b158403d2780 |
|
11-Jun-2013 |
Jeff Sharkey <jsharkey@android.com> |
Explicit locale when formatting machine strings.
Bug: 9390451
Change-Id: I3581c53407554a1dffd541fb42b06d68f20a7be0
/frameworks/base/core/java/android/net/VpnService.java
|
| 3cd42dfd50adf8d78a9d4984957a96dec2ba13f4 |
|
28-Aug-2012 |
Johan Redestig <johan.redestig@sonymobile.com> |
Make addAddress locale safe
Using regular string concatenation to avoid unexpected
results in some locales.
Change-Id: I47dd5e174c4a2e88dc18e014002820cdbf63fcad
/frameworks/base/core/java/android/net/VpnService.java
|
| d0d85f26cb7287c63adf95bace098bc1af3fe4e8 |
|
09-Aug-2011 |
Chia-chi Yeh <chiachi@android.com> |
Unhide APIs for user space VPN.
Change-Id: I6f9ddb3fffe9e10cc2d34dda3ae8700b1af7e470
/frameworks/base/core/java/android/net/VpnService.java
|
| 199ed6ef89bd356895534ba09ac43ed340cd9a1a |
|
04-Aug-2011 |
Chia-chi Yeh <chiachi@android.com> |
VPN: introduce VpnService as the base class for user space VPN.
Change-Id: I4793a6eb51b33f669fc6d39e1a16cf5eb9e3d851
/frameworks/base/core/java/android/net/VpnService.java
|