b21298a686b04d55ff97223dd317497845713f4b |
|
10-Feb-2015 |
Jeff Davidson <jpd@google.com> |
Do not enforce CONTROL_VPN for calls from lockdown VPN. Clearly document which methods in Vpn.java are designed to be used to service a Binder call, and which must therefore check permissions and clear the calling identity, and which methods are designed for internal use only and which therefore need not check permission. Add a new startLegacyVpnPrivileged method which bypasses the permission checks, to be used by lockdown VPN which is a trusted system service. Ensure that the existing startLegacyVpn method checks permissions as this is used whenever we respond to a binder call. Bug: 19311172 Change-Id: I34f13258ee7481f1356bc523124cf5db068b4972
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
ad4cd0c01966017e2f51ec3d23d06de3874f100c |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Allow root and system to bypass the always-on VPN firewall rules This is needed to allow the always-on VPN to survive network switches. In L, network switches are graceful, and in order to switch to a network, the system first has to validate it using DNS requests (from netd, running as root) and HTTP requests (from NetworkMonitor, running inside the system_server). This should also allow always-on VPN to work on networks like T-Mobile that use 464xlat, fixing a bug that has been present since K. Bug: 9597277 Bug: 17695048 Change-Id: I0daa5707f2139339f9ececde0e73aac3bf23fdc3
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
02c7abac856c3e94f4a2714d673cefb65c55efb7 |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Don't make lockdown VPN source firewall rules over-broad. Currently, the lockdown VPN adds firewall allow rules matching the whole subnet that the server assigned, so for example if the VPN server assigns it the IP address 10.1.23.5/8, it will allow the whole of 10.0.0.0/8 to pass the firewall. This is needlessly overbroad and has a particularly bad corner case where if the prefix length is 0, everything is allowed. Bug: 17695048 Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
0cb7903ddedbbb8a8171926e4460b74af589369d |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Propagate network state changes to the LockdownVpnTracker. Bug: 17695048 Change-Id: I10378df0ab545729a6a315fd1bc8870cd98f47b3
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
05542603dd4f1e0ea47a3dca01de3999a9a329a9 |
|
11-Aug-2014 |
Jeff Davidson <jpd@google.com> |
Less intrusive VPN dialog and other UX tweaks. -The ability to launch VPNs is now sticky; once approved by the user, further approvals are not needed UNLESS the connection is revoked in Quick Settings. -The old persistent notification has been removed in favor of the new Quick Settings UI. -The name of the VPN app is now pulled from the label of the VPN service rather than the app itself, if one is set. Bug: 12878887 Bug: 16578022 Change-Id: I102a14c05db26ee3aef030cda971e5165f078a91
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
255dd04271088590fedc46c8e22b2fd4ab142d39 |
|
19-Aug-2014 |
Selim Cinek <cinek@google.com> |
Added notification color to all system notifications Bug: 17128331 Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
9158825f9c41869689d6b1786d7c7aa8bdd524ce |
|
22-Nov-2013 |
Amith Yamasani <yamasani@google.com> |
Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|