1472c92128e01d38aa47915512eadb3da3d1c08d |
|
29-Jul-2015 |
Robin Lee <rgl@google.com> |
Fix funky javadoc Using @link for the first word of a @throws line is redundant and generates strange HTML where the row appears twice. See for example: http://developer.android.com/reference/android/net/VpnService.Builder.html#addAllowedApplication%28java.lang.String%29 Change-Id: I9c0bbe9156d292eb6f0e2e2ccb6dbcfef95bc312
/frameworks/base/core/java/android/net/VpnService.java
|
3b3dd942ec6a0beaccd1cef0723d72786435d8f3 |
|
12-May-2015 |
Robin Lee <rgl@google.com> |
Support cross-user VPN calls (with permission) Settings and SystemUI need to act on other users than USER_OWNER. This is gated by INTERACT_ACROSS_USERS_FULL in addition to the existing CONTROL_VPN checks, so the number of processes able to interfere with other profiles' VPNs should be quite small. Bug: 20692490 Bug: 20747154 Bug: 20872408 Change-Id: I6e5d7220f73435bec350719e7b4715935caf4e19
/frameworks/base/core/java/android/net/VpnService.java
|
72db88e46fba5f2581eb21c042dc79887cda1c10 |
|
10-Mar-2015 |
Paul Jensen <pauljensen@google.com> |
Deprecate static ConnectivityManager.get/setProcessDefaultNetwork() functions. These functions risk hitting an unchecked Exception due to ConnectivityManager not being instantiated yet. Also, change Network.openConnection() to throw a checked Exception rather than an unchecked Exception when ConnectivityManager is not yet instantiated. bug:19416463 Change-Id: Ie1e2b3238aec0343d267c76b64927073f2f05f85
/frameworks/base/core/java/android/net/VpnService.java
|
b2053114562830369a9d060e79f0c9eff4be27e7 |
|
20-Jan-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Use the proper IpPrefix and LinkAddress constructors in VPN code. This simplifies the code, and also makes it possible for users to point multicast routes at the VPN. The LinkAddress objects we were previously using to construct the RouteInfo do not accept these, but IpPrefix objects do. Bug: 18485968 Change-Id: Ie914a2eb359b78161810ee473df725059f944f4e
/frameworks/base/core/java/android/net/VpnService.java
|
9e956e9b9aefa3eb30dd2268f7fd347c42e43bce |
|
03-Dec-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix docs per API review. Bug: 18573918 Change-Id: I639fe2ce40cdef57d904b9ad1ebb28db7d057144
/frameworks/base/core/java/android/net/VpnService.java
|
88d2a3c0e1b4a8c53a489db5d627beb80b1b9957 |
|
23-Nov-2014 |
Jeff Sharkey <jsharkey@android.com> |
Introduce revision codes for split APKs. Apps delivered as multiple split APKs must have identical package names, version code, and signatures. However, developers may want to iterate quickly on a subset of splits without having to increment the version code, which would require delivery of the entire app. This change introduces "revision codes" which can vary between split APKs belonging to the same app. An install is valid as long as the normal version code is identical across all splits. Splits can be added/removed to an app over time, but if a split is present across an upgrade the revision code must not decrease. Since system apps could have been updated with splits, only revert to the built-in APKs if the version code is strictly greater than the data version. Also fix bug to enable inheriting from system apps when adding splits. Bug: 18481866 Change-Id: I34d8e14c141a8eb95c33ffe24b4e52d6af5c8260
/frameworks/base/core/java/android/net/VpnService.java
|
c2c0beab79a907f63e109eefe2a5aabcf2e3fd8f |
|
12-Nov-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to specify their underlying networks. These are used when responding to getActiveNetworkInfo() (and cousins) when an app is subject to the VPN. Bug: 17460017 Change-Id: Ief7a840c760777a41d3358aa6b8e4cdd99c29f24
/frameworks/base/core/java/android/net/VpnService.java
|
9a1da68bf7980449a5ee5d6fa9d9686b04d667ff |
|
11-Nov-2014 |
Jeff Davidson <jpd@google.com> |
Expose a SystemApi method to prepare a VPN without consent. This is NOT designed to be called normally. Most apps (even system-privileged ones) should request user consent before launching a VPN. However, it is needed to support flows where consent can be obtained through other means external to the VPN flow itself. The API requires a system-privileged permission, CONTROL_VPN. Bug: 18327583 Change-Id: I1bcdcf0fb5707faeb861ec4535e7ccffea369ae7
/frameworks/base/core/java/android/net/VpnService.java
|
8afddbe7e91b0c91620c54ccbe057c32ca5dd6bf |
|
12-Sep-2014 |
Jeff Davidson <jpd@google.com> |
Merge "Update VpnService Javadoc to reflect new UX." into lmp-dev
|
6d6ea3b6be7c41e18a8f95499e2e31133465ae47 |
|
11-Sep-2014 |
Jeff Davidson <jpd@google.com> |
Update VpnService Javadoc to reflect new UX. The major change is that consent is now "sticky" and lasts until the user explicitly disables the VPN connection. Bug: 17474362 Change-Id: Id4e7807e635bbfc7645741135209d46763e280f9
/frameworks/base/core/java/android/net/VpnService.java
|
a1e06807eeb6587c3ea12778440226977d63b064 |
|
11-Sep-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Hide mutable VpnService APIs to add/remove IP addresses dynamically. These APIs were added because we thought we needed them to provide seamless transition from one server backend to another using local IP addresses to distinguish between the backends. I.e., connections whose local IP address was old would be routed to the old backend; connections whose local IP address was new would be routed to the new backend. It turns out that's not needed. VpnService already supports seamless re-establishment, so VPNs just need to call establish() again with a different IP address. I've verified with a custom VPN app that this works, and can distinguish traffic based on the old and new addresses. Nobody is using these APIs at the moment, so we could even consider removing them altogether, but I prefer just hiding them, just in case. Bug: 15409819 Change-Id: I30949926a0f859c9d839981ccbc5d8e1e535a3a5
/frameworks/base/core/java/android/net/VpnService.java
|
5b62d263a70ad7dceba7a488b11478ad3eaf3f45 |
|
26-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Merge "Implement VpnConfig.addAllowedApplication()." into lmp-dev
|
fc4f721a87e58c2955628adddcb7dcd441d3196f |
|
25-Aug-2014 |
Robert Greenwalt <rgreenwalt@google.com> |
Update VPN whitelist/blacklist api docs. Addressing what happens to unwhitelisted or blacklisted apps. bug:17206162 Change-Id: I0b863946de277e6528675cc5412267a03f7b6841
/frameworks/base/core/java/android/net/VpnService.java
|
0784eeab28da094a87437ed454fe3dca01b1f9f2 |
|
19-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Implement VpnConfig.addAllowedApplication(). bug:17109588 bug:13651397 Change-Id: Ibb944794627117728373f0105e24f196f3eeb9e9
/frameworks/base/core/java/android/net/VpnService.java
|
f4e0c0cb8ef22fdb20ae74b444c9f4b7d15ded8b |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to add/remove link addresses dynamically. Bug: 15409819 Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8
/frameworks/base/core/java/android/net/VpnService.java
|
42065ac64cba166dc0fe602957ea8fe80bf406e2 |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Prohibit address families by default unless a VPN explicitly allows them. Bug: 15972465 Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
/frameworks/base/core/java/android/net/VpnService.java
|
8cd33ed84e94036a5e1201485af7603dc6fb0d9b |
|
24-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement support for bypassable VPNs. Bypassable VPNs grab all traffic by default (just like secure VPNs), but: + They allow all apps to choose other networks using the multinetwork APIs. If these other networks are insecure ("untrusted"), they will enforce that the app holds the necessary permissions, such as CHANGE_NETWORK_STATE. + They support consistent routing. If an app has an existing connection over some other network when the bypassable VPN comes up, it's not interrupted. Bug: 15347374 Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
/frameworks/base/core/java/android/net/VpnService.java
|
6bbf39cf6b81222f32d2b66b8fa85d562e0ad71c |
|
23-Jul-2014 |
Jeff Davidson <jpd@google.com> |
Implement VpnService.setBlocking(). Bug: 12879610 Change-Id: I3a0ad9eae5f7dd9c01f75b9da71810bad38f9fec
/frameworks/base/core/java/android/net/VpnService.java
|
cc26b4cc09720906d5b277fccc62c31714749816 |
|
19-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPN interfaces to be put into blocking mode. New API with stub implementation to be filled out later. Bug: 12879610 Change-Id: Iff711994dec4598c74fe11447c8c670004c1188c
/frameworks/base/core/java/android/net/VpnService.java
|
a9294eb1c9c090f5c896c0212efed0234678d970 |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow a VPN to be declared bypassable. A VPN declared bypassable allows apps to use the new multinetwork APIs to send/receive traffic directly over the underlying network, whereas without it, traffic from those apps would be forced to go via the VPN. Apps still need the right permissions to access the underlying network. For example, if the underlying network is "untrusted", only apps with CHANGE_NETWORK_STATE (or such permission) can actually use it directly. New API with stub implementation to be filled out later. Bug: 15347374 Change-Id: I8794715e024e08380a43f7a090613c5897611c5b
/frameworks/base/core/java/android/net/VpnService.java
|
633f0e875dd6bda31f575fe4bc0187e9f245403f |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Let VpnService specify a white/black list of apps that are allowed access. New API with stub implementation to be filled out later. Bug: 13651397 Change-Id: Ibabd6c22495ce58dc88142bb958c1ef12adcf78e
/frameworks/base/core/java/android/net/VpnService.java
|
1384605a89775dcaae48e8d5f0081143f896a8cb |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Update VpnService API documentation. The goal of blocking an address family by default is to prevent unintended security holes. For example, a VPN that only deals with IPv4 doesn't know or care about IPv6 at all, so it doesn't do anything for IPv6. An app shouldn't be able to get around (bypass) the VPN by using IPv6. Therefore, it is not necessary to block an address family in removeAddress(). The VPN was clearly aware of the address family (since it had configured such an address before), so if it wants to block that family, it should add a default route for that family and explicitly drop/block/reject those packets. Bug: 15972465 Bug: 15409819 Change-Id: I845426fa90dc2358d3e11bc601db0b4bd5d3b7ac
/frameworks/base/core/java/android/net/VpnService.java
|
6bc2c2c34f2b23eae79ad733c97a691734055c4f |
|
07-May-2014 |
Paul Jensen <pauljensen@google.com> |
Convert Vpn from NetworkStateTracker to NetworkAgent. This eliminates the need for the ConnectivityService.VpnCallback class. This requires shifting VPNs to the new "network" netd API. VpnService.protect() is modified to no longer go through ConnectivityService. NetworkCapabilities is extended to add a transport type for VPNs and a capability requiring a non-VPN (so the default NetworkRequest isn't satisfied by a VPN). bug:15409918 Change-Id: Ic4498f1961582208add6f375ad16ce376ee9eb95
/frameworks/base/core/java/android/net/VpnService.java
|
d7e71641f6ae7e372795c22fe293d63373a898d2 |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Block address families by default in VpnService. If a VpnService only configures IPv4 addresses, routes and DNS servers, block IPv6 by default, and vice versa. Also add an API to unblock a family without needing to add an address, route or DNS server. New API with stub implementation to be filled out later. Bug: 15972465 Change-Id: I70d4d5c30ee71802610f6e16f100db6cbccef42c
/frameworks/base/core/java/android/net/VpnService.java
|
81c295e1c843612408d0de26fe383cebc0a80313 |
|
10-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to dynamically add/remove IP addresses on their tun interface. New API with stub implementation to be filled out later. Bug: 15409819 Change-Id: Ic0d2d459953eac86832905115a0d413b9b0b2660
/frameworks/base/core/java/android/net/VpnService.java
|
bcf12b302cd2715de54493808b2503de05c53757 |
|
11-Feb-2014 |
Chad Brubaker <cbrubaker@google.com> |
Remove SO_BINDTODEVICE from VPN protect SO_BINDTODEVICE is not needed with policy routing. SO_BINDTODEVICE was also used on the default iface which causes problems when the default iface is IPv6 only and the socket tries to connect to a IPv4 address. Bug: 12940882 Change-Id: I5b2bde0ac5459433fc5749f509072a548532f730
/frameworks/base/core/java/android/net/VpnService.java
|
4ca19e8377f33e8a80684fb4ee67f5a4bdc9ea76 |
|
14-Jun-2013 |
Chad Brubaker <cbrubaker@google.com> |
Add per user VPN support VPNs are now per user instead of global. A VPN set by user A routes only user A's traffic and no other user can access it. Change-Id: Ia66463637b6bd088b05768076a1db897fe95c46c
/frameworks/base/core/java/android/net/VpnService.java
|
fea17de7aaa5729d3111102b2734b158403d2780 |
|
11-Jun-2013 |
Jeff Sharkey <jsharkey@android.com> |
Explicit locale when formatting machine strings. Bug: 9390451 Change-Id: I3581c53407554a1dffd541fb42b06d68f20a7be0
/frameworks/base/core/java/android/net/VpnService.java
|
3cd42dfd50adf8d78a9d4984957a96dec2ba13f4 |
|
28-Aug-2012 |
Johan Redestig <johan.redestig@sonymobile.com> |
Make addAddress locale safe Using regular string concatenation to avoid unexpected results in some locales. Change-Id: I47dd5e174c4a2e88dc18e014002820cdbf63fcad
/frameworks/base/core/java/android/net/VpnService.java
|
d0d85f26cb7287c63adf95bace098bc1af3fe4e8 |
|
09-Aug-2011 |
Chia-chi Yeh <chiachi@android.com> |
Unhide APIs for user space VPN. Change-Id: I6f9ddb3fffe9e10cc2d34dda3ae8700b1af7e470
/frameworks/base/core/java/android/net/VpnService.java
|
199ed6ef89bd356895534ba09ac43ed340cd9a1a |
|
04-Aug-2011 |
Chia-chi Yeh <chiachi@android.com> |
VPN: introduce VpnService as the base class for user space VPN. Change-Id: I4793a6eb51b33f669fc6d39e1a16cf5eb9e3d851
/frameworks/base/core/java/android/net/VpnService.java
|