Cross Reference: /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java

History log of /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
9ff1a588786cb2963d76c75f3a077fc17fa1589c	10-Jun-2016	Robin Lee <rgl@google.com>	Move 'is already always-on' check into Vpn.java It's with the rest of the logic now and allows checking whether the lockdown state matches, too, which led to a lot of misunderstandings. Fix: 29199431 Change-Id: I94a2c38c4837f9c33b5b9c2becb52eeb7e2a2534 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
812800cb92090db31f609b907c4458ba76cf7f42	13-May-2016	Robin Lee <rgl@google.com>	Package changed/removed listeners for always-on VPN Fix 2 problems of always-on vpn after always-on package is removed 1. Prevent network being locked down (blocking all network traffic) Otherwise, user has no way to download the vpn app from Play Store, and never be able to gain control of the network again. 2. Allow user to connect other vpn app. Implementation 1. Switch off always-on mode if the package gets removed. 2. Restart always-on mode if the package gets replaced/upgraded. Bug: 29050764 Change-Id: Id3e389ae0b11c6002a5167919292d9634c2014cb /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
98a633a89cf3223f79ea625323ec2b91bee72584	27-May-2016	Victor Chang <vichang@google.com>	Fix VPN Request dialog appearing each time VPN is connecting cause: ConfirmDialog is shown when prepareVpn(package, null) returns false when the package is in always-on mode We added the code in ag/949136 to stop app replacing app currently set to always-on. Bug: 28941235 Change-Id: I370e56ad59332cc3fb722a98730fa73a97e26831 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
32ceb9c801a86f901ec8230eec301c30e1deff3b	27-May-2016	Robin Lee <rgl@google.com>	Merge "Move VPN restriction check into setup dialog" into nyc-dev
ebbcb54a4380239ea3d0c4d1a20cd6b3c9ec0590	24-May-2016	Robin Lee <rgl@google.com>	Check if we're connected before marking a UID blocked This kills the always-on test, and any third-party app that correctly checks whether it's blocked before attempting to make a connection. Only affects always-on VPN when lockdown=true. Bug: 28909500 Change-Id: I87aa9598d3872ae2ec409c2b19d73052c21ec878 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
628ae0d84180c5f7c52725e02506021e532ed252	20-May-2016	Robin Lee <rgl@google.com>	Move VPN restriction check into setup dialog The purpose of DISALLOW_CONFIG_VPN is to stop users from configuring VPN, not from using it at all. The key difference being that if the admin already enforced a VPN then that setting should be respected (but it still shouldn't be tamperable). Bug: 28733079 Change-Id: Ib8cab5657a9d5819a019093da3812cd8c2ca4050 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
17e6183b85ba3038acb935aaa01415058b2e6ddd	09-May-2016	Robin Lee <rgl@google.com>	Lock down networking when waiting for always-on Fix: 26694104 Fix: 27042309 Fix: 28335277 Change-Id: I47a4c9d2b98235195b1356af3dabf7235870e4fa /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
4d03abcd49af490dba3850d341b955dd72f24959	09-May-2016	Robin Lee <rgl@google.com>	Make some of the UID-based VPN code reusable By changing some member refs into arguments and having one of the functions create the UID range instead of adding to mVpnUsers. This will be useful for other layers of UID filtering like having UIDs explicitly blocked from the VPN. Deleted one broken line of code that cleared the status intent when a restricted profile is removed. Other than that, this commit shouldn't change any behaviour. If it does, that's a bug. Bug: 26694104 Change-Id: Ieb656835d3282a8ba63cc3f12a80bfae166bcf44 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
323f29df583e9338e3b2bf90fc8c0785a934a61b	04-May-2016	Robin Lee <rgl@google.com>	Start VPN as early as possible during startup - Switch from USER_STARTING to USER_STARTED which is the foreground version of the broadcast - Set the new VPN network as CONNECTING initially to avoid spamming apps with useless notifications ahead of the network being fully available Bug: 26694104 Fix: 28335277 Change-Id: I31d5260dda62ff440c31c44eb0aa5c891e2717e5 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
a0576c61d871c928826b3fcf96eaedc157bc3f04	06-Apr-2016	Robin Lee <rgl@google.com>	Merge "Disallow prepare()-ing over an always on VPN app" into nyc-dev
49d5a01e9b8ee73e8d03ae8bf0560ee15ac97e56	04-Mar-2016	Fyodor Kupolov <fkupolov@google.com>	Check VPN status when adding/removing restricted profiles Restricted profiles are tied to a VPN of the parent user. addVpnUserLocked/ removeVpnUserLocked should not be called for restricted profiles when VPN is not active, because they will throw an exception. Bug: 27296721 Change-Id: Ifcfaa85c12fbca1bbad81217c2f0d07a79347547 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
1b1bcd7b7370866bc00ce3361be8d5167bf3e28d	12-Feb-2016	Robin Lee <rgl@google.com>	Disallow prepare()-ing over an always on VPN app Bug: 27042309 Change-Id: I6aa069a91f20b645f4d23e796ea03b0355155c41 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
78378845ff64c11b688aaa784b01eef8616a690d	12-Feb-2016	Robin Lee <rgl@google.com>	Auto-call prepare() for new always-on VPNs Existing VPN apps don't tend to call prepare() inside their VpnService (they usually do that much earlier) so this eases the migration path quite a bit and gives the networking system an advance cue as to which app is about to take over. Bug: 26891808 Change-Id: Ibda40d11a7e6fa3e764c18fcc4d502c1a4959f9b /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
9a5f48535d5d2972308c06d81fd55adf7e44dc49	17-Dec-2015	Robin Lee <rgl@google.com>	[VPN] start lockdown before user is unlocked Removed the dependency on KeyStore encryption by removing that flag for VPN profiles which don't use secure credentials when saving in Settings. Old encrypted profiles will simply fail to load untile USER_PRESENT is sent, as before. Bug: 26108660 Change-Id: I2677d741d54252f15cb772c94ce1b39041f1e19c /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
b68d2d5b68dc58fb7b75ce94af74de58a1b9d3f9	14-Jan-2016	Robin Lee <rgl@google.com>	Merge "Always-on app VPNs"
244ce8ef5f201cf403bab43df8281671a9e94512	05-Jan-2016	Robin Lee <rgl@google.com>	Always-on app VPNs Bug: 22547950 Change-Id: I46b204170bfac58d944f39b22f815b080de71a58 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
e06b4d1d9f718b9fe02980fea794a36831a16db2	06-Jan-2016	Jeff Sharkey <jsharkey@android.com>	Consistent naming for PackageManager methods. When hidden PackageManager methods take a userId argument, they should be named explicitly with the "AsUser" suffix. This fixes several lagging examples so that we can pave the way to safely start passing flags to new methods without scary overloading. Also fix spacing issues in various logging statements. Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
1c36315a36962321dfe870b07e28b04a1d6777e9	02-Sep-2015	Fyodor Kupolov <fkupolov@google.com>	Fixed VPN support for restricted profiles in split system user model In a new split system user model, owner of a restricted profile is not limited to just user0. restrictedProfileParentId field should be used to get an owner. Bug: 22950929 Change-Id: I928319a9450e543972237a42267eb2404e117c83 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
bd0e03bb763ae7956ecba35fe5759d4b443158ca	21-Aug-2015	Xiaohui Chen <xiaohuic@google.com>	More USER_OWNER cleanup. Bug: 19913735 Change-Id: I408a92d9dbab2a096407efccb91e2a8bdc22714d /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
1b60d11b8f54f1ade45b80668601bc955041cf4f	02-Jul-2015	Lorenzo Colitti <lorenzo@google.com>	Make the VPN notice connectivity changes on stacked interfaces. Currently, the VPN code only looks at base interfaces, so if 464xlat is in use, it will never disconnect when its underlying network has disconnected. Use getAllInterfaceNames().contains() instead of just comparing the base interface name. Bug: 19336810 Change-Id: Id1ba2c80a09cec5098c6f512acdc0a05a939e9f3 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
3b3dd942ec6a0beaccd1cef0723d72786435d8f3	12-May-2015	Robin Lee <rgl@google.com>	Support cross-user VPN calls (with permission) Settings and SystemUI need to act on other users than USER_OWNER. This is gated by INTERACT_ACROSS_USERS_FULL in addition to the existing CONTROL_VPN checks, so the number of processes able to interfere with other profiles' VPNs should be quite small. Bug: 20692490 Bug: 20747154 Bug: 20872408 Change-Id: I6e5d7220f73435bec350719e7b4715935caf4e19 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
0a775ce9801f03071d1e9bcc177d79e6fe350702	28-Apr-2015	Jeff Davidson <jpd@google.com>	Ensure VPN consent is not revoked in prepare/establish. Covers cases where VPN is prepared, but the consent bit has been lost, e.g. because updates were uninstalled on the current VPN app. In this case we want prepare to re-trigger the consent flow, and we do not want establish() to work. So, when prepare(package, null) is called, as VpnService.prepare() will do, if we would have otherwise taken no action and returned true because the VPN was already prepared, we now check if package has lost its consent and unprepare the VPN (so that it can be prepared by the VpnSettings ConfirmDialog). Bug: 18491424 Change-Id: I8fa60dbc2b95e15f9ce61f9b7e6735db745babba /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
95778ffc58979d19ff9f4aaed396a6eca49cf698	06-Jan-2015	Nicolas Prevot <nprevot@google.com>	Fetch DISALLOW_CONFIG_VPN for the current user. The code did not specify the user in which to fetch the value of the restriction DISALLOW_CONFIG_VPN. Since it was called from the vpn service which lives in user 0, it would always fetch the value for user 0. BUG: 18902920 Change-Id: I89419976a8edcaa86ac8e545c64d10818cd42ddd /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
d69e4c1460017062e7c36be55801cb434ad19d97	24-Apr-2015	Dianne Hackborn <hackbod@google.com>	Update use of procstate for services. Now that we have a separate foreground service proc state (above a sleeping top app), update various system services to put their bindings into this state when appropriate. There are two new bind flags for this -- one that just always makes it a foreground service, another that only does it when the device is awake (useful for things like the wallpaper). And with all of that, tweak network policy manager to only include apps that are at least foreground service state when in power save and device idle modes. This will allow us to further reduce the set of apps that have network access (in particular not giving access to the current top app when the screen is off), hopefully leading to even better battery life. Change-Id: I91d85a5c5ed64e856149e9a5d94a634a7925ec7f /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
80047faad914c9b9b4966d6b58fc22800c3fcebc	15-Apr-2015	Vinit Deshpande <vinitd@google.com>	am b5e0cfb..557d2f5 from mirror-m-wireless-internal-release 557d2f5 Merge "Add ConnectivityManager.reportNetworkConnectivity() API" into m-wireless-dev ab5267a Fix onLost/onFound logic in isSettingsAndFilterComboAllowed bfd17b7 Add ConnectivityManager.reportNetworkConnectivity() API 238e0f9 OBEX Over L2CAP + SDP search API for BT profiles 31a94f4 Add ConnectivityManager.getActiveNetwork(). Rework NetID allocation in ConnectivityService so registerNetworkAgent() can return the allocated NetID. bf18bed Merge "Non-functional code cleanup of ConnectivityService." into m-wireless-dev db8784e Merge "Cleanup of Video Call pause functionality." into m-wireless-dev e75b9e3 Non-functional code cleanup of ConnectivityService. e593d0a Onfound onlost feature. 0326f58 Merge "API for config app." into m-wireless-dev e9b056f API for config app. d5351e7 RTT framework interface update 582b868 Unhide Network.openConnection(URL, Proxy). 0d719ca Fix typos in ConnectivityManager documentation. Change-Id: Ib4c88f6d7ad1b24227b032555c62a5804194384b
31a94f48bf8014cf6a1127bd23cf9a8541a9abed	13-Feb-2015	Paul Jensen <pauljensen@google.com>	Add ConnectivityManager.getActiveNetwork(). Rework NetID allocation in ConnectivityService so registerNetworkAgent() can return the allocated NetID. Bug: 19416463 Change-Id: I68e395552cf27422c80b4dfae5db5d56a0d68f5d /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
e75b9e355500b7c6a05e4d6ec54ef48835707caa	06-Apr-2015	Paul Jensen <pauljensen@google.com>	Non-functional code cleanup of ConnectivityService. 1. Remove ConnectivityService.findConnectionTypeForIface() as this can be done just as easily with supported APIs now. 2. Avoid making copies of Network objects as this precludes reuse of Network internals (e.g. socket factory, connection pool). Change-Id: I52f92e35d769d8350471f485e408169608630082 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
94b17bdd99e322eaed174604d23934600cf0380b	26-Mar-2015	Robert Greenwalt <rgreenwalt@google.com>	am 0a5abe58: am 727cac07: Merge "Add getLegacyVpnInfoPrivileged method" * commit '0a5abe58345404b1277eade547a54d67f8800190': Add getLegacyVpnInfoPrivileged method
08bbca040fa921b99493cd9967453ed90b1b710a	23-Mar-2015	sj.cha <sj.cha@lge.com>	Add getLegacyVpnInfoPrivileged method Follows the Google's permission check policy. Add a getLegacyVpnInfoPrivileged method which skips the permission check and change getLegacyVpnInfo to check the permission and then call getLegacyVpnInfoPrivileged. It is already checked in this commit : https://android-review.googlesource.com/#/c/141771/ Signed-off-by: SangJin Cha <sj.cha@lge.com> Change-Id: I83cfaedbd85745574f3ddf118b11b6e0415483c6 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
f5ea340aabee6e290448c8cc9fb0925da8b7db5e	04-Mar-2015	Wenchao Tong <tongwenchao@google.com>	NetworkStatsService to adjust VPN stats before recording. * Creates a new Parcelable class VpnInfo to hold required parameters for VPN stats adjustments. * ConnectivityService to collect infomation and provide a list of VpnInfo, one for each user. * NetworkStatsService passes the VpnInfo array to NetworkStatsRecorder. * NetworkStatsRecorder calls NetworkStats.migrateTun() to do the math. * Poll NetworkStats when the vpn application calls setUnderlyingNetworks(). Bug: 19536273 Change-Id: I7a4c7726b8243fead10416f7ec6eb5cf95f20183 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
08c7116ab9cd04ad6dd3c04aa1017237e7f409ac	28-Feb-2015	John Spurlock <jspurlock@google.com>	Remove unused imports in frameworks/base. Change-Id: I031443de83f93eb57a98863001826671b18f3b17 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
2d6063b63c786a87179b7822cc17c56581fa79b1	11-Feb-2015	Jeff Davidson <jpd@google.com>	am e4be48e0: am 50996a12: Merge "Do not enforce CONTROL_VPN for calls from lockdown VPN." into lmp-mr1-dev automerge: 46dbb5b * commit 'e4be48e0853bcde90d738031433271c5e41bd5e2': Do not enforce CONTROL_VPN for calls from lockdown VPN.
b21298a686b04d55ff97223dd317497845713f4b	10-Feb-2015	Jeff Davidson <jpd@google.com>	Do not enforce CONTROL_VPN for calls from lockdown VPN. Clearly document which methods in Vpn.java are designed to be used to service a Binder call, and which must therefore check permissions and clear the calling identity, and which methods are designed for internal use only and which therefore need not check permission. Add a new startLegacyVpnPrivileged method which bypasses the permission checks, to be used by lockdown VPN which is a trusted system service. Ensure that the existing startLegacyVpn method checks permissions as this is used whenever we respond to a binder call. Bug: 19311172 Change-Id: I34f13258ee7481f1356bc523124cf5db068b4972 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
c4c7231eb6d1efa9ecd7b693f8328a76a04e8bbb	08-Dec-2014	Paul Jensen <pauljensen@google.com>	Clear VPN config when VPN disconnects. This ensures ConnectivityService.getVpnConfig() returns null after a VPN disconnects. bug:18640307 Change-Id: I2238eabaf665cad0a4f4258add57611f2b450089 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
6ea4e11d9817d85eb5c0ff445154985e4eb0c534	24-Nov-2014	Jeff Davidson <jpd@google.com>	Merge "Don't enforce control permission when preparing consented VPN." into lmp-mr1-dev
11008a78b8e30910cedd8b8431980c7738183292	20-Nov-2014	Jeff Davidson <jpd@google.com>	Don't enforce control permission when preparing consented VPN. If a VPN app requests to be prepared and has already obtained user consent, there is no need to additionally enforce the control permission. We only need to enforce the control permission when a VPN is first being prepared, where such a preparation would bypass user consent. Also ensure that in this case, the VPN being prepared matches the calling app. Otherwise an app could prepare another pre-consented VPN, which is not particularly dangerous but is likely unexpected. Finally, remove misleading comment in ConnectivityService#prepareVpn. This method IS called from VpnService.prepare(), not only from system-privileged apps. Bug: 18442887 Change-Id: Ic3227c6c1c74312697f0576d3811b06692a4edff /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
c2c0beab79a907f63e109eefe2a5aabcf2e3fd8f	12-Nov-2014	Sreeram Ramachandran <sreeram@google.com>	Allow VPNs to specify their underlying networks. These are used when responding to getActiveNetworkInfo() (and cousins) when an app is subject to the VPN. Bug: 17460017 Change-Id: Ief7a840c760777a41d3358aa6b8e4cdd99c29f24 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
bc19c181c8c058c824e4fee907a05129e142c388	11-Nov-2014	Jeff Davidson <jpd@google.com>	Enforce VPN control "permission" with an actual permission. The current implementation uses a whitelist of package names. Use a system\|signature permission instead of rolling our own security and add that permission to the existing set of whitelisted packages (SystemUI and VpnDialogs). In addition to being less of a security risk (using well-known methods like Context.enforceCallingPermission rather than manually querying PackageManager and checking UIDs for package names), this enables other system-privileged apps to control VPN as needed per the below bug. Bug: 18327583 Change-Id: I38617965c40d62cf1ac28e3cb382c0877fb1275d /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
be08587510edbc149c841638db721eb97d2351b6	24-Oct-2014	Jeff Davidson <jpd@google.com>	Check UID instead of package name when preparing VPN. If a package is uninstalled and reinstalled, it should no longer be considered a prepared VPN in prepare(). While the package name remains constant in this case, the UID should not. Bug: 17980393 Change-Id: I29edf22ebe0550a7938d5a36c746c83dc068a0f9 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
60446165d8bd44f72cec8d0c5583a688369fa660	19-Sep-2014	Lorenzo Colitti <lorenzo@google.com>	Block address families with routes, not NetworkAgent side channel Now that we support unreachable routes, use those to block address families on VPNs. This is a much more elegant solution. Also update LinkProperties when IP addresses are added and removed, fixing a TODO. Bug: 17462989 Change-Id: Ib749d84710dca70d672350b9f129bb91419ec77e /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
5026279ce45ae78126046607a2634dc9dae93199	18-Sep-2014	Lorenzo Colitti <lorenzo@google.com>	Add a throw route to the VPN endpoint. Without this, legacy VPN types that don't send all traffic through a tun or ppp interface, but instead have the kernel apply IPsec transforms directly to the original packets, will try to send traffic to the VPN endpoint through the VPN, which will not work. Bug: 17462989 Change-Id: I3ebf0cec726dd12b2c57ba5d66775f8c02b25b70 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
0784eeab28da094a87437ed454fe3dca01b1f9f2	19-Aug-2014	Paul Jensen <pauljensen@google.com>	Implement VpnConfig.addAllowedApplication(). bug:17109588 bug:13651397 Change-Id: Ibb944794627117728373f0105e24f196f3eeb9e9 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
90b1b9f985a91fb54254705515f822b09c68ac26	22-Aug-2014	Jeff Davidson <jpd@google.com>	Restore legacy VPN stats dialog. Was originally removed in ag/522961, but restoring to keep legacy VPN behavior the same from within VpnSettings. This dialog is only accesible from VpnSettings and so should only ever be shown for legacy VPNs. Bug: 17164793 Change-Id: I06c4e136e1023b8f84edfd15a15264d2e41d325b /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
827296b7dd6689c14df1340f21a85e1f2f8d6844	21-Aug-2014	Lorenzo Colitti <lorenzo@google.com>	Merge "Update state to failed if the VPN fails to connect." into lmp-dev
438406092ed71c658bf5a4e6ae2e7282fc4fab4d	21-Aug-2014	Lorenzo Colitti <lorenzo@google.com>	Update state to failed if the VPN fails to connect. Without this, the VPN settings dialog stays in "Connecting..." forever. Bug: 17140195 Change-Id: I4771be464384b62114839523fb2a6b36aa6520ee /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
05542603dd4f1e0ea47a3dca01de3999a9a329a9	11-Aug-2014	Jeff Davidson <jpd@google.com>	Less intrusive VPN dialog and other UX tweaks. -The ability to launch VPNs is now sticky; once approved by the user, further approvals are not needed UNLESS the connection is revoked in Quick Settings. -The old persistent notification has been removed in favor of the new Quick Settings UI. -The name of the VPN app is now pulled from the label of the VPN service rather than the app itself, if one is set. Bug: 12878887 Bug: 16578022 Change-Id: I102a14c05db26ee3aef030cda971e5165f078a91 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
255dd04271088590fedc46c8e22b2fd4ab142d39	19-Aug-2014	Selim Cinek <cinek@google.com>	Added notification color to all system notifications Bug: 17128331 Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
e47df8466be991b187f445c8cf811891271051bf	30-Jul-2014	Jason Monk <jmonk@google.com>	Allow System UI access to VPN. Bug: 16153201 Change-Id: I5f5e9e0ed3e4e02d6a6995011356b350758f068d /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
f4e0c0cb8ef22fdb20ae74b444c9f4b7d15ded8b	27-Jul-2014	Sreeram Ramachandran <sreeram@google.com>	Allow VPNs to add/remove link addresses dynamically. Bug: 15409819 Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
42065ac64cba166dc0fe602957ea8fe80bf406e2	27-Jul-2014	Sreeram Ramachandran <sreeram@google.com>	Prohibit address families by default unless a VPN explicitly allows them. Bug: 15972465 Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
030a6b923400eada46220343b5e9681cd0a191b7	26-Jul-2014	Sreeram Ramachandran <sreeram@google.com>	Fix issues with noticing that a VPN interface is gone. The root cause of both bugs linked below is the same. In establish(), we call agentConnect(), which sets the state to CONNECTED. But right before returning from establish(), we set the state to AUTHENTICATING, which is a "CONNECTING" state. Later, when the interface is gone (either because the VpnService closed it, or because the process got killed), agentDisconnect() doesn't do anything because "isConnected()" is false. We could fix it by changing that to "isConnectedOrConnecting()", but I think a superior fix is to get rid of the bogus AUTHENTICATING state. It was added in http://ag/214042 two years ago, with a TODO saying to eventually make sure it becomes CONNECTED, but that never seems to have been followed up on. I don't see any use for this AUTHENTICATING state. Although I haven't tested it, code inspection suggests that the legacy VPN doesn't seem to care, and it sets its own states in execute() and such. Bug: 16495146 Bug: 16495887 Change-Id: Ie2a40aa1a8a173665d8b7aa9fab5ae6e800ba5fb /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
8cd33ed84e94036a5e1201485af7603dc6fb0d9b	24-Jul-2014	Sreeram Ramachandran <sreeram@google.com>	Implement support for bypassable VPNs. Bypassable VPNs grab all traffic by default (just like secure VPNs), but: + They allow all apps to choose other networks using the multinetwork APIs. If these other networks are insecure ("untrusted"), they will enforce that the app holds the necessary permissions, such as CHANGE_NETWORK_STATE. + They support consistent routing. If an app has an existing connection over some other network when the bypassable VPN comes up, it's not interrupted. Bug: 15347374 Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
6bbf39cf6b81222f32d2b66b8fa85d562e0ad71c	23-Jul-2014	Jeff Davidson <jpd@google.com>	Implement VpnService.setBlocking(). Bug: 12879610 Change-Id: I3a0ad9eae5f7dd9c01f75b9da71810bad38f9fec /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
03666c705ddabe0e7c5869ab69c2ca8b964164e9	20-Jul-2014	Sreeram Ramachandran <sreeram@google.com>	Cleanup: Delete dead code. Bug: 15413389 Change-Id: I315468832ef18ffc84174e54774ab63b86d284dc /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
6bc2c2c34f2b23eae79ad733c97a691734055c4f	07-May-2014	Paul Jensen <pauljensen@google.com>	Convert Vpn from NetworkStateTracker to NetworkAgent. This eliminates the need for the ConnectivityService.VpnCallback class. This requires shifting VPNs to the new "network" netd API. VpnService.protect() is modified to no longer go through ConnectivityService. NetworkCapabilities is extended to add a transport type for VPNs and a capability requiring a non-VPN (so the default NetworkRequest isn't satisfied by a VPN). bug:15409918 Change-Id: Ic4498f1961582208add6f375ad16ce376ee9eb95 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
8283f8802d7e4d78c7eb031ddac07a4cfdc30771	08-Jul-2014	Robert Greenwalt <rgreenwalt@google.com>	Remove dead code. Also adds a TYPE_VPN so the VPN can be strongly typed. Change-Id: Ibf39450c480f16ce5ab4c25b47965691b844fb92 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
f5116d01b20f21ba32cd9eaa3412daf97f41c623	01-Jul-2014	Julia Reynolds <juliacr@google.com>	Apply DISALLOW_CONFIG_VPN restriction to VPN. Bug: 16008760 Change-Id: I299d5f32d9b09c3abcc32f3e889a0187880621df /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
87f738d2787444854cd15695b599b84b25027167	24-Mar-2014	Chad Brubaker <cbrubaker@google.com>	am 51e93804: am 05e4dc96: am 850eb678: am eb3c0d9a: am 1aad3ad4: Merge "Fix support for simultaneous VPN tuns" into klp-dev * commit '51e938041e72f29c4e776a8627ea9d8a70d62728': Fix support for simultaneous VPN tuns
850eb678d7356ea60925dc6fa450e213d5cea2d5	21-Mar-2014	Chad Brubaker <cbrubaker@google.com>	am eb3c0d9a: am 1aad3ad4: Merge "Fix support for simultaneous VPN tuns" into klp-dev * commit 'eb3c0d9ac387bb0aea5b4956daac1403253bc76d': Fix support for simultaneous VPN tuns
7c2b1625d66d3c80c313160f78c8bccd9499539e	14-Mar-2014	Chad Brubaker <cbrubaker@google.com>	am 78f204ae: am 8e240af5: Merge "Remove SO_BINDTODEVICE from VPN protect" into klp-dev * commit '78f204aed8c0f3c8174616801d66f96a9a00a5fd': Remove SO_BINDTODEVICE from VPN protect
74f99a4e904af56a62f86b81831c23c763b6001e	13-Mar-2014	Chad Brubaker <cbrubaker@google.com>	am 7fb07438: am 674f85af: Merge "Only allow System apps to make VPN exempt routes" into klp-dev * commit '7fb074389370ac93afc5830189371dc3ec26265c': Only allow System apps to make VPN exempt routes
f87b2248497223a18ee0e5403967a5de55d8cbb5	28-Feb-2014	Chad Brubaker <cbrubaker@google.com>	Merge "Remove SO_BINDTODEVICE from VPN protect"
c023453a2b79b338aea36b48fd610a099379d34c	14-Feb-2014	Chad Brubaker <cbrubaker@google.com>	Only allow System apps to make VPN exempt routes requestRouteToHost will only allow system applications to make routes exempt from the VPN's routing rules. If a VPN is currently running and a non-system app requests a route it will only succeed if that host is currently covered by a VPN exempt routing rule. Otherwise it will fail. For example, if a VPN is running and the MMS network is brought online those routes will be added as VPN exempt. If an application then tries to request a route to a MMS endpoint it will succeed because the routes already exist. If an application tries to request a route to a host covered by the VPN the call will fail. Bug: 12937545 Change-Id: If7bcec91bbb96c62c8fb69748c975847e6c00b6f /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
bcf12b302cd2715de54493808b2503de05c53757	11-Feb-2014	Chad Brubaker <cbrubaker@google.com>	Remove SO_BINDTODEVICE from VPN protect SO_BINDTODEVICE is not needed with policy routing. SO_BINDTODEVICE was also used on the default iface which causes problems when the default iface is IPv6 only and the socket tries to connect to a IPv4 address. Bug: 12940882 Change-Id: I5b2bde0ac5459433fc5749f509072a548532f730 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
49782e46c0eb85a25ae2abcf80880c48dbab5aea	20-Dec-2013	Amith Yamasani <yamasani@google.com>	am 9158825f: Move some system services to separate directories * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
9158825f9c41869689d6b1786d7c7aa8bdd524ce	22-Nov-2013	Amith Yamasani <yamasani@google.com>	Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85 /frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java