9ff1a588786cb2963d76c75f3a077fc17fa1589c |
|
10-Jun-2016 |
Robin Lee <rgl@google.com> |
Move 'is already always-on' check into Vpn.java It's with the rest of the logic now and allows checking whether the lockdown state matches, too, which led to a lot of misunderstandings. Fix: 29199431 Change-Id: I94a2c38c4837f9c33b5b9c2becb52eeb7e2a2534
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
812800cb92090db31f609b907c4458ba76cf7f42 |
|
13-May-2016 |
Robin Lee <rgl@google.com> |
Package changed/removed listeners for always-on VPN Fix 2 problems of always-on vpn after always-on package is removed 1. Prevent network being locked down (blocking all network traffic) Otherwise, user has no way to download the vpn app from Play Store, and never be able to gain control of the network again. 2. Allow user to connect other vpn app. Implementation 1. Switch off always-on mode if the package gets removed. 2. Restart always-on mode if the package gets replaced/upgraded. Bug: 29050764 Change-Id: Id3e389ae0b11c6002a5167919292d9634c2014cb
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
98a633a89cf3223f79ea625323ec2b91bee72584 |
|
27-May-2016 |
Victor Chang <vichang@google.com> |
Fix VPN Request dialog appearing each time VPN is connecting cause: ConfirmDialog is shown when prepareVpn(package, null) returns false when the package is in always-on mode We added the code in ag/949136 to stop app replacing app currently set to always-on. Bug: 28941235 Change-Id: I370e56ad59332cc3fb722a98730fa73a97e26831
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
32ceb9c801a86f901ec8230eec301c30e1deff3b |
|
27-May-2016 |
Robin Lee <rgl@google.com> |
Merge "Move VPN restriction check into setup dialog" into nyc-dev
|
ebbcb54a4380239ea3d0c4d1a20cd6b3c9ec0590 |
|
24-May-2016 |
Robin Lee <rgl@google.com> |
Check if we're connected before marking a UID blocked This kills the always-on test, and any third-party app that correctly checks whether it's blocked before attempting to make a connection. Only affects always-on VPN when lockdown=true. Bug: 28909500 Change-Id: I87aa9598d3872ae2ec409c2b19d73052c21ec878
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
628ae0d84180c5f7c52725e02506021e532ed252 |
|
20-May-2016 |
Robin Lee <rgl@google.com> |
Move VPN restriction check into setup dialog The purpose of DISALLOW_CONFIG_VPN is to stop users from configuring VPN, not from using it at all. The key difference being that if the admin already enforced a VPN then that setting should be respected (but it still shouldn't be tamperable). Bug: 28733079 Change-Id: Ib8cab5657a9d5819a019093da3812cd8c2ca4050
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
17e6183b85ba3038acb935aaa01415058b2e6ddd |
|
09-May-2016 |
Robin Lee <rgl@google.com> |
Lock down networking when waiting for always-on Fix: 26694104 Fix: 27042309 Fix: 28335277 Change-Id: I47a4c9d2b98235195b1356af3dabf7235870e4fa
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
4d03abcd49af490dba3850d341b955dd72f24959 |
|
09-May-2016 |
Robin Lee <rgl@google.com> |
Make some of the UID-based VPN code reusable By changing some member refs into arguments and having one of the functions create the UID range instead of adding to mVpnUsers. This will be useful for other layers of UID filtering like having UIDs explicitly blocked from the VPN. Deleted one broken line of code that cleared the status intent when a restricted profile is removed. Other than that, this commit shouldn't change any behaviour. If it does, that's a bug. Bug: 26694104 Change-Id: Ieb656835d3282a8ba63cc3f12a80bfae166bcf44
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
323f29df583e9338e3b2bf90fc8c0785a934a61b |
|
04-May-2016 |
Robin Lee <rgl@google.com> |
Start VPN as early as possible during startup - Switch from USER_STARTING to USER_STARTED which is the foreground version of the broadcast - Set the new VPN network as CONNECTING initially to avoid spamming apps with useless notifications ahead of the network being fully available Bug: 26694104 Fix: 28335277 Change-Id: I31d5260dda62ff440c31c44eb0aa5c891e2717e5
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
a0576c61d871c928826b3fcf96eaedc157bc3f04 |
|
06-Apr-2016 |
Robin Lee <rgl@google.com> |
Merge "Disallow prepare()-ing over an always on VPN app" into nyc-dev
|
49d5a01e9b8ee73e8d03ae8bf0560ee15ac97e56 |
|
04-Mar-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Check VPN status when adding/removing restricted profiles Restricted profiles are tied to a VPN of the parent user. addVpnUserLocked/ removeVpnUserLocked should not be called for restricted profiles when VPN is not active, because they will throw an exception. Bug: 27296721 Change-Id: Ifcfaa85c12fbca1bbad81217c2f0d07a79347547
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
1b1bcd7b7370866bc00ce3361be8d5167bf3e28d |
|
12-Feb-2016 |
Robin Lee <rgl@google.com> |
Disallow prepare()-ing over an always on VPN app Bug: 27042309 Change-Id: I6aa069a91f20b645f4d23e796ea03b0355155c41
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
78378845ff64c11b688aaa784b01eef8616a690d |
|
12-Feb-2016 |
Robin Lee <rgl@google.com> |
Auto-call prepare() for new always-on VPNs Existing VPN apps don't tend to call prepare() inside their VpnService (they usually do that much earlier) so this eases the migration path quite a bit and gives the networking system an advance cue as to which app is about to take over. Bug: 26891808 Change-Id: Ibda40d11a7e6fa3e764c18fcc4d502c1a4959f9b
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
9a5f48535d5d2972308c06d81fd55adf7e44dc49 |
|
17-Dec-2015 |
Robin Lee <rgl@google.com> |
[VPN] start lockdown before user is unlocked Removed the dependency on KeyStore encryption by removing that flag for VPN profiles which don't use secure credentials when saving in Settings. Old encrypted profiles will simply fail to load untile USER_PRESENT is sent, as before. Bug: 26108660 Change-Id: I2677d741d54252f15cb772c94ce1b39041f1e19c
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
b68d2d5b68dc58fb7b75ce94af74de58a1b9d3f9 |
|
14-Jan-2016 |
Robin Lee <rgl@google.com> |
Merge "Always-on app VPNs"
|
244ce8ef5f201cf403bab43df8281671a9e94512 |
|
05-Jan-2016 |
Robin Lee <rgl@google.com> |
Always-on app VPNs Bug: 22547950 Change-Id: I46b204170bfac58d944f39b22f815b080de71a58
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
e06b4d1d9f718b9fe02980fea794a36831a16db2 |
|
06-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for PackageManager methods. When hidden PackageManager methods take a userId argument, they should be named explicitly with the "AsUser" suffix. This fixes several lagging examples so that we can pave the way to safely start passing flags to new methods without scary overloading. Also fix spacing issues in various logging statements. Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
1c36315a36962321dfe870b07e28b04a1d6777e9 |
|
02-Sep-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Fixed VPN support for restricted profiles in split system user model In a new split system user model, owner of a restricted profile is not limited to just user0. restrictedProfileParentId field should be used to get an owner. Bug: 22950929 Change-Id: I928319a9450e543972237a42267eb2404e117c83
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
bd0e03bb763ae7956ecba35fe5759d4b443158ca |
|
21-Aug-2015 |
Xiaohui Chen <xiaohuic@google.com> |
More USER_OWNER cleanup. Bug: 19913735 Change-Id: I408a92d9dbab2a096407efccb91e2a8bdc22714d
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
1b60d11b8f54f1ade45b80668601bc955041cf4f |
|
02-Jul-2015 |
Lorenzo Colitti <lorenzo@google.com> |
Make the VPN notice connectivity changes on stacked interfaces. Currently, the VPN code only looks at base interfaces, so if 464xlat is in use, it will never disconnect when its underlying network has disconnected. Use getAllInterfaceNames().contains() instead of just comparing the base interface name. Bug: 19336810 Change-Id: Id1ba2c80a09cec5098c6f512acdc0a05a939e9f3
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
3b3dd942ec6a0beaccd1cef0723d72786435d8f3 |
|
12-May-2015 |
Robin Lee <rgl@google.com> |
Support cross-user VPN calls (with permission) Settings and SystemUI need to act on other users than USER_OWNER. This is gated by INTERACT_ACROSS_USERS_FULL in addition to the existing CONTROL_VPN checks, so the number of processes able to interfere with other profiles' VPNs should be quite small. Bug: 20692490 Bug: 20747154 Bug: 20872408 Change-Id: I6e5d7220f73435bec350719e7b4715935caf4e19
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
0a775ce9801f03071d1e9bcc177d79e6fe350702 |
|
28-Apr-2015 |
Jeff Davidson <jpd@google.com> |
Ensure VPN consent is not revoked in prepare/establish. Covers cases where VPN is prepared, but the consent bit has been lost, e.g. because updates were uninstalled on the current VPN app. In this case we want prepare to re-trigger the consent flow, and we do not want establish() to work. So, when prepare(package, null) is called, as VpnService.prepare() will do, if we would have otherwise taken no action and returned true because the VPN was already prepared, we now check if package has lost its consent and unprepare the VPN (so that it can be prepared by the VpnSettings ConfirmDialog). Bug: 18491424 Change-Id: I8fa60dbc2b95e15f9ce61f9b7e6735db745babba
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
95778ffc58979d19ff9f4aaed396a6eca49cf698 |
|
06-Jan-2015 |
Nicolas Prevot <nprevot@google.com> |
Fetch DISALLOW_CONFIG_VPN for the current user. The code did not specify the user in which to fetch the value of the restriction DISALLOW_CONFIG_VPN. Since it was called from the vpn service which lives in user 0, it would always fetch the value for user 0. BUG: 18902920 Change-Id: I89419976a8edcaa86ac8e545c64d10818cd42ddd
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
d69e4c1460017062e7c36be55801cb434ad19d97 |
|
24-Apr-2015 |
Dianne Hackborn <hackbod@google.com> |
Update use of procstate for services. Now that we have a separate foreground service proc state (above a sleeping top app), update various system services to put their bindings into this state when appropriate. There are two new bind flags for this -- one that just always makes it a foreground service, another that only does it when the device is awake (useful for things like the wallpaper). And with all of that, tweak network policy manager to only include apps that are at least foreground service state when in power save and device idle modes. This will allow us to further reduce the set of apps that have network access (in particular not giving access to the current top app when the screen is off), hopefully leading to even better battery life. Change-Id: I91d85a5c5ed64e856149e9a5d94a634a7925ec7f
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
80047faad914c9b9b4966d6b58fc22800c3fcebc |
|
15-Apr-2015 |
Vinit Deshpande <vinitd@google.com> |
am b5e0cfb..557d2f5 from mirror-m-wireless-internal-release 557d2f5 Merge "Add ConnectivityManager.reportNetworkConnectivity() API" into m-wireless-dev ab5267a Fix onLost/onFound logic in isSettingsAndFilterComboAllowed bfd17b7 Add ConnectivityManager.reportNetworkConnectivity() API 238e0f9 OBEX Over L2CAP + SDP search API for BT profiles 31a94f4 Add ConnectivityManager.getActiveNetwork(). Rework NetID allocation in ConnectivityService so registerNetworkAgent() can return the allocated NetID. bf18bed Merge "Non-functional code cleanup of ConnectivityService." into m-wireless-dev db8784e Merge "Cleanup of Video Call pause functionality." into m-wireless-dev e75b9e3 Non-functional code cleanup of ConnectivityService. e593d0a Onfound onlost feature. 0326f58 Merge "API for config app." into m-wireless-dev e9b056f API for config app. d5351e7 RTT framework interface update 582b868 Unhide Network.openConnection(URL, Proxy). 0d719ca Fix typos in ConnectivityManager documentation. Change-Id: Ib4c88f6d7ad1b24227b032555c62a5804194384b
|
31a94f48bf8014cf6a1127bd23cf9a8541a9abed |
|
13-Feb-2015 |
Paul Jensen <pauljensen@google.com> |
Add ConnectivityManager.getActiveNetwork(). Rework NetID allocation in ConnectivityService so registerNetworkAgent() can return the allocated NetID. Bug: 19416463 Change-Id: I68e395552cf27422c80b4dfae5db5d56a0d68f5d
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
e75b9e355500b7c6a05e4d6ec54ef48835707caa |
|
06-Apr-2015 |
Paul Jensen <pauljensen@google.com> |
Non-functional code cleanup of ConnectivityService. 1. Remove ConnectivityService.findConnectionTypeForIface() as this can be done just as easily with supported APIs now. 2. Avoid making copies of Network objects as this precludes reuse of Network internals (e.g. socket factory, connection pool). Change-Id: I52f92e35d769d8350471f485e408169608630082
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
94b17bdd99e322eaed174604d23934600cf0380b |
|
26-Mar-2015 |
Robert Greenwalt <rgreenwalt@google.com> |
am 0a5abe58: am 727cac07: Merge "Add getLegacyVpnInfoPrivileged method" * commit '0a5abe58345404b1277eade547a54d67f8800190': Add getLegacyVpnInfoPrivileged method
|
08bbca040fa921b99493cd9967453ed90b1b710a |
|
23-Mar-2015 |
sj.cha <sj.cha@lge.com> |
Add getLegacyVpnInfoPrivileged method Follows the Google's permission check policy. Add a getLegacyVpnInfoPrivileged method which skips the permission check and change getLegacyVpnInfo to check the permission and then call getLegacyVpnInfoPrivileged. It is already checked in this commit : https://android-review.googlesource.com/#/c/141771/ Signed-off-by: SangJin Cha <sj.cha@lge.com> Change-Id: I83cfaedbd85745574f3ddf118b11b6e0415483c6
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
f5ea340aabee6e290448c8cc9fb0925da8b7db5e |
|
04-Mar-2015 |
Wenchao Tong <tongwenchao@google.com> |
NetworkStatsService to adjust VPN stats before recording. * Creates a new Parcelable class VpnInfo to hold required parameters for VPN stats adjustments. * ConnectivityService to collect infomation and provide a list of VpnInfo, one for each user. * NetworkStatsService passes the VpnInfo array to NetworkStatsRecorder. * NetworkStatsRecorder calls NetworkStats.migrateTun() to do the math. * Poll NetworkStats when the vpn application calls setUnderlyingNetworks(). Bug: 19536273 Change-Id: I7a4c7726b8243fead10416f7ec6eb5cf95f20183
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
08c7116ab9cd04ad6dd3c04aa1017237e7f409ac |
|
28-Feb-2015 |
John Spurlock <jspurlock@google.com> |
Remove unused imports in frameworks/base. Change-Id: I031443de83f93eb57a98863001826671b18f3b17
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
2d6063b63c786a87179b7822cc17c56581fa79b1 |
|
11-Feb-2015 |
Jeff Davidson <jpd@google.com> |
am e4be48e0: am 50996a12: Merge "Do not enforce CONTROL_VPN for calls from lockdown VPN." into lmp-mr1-dev automerge: 46dbb5b * commit 'e4be48e0853bcde90d738031433271c5e41bd5e2': Do not enforce CONTROL_VPN for calls from lockdown VPN.
|
b21298a686b04d55ff97223dd317497845713f4b |
|
10-Feb-2015 |
Jeff Davidson <jpd@google.com> |
Do not enforce CONTROL_VPN for calls from lockdown VPN. Clearly document which methods in Vpn.java are designed to be used to service a Binder call, and which must therefore check permissions and clear the calling identity, and which methods are designed for internal use only and which therefore need not check permission. Add a new startLegacyVpnPrivileged method which bypasses the permission checks, to be used by lockdown VPN which is a trusted system service. Ensure that the existing startLegacyVpn method checks permissions as this is used whenever we respond to a binder call. Bug: 19311172 Change-Id: I34f13258ee7481f1356bc523124cf5db068b4972
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
c4c7231eb6d1efa9ecd7b693f8328a76a04e8bbb |
|
08-Dec-2014 |
Paul Jensen <pauljensen@google.com> |
Clear VPN config when VPN disconnects. This ensures ConnectivityService.getVpnConfig() returns null after a VPN disconnects. bug:18640307 Change-Id: I2238eabaf665cad0a4f4258add57611f2b450089
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
6ea4e11d9817d85eb5c0ff445154985e4eb0c534 |
|
24-Nov-2014 |
Jeff Davidson <jpd@google.com> |
Merge "Don't enforce control permission when preparing consented VPN." into lmp-mr1-dev
|
11008a78b8e30910cedd8b8431980c7738183292 |
|
20-Nov-2014 |
Jeff Davidson <jpd@google.com> |
Don't enforce control permission when preparing consented VPN. If a VPN app requests to be prepared and has already obtained user consent, there is no need to additionally enforce the control permission. We only need to enforce the control permission when a VPN is first being prepared, where such a preparation would bypass user consent. Also ensure that in this case, the VPN being prepared matches the calling app. Otherwise an app could prepare another pre-consented VPN, which is not particularly dangerous but is likely unexpected. Finally, remove misleading comment in ConnectivityService#prepareVpn. This method IS called from VpnService.prepare(), not only from system-privileged apps. Bug: 18442887 Change-Id: Ic3227c6c1c74312697f0576d3811b06692a4edff
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
c2c0beab79a907f63e109eefe2a5aabcf2e3fd8f |
|
12-Nov-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to specify their underlying networks. These are used when responding to getActiveNetworkInfo() (and cousins) when an app is subject to the VPN. Bug: 17460017 Change-Id: Ief7a840c760777a41d3358aa6b8e4cdd99c29f24
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
bc19c181c8c058c824e4fee907a05129e142c388 |
|
11-Nov-2014 |
Jeff Davidson <jpd@google.com> |
Enforce VPN control "permission" with an actual permission. The current implementation uses a whitelist of package names. Use a system|signature permission instead of rolling our own security and add that permission to the existing set of whitelisted packages (SystemUI and VpnDialogs). In addition to being less of a security risk (using well-known methods like Context.enforceCallingPermission rather than manually querying PackageManager and checking UIDs for package names), this enables other system-privileged apps to control VPN as needed per the below bug. Bug: 18327583 Change-Id: I38617965c40d62cf1ac28e3cb382c0877fb1275d
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
be08587510edbc149c841638db721eb97d2351b6 |
|
24-Oct-2014 |
Jeff Davidson <jpd@google.com> |
Check UID instead of package name when preparing VPN. If a package is uninstalled and reinstalled, it should no longer be considered a prepared VPN in prepare(). While the package name remains constant in this case, the UID should not. Bug: 17980393 Change-Id: I29edf22ebe0550a7938d5a36c746c83dc068a0f9
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
60446165d8bd44f72cec8d0c5583a688369fa660 |
|
19-Sep-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Block address families with routes, not NetworkAgent side channel Now that we support unreachable routes, use those to block address families on VPNs. This is a much more elegant solution. Also update LinkProperties when IP addresses are added and removed, fixing a TODO. Bug: 17462989 Change-Id: Ib749d84710dca70d672350b9f129bb91419ec77e
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
5026279ce45ae78126046607a2634dc9dae93199 |
|
18-Sep-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Add a throw route to the VPN endpoint. Without this, legacy VPN types that don't send all traffic through a tun or ppp interface, but instead have the kernel apply IPsec transforms directly to the original packets, will try to send traffic to the VPN endpoint through the VPN, which will not work. Bug: 17462989 Change-Id: I3ebf0cec726dd12b2c57ba5d66775f8c02b25b70
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
0784eeab28da094a87437ed454fe3dca01b1f9f2 |
|
19-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Implement VpnConfig.addAllowedApplication(). bug:17109588 bug:13651397 Change-Id: Ibb944794627117728373f0105e24f196f3eeb9e9
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
90b1b9f985a91fb54254705515f822b09c68ac26 |
|
22-Aug-2014 |
Jeff Davidson <jpd@google.com> |
Restore legacy VPN stats dialog. Was originally removed in ag/522961, but restoring to keep legacy VPN behavior the same from within VpnSettings. This dialog is only accesible from VpnSettings and so should only ever be shown for legacy VPNs. Bug: 17164793 Change-Id: I06c4e136e1023b8f84edfd15a15264d2e41d325b
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
827296b7dd6689c14df1340f21a85e1f2f8d6844 |
|
21-Aug-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Merge "Update state to failed if the VPN fails to connect." into lmp-dev
|
438406092ed71c658bf5a4e6ae2e7282fc4fab4d |
|
21-Aug-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Update state to failed if the VPN fails to connect. Without this, the VPN settings dialog stays in "Connecting..." forever. Bug: 17140195 Change-Id: I4771be464384b62114839523fb2a6b36aa6520ee
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
05542603dd4f1e0ea47a3dca01de3999a9a329a9 |
|
11-Aug-2014 |
Jeff Davidson <jpd@google.com> |
Less intrusive VPN dialog and other UX tweaks. -The ability to launch VPNs is now sticky; once approved by the user, further approvals are not needed UNLESS the connection is revoked in Quick Settings. -The old persistent notification has been removed in favor of the new Quick Settings UI. -The name of the VPN app is now pulled from the label of the VPN service rather than the app itself, if one is set. Bug: 12878887 Bug: 16578022 Change-Id: I102a14c05db26ee3aef030cda971e5165f078a91
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
255dd04271088590fedc46c8e22b2fd4ab142d39 |
|
19-Aug-2014 |
Selim Cinek <cinek@google.com> |
Added notification color to all system notifications Bug: 17128331 Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
e47df8466be991b187f445c8cf811891271051bf |
|
30-Jul-2014 |
Jason Monk <jmonk@google.com> |
Allow System UI access to VPN. Bug: 16153201 Change-Id: I5f5e9e0ed3e4e02d6a6995011356b350758f068d
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
f4e0c0cb8ef22fdb20ae74b444c9f4b7d15ded8b |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Allow VPNs to add/remove link addresses dynamically. Bug: 15409819 Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
42065ac64cba166dc0fe602957ea8fe80bf406e2 |
|
27-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Prohibit address families by default unless a VPN explicitly allows them. Bug: 15972465 Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
030a6b923400eada46220343b5e9681cd0a191b7 |
|
26-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix issues with noticing that a VPN interface is gone. The root cause of both bugs linked below is the same. In establish(), we call agentConnect(), which sets the state to CONNECTED. But right before returning from establish(), we set the state to AUTHENTICATING, which is a "CONNECTING" state. Later, when the interface is gone (either because the VpnService closed it, or because the process got killed), agentDisconnect() doesn't do anything because "isConnected()" is false. We could fix it by changing that to "isConnectedOrConnecting()", but I think a superior fix is to get rid of the bogus AUTHENTICATING state. It was added in http://ag/214042 two years ago, with a TODO saying to eventually make sure it becomes CONNECTED, but that never seems to have been followed up on. I don't see any use for this AUTHENTICATING state. Although I haven't tested it, code inspection suggests that the legacy VPN doesn't seem to care, and it sets its own states in execute() and such. Bug: 16495146 Bug: 16495887 Change-Id: Ie2a40aa1a8a173665d8b7aa9fab5ae6e800ba5fb
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
8cd33ed84e94036a5e1201485af7603dc6fb0d9b |
|
24-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement support for bypassable VPNs. Bypassable VPNs grab all traffic by default (just like secure VPNs), but: + They allow all apps to choose other networks using the multinetwork APIs. If these other networks are insecure ("untrusted"), they will enforce that the app holds the necessary permissions, such as CHANGE_NETWORK_STATE. + They support consistent routing. If an app has an existing connection over some other network when the bypassable VPN comes up, it's not interrupted. Bug: 15347374 Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
6bbf39cf6b81222f32d2b66b8fa85d562e0ad71c |
|
23-Jul-2014 |
Jeff Davidson <jpd@google.com> |
Implement VpnService.setBlocking(). Bug: 12879610 Change-Id: I3a0ad9eae5f7dd9c01f75b9da71810bad38f9fec
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
03666c705ddabe0e7c5869ab69c2ca8b964164e9 |
|
20-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cleanup: Delete dead code. Bug: 15413389 Change-Id: I315468832ef18ffc84174e54774ab63b86d284dc
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
6bc2c2c34f2b23eae79ad733c97a691734055c4f |
|
07-May-2014 |
Paul Jensen <pauljensen@google.com> |
Convert Vpn from NetworkStateTracker to NetworkAgent. This eliminates the need for the ConnectivityService.VpnCallback class. This requires shifting VPNs to the new "network" netd API. VpnService.protect() is modified to no longer go through ConnectivityService. NetworkCapabilities is extended to add a transport type for VPNs and a capability requiring a non-VPN (so the default NetworkRequest isn't satisfied by a VPN). bug:15409918 Change-Id: Ic4498f1961582208add6f375ad16ce376ee9eb95
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
8283f8802d7e4d78c7eb031ddac07a4cfdc30771 |
|
08-Jul-2014 |
Robert Greenwalt <rgreenwalt@google.com> |
Remove dead code. Also adds a TYPE_VPN so the VPN can be strongly typed. Change-Id: Ibf39450c480f16ce5ab4c25b47965691b844fb92
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
f5116d01b20f21ba32cd9eaa3412daf97f41c623 |
|
01-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Apply DISALLOW_CONFIG_VPN restriction to VPN. Bug: 16008760 Change-Id: I299d5f32d9b09c3abcc32f3e889a0187880621df
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
87f738d2787444854cd15695b599b84b25027167 |
|
24-Mar-2014 |
Chad Brubaker <cbrubaker@google.com> |
am 51e93804: am 05e4dc96: am 850eb678: am eb3c0d9a: am 1aad3ad4: Merge "Fix support for simultaneous VPN tuns" into klp-dev * commit '51e938041e72f29c4e776a8627ea9d8a70d62728': Fix support for simultaneous VPN tuns
|
850eb678d7356ea60925dc6fa450e213d5cea2d5 |
|
21-Mar-2014 |
Chad Brubaker <cbrubaker@google.com> |
am eb3c0d9a: am 1aad3ad4: Merge "Fix support for simultaneous VPN tuns" into klp-dev * commit 'eb3c0d9ac387bb0aea5b4956daac1403253bc76d': Fix support for simultaneous VPN tuns
|
7c2b1625d66d3c80c313160f78c8bccd9499539e |
|
14-Mar-2014 |
Chad Brubaker <cbrubaker@google.com> |
am 78f204ae: am 8e240af5: Merge "Remove SO_BINDTODEVICE from VPN protect" into klp-dev * commit '78f204aed8c0f3c8174616801d66f96a9a00a5fd': Remove SO_BINDTODEVICE from VPN protect
|
74f99a4e904af56a62f86b81831c23c763b6001e |
|
13-Mar-2014 |
Chad Brubaker <cbrubaker@google.com> |
am 7fb07438: am 674f85af: Merge "Only allow System apps to make VPN exempt routes" into klp-dev * commit '7fb074389370ac93afc5830189371dc3ec26265c': Only allow System apps to make VPN exempt routes
|
f87b2248497223a18ee0e5403967a5de55d8cbb5 |
|
28-Feb-2014 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Remove SO_BINDTODEVICE from VPN protect"
|
c023453a2b79b338aea36b48fd610a099379d34c |
|
14-Feb-2014 |
Chad Brubaker <cbrubaker@google.com> |
Only allow System apps to make VPN exempt routes requestRouteToHost will only allow system applications to make routes exempt from the VPN's routing rules. If a VPN is currently running and a non-system app requests a route it will only succeed if that host is currently covered by a VPN exempt routing rule. Otherwise it will fail. For example, if a VPN is running and the MMS network is brought online those routes will be added as VPN exempt. If an application then tries to request a route to a MMS endpoint it will succeed because the routes already exist. If an application tries to request a route to a host covered by the VPN the call will fail. Bug: 12937545 Change-Id: If7bcec91bbb96c62c8fb69748c975847e6c00b6f
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
bcf12b302cd2715de54493808b2503de05c53757 |
|
11-Feb-2014 |
Chad Brubaker <cbrubaker@google.com> |
Remove SO_BINDTODEVICE from VPN protect SO_BINDTODEVICE is not needed with policy routing. SO_BINDTODEVICE was also used on the default iface which causes problems when the default iface is IPv6 only and the socket tries to connect to a IPv4 address. Bug: 12940882 Change-Id: I5b2bde0ac5459433fc5749f509072a548532f730
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|
49782e46c0eb85a25ae2abcf80880c48dbab5aea |
|
20-Dec-2013 |
Amith Yamasani <yamasani@google.com> |
am 9158825f: Move some system services to separate directories * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
|
9158825f9c41869689d6b1786d7c7aa8bdd524ce |
|
22-Nov-2013 |
Amith Yamasani <yamasani@google.com> |
Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/connectivity/Vpn.java
|