| 5d30d86372163a9513aba828bdafab42e5d1099b |
|
22-Apr-2017 |
Robin Lee <rgl@google.com> |
Merge "Use Vpn rules (not firewall) for always-on VPN" am: e4f56a7e44 am: cd8557d15a
am: 4de3794c26
Change-Id: Ic1e96eac68ddc8a713b3c71b5c126cb8b99c59f5
|
| 282cfefea0fbbd299839e353e6d30affdcd4a55c |
|
27-Mar-2017 |
Chris Wren <cwren@android.com> |
standardize system notification IDs
All the trivial cases, plus some fixes to try to
mitigate collisions with the complex ones.
Complex services to follow in another CL,
Bug: 32584866
Test: make framework services
Change-Id: Ie9663600171d8ede11676e9d66f009dbb06def03
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| c3736bc10da63d6a351d3f8e7781ff1d67ecc9a6 |
|
10-Mar-2017 |
Robin Lee <rgl@google.com> |
Use Vpn rules (not firewall) for always-on VPN
Firewall rules don't work on 464xlat because they were created under
an assumption that there's only one address for the server and it's
ipv4, which doesn't go so well when we're on an ipv6-only network.
Bug: 33159037
Test: runtest -x net/java/com/android/server/connectivity/VpnTest.java
Change-Id: Id331526367fe13838874961da194b07bd50d4c97
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| af759c52ce01fe6b5144957e38da956af01a217b |
|
15-Feb-2017 |
Geoffrey Pitsch <gpitsch@google.com> |
Channels for Frameworks notifications
Adapts all notifications used by system services to use channels.
Channels are initialized by SystemServer after the NotificationService
has started.
Test: runtest systemui-notification
Change-Id: I25c45293b786adb57787aeab4c2613c9d7c89dab
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| f07c7b9fd0a640bff4bf7690373613da217fe69b |
|
22-Apr-2016 |
Jeff Sharkey <jsharkey@android.com> |
API changes for DownloadManager and JobScheduler.
To support moving DownloadManager, add new JobScheduler network type
constraint that matches "any network except roaming." Also add an
API to get a specific JobInfo by ID.
Since the default network can be different on a per-app basis, and
individual apps may be blocked due to app standby, evaluate job
connectivity constraints on a per-UID basis. To implement this
cleanly, add NetworkInfo.isMetered() to match the isRoaming() API.
Add new DownloadManager APIs to support charging and device idle
constraints, which are plumbed through to JobScheduler under the
hood when scheduled.
Add filtering to JobScheduler dumpsys to omit noisy details for
packages the caller isn't interested in.
Bug: 28098882, 26571724, 19821935
Change-Id: I09ca7184ef7ce6adba399f579d415a5fb2ea6110
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| a249aee10b621a94c986f4823d840e33c2a7d480 |
|
03-Feb-2016 |
Robin Lee <rgl@google.com> |
Declare provider.Settings intent for VPN fragment
Currently used for a number of tests. May also be useful for 3rd-party
apps using VPN in some manner or another.
Bug: 27700919
Bug: 26887434
Change-Id: I4d269954265a2590499e20150f009fe437c8078f
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| aca5e7e3dc369923a8655f1de84bba903b3b1143 |
|
12-Nov-2015 |
Robin Lee <rgl@google.com> |
Take out nested synchronisation from LockdownVpn
Change-Id: I58425c34666b21deffe080cbfc01df7798b422d0
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| b41c9f7f39939cee8d226eb5e506c3f0573f44f5 |
|
18-Jun-2015 |
Xiaohui Chen <xiaohuic@google.com> |
system_server: add two child chains to firewall
This is an attempt to speed up getting out of device idle. It groups
uid firewall rules in these child chains so we can attach/detach a whole
chain instead of individual uid rules.
BUG:21446713
Change-Id: Ie8f392da2deabe7cc86a9ecf4ed080163861d41e
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| 15e47235c055495ec0ccc24768a6746a960d3a61 |
|
25-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Remove network access for idle apps
Track apps going in and out of idle in the NetworkPolicyManagerService.
Apply DROP rules in firewall controller if app is to be blacklisted
for network access.
Firewall can now be in whitelist (old) or blacklist mode. When in
blacklist, it allows all by default and we can selectively DENY
some uids.
Track app idle in UsageStats and update periodically.
Track charging/discharging states.
TODO: Check for appidle temporary parole state
Bug: 20066058
Change-Id: Ia65d7544204b3bcb78a517310ef4adcc05aac6fb
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| 4a357cd2e55293402d7172766f7f9419815fc1e8 |
|
19-Mar-2015 |
Alan Viverette <alanv@google.com> |
Replace usages of deprecated Resources.getColor() and getColorStateList()
Change-Id: I8f64fe6c4c44a92ff6d07250223ba590a1d691b0
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| b21298a686b04d55ff97223dd317497845713f4b |
|
10-Feb-2015 |
Jeff Davidson <jpd@google.com> |
Do not enforce CONTROL_VPN for calls from lockdown VPN.
Clearly document which methods in Vpn.java are designed to be used to
service a Binder call, and which must therefore check permissions and
clear the calling identity, and which methods are designed for
internal use only and which therefore need not check permission.
Add a new startLegacyVpnPrivileged method which bypasses the
permission checks, to be used by lockdown VPN which is a trusted
system service. Ensure that the existing startLegacyVpn method checks
permissions as this is used whenever we respond to a binder call.
Bug: 19311172
Change-Id: I34f13258ee7481f1356bc523124cf5db068b4972
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| ad4cd0c01966017e2f51ec3d23d06de3874f100c |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Allow root and system to bypass the always-on VPN firewall rules
This is needed to allow the always-on VPN to survive network
switches. In L, network switches are graceful, and in order to
switch to a network, the system first has to validate it using
DNS requests (from netd, running as root) and HTTP requests
(from NetworkMonitor, running inside the system_server).
This should also allow always-on VPN to work on networks like
T-Mobile that use 464xlat, fixing a bug that has been present
since K.
Bug: 9597277
Bug: 17695048
Change-Id: I0daa5707f2139339f9ececde0e73aac3bf23fdc3
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| 02c7abac856c3e94f4a2714d673cefb65c55efb7 |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Don't make lockdown VPN source firewall rules over-broad.
Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.
This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.
Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| 0cb7903ddedbbb8a8171926e4460b74af589369d |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Propagate network state changes to the LockdownVpnTracker.
Bug: 17695048
Change-Id: I10378df0ab545729a6a315fd1bc8870cd98f47b3
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| 05542603dd4f1e0ea47a3dca01de3999a9a329a9 |
|
11-Aug-2014 |
Jeff Davidson <jpd@google.com> |
Less intrusive VPN dialog and other UX tweaks.
-The ability to launch VPNs is now sticky; once approved by the user,
further approvals are not needed UNLESS the connection is revoked in
Quick Settings.
-The old persistent notification has been removed in favor of the new
Quick Settings UI.
-The name of the VPN app is now pulled from the label of the VPN
service rather than the app itself, if one is set.
Bug: 12878887
Bug: 16578022
Change-Id: I102a14c05db26ee3aef030cda971e5165f078a91
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| 255dd04271088590fedc46c8e22b2fd4ab142d39 |
|
19-Aug-2014 |
Selim Cinek <cinek@google.com> |
Added notification color to all system notifications
Bug: 17128331
Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
| 9158825f9c41869689d6b1786d7c7aa8bdd524ce |
|
22-Nov-2013 |
Amith Yamasani <yamasani@google.com> |
Move some system services to separate directories
Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.
Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|