5d30d86372163a9513aba828bdafab42e5d1099b |
|
22-Apr-2017 |
Robin Lee <rgl@google.com> |
Merge "Use Vpn rules (not firewall) for always-on VPN" am: e4f56a7e44 am: cd8557d15a am: 4de3794c26 Change-Id: Ic1e96eac68ddc8a713b3c71b5c126cb8b99c59f5
|
282cfefea0fbbd299839e353e6d30affdcd4a55c |
|
27-Mar-2017 |
Chris Wren <cwren@android.com> |
standardize system notification IDs All the trivial cases, plus some fixes to try to mitigate collisions with the complex ones. Complex services to follow in another CL, Bug: 32584866 Test: make framework services Change-Id: Ie9663600171d8ede11676e9d66f009dbb06def03
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
c3736bc10da63d6a351d3f8e7781ff1d67ecc9a6 |
|
10-Mar-2017 |
Robin Lee <rgl@google.com> |
Use Vpn rules (not firewall) for always-on VPN Firewall rules don't work on 464xlat because they were created under an assumption that there's only one address for the server and it's ipv4, which doesn't go so well when we're on an ipv6-only network. Bug: 33159037 Test: runtest -x net/java/com/android/server/connectivity/VpnTest.java Change-Id: Id331526367fe13838874961da194b07bd50d4c97
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
af759c52ce01fe6b5144957e38da956af01a217b |
|
15-Feb-2017 |
Geoffrey Pitsch <gpitsch@google.com> |
Channels for Frameworks notifications Adapts all notifications used by system services to use channels. Channels are initialized by SystemServer after the NotificationService has started. Test: runtest systemui-notification Change-Id: I25c45293b786adb57787aeab4c2613c9d7c89dab
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
f07c7b9fd0a640bff4bf7690373613da217fe69b |
|
22-Apr-2016 |
Jeff Sharkey <jsharkey@android.com> |
API changes for DownloadManager and JobScheduler. To support moving DownloadManager, add new JobScheduler network type constraint that matches "any network except roaming." Also add an API to get a specific JobInfo by ID. Since the default network can be different on a per-app basis, and individual apps may be blocked due to app standby, evaluate job connectivity constraints on a per-UID basis. To implement this cleanly, add NetworkInfo.isMetered() to match the isRoaming() API. Add new DownloadManager APIs to support charging and device idle constraints, which are plumbed through to JobScheduler under the hood when scheduled. Add filtering to JobScheduler dumpsys to omit noisy details for packages the caller isn't interested in. Bug: 28098882, 26571724, 19821935 Change-Id: I09ca7184ef7ce6adba399f579d415a5fb2ea6110
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
a249aee10b621a94c986f4823d840e33c2a7d480 |
|
03-Feb-2016 |
Robin Lee <rgl@google.com> |
Declare provider.Settings intent for VPN fragment Currently used for a number of tests. May also be useful for 3rd-party apps using VPN in some manner or another. Bug: 27700919 Bug: 26887434 Change-Id: I4d269954265a2590499e20150f009fe437c8078f
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
aca5e7e3dc369923a8655f1de84bba903b3b1143 |
|
12-Nov-2015 |
Robin Lee <rgl@google.com> |
Take out nested synchronisation from LockdownVpn Change-Id: I58425c34666b21deffe080cbfc01df7798b422d0
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
b41c9f7f39939cee8d226eb5e506c3f0573f44f5 |
|
18-Jun-2015 |
Xiaohui Chen <xiaohuic@google.com> |
system_server: add two child chains to firewall This is an attempt to speed up getting out of device idle. It groups uid firewall rules in these child chains so we can attach/detach a whole chain instead of individual uid rules. BUG:21446713 Change-Id: Ie8f392da2deabe7cc86a9ecf4ed080163861d41e
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
15e47235c055495ec0ccc24768a6746a960d3a61 |
|
25-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Remove network access for idle apps Track apps going in and out of idle in the NetworkPolicyManagerService. Apply DROP rules in firewall controller if app is to be blacklisted for network access. Firewall can now be in whitelist (old) or blacklist mode. When in blacklist, it allows all by default and we can selectively DENY some uids. Track app idle in UsageStats and update periodically. Track charging/discharging states. TODO: Check for appidle temporary parole state Bug: 20066058 Change-Id: Ia65d7544204b3bcb78a517310ef4adcc05aac6fb
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
4a357cd2e55293402d7172766f7f9419815fc1e8 |
|
19-Mar-2015 |
Alan Viverette <alanv@google.com> |
Replace usages of deprecated Resources.getColor() and getColorStateList() Change-Id: I8f64fe6c4c44a92ff6d07250223ba590a1d691b0
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
b21298a686b04d55ff97223dd317497845713f4b |
|
10-Feb-2015 |
Jeff Davidson <jpd@google.com> |
Do not enforce CONTROL_VPN for calls from lockdown VPN. Clearly document which methods in Vpn.java are designed to be used to service a Binder call, and which must therefore check permissions and clear the calling identity, and which methods are designed for internal use only and which therefore need not check permission. Add a new startLegacyVpnPrivileged method which bypasses the permission checks, to be used by lockdown VPN which is a trusted system service. Ensure that the existing startLegacyVpn method checks permissions as this is used whenever we respond to a binder call. Bug: 19311172 Change-Id: I34f13258ee7481f1356bc523124cf5db068b4972
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
ad4cd0c01966017e2f51ec3d23d06de3874f100c |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Allow root and system to bypass the always-on VPN firewall rules This is needed to allow the always-on VPN to survive network switches. In L, network switches are graceful, and in order to switch to a network, the system first has to validate it using DNS requests (from netd, running as root) and HTTP requests (from NetworkMonitor, running inside the system_server). This should also allow always-on VPN to work on networks like T-Mobile that use 464xlat, fixing a bug that has been present since K. Bug: 9597277 Bug: 17695048 Change-Id: I0daa5707f2139339f9ececde0e73aac3bf23fdc3
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
02c7abac856c3e94f4a2714d673cefb65c55efb7 |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Don't make lockdown VPN source firewall rules over-broad. Currently, the lockdown VPN adds firewall allow rules matching the whole subnet that the server assigned, so for example if the VPN server assigns it the IP address 10.1.23.5/8, it will allow the whole of 10.0.0.0/8 to pass the firewall. This is needlessly overbroad and has a particularly bad corner case where if the prefix length is 0, everything is allowed. Bug: 17695048 Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
0cb7903ddedbbb8a8171926e4460b74af589369d |
|
15-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Propagate network state changes to the LockdownVpnTracker. Bug: 17695048 Change-Id: I10378df0ab545729a6a315fd1bc8870cd98f47b3
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
05542603dd4f1e0ea47a3dca01de3999a9a329a9 |
|
11-Aug-2014 |
Jeff Davidson <jpd@google.com> |
Less intrusive VPN dialog and other UX tweaks. -The ability to launch VPNs is now sticky; once approved by the user, further approvals are not needed UNLESS the connection is revoked in Quick Settings. -The old persistent notification has been removed in favor of the new Quick Settings UI. -The name of the VPN app is now pulled from the label of the VPN service rather than the app itself, if one is set. Bug: 12878887 Bug: 16578022 Change-Id: I102a14c05db26ee3aef030cda971e5165f078a91
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
255dd04271088590fedc46c8e22b2fd4ab142d39 |
|
19-Aug-2014 |
Selim Cinek <cinek@google.com> |
Added notification color to all system notifications Bug: 17128331 Change-Id: I81a94510ef51b99916f314c0dd65852426a1fbeb
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|
9158825f9c41869689d6b1786d7c7aa8bdd524ce |
|
22-Nov-2013 |
Amith Yamasani <yamasani@google.com> |
Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/net/LockdownVpnTracker.java
|