summaryrefslogtreecommitdiff
path: root/core/java/android/net/VpnService.java
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Revert "Revert "Revert "Add APIs that allow to exclude r..."Taras Antoshchuk2022-01-101-17/+106
| | | | | | | | | | | | | | Revert "Revert "Revert "Revert "Add VpnServiceBuilderShim for Vp..." Revert submission 1941195-revert-1931760-reland-vpn-impl-part-2-WGARECSJEM Reason for revert: fixed merge conflict with aosp/1938197 Reverted Changes: Ic25e5e4ea:Revert^2 "Revert "Add CTS tests for exclude VPN ro... Ic72cafcf5:Revert "Revert "Revert "Add APIs that allow to exc... I53802190a:Revert "Revert "Revert "Add VpnServiceBuilderShim ... Change-Id: Id3e5f698cf8965fa8386a98bed1fd0170a9e0344
* Revert "Revert "Revert "Add APIs that allow to exclude routes fr..."Matt Buckley2022-01-071-106/+17
| | | | | | | | | | | | | | | Revert "Revert "Revert "Add VpnServiceBuilderShim for VpnService..." Revert submission 1931760-reland-vpn-impl-part-2 Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=aosp-master&target=test_suites_x86_64&lkgb=8053795&lkbb=8053908&fkbb=8053828, bug b/213588956. BUG: b/213588956 Reverted Changes: Ic8ed8fce7:Revert "Revert "Add CTS tests for exclude VPN rout... I07104340a:Revert "Revert "Add VpnServiceBuilderShim for VpnS... I7c69b7244:Revert "Revert "Add APIs that allow to exclude rou... Change-Id: Ic72cafcf5c7e2c62236f1cef61b0764882bacaad
* Revert "Revert "Add APIs that allow to exclude routes from VPN""Taras Antoshchuk2022-01-061-17/+106
| | | | | | | | This reverts commit 487b2e645a4d159c48033b335ec6f929214ad27e. Reason for revert: failing build target configuration is fixed Change-Id: I7c69b7244b4262336e427e4c671aaebb70ddc6ed
* Revert "Add APIs that allow to exclude routes from VPN"Ayush Sharma2021-12-161-106/+17
| | | | | | | | | | | | | | | | | | | | | Revert "Suppress NewApi warnings for @SystemApi -> public APIs" Revert "Add VpnServiceBuilderShim for VpnService.Builder" Revert submission 1551943-vpn-impl Reason for revert: <DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=aosp-master&target=mainline_modules_x86_64-userdebug&lkgb=8007224&lkbb=8008168&fkbb=8007902 >, bug b/210979001 Reverted Changes: I0e7aa077a:Add VpnServiceBuilderShim for VpnService.Builder Ib12f5ab39:Suppress NewApi warnings for @SystemApi -> public ... I59b9185cf:Unhide RouteInfo#getType and related fields Ie5b62b2b2:Unhide IpPrefix(InetAddress, int) I993a32d40:Add CTS tests for exclude VPN routes APIs Ib24b2d3fb:Suppress NewApi warnings for @SystemApi -> public ... Ic3b10464a:Add APIs that allow to exclude routes from VPN Change-Id: I89209357ab4bb206d206adcf9fd6d3498ce6ef4c BUG: 210979001
* Add APIs that allow to exclude routes from VPNTaras Antoshchuk2021-12-131-17/+106
| | | | | | | | | | | Add new methods to VpnService.Builder that allow to specify network routes that should bypass the VPN. Implemented by using RTN_THROW routes. Bug: 186082280 Test: atest HostsideVpnTests Test: atest VpnServiceBuilderTest Change-Id: Ic3b10464a53a8b56334589acec8f27acdc180ff7
* Add doc explaining PAC proxies are not supported over VPNsChalard Jean2021-07-151-1/+1
| | | | | | Test: Comment-only change Bug: 181600172 Change-Id: I3049fa7eafed04858711f8dee0c11dd4656f9106
* Move SocketUtils out of the connectivity moduleRemi NGUYEN VAN2021-03-011-1/+2
| | | | | | | | | | | | | | | | SocketUtils contains system APIs for modules to interact for sockets, wrapping internal APIs. It should be part of the platform to keep access to the internal APIs. This involves splitting NetworkUtils.protectVpn to NetworkUtilsInternal, since SocketUtils and VpnService are the only users of that method. The @UnsupportedAppUsage NetworkUtils.protectVpn has low usage count, and is already available through VpnService.protect. Bug: 181512874 Test: boots, VPN working Change-Id: I7028d334975f7536c06afac7a22200c33db707ac
* Use RouteInfo API constructor in VpnServiceRemi NGUYEN VAN2021-02-181-1/+2
| | | | | | | | | | | | | | Instead of using the RouteInfo(destination, gateway) constructor which is private API, use the RouteInfo(destination, gateway, iface, type) constructor which is system API. This separates the VpnService better from internal implementations, and is necessary to move RouteInfo to the connectivity module. Bug: 174436414 Test: m Change-Id: Idc98b2258f3c78bdba40b5fcb97769b5ad99d016
* Move the VPN code out of packages/Connectivity.Lorenzo Colitti2021-02-151-0/+902
| | | | | | Bug: 173331190 Test: atest FrameworksNetTests HostsideVpnTests CtsNetTestCases Change-Id: Idc6ed1a544e744f8661d1e387da278736d407489
* Move module sources to packages/ConnectivityRemi NGUYEN VAN2021-02-011-903/+0
| | | | | | | | | | | | | | Files that are planned to be part of the connectivity module are grouped in packages/Connectivity, so they can be built separately and moved in one operation with their history into packages/modules/Connectivity. This places the files in the existing framework-connectivity-sources filegroup instead of the current framework-core-sources filegroup. Both are used the same way in framework-non-updatable-sources. Bug: 171540887 Test: m Change-Id: I62d9d91574ace6f5c4624035d190260c3126b91e
* Update language to comply with Android's inclusive language guidanceChiachang Wang2020-07-281-1/+1
| | | | | | | | | See https://source.android.com/setup/contribute/respectful-code for reference. Bug: 161896447 Test: m Change-Id: I6c3c03c0c2d1302af6d5245486823c13a3432900
* Fix broken @see tags in public documentation.Andrew Sapperstein2020-05-011-1/+1
| | | | | | | | | | | | | | | | | These were previously being suppressed by doclava but with this change, all failures are fixed and the suppression logic has been removed. To fix the issues, there were a few possible changes made: - broken reference to a public API (such as incorrect parameters): fixed - unnecessary @link inside an @see tag: fixed - @see referring to an @hide or @SystemApi: reference removed - broken references to inner class constructors - worked around by fully qualifying the constructor Bug: 6963924 Test: make doc-comment-check-docs Change-Id: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85 Merged-In: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85
* Add separate user consent for Platform VPNsBenedict Wong2020-02-041-1/+1
| | | | | | | | | | | | | | | This change adds a new VPN user consent flow (using the same text) for granting the lesser OP_ACTIVATE_PLATFORM_VPN. A new PlatformVpnConfirmDialog is created as a subclass to preserve all logic, but ensure the right appop is granted for the relevant dialog. Intent extras were considered, but are inherently unsafe, since the caller may add any extras that they would want. Bug: 144246835 Test: FrameworksNetTests passing Change-Id: Ia6f36207d43c3748f938430c2780dcf29e5623f3 Merged-In: Ia6f36207d43c3748f938430c2780dcf29e5623f3
* Use new UnsupportedAppUsage annotation.Artur Satayev2020-01-081-1/+1
| | | | | | | | | Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library. Bug: 145132366 Test: m && diff unsupportedappusage_index.csv Change-Id: I0c336de56bc4a041dc97ff9b7927f62f0b44b457 Merged-In: I0c336de56bc4a041dc97ff9b7927f62f0b44b457
* Merge "docs: Linked VpnService class description to guide."Treehugger Robot2019-04-021-0/+5
|\
| * docs: Linked VpnService class description to guide.Benjamin Miller2019-02-211-0/+5
| | | | | | | | | | | | | | | | New developer's guide for VPN app published. Added link to provide more step-by-step help. Bug: 65205045 Test: javadoc VpnService.java and inspected HTML Change-Id: Ic8d1cd7a53b8d3bc0df323fbfd841594ec6812d8
* | Address API review comments for VPN changes.Pavel Grafov2019-03-181-4/+13
| | | | | | | | | | | | | | | | | | | | Whitelist is now a Set rather than a list + javadoc improvement. Bug: 124882903 Bug: 125346147 Test: atest MixedDeviceOwnerTest#testAlwaysOnVpn Test: atest MixedDeviceOwnerTest#testAlwaysOnVpnAcrossReboot Change-Id: Ieecaad083f2ab55de33587e6ce767f5f961683c9
* | Add @NonNull and @Nullable annotations to VpnService#Builder.Varun Anand2019-03-011-12/+32
| | | | | | | | | | | | Bug: 126699070 Test: n/a Change-Id: Ief0066636ca6ae4fefbdf70b8dfdfacf2a44e0e6
* | Add @NonNull annotation to set proxy on VPN parameter.Irina Dumitrescu2019-02-271-1/+2
|/ | | | | | Test: manual Bug: 124883120 Change-Id: Ifb4bd98a69a006220b1a824033395fc6f12ea6ce
* Add an API that allows VPNs to declare themselves as metered.Varun Anand2019-01-301-0/+21
| | | | | | | | | | | For VPN apps targeting Q and above, they will by default be treated as metered unless they override this setting before establishing VPN. Bug: 120145746 Test: atest FrameworksNetTests Test: On device tests verifying meteredness setup correctly for apps targeting Q and apps targeting P. Change-Id: Ia6d1f7ef244bc04ae2e28faa59625302b5994875
* Add API for proxy configuration over VPN.Irina Dumitrescu2019-01-241-0/+9
| | | | | | | | | Test: runtest -x frameworks/base/tests/net/java/com/android/server/ConnectivityServiceTest.java && atest HostsideVpnTests Bug: 76001058 Change-Id: Id4dde4a4103fd93bfbbacc52d0e5ade56ae67a6a Merged-In: Id4dde4a4103fd93bfbbacc52d0e5ade56ae67a6a
* Add API for VPN apps to query always-on and lockdown.Pavel Grafov2019-01-211-0/+23
| | | | | | Test: atest MixedDeviceOwnerTest#testAlwaysOnVpn Bug: 72628179 Change-Id: I73cb0888f7049b12ab0cdfa62678c3846e074d3b
* Add @UnsupportedAppUsage annotationsMathew Inwood2018-08-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For packages: android.net.wimax android.net.wifi.p2p.nsd android.net.wifi.p2p android.net.wifi.hotspot2.pps android.net.wifi.hotspot2.omadm android.net.wifi.hotspot2 android.net.wifi.aware android.net.wifi android.net.util android.net.sip android.net.rtp android.net.nsd android.net.metrics android.net.lowpan android.net.http android.net.captiveportal android.net This is an automatically generated CL. See go/UnsupportedAppUsage for more details. Exempted-From-Owner-Approval: Mechanical changes to the codebase which have been approved by Android API council and announced on android-eng@ Bug: 110868826 Test: m Change-Id: Ie25423113ee1a8071cd5039382c00de6ce0af7fd Merged-In: I520be7a4c79e68310c12e4f55bf66acaa94145a1
* Pass in the user defined by Context.Jeff Sharkey2018-02-031-2/+2
| | | | | | | | | | | | | | | The majority of Manager-style classes already use Context.getUserId() when making calls into the OS, so clean up the remaining callers to unify behind this strategy. This gives @SystemApi developers a nice clean interface to interact across user boundaries, instead of manually adding "AsUser" or "ForUser" method variants, which would quickly become unsustainable. Test: builds, boots Bug: 72863821 Exempt-From-Owner-Approval: trivial changes Change-Id: Ib772ec4438e57a2ad4950821b9432f9842998451
* Opt-out for always-on VPN: rename API.Charles He2017-08-151-2/+3
| | | | | | | | | | | Rename the opt-out flag in AndroidManifest to SERVICE_META_DATA_SUPPORTS_ALWAYS_ON as directed by the API Council. Bug: 64331776 Bug: 36650087 Test: runtest --path java/com/android/server/connectivity/VpnTest.java Change-Id: I24326fad7a89083a2409134640bda81ee0359d08
* Opt-out for always-on VPNCharles He2017-07-181-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Always-on VPN is a feature introduced in N. Since then, all VPN apps targeting N+ are assumed to support the feature, and the user or the DPC can turn on / off always-on for any such VPN app. However, a few VPN apps are not designed to support the always-on feature. Enabling always-on for these apps will result in undefined behavior and confusing "Always-on VPN disconnected" notification. This feature provides a new manifest meta-data field through which a VPN app can opt out of the always-on feature explicitly. This will stop the always-on feature from being enabled for the app, both by the user and by the DPC, and will clear its existing always-on state. A @hide API is provided to check whether an app supports always-on VPN. Documentation is updated to reflect the behavior change. Bug: 36650087 Test: runtest --path java/com/android/server/connectivity/VpnTest.java Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackage' Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced' Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage' Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced' Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage' Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced' Change-Id: I477897a29175e3994d4ecf8ec546e26043c90f13
* Docs: VPNs under Android O should promote to the foregroundBenjamin Miller2017-07-141-1/+8
| | | | | | | | | | Add note for VPN developers that VPN apps started in the background must transition to the foreground in Android O to avoid the system stopping them. Staged at: go/dac-stage/reference/android/net/VpnService.html Test: make ds-docs Bug: 38023983 Change-Id: I33c7ca1717c332ffab495eb51c4c6b9c5c304cef
* Annotate @SystemApi with required permissions.Jeff Sharkey2017-06-051-0/+2
| | | | | | | | | | | | | | | | | Most @SystemApi methods should be protected with system (or higher) permissions, so annotate common methods with @RequiresPermission to make automatic verification easier. Verification is really only relevant when calling into system services (where permissions checking can happen on the other side of a Binder call), so annotate managers with the new @SystemService annotation, which is now automatically documented. This is purely a docs change; no logic changes are being made. Test: make -j32 update-api && make -j32 offline-sdk-docs Bug: 62263906 Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651
* Fix funky javadocRobin Lee2015-07-291-4/+4
| | | | | | | | | | Using @link for the first word of a @throws line is redundant and generates strange HTML where the row appears twice. See for example: http://developer.android.com/reference/android/net/VpnService.Builder.html#addAllowedApplication%28java.lang.String%29 Change-Id: I9c0bbe9156d292eb6f0e2e2ccb6dbcfef95bc312
* Support cross-user VPN calls (with permission)Robin Lee2015-05-181-4/+5
| | | | | | | | | | | | | Settings and SystemUI need to act on other users than USER_OWNER. This is gated by INTERACT_ACROSS_USERS_FULL in addition to the existing CONTROL_VPN checks, so the number of processes able to interfere with other profiles' VPNs should be quite small. Bug: 20692490 Bug: 20747154 Bug: 20872408 Change-Id: I6e5d7220f73435bec350719e7b4715935caf4e19
* Deprecate static ConnectivityManager.get/setProcessDefaultNetwork() functions.Paul Jensen2015-04-021-1/+1
| | | | | | | | | | These functions risk hitting an unchecked Exception due to ConnectivityManager not being instantiated yet. Also, change Network.openConnection() to throw a checked Exception rather than an unchecked Exception when ConnectivityManager is not yet instantiated. bug:19416463 Change-Id: Ie1e2b3238aec0343d267c76b64927073f2f05f85
* Use the proper IpPrefix and LinkAddress constructors in VPN code.Lorenzo Colitti2015-01-231-1/+1
| | | | | | | | | | This simplifies the code, and also makes it possible for users to point multicast routes at the VPN. The LinkAddress objects we were previously using to construct the RouteInfo do not accept these, but IpPrefix objects do. Bug: 18485968 Change-Id: Ie914a2eb359b78161810ee473df725059f944f4e
* Fix docs per API review.Sreeram Ramachandran2014-12-031-7/+7
| | | | | Bug: 18573918 Change-Id: I639fe2ce40cdef57d904b9ad1ebb28db7d057144
* Introduce revision codes for split APKs.Jeff Sharkey2014-11-241-3/+3
| | | | | | | | | | | | | | | | | | | | | Apps delivered as multiple split APKs must have identical package names, version code, and signatures. However, developers may want to iterate quickly on a subset of splits without having to increment the version code, which would require delivery of the entire app. This change introduces "revision codes" which can vary between split APKs belonging to the same app. An install is valid as long as the normal version code is identical across all splits. Splits can be added/removed to an app over time, but if a split is present across an upgrade the revision code must not decrease. Since system apps could have been updated with splits, only revert to the built-in APKs if the version code is strictly greater than the data version. Also fix bug to enable inheriting from system apps when adding splits. Bug: 18481866 Change-Id: I34d8e14c141a8eb95c33ffe24b4e52d6af5c8260
* Allow VPNs to specify their underlying networks.Sreeram Ramachandran2014-11-211-0/+55
| | | | | | | | These are used when responding to getActiveNetworkInfo() (and cousins) when an app is subject to the VPN. Bug: 17460017 Change-Id: Ief7a840c760777a41d3358aa6b8e4cdd99c29f24
* Expose a SystemApi method to prepare a VPN without consent.Jeff Davidson2014-11-171-0/+27
| | | | | | | | | | | | This is NOT designed to be called normally. Most apps (even system-privileged ones) should request user consent before launching a VPN. However, it is needed to support flows where consent can be obtained through other means external to the VPN flow itself. The API requires a system-privileged permission, CONTROL_VPN. Bug: 18327583 Change-Id: I1bcdcf0fb5707faeb861ec4535e7ccffea369ae7
* Merge "Update VpnService Javadoc to reflect new UX." into lmp-devJeff Davidson2014-09-111-4/+10
|\
| * Update VpnService Javadoc to reflect new UX.Jeff Davidson2014-09-111-4/+10
| | | | | | | | | | | | | | | | The major change is that consent is now "sticky" and lasts until the user explicitly disables the VPN connection. Bug: 17474362 Change-Id: Id4e7807e635bbfc7645741135209d46763e280f9
* | Hide mutable VpnService APIs to add/remove IP addresses dynamically.Sreeram Ramachandran2014-09-111-0/+4
|/ | | | | | | | | | | | | | | | | | | These APIs were added because we thought we needed them to provide seamless transition from one server backend to another using local IP addresses to distinguish between the backends. I.e., connections whose local IP address was old would be routed to the old backend; connections whose local IP address was new would be routed to the new backend. It turns out that's not needed. VpnService already supports seamless re-establishment, so VPNs just need to call establish() again with a different IP address. I've verified with a custom VPN app that this works, and can distinguish traffic based on the old and new addresses. Nobody is using these APIs at the moment, so we could even consider removing them altogether, but I prefer just hiding them, just in case. Bug: 15409819 Change-Id: I30949926a0f859c9d839981ccbc5d8e1e535a3a5
* Merge "Implement VpnConfig.addAllowedApplication()." into lmp-devPaul Jensen2014-08-261-2/+28
|\
| * Implement VpnConfig.addAllowedApplication().Paul Jensen2014-08-251-2/+28
| | | | | | | | | | | | bug:17109588 bug:13651397 Change-Id: Ibb944794627117728373f0105e24f196f3eeb9e9
* | Update VPN whitelist/blacklist api docs.Robert Greenwalt2014-08-251-2/+3
|/ | | | | | | Addressing what happens to unwhitelisted or blacklisted apps. bug:17206162 Change-Id: I0b863946de277e6528675cc5412267a03f7b6841
* Allow VPNs to add/remove link addresses dynamically.Sreeram Ramachandran2014-07-291-24/+32
| | | | | Bug: 15409819 Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8
* Prohibit address families by default unless a VPN explicitly allows them.Sreeram Ramachandran2014-07-281-1/+10
| | | | | Bug: 15972465 Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
* Implement support for bypassable VPNs.Sreeram Ramachandran2014-07-251-1/+1
| | | | | | | | | | | | Bypassable VPNs grab all traffic by default (just like secure VPNs), but: + They allow all apps to choose other networks using the multinetwork APIs. If these other networks are insecure ("untrusted"), they will enforce that the app holds the necessary permissions, such as CHANGE_NETWORK_STATE. + They support consistent routing. If an app has an existing connection over some other network when the bypassable VPN comes up, it's not interrupted. Bug: 15347374 Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
* Implement VpnService.setBlocking().Jeff Davidson2014-07-231-1/+1
| | | | | Bug: 12879610 Change-Id: I3a0ad9eae5f7dd9c01f75b9da71810bad38f9fec
* Allow VPN interfaces to be put into blocking mode.Sreeram Ramachandran2014-07-181-0/+14
| | | | | | | New API with stub implementation to be filled out later. Bug: 12879610 Change-Id: Iff711994dec4598c74fe11447c8c670004c1188c
* Allow a VPN to be declared bypassable.Sreeram Ramachandran2014-07-101-0/+15
| | | | | | | | | | | | | | | A VPN declared bypassable allows apps to use the new multinetwork APIs to send/receive traffic directly over the underlying network, whereas without it, traffic from those apps would be forced to go via the VPN. Apps still need the right permissions to access the underlying network. For example, if the underlying network is "untrusted", only apps with CHANGE_NETWORK_STATE (or such permission) can actually use it directly. New API with stub implementation to be filled out later. Bug: 15347374 Change-Id: I8794715e024e08380a43f7a090613c5897611c5b
* Let VpnService specify a white/black list of apps that are allowed access.Sreeram Ramachandran2014-07-101-0/+52
| | | | | | | New API with stub implementation to be filled out later. Bug: 13651397 Change-Id: Ibabd6c22495ce58dc88142bb958c1ef12adcf78e
* Update VpnService API documentation.Sreeram Ramachandran2014-07-101-0/+8
| | | | | | | | | | | | | | | | The goal of blocking an address family by default is to prevent unintended security holes. For example, a VPN that only deals with IPv4 doesn't know or care about IPv6 at all, so it doesn't do anything for IPv6. An app shouldn't be able to get around (bypass) the VPN by using IPv6. Therefore, it is not necessary to block an address family in removeAddress(). The VPN was clearly aware of the address family (since it had configured such an address before), so if it wants to block that family, it should add a default route for that family and explicitly drop/block/reject those packets. Bug: 15972465 Bug: 15409819 Change-Id: I845426fa90dc2358d3e11bc601db0b4bd5d3b7ac
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 01:11:45 +0000