diff options
| author | Sreeram Ramachandran <sreeram@google.com> | 2014-07-23 13:27:31 -0700 |
|---|---|---|
| committer | Sreeram Ramachandran <sreeram@google.com> | 2014-07-25 14:58:08 -0700 |
| commit | 95684ba176a9fe5ea59207d7202e47fa12bbfdbe (patch) | |
| tree | 0e26a0409c05a8c8ae8daabc0fb004d1fc5f0087 /server/NetworkController.cpp | |
| parent | 111bec203e82bdc9fb2c27df7c232465dffeee5f (diff) | |
Implement support for bypassable VPNs.
Bypassable VPNs grab all traffic by default (just like secure VPNs), but:
+ They allow all apps to choose other networks using the multinetwork APIs.
If these other networks are insecure ("untrusted"), they will enforce that the
app holds the necessary permissions, such as CHANGE_NETWORK_STATE.
+ They support consistent routing. If an app has an existing connection over
some other network when the bypassable VPN comes up, it's not interrupted.
Bug: 15347374
Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
Diffstat (limited to 'server/NetworkController.cpp')
| -rw-r--r-- | server/NetworkController.cpp | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp index 90b76829..d1514901 100644 --- a/server/NetworkController.cpp +++ b/server/NetworkController.cpp @@ -141,7 +141,7 @@ int NetworkController::createPhysicalNetwork(unsigned netId, Permission permissi return 0; } -int NetworkController::createVirtualNetwork(unsigned netId, bool hasDns) { +int NetworkController::createVirtualNetwork(unsigned netId, bool hasDns, bool secure) { if (netId < MIN_NET_ID || netId > MAX_NET_ID) { ALOGE("invalid netId %u", netId); return -EINVAL; @@ -153,7 +153,7 @@ int NetworkController::createVirtualNetwork(unsigned netId, bool hasDns) { } android::RWLock::AutoWLock lock(mRWLock); - mNetworks[netId] = new VirtualNetwork(netId, hasDns); + mNetworks[netId] = new VirtualNetwork(netId, hasDns, secure); return 0; } @@ -236,7 +236,8 @@ bool NetworkController::canUserSelectNetwork(uid_t uid, unsigned netId) const { return static_cast<VirtualNetwork*>(network)->appliesToUser(uid); } VirtualNetwork* virtualNetwork = getVirtualNetworkForUserLocked(uid); - if (virtualNetwork && mProtectableUsers.find(uid) == mProtectableUsers.end()) { + if (virtualNetwork && virtualNetwork->isSecure() && + mProtectableUsers.find(uid) == mProtectableUsers.end()) { return false; } Permission networkPermission = static_cast<PhysicalNetwork*>(network)->getPermission(); |