public class Vpn extends Object
Constructor and Description |
---|
Vpn(Looper looper,
Context context,
INetworkManagementService netService,
int userHandle) |
Modifier and Type | Method and Description |
---|---|
boolean |
addAddress(String address,
int prefixLength) |
boolean |
appliesToUid(int uid) |
ParcelFileDescriptor |
establish(VpnConfig config)
Establish a VPN network and return the file descriptor of the VPN
interface.
|
String |
getAlwaysOnPackage() |
VpnConfig |
getLegacyVpnConfig() |
LegacyVpnInfo |
getLegacyVpnInfo()
Return the information of the current ongoing legacy VPN.
|
LegacyVpnInfo |
getLegacyVpnInfoPrivileged()
Return the information of the current ongoing legacy VPN.
|
int |
getNetId() |
NetworkInfo |
getNetworkInfo() |
Network[] |
getUnderlyingNetworks() |
VpnConfig |
getVpnConfig()
Return the configuration of the currently running VPN.
|
VpnInfo |
getVpnInfo()
This method should only be called by ConnectivityService.
|
void |
interfaceStatusChanged(String iface,
boolean up)
Deprecated.
|
boolean |
isBlockingUid(int uid) |
void |
onUserAdded(int userHandle) |
void |
onUserRemoved(int userHandle) |
void |
onUserStopped()
Called when the user associated with this VPN has just been stopped.
|
boolean |
prepare(String oldPackage,
String newPackage)
Prepare for a VPN application.
|
boolean |
removeAddress(String address,
int prefixLength) |
void |
saveAlwaysOnPackage()
Save the always-on package and lockdown config into Settings.Secure
|
boolean |
setAlwaysOnPackage(String packageName,
boolean lockdown)
Configures an always-on VPN connection through a specific application.
|
void |
setEnableTeardown(boolean enableTeardown)
Set if this object is responsible for watching for
NetworkInfo
teardown. |
boolean |
setPackageAuthorization(String packageName,
boolean authorized)
Set whether a package has the ability to launch VPNs without user intervention.
|
boolean |
setUnderlyingNetworks(Network[] networks) |
boolean |
startAlwaysOnVpn() |
void |
startLegacyVpn(VpnProfile profile,
KeyStore keyStore,
LinkProperties egress)
Start legacy VPN, controlling native daemons as needed.
|
void |
startLegacyVpnPrivileged(VpnProfile profile,
KeyStore keyStore,
LinkProperties egress)
Like
startLegacyVpn(VpnProfile, KeyStore, LinkProperties) , but does not check
permissions under the assumption that the caller is the system. |
void |
stopLegacyVpnPrivileged()
Stop legacy VPN.
|
public void setEnableTeardown(boolean enableTeardown)
NetworkInfo
teardown. When false
, teardown is handled externally by someone
else.public boolean setAlwaysOnPackage(String packageName, boolean lockdown)
The designated package should exist and declare a VpnService
in its
manifest guarded by android.Manifest.permission.BIND_VPN_SERVICE
,
otherwise the call will fail.
packageName
- the package to designate as always-on VPN supplier.lockdown
- whether to prevent traffic outside of a VPN, for example while connecting.true
if the package has been set as always-on, false
otherwise.public String getAlwaysOnPackage()
null
if none is set or always-on VPN is controlled through
lockdown instead.public void saveAlwaysOnPackage()
public boolean startAlwaysOnVpn()
true
if the service was started, the service was already connected, or there
was no always-on VPN to start. false
otherwise.public boolean prepare(String oldPackage, String newPackage)
oldPackage
. If they are the same, the prepared
package is revoked and replaced with newPackage
. If
oldPackage
is null
, the comparison is omitted.
If newPackage
is the same package or null
, the
revocation is omitted. This method returns true
if the
operation is succeeded.
Legacy VPN is handled specially since it is not a real package.
It uses VpnConfig.LEGACY_VPN
as its package name, and
it can be revoked by itself.
Note: when we added VPN pre-consent in http://ag/522961 the names oldPackage
and newPackage become misleading, because when an app is pre-consented, we
actually prepare oldPackage, not newPackage.
Their meanings actually are:
- oldPackage non-null, newPackage null: App calling VpnService#prepare().
- oldPackage null, newPackage non-null: ConfirmDialog calling prepareVpn().
- oldPackage null, newPackage=LEGACY_VPN: Used internally to disconnect
and revoke any current app VPN and re-prepare legacy vpn.
TODO: Rename the variables - or split this method into two - and end this confusion.
TODO: b/29032008 Migrate code from prepare(oldPackage=non-null, newPackage=LEGACY_VPN)
to prepare(oldPackage=null, newPackage=LEGACY_VPN)oldPackage
- The package name of the old VPN applicationnewPackage
- The package name of the new VPN applicationpublic boolean setPackageAuthorization(String packageName, boolean authorized)
public NetworkInfo getNetworkInfo()
public int getNetId()
public ParcelFileDescriptor establish(VpnConfig config)
null
if the application is
revoked or not prepared.config
- The parameters to configure the network.public void onUserAdded(int userHandle)
public void onUserRemoved(int userHandle)
public void onUserStopped()
public VpnConfig getVpnConfig()
@Deprecated public void interfaceStatusChanged(String iface, boolean up)
public boolean addAddress(String address, int prefixLength)
public boolean removeAddress(String address, int prefixLength)
public boolean setUnderlyingNetworks(Network[] networks)
public Network[] getUnderlyingNetworks()
public VpnInfo getVpnInfo()
public boolean appliesToUid(int uid)
public boolean isBlockingUid(int uid)
true
if is blocked by an always-on VPN.
A UID is blocked if it's included in one of the mBlockedUsers ranges and the VPN is
not connected, or if the VPN is connected but does not apply to the UID.mBlockedUsers
public void startLegacyVpn(VpnProfile profile, KeyStore keyStore, LinkProperties egress)
startLegacyVpnPrivileged(VpnProfile, KeyStore, LinkProperties)
to skip the
permission check only when the caller is trusted (or the call is initiated by the system).public void startLegacyVpnPrivileged(VpnProfile profile, KeyStore keyStore, LinkProperties egress)
startLegacyVpn(VpnProfile, KeyStore, LinkProperties)
, but does not check
permissions under the assumption that the caller is the system.
Callers are responsible for checking permissions if needed.public void stopLegacyVpnPrivileged()
public LegacyVpnInfo getLegacyVpnInfo()
public LegacyVpnInfo getLegacyVpnInfoPrivileged()
public VpnConfig getLegacyVpnConfig()