Merge "Revert "Add APIs that allow to exclude routes from VPN"" am: da37e0f4 am: d48a67e9

    method @NonNull public android.net.VpnService.Builder addDnsServer(@NonNull java.net.InetAddress);

    method @NonNull public android.net.VpnService.Builder addDnsServer(@NonNull String);

    method @NonNull public android.net.VpnService.Builder addRoute(@NonNull java.net.InetAddress, int);

    method @NonNull public android.net.VpnService.Builder addRoute(@NonNull android.net.IpPrefix);

    method @NonNull public android.net.VpnService.Builder addRoute(@NonNull String, int);

    method @NonNull public android.net.VpnService.Builder addSearchDomain(@NonNull String);

    method @NonNull public android.net.VpnService.Builder allowBypass();

    method @NonNull public android.net.VpnService.Builder allowFamily(int);

    method @Nullable public android.os.ParcelFileDescriptor establish();

    method @NonNull public android.net.VpnService.Builder excludeRoute(@NonNull android.net.IpPrefix);

    method @NonNull public android.net.VpnService.Builder setBlocking(boolean);

    method @NonNull public android.net.VpnService.Builder setConfigureIntent(@NonNull android.app.PendingIntent);

    method @NonNull public android.net.VpnService.Builder setHttpProxy(@NonNull android.net.ProxyInfo);

import android.os.ServiceManager;

import android.os.UserHandle;

import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.net.NetworkUtilsInternal;

import com.android.internal.net.VpnConfig;

import java.net.InetAddress;

import java.net.Socket;

import java.util.ArrayList;

import java.util.Collections;

import java.util.List;

import java.util.Set;

        }

    }

    private static void checkNonPrefixBytes(@NonNull InetAddress address, int prefixLength) {

        final IpPrefix prefix = new IpPrefix(address, prefixLength);

        if (!prefix.getAddress().equals(address)) {

            throw new IllegalArgumentException("Bad address");

        }

    }

    /**

     * Helper class to create a VPN interface. This class should be always

     * used within the scope of the outer {@link VpnService}.

        private final VpnConfig mConfig = new VpnConfig();

        @UnsupportedAppUsage

        private final List<LinkAddress> mAddresses = new ArrayList<>();

        private final List<LinkAddress> mAddresses = new ArrayList<LinkAddress>();

        @UnsupportedAppUsage

        private final List<RouteInfo> mRoutes = new ArrayList<>();

        private final List<RouteInfo> mRoutes = new ArrayList<RouteInfo>();

        public Builder() {

            mConfig.user = VpnService.this.getClass().getName();

                throw new IllegalArgumentException("Bad address");

            }

            mAddresses.add(new LinkAddress(address, prefixLength));

            mConfig.updateAllowedFamilies(address);

            return this;

        }

            return addAddress(InetAddress.parseNumericAddress(address), prefixLength);

        }

        /**

         * Add a network route to the VPN interface. Both IPv4 and IPv6

         * routes are supported.

         *

         * If a route with the same destination is already present, its type will be updated.

         *

         * @throws IllegalArgumentException if the route is invalid.

         */

        @NonNull

        private Builder addRoute(@NonNull IpPrefix prefix, int type) {

            check(prefix.getAddress(), prefix.getPrefixLength());

            final RouteInfo newRoute = new RouteInfo(prefix, /* gateway */

                    null, /* interface */ null, type);

            final int index = findRouteIndexByDestination(newRoute);

            if (index == -1) {

                mRoutes.add(newRoute);

            } else {

                mRoutes.set(index, newRoute);

            }

            return this;

        }

        /**

         * Add a network route to the VPN interface. Both IPv4 and IPv6

         * routes are supported.

         * Adding a route implicitly allows traffic from that address family

         * (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

         *

         * Calling this method overrides previous calls to {@link #excludeRoute} for the same

         * destination.

         *

         * If multiple routes match the packet destination, route with the longest prefix takes

         * precedence.

         *

         * @throws IllegalArgumentException if the route is invalid.

         */

        @NonNull

        public Builder addRoute(@NonNull InetAddress address, int prefixLength) {

            checkNonPrefixBytes(address, prefixLength);

            check(address, prefixLength);

            return addRoute(new IpPrefix(address, prefixLength), RouteInfo.RTN_UNICAST);

            int offset = prefixLength / 8;

            byte[] bytes = address.getAddress();

            if (offset < bytes.length) {

                for (bytes[offset] <<= prefixLength % 8; offset < bytes.length; ++offset) {

                    if (bytes[offset] != 0) {

                        throw new IllegalArgumentException("Bad address");

                    }

                }

        /**

         * Add a network route to the VPN interface. Both IPv4 and IPv6

         * routes are supported.

         *

         * Adding a route implicitly allows traffic from that address family

         * (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

         *

         * Calling this method overrides previous calls to {@link #excludeRoute} for the same

         * destination.

         *

         * If multiple routes match the packet destination, route with the longest prefix takes

         * precedence.

         *

         * @throws IllegalArgumentException if the route is invalid.

         */

        @NonNull

        public Builder addRoute(@NonNull IpPrefix prefix) {

            return addRoute(prefix, RouteInfo.RTN_UNICAST);

            }

            mRoutes.add(new RouteInfo(new IpPrefix(address, prefixLength), null, null,

                RouteInfo.RTN_UNICAST));

            mConfig.updateAllowedFamilies(address);

            return this;

        }

        /**

         * Adding a route implicitly allows traffic from that address family

         * (i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily

         *

         * Calling this method overrides previous calls to {@link #excludeRoute} for the same

         * destination.

         *

         * If multiple routes match the packet destination, route with the longest prefix takes

         * precedence.

         *

         * @throws IllegalArgumentException if the route is invalid.

         * @see #addRoute(InetAddress, int)

         */

            return addRoute(InetAddress.parseNumericAddress(address), prefixLength);

        }

        /**

         * Exclude a network route from the VPN interface. Both IPv4 and IPv6

         * routes are supported.

         *

         * Calling this method overrides previous calls to {@link #addRoute} for the same

         * destination.

         *

         * If multiple routes match the packet destination, route with the longest prefix takes

         * precedence.

         *

         * @throws IllegalArgumentException if the route is invalid.

         */

        @NonNull

        public Builder excludeRoute(@NonNull IpPrefix prefix) {

            return addRoute(prefix, RouteInfo.RTN_THROW);

        }

        /**

         * Add a DNS server to the VPN connection. Both IPv4 and IPv6

         * addresses are supported. If none is set, the DNS servers of

                throw new IllegalStateException(e);

            }

        }

        private int findRouteIndexByDestination(RouteInfo route) {

            for (int i = 0; i < mRoutes.size(); i++) {

                if (mRoutes.get(i).getDestination().equals(route.getDestination())) {

                    return i;

                }

            }

            return -1;

        }

        /**

         * Method for testing, to observe mRoutes while builder is being used.

         * @hide

         */

        @VisibleForTesting

        public List<RouteInfo> routes() {

            return Collections.unmodifiableList(mRoutes);

        }

    }

}

import android.os.Parcelable;

import android.os.UserHandle;

import java.net.Inet4Address;

import java.net.InetAddress;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.List;

    public String interfaze;

    public String session;

    public int mtu = -1;

    public List<LinkAddress> addresses = new ArrayList<>();

    public List<RouteInfo> routes = new ArrayList<>();

    public List<LinkAddress> addresses = new ArrayList<LinkAddress>();

    public List<RouteInfo> routes = new ArrayList<RouteInfo>();

    public List<String> dnsServers;

    public List<String> searchDomains;

    public List<String> allowedApplications;

    public VpnConfig() {

    }

    public VpnConfig(VpnConfig other) {

        user = other.user;

        interfaze = other.interfaze;

        session = other.session;

        mtu = other.mtu;

        addresses = copyOf(other.addresses);

        routes = copyOf(other.routes);

        dnsServers = copyOf(other.dnsServers);

        searchDomains = copyOf(other.searchDomains);

        allowedApplications = copyOf(other.allowedApplications);

        disallowedApplications = copyOf(other.disallowedApplications);

        configureIntent = other.configureIntent;

        startTime = other.startTime;

        legacy = other.legacy;

        blocking = other.blocking;

        allowBypass = other.allowBypass;

        allowIPv4 = other.allowIPv4;

        allowIPv6 = other.allowIPv6;

        isMetered = other.isMetered;

        underlyingNetworks = other.underlyingNetworks != null ? Arrays.copyOf(

                other.underlyingNetworks, other.underlyingNetworks.length) : null;

        proxyInfo = other.proxyInfo;

    public void updateAllowedFamilies(InetAddress address) {

        if (address instanceof Inet4Address) {

            allowIPv4 = true;

        } else {

            allowIPv6 = true;

        }

    private static <T> List<T> copyOf(List<T> list) {

        return list != null ? new ArrayList<>(list) : null;

    }

    public void addLegacyRoutes(String routesStr) {

            //each route is ip/prefix

            RouteInfo info = new RouteInfo(new IpPrefix(route), null, null, RouteInfo.RTN_UNICAST);

            this.routes.add(info);

            updateAllowedFamilies(info.getDestination().getAddress());

        }

    }

            //each address is ip/prefix

            LinkAddress addr = new LinkAddress(address);

            this.addresses.add(addr);

            updateAllowedFamilies(addr.getAddress());

        }

    }

            for (RouteInfo route : mConfig.routes) {

                lp.addRoute(route);

                InetAddress address = route.getDestination().getAddress();

                if (route.getType() == RouteInfo.RTN_UNICAST) {

                allowIPv4 |= address instanceof Inet4Address;

                allowIPv6 |= address instanceof Inet6Address;

            }

        }

        }

        if (mConfig.dnsServers != null) {

            for (String dnsServer : mConfig.dnsServers) {