Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 1384605a authored by Sreeram Ramachandran's avatar Sreeram Ramachandran
Browse files

Update VpnService API documentation. 

The goal of blocking an address family by default is to prevent unintended
security holes. For example, a VPN that only deals with IPv4 doesn't know or
care about IPv6 at all, so it doesn't do anything for IPv6. An app shouldn't be
able to get around (bypass) the VPN by using IPv6.

Therefore, it is not necessary to block an address family in removeAddress().
The VPN was clearly aware of the address family (since it had configured such an
address before), so if it wants to block that family, it should add a default
route for that family and explicitly drop/block/reject those packets.

Bug: 15972465
Bug: 15409819
Change-Id: I845426fa90dc2358d3e11bc601db0b4bd5d3b7ac
parent 5f90bccd
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment