Loading api/current.txt +3 −0 Original line number Diff line number Diff line Loading @@ -6600,6 +6600,7 @@ package android.app.admin { method @Nullable public String[] getAccountTypesWithManagementDisabled(); method @Nullable public java.util.List<android.content.ComponentName> getActiveAdmins(); method @NonNull public java.util.Set<java.lang.String> getAffiliationIds(@NonNull android.content.ComponentName); method public java.util.List<java.lang.String> getAlwaysOnVpnLockdownWhitelist(@NonNull android.content.ComponentName); method @Nullable public String getAlwaysOnVpnPackage(@NonNull android.content.ComponentName); method @WorkerThread @NonNull public android.os.Bundle getApplicationRestrictions(@Nullable android.content.ComponentName, String); method @Deprecated @Nullable public String getApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName); Loading Loading @@ -6674,6 +6675,7 @@ package android.app.admin { method public boolean isActivePasswordSufficient(); method public boolean isAdminActive(@NonNull android.content.ComponentName); method public boolean isAffiliatedUser(); method public boolean isAlwaysOnVpnLockdownEnabled(@NonNull android.content.ComponentName); method public boolean isApplicationHidden(@NonNull android.content.ComponentName, String); method public boolean isBackupServiceEnabled(@NonNull android.content.ComponentName); method @Deprecated public boolean isCallerApplicationRestrictionsManagingPackage(); Loading Loading @@ -6711,6 +6713,7 @@ package android.app.admin { method public void setAccountManagementDisabled(@NonNull android.content.ComponentName, String, boolean); method public void setAffiliationIds(@NonNull android.content.ComponentName, @NonNull java.util.Set<java.lang.String>); method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException; method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean, @Nullable java.util.List<java.lang.String>) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException; method public boolean setApplicationHidden(@NonNull android.content.ComponentName, String, boolean); method @WorkerThread public void setApplicationRestrictions(@Nullable android.content.ComponentName, String, android.os.Bundle); method @Deprecated public void setApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName, @Nullable String) throws android.content.pm.PackageManager.NameNotFoundException; core/java/android/app/admin/DevicePolicyManager.java +92 −6 Original line number Diff line number Diff line Loading @@ -5048,12 +5048,17 @@ public class DevicePolicyManager { return null; } /** * Service-specific error code used in implementation of {@code setAlwaysOnVpnPackage} methods. * @hide */ public static final int ERROR_VPN_PACKAGE_NOT_FOUND = 1; /** * Called by a device or profile owner to configure an always-on VPN connection through a * specific application for the current user. This connection is automatically granted and * persisted after a reboot. * <p> * To support the always-on feature, an app must * <p> To support the always-on feature, an app must * <ul> * <li>declare a {@link android.net.VpnService} in its manifest, guarded by * {@link android.Manifest.permission#BIND_VPN_SERVICE};</li> Loading @@ -5062,12 +5067,13 @@ public class DevicePolicyManager { * {@link android.net.VpnService#SERVICE_META_DATA_SUPPORTS_ALWAYS_ON}.</li> * </ul> * The call will fail if called with the package name of an unsupported VPN app. * <p> Enabling lockdown via {@code lockdownEnabled} argument carries the risk that any failure * of the VPN provider could break networking for all apps. * * @param vpnPackage The package name for an installed VPN app on the device, or {@code null} to * remove an existing always-on VPN configuration. * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or * {@code false} otherwise. This carries the risk that any failure of the VPN provider * could break networking for all apps. This has no effect when clearing. * {@code false} otherwise. This has no effect when clearing. * @throws SecurityException if {@code admin} is not a device or a profile owner. * @throws NameNotFoundException if {@code vpnPackage} is not installed. * @throws UnsupportedOperationException if {@code vpnPackage} exists but does not support being Loading @@ -5076,16 +5082,96 @@ public class DevicePolicyManager { public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage, boolean lockdownEnabled) throws NameNotFoundException, UnsupportedOperationException { setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled, Collections.emptyList()); } /** * A version of {@link #setAlwaysOnVpnPackage(ComponentName, String, boolean)} that allows the * admin to specify a set of apps that should be able to access the network directly when VPN * is not connected. When VPN connects these apps switch over to VPN if allowed to use that VPN. * System apps can always bypass VPN. * <p> Note that the system doesn't update the whitelist when packages are installed or * uninstalled, the admin app must call this method to keep the list up to date. * * @param vpnPackage package name for an installed VPN app on the device, or {@code null} * to remove an existing always-on VPN configuration * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or * {@code false} otherwise. This has no effect when clearing. * @param lockdownWhitelist Packages that will be able to access the network directly when VPN * is in lockdown mode but not connected. Has no effect when clearing. * @throws SecurityException if {@code admin} is not a device or a profile * owner. * @throws NameNotFoundException if {@code vpnPackage} or one of * {@code lockdownWhitelist} is not installed. * @throws UnsupportedOperationException if {@code vpnPackage} exists but does * not support being set as always-on, or if always-on VPN is not * available. */ public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage, boolean lockdownEnabled, @Nullable List<String> lockdownWhitelist) throws NameNotFoundException, UnsupportedOperationException { throwIfParentInstance("setAlwaysOnVpnPackage"); if (mService != null) { try { if (!mService.setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled)) { throw new NameNotFoundException(vpnPackage); mService.setAlwaysOnVpnPackage( admin, vpnPackage, lockdownEnabled, lockdownWhitelist); } catch (ServiceSpecificException e) { switch (e.errorCode) { case ERROR_VPN_PACKAGE_NOT_FOUND: throw new NameNotFoundException(e.getMessage()); default: throw new RuntimeException( "Unknown error setting always-on VPN: " + e.errorCode); } } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Called by device or profile owner to query whether current always-on VPN is configured in * lockdown mode. Returns {@code false} when no always-on configuration is set. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * * @throws SecurityException if {@code admin} is not a device or a profile owner. * * @see #setAlwaysOnVpnPackage(ComponentName, String, boolean) */ public boolean isAlwaysOnVpnLockdownEnabled(@NonNull ComponentName admin) { throwIfParentInstance("isAlwaysOnVpnLockdownEnabled"); if (mService != null) { try { return mService.isAlwaysOnVpnLockdownEnabled(admin); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return false; } /** * Called by device or profile owner to query the list of packages that are allowed to access * the network directly when always-on VPN is in lockdown mode but not connected. Returns * {@code null} when always-on VPN is not active or not in lockdown mode. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * * @throws SecurityException if {@code admin} is not a device or a profile owner. * * @see #setAlwaysOnVpnPackage(ComponentName, String, boolean, List) */ public List<String> getAlwaysOnVpnLockdownWhitelist(@NonNull ComponentName admin) { throwIfParentInstance("getAlwaysOnVpnLockdownWhitelist"); if (mService != null) { try { return mService.getAlwaysOnVpnLockdownWhitelist(admin); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return null; } /** Loading core/java/android/app/admin/IDevicePolicyManager.aidl +3 −1 Original line number Diff line number Diff line Loading @@ -187,8 +187,10 @@ interface IDevicePolicyManager { void setCertInstallerPackage(in ComponentName who, String installerPackage); String getCertInstallerPackage(in ComponentName who); boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage, boolean lockdown); boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage, boolean lockdown, in List<String> lockdownWhitelist); String getAlwaysOnVpnPackage(in ComponentName who); boolean isAlwaysOnVpnLockdownEnabled(in ComponentName who); List<String> getAlwaysOnVpnLockdownWhitelist(in ComponentName who); void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity); void clearPackagePersistentPreferredActivities(in ComponentName admin, String packageName); Loading core/java/android/net/ConnectivityManager.java +39 −2 Original line number Diff line number Diff line Loading @@ -1014,14 +1014,20 @@ public class ConnectivityManager { * to remove an existing always-on VPN configuration. * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or * {@code false} otherwise. * @param lockdownWhitelist The list of packages that are allowed to access network directly * when VPN is in lockdown mode but is not running. Non-existent packages are ignored so * this method must be called when a package that should be whitelisted is installed or * uninstalled. * @return {@code true} if the package is set as always-on VPN controller; * {@code false} otherwise. * @hide */ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public boolean setAlwaysOnVpnPackageForUser(int userId, @Nullable String vpnPackage, boolean lockdownEnabled) { boolean lockdownEnabled, @Nullable List<String> lockdownWhitelist) { try { return mService.setAlwaysOnVpnPackage(userId, vpnPackage, lockdownEnabled); return mService.setAlwaysOnVpnPackage( userId, vpnPackage, lockdownEnabled, lockdownWhitelist); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -1036,6 +1042,7 @@ public class ConnectivityManager { * or {@code null} if none is set. * @hide */ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public String getAlwaysOnVpnPackageForUser(int userId) { try { return mService.getAlwaysOnVpnPackage(userId); Loading @@ -1044,6 +1051,36 @@ public class ConnectivityManager { } } /** * @return whether always-on VPN is in lockdown mode. * * @hide **/ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public boolean isVpnLockdownEnabled(int userId) { try { return mService.isVpnLockdownEnabled(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * @return the list of packages that are allowed to access network when always-on VPN is in * lockdown mode but not connected. Returns {@code null} when VPN lockdown is not active. * * @hide **/ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public List<String> getVpnLockdownWhitelist(int userId) { try { return mService.getVpnLockdownWhitelist(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Returns details about the currently active default data network * for a given uid. This is for internal use only to avoid spying Loading core/java/android/net/IConnectivityManager.aidl +4 −1 Original line number Diff line number Diff line Loading @@ -125,8 +125,11 @@ interface IConnectivityManager boolean updateLockdownVpn(); boolean isAlwaysOnVpnPackageSupported(int userId, String packageName); boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown); boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown, in List<String> lockdownWhitelist); String getAlwaysOnVpnPackage(int userId); boolean isVpnLockdownEnabled(int userId); List<String> getVpnLockdownWhitelist(int userId); int checkMobileProvisioning(int suggestedTimeOutMs); Loading Loading
api/current.txt +3 −0 Original line number Diff line number Diff line Loading @@ -6600,6 +6600,7 @@ package android.app.admin { method @Nullable public String[] getAccountTypesWithManagementDisabled(); method @Nullable public java.util.List<android.content.ComponentName> getActiveAdmins(); method @NonNull public java.util.Set<java.lang.String> getAffiliationIds(@NonNull android.content.ComponentName); method public java.util.List<java.lang.String> getAlwaysOnVpnLockdownWhitelist(@NonNull android.content.ComponentName); method @Nullable public String getAlwaysOnVpnPackage(@NonNull android.content.ComponentName); method @WorkerThread @NonNull public android.os.Bundle getApplicationRestrictions(@Nullable android.content.ComponentName, String); method @Deprecated @Nullable public String getApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName); Loading Loading @@ -6674,6 +6675,7 @@ package android.app.admin { method public boolean isActivePasswordSufficient(); method public boolean isAdminActive(@NonNull android.content.ComponentName); method public boolean isAffiliatedUser(); method public boolean isAlwaysOnVpnLockdownEnabled(@NonNull android.content.ComponentName); method public boolean isApplicationHidden(@NonNull android.content.ComponentName, String); method public boolean isBackupServiceEnabled(@NonNull android.content.ComponentName); method @Deprecated public boolean isCallerApplicationRestrictionsManagingPackage(); Loading Loading @@ -6711,6 +6713,7 @@ package android.app.admin { method public void setAccountManagementDisabled(@NonNull android.content.ComponentName, String, boolean); method public void setAffiliationIds(@NonNull android.content.ComponentName, @NonNull java.util.Set<java.lang.String>); method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException; method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean, @Nullable java.util.List<java.lang.String>) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException; method public boolean setApplicationHidden(@NonNull android.content.ComponentName, String, boolean); method @WorkerThread public void setApplicationRestrictions(@Nullable android.content.ComponentName, String, android.os.Bundle); method @Deprecated public void setApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName, @Nullable String) throws android.content.pm.PackageManager.NameNotFoundException;
core/java/android/app/admin/DevicePolicyManager.java +92 −6 Original line number Diff line number Diff line Loading @@ -5048,12 +5048,17 @@ public class DevicePolicyManager { return null; } /** * Service-specific error code used in implementation of {@code setAlwaysOnVpnPackage} methods. * @hide */ public static final int ERROR_VPN_PACKAGE_NOT_FOUND = 1; /** * Called by a device or profile owner to configure an always-on VPN connection through a * specific application for the current user. This connection is automatically granted and * persisted after a reboot. * <p> * To support the always-on feature, an app must * <p> To support the always-on feature, an app must * <ul> * <li>declare a {@link android.net.VpnService} in its manifest, guarded by * {@link android.Manifest.permission#BIND_VPN_SERVICE};</li> Loading @@ -5062,12 +5067,13 @@ public class DevicePolicyManager { * {@link android.net.VpnService#SERVICE_META_DATA_SUPPORTS_ALWAYS_ON}.</li> * </ul> * The call will fail if called with the package name of an unsupported VPN app. * <p> Enabling lockdown via {@code lockdownEnabled} argument carries the risk that any failure * of the VPN provider could break networking for all apps. * * @param vpnPackage The package name for an installed VPN app on the device, or {@code null} to * remove an existing always-on VPN configuration. * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or * {@code false} otherwise. This carries the risk that any failure of the VPN provider * could break networking for all apps. This has no effect when clearing. * {@code false} otherwise. This has no effect when clearing. * @throws SecurityException if {@code admin} is not a device or a profile owner. * @throws NameNotFoundException if {@code vpnPackage} is not installed. * @throws UnsupportedOperationException if {@code vpnPackage} exists but does not support being Loading @@ -5076,16 +5082,96 @@ public class DevicePolicyManager { public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage, boolean lockdownEnabled) throws NameNotFoundException, UnsupportedOperationException { setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled, Collections.emptyList()); } /** * A version of {@link #setAlwaysOnVpnPackage(ComponentName, String, boolean)} that allows the * admin to specify a set of apps that should be able to access the network directly when VPN * is not connected. When VPN connects these apps switch over to VPN if allowed to use that VPN. * System apps can always bypass VPN. * <p> Note that the system doesn't update the whitelist when packages are installed or * uninstalled, the admin app must call this method to keep the list up to date. * * @param vpnPackage package name for an installed VPN app on the device, or {@code null} * to remove an existing always-on VPN configuration * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or * {@code false} otherwise. This has no effect when clearing. * @param lockdownWhitelist Packages that will be able to access the network directly when VPN * is in lockdown mode but not connected. Has no effect when clearing. * @throws SecurityException if {@code admin} is not a device or a profile * owner. * @throws NameNotFoundException if {@code vpnPackage} or one of * {@code lockdownWhitelist} is not installed. * @throws UnsupportedOperationException if {@code vpnPackage} exists but does * not support being set as always-on, or if always-on VPN is not * available. */ public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage, boolean lockdownEnabled, @Nullable List<String> lockdownWhitelist) throws NameNotFoundException, UnsupportedOperationException { throwIfParentInstance("setAlwaysOnVpnPackage"); if (mService != null) { try { if (!mService.setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled)) { throw new NameNotFoundException(vpnPackage); mService.setAlwaysOnVpnPackage( admin, vpnPackage, lockdownEnabled, lockdownWhitelist); } catch (ServiceSpecificException e) { switch (e.errorCode) { case ERROR_VPN_PACKAGE_NOT_FOUND: throw new NameNotFoundException(e.getMessage()); default: throw new RuntimeException( "Unknown error setting always-on VPN: " + e.errorCode); } } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Called by device or profile owner to query whether current always-on VPN is configured in * lockdown mode. Returns {@code false} when no always-on configuration is set. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * * @throws SecurityException if {@code admin} is not a device or a profile owner. * * @see #setAlwaysOnVpnPackage(ComponentName, String, boolean) */ public boolean isAlwaysOnVpnLockdownEnabled(@NonNull ComponentName admin) { throwIfParentInstance("isAlwaysOnVpnLockdownEnabled"); if (mService != null) { try { return mService.isAlwaysOnVpnLockdownEnabled(admin); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return false; } /** * Called by device or profile owner to query the list of packages that are allowed to access * the network directly when always-on VPN is in lockdown mode but not connected. Returns * {@code null} when always-on VPN is not active or not in lockdown mode. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * * @throws SecurityException if {@code admin} is not a device or a profile owner. * * @see #setAlwaysOnVpnPackage(ComponentName, String, boolean, List) */ public List<String> getAlwaysOnVpnLockdownWhitelist(@NonNull ComponentName admin) { throwIfParentInstance("getAlwaysOnVpnLockdownWhitelist"); if (mService != null) { try { return mService.getAlwaysOnVpnLockdownWhitelist(admin); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return null; } /** Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +3 −1 Original line number Diff line number Diff line Loading @@ -187,8 +187,10 @@ interface IDevicePolicyManager { void setCertInstallerPackage(in ComponentName who, String installerPackage); String getCertInstallerPackage(in ComponentName who); boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage, boolean lockdown); boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage, boolean lockdown, in List<String> lockdownWhitelist); String getAlwaysOnVpnPackage(in ComponentName who); boolean isAlwaysOnVpnLockdownEnabled(in ComponentName who); List<String> getAlwaysOnVpnLockdownWhitelist(in ComponentName who); void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity); void clearPackagePersistentPreferredActivities(in ComponentName admin, String packageName); Loading
core/java/android/net/ConnectivityManager.java +39 −2 Original line number Diff line number Diff line Loading @@ -1014,14 +1014,20 @@ public class ConnectivityManager { * to remove an existing always-on VPN configuration. * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or * {@code false} otherwise. * @param lockdownWhitelist The list of packages that are allowed to access network directly * when VPN is in lockdown mode but is not running. Non-existent packages are ignored so * this method must be called when a package that should be whitelisted is installed or * uninstalled. * @return {@code true} if the package is set as always-on VPN controller; * {@code false} otherwise. * @hide */ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public boolean setAlwaysOnVpnPackageForUser(int userId, @Nullable String vpnPackage, boolean lockdownEnabled) { boolean lockdownEnabled, @Nullable List<String> lockdownWhitelist) { try { return mService.setAlwaysOnVpnPackage(userId, vpnPackage, lockdownEnabled); return mService.setAlwaysOnVpnPackage( userId, vpnPackage, lockdownEnabled, lockdownWhitelist); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -1036,6 +1042,7 @@ public class ConnectivityManager { * or {@code null} if none is set. * @hide */ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public String getAlwaysOnVpnPackageForUser(int userId) { try { return mService.getAlwaysOnVpnPackage(userId); Loading @@ -1044,6 +1051,36 @@ public class ConnectivityManager { } } /** * @return whether always-on VPN is in lockdown mode. * * @hide **/ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public boolean isVpnLockdownEnabled(int userId) { try { return mService.isVpnLockdownEnabled(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * @return the list of packages that are allowed to access network when always-on VPN is in * lockdown mode but not connected. Returns {@code null} when VPN lockdown is not active. * * @hide **/ @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN) public List<String> getVpnLockdownWhitelist(int userId) { try { return mService.getVpnLockdownWhitelist(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Returns details about the currently active default data network * for a given uid. This is for internal use only to avoid spying Loading
core/java/android/net/IConnectivityManager.aidl +4 −1 Original line number Diff line number Diff line Loading @@ -125,8 +125,11 @@ interface IConnectivityManager boolean updateLockdownVpn(); boolean isAlwaysOnVpnPackageSupported(int userId, String packageName); boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown); boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown, in List<String> lockdownWhitelist); String getAlwaysOnVpnPackage(int userId); boolean isVpnLockdownEnabled(int userId); List<String> getVpnLockdownWhitelist(int userId); int checkMobileProvisioning(int suggestedTimeOutMs); Loading
