Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9a1da68b authored by Jeff Davidson's avatar Jeff Davidson
Browse files

Expose a SystemApi method to prepare a VPN without consent. 

This is NOT designed to be called normally. Most apps (even
system-privileged ones) should request user consent before launching a
VPN. However, it is needed to support flows where consent can be
obtained through other means external to the VPN flow itself.

The API requires a system-privileged permission, CONTROL_VPN.

Bug: 18327583
Change-Id: I1bcdcf0fb5707faeb861ec4535e7ccffea369ae7
parent e0cb56b0

core/java/android/net/VpnService.java

+27 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package android.net; 
import static android.system.OsConstants.AF_INET;

import static android.system.OsConstants.AF_INET6;



import android.annotation.SystemApi;

import android.app.Activity;

import android.app.PendingIntent;

import android.app.Service;
@@ -163,6 +164,32 @@ public class VpnService extends Service { 
        return VpnConfig.getIntentForConfirmation();

    }



    /**

     * Version of {@link #prepare(Context)} which does not require user consent.

     *

     * <p>Requires {@link android.Manifest.permission#CONTROL_VPN} and should generally not be

     * used. Only acceptable in situations where user consent has been obtained through other means.

     *

     * <p>Once this is run, future preparations may be done with the standard prepare method as this

     * will authorize the package to prepare the VPN without consent in the future.

     *

     * @hide

     */

    @SystemApi

    public static void prepareAndAuthorize(Context context) {

        IConnectivityManager cm = getService();

        String packageName = context.getPackageName();

        try {

            // Only prepare if we're not already prepared.

            if (!cm.prepareVpn(packageName, null)) {

                cm.prepareVpn(null, packageName);

            }

            cm.setVpnPackageAuthorization(true);

        } catch (RemoteException e) {

            // ignore

        }

    }



    /**

     * Protect a socket from VPN connections. After protecting, data sent

     * through this socket will go directly to the underlying network,

services/core/java/com/android/server/ConnectivityService.java

+4 −5
Original line number Diff line number Diff line
@@ -2813,9 +2813,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 
    }



    /**

     * Prepare for a VPN application. This method is used by VpnDialogs

     * and not available in ConnectivityManager. Permissions are checked

     * in Vpn class.

     * Prepare for a VPN application. This method is used by system-privileged apps.

     * Permissions are checked in Vpn class.

     * @hide

     */

    @Override
@@ -2829,8 +2828,8 @@ public class ConnectivityService extends IConnectivityManager.Stub 


    /**

     * Set whether the current VPN package has the ability to launch VPNs without

     * user intervention. This method is used by system UIs and not available

     * in ConnectivityManager. Permissions are checked in Vpn class.

     * user intervention. This method is used by system-privileged apps.

     * Permissions are checked in Vpn class.

     * @hide

     */

    @Override