Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9294eb1 authored by Sreeram Ramachandran's avatar Sreeram Ramachandran
Browse files

Allow a VPN to be declared bypassable. 

A VPN declared bypassable allows apps to use the new multinetwork APIs to
send/receive traffic directly over the underlying network, whereas without it,
traffic from those apps would be forced to go via the VPN.

Apps still need the right permissions to access the underlying network. For
example, if the underlying network is "untrusted", only apps with
CHANGE_NETWORK_STATE (or such permission) can actually use it directly.

New API with stub implementation to be filled out later.

Bug: 15347374
Change-Id: I8794715e024e08380a43f7a090613c5897611c5b
parent 1c52d026

api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -16850,6 +16850,7 @@ package android.net { 
    method public android.net.VpnService.Builder addRoute(java.net.InetAddress, int);

    method public android.net.VpnService.Builder addRoute(java.lang.String, int);

    method public android.net.VpnService.Builder addSearchDomain(java.lang.String);

    method public android.net.VpnService.Builder allowBypass();

    method public android.net.VpnService.Builder allowFamily(int);

    method public android.os.ParcelFileDescriptor establish();

    method public android.net.VpnService.Builder setConfigureIntent(android.app.PendingIntent);

core/java/android/net/VpnService.java

+15 −0
Original line number Diff line number Diff line
@@ -552,6 +552,21 @@ public class VpnService extends Service { 
            return this;

        }



        /**

         * Allows all apps to bypass this VPN connection.

         *

         * By default, all traffic from apps is forwarded through the VPN interface and it is not

         * possible for apps to side-step the VPN. If this method is called, apps may use methods

         * such as {@link ConnectivityManager#setProcessDefaultNetwork} to instead send/receive

         * directly over the underlying network or any other network they have permissions for.

         *

         * @return this {@link Builder} object to facilitate chaining of method calls.

         */

        public Builder allowBypass() {

            // TODO

            return this;

        }



        /**

         * Create a VPN interface using the parameters supplied to this

         * builder. The interface works on IP packets, and a file descriptor