Whitelist packages from VPN lockdown.

    method @Nullable public String[] getAccountTypesWithManagementDisabled();

    method @Nullable public java.util.List<android.content.ComponentName> getActiveAdmins();

    method @NonNull public java.util.Set<java.lang.String> getAffiliationIds(@NonNull android.content.ComponentName);

    method public java.util.List<java.lang.String> getAlwaysOnVpnLockdownWhitelist(@NonNull android.content.ComponentName);

    method @Nullable public String getAlwaysOnVpnPackage(@NonNull android.content.ComponentName);

    method @WorkerThread @NonNull public android.os.Bundle getApplicationRestrictions(@Nullable android.content.ComponentName, String);

    method @Deprecated @Nullable public String getApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName);

    method public boolean isActivePasswordSufficient();

    method public boolean isAdminActive(@NonNull android.content.ComponentName);

    method public boolean isAffiliatedUser();

    method public boolean isAlwaysOnVpnLockdownEnabled(@NonNull android.content.ComponentName);

    method public boolean isApplicationHidden(@NonNull android.content.ComponentName, String);

    method public boolean isBackupServiceEnabled(@NonNull android.content.ComponentName);

    method @Deprecated public boolean isCallerApplicationRestrictionsManagingPackage();

    method public void setAccountManagementDisabled(@NonNull android.content.ComponentName, String, boolean);

    method public void setAffiliationIds(@NonNull android.content.ComponentName, @NonNull java.util.Set<java.lang.String>);

    method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public void setAlwaysOnVpnPackage(@NonNull android.content.ComponentName, @Nullable String, boolean, @Nullable java.util.List<java.lang.String>) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public boolean setApplicationHidden(@NonNull android.content.ComponentName, String, boolean);

    method @WorkerThread public void setApplicationRestrictions(@Nullable android.content.ComponentName, String, android.os.Bundle);

    method @Deprecated public void setApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName, @Nullable String) throws android.content.pm.PackageManager.NameNotFoundException;

        return null;

    }

    /**

     * Service-specific error code used in implementation of {@code setAlwaysOnVpnPackage} methods.

     * @hide

     */

    public static final int ERROR_VPN_PACKAGE_NOT_FOUND = 1;

    /**

     * Called by a device or profile owner to configure an always-on VPN connection through a

     * specific application for the current user. This connection is automatically granted and

     * persisted after a reboot.

     * <p>

     * To support the always-on feature, an app must

     * <p> To support the always-on feature, an app must

     * <ul>

     *     <li>declare a {@link android.net.VpnService} in its manifest, guarded by

     *         {@link android.Manifest.permission#BIND_VPN_SERVICE};</li>

     *         {@link android.net.VpnService#SERVICE_META_DATA_SUPPORTS_ALWAYS_ON}.</li>

     * </ul>

     * The call will fail if called with the package name of an unsupported VPN app.

     * <p> Enabling lockdown via {@code lockdownEnabled} argument carries the risk that any failure

     * of the VPN provider could break networking for all apps.

     *

     * @param vpnPackage The package name for an installed VPN app on the device, or {@code null} to

     *        remove an existing always-on VPN configuration.

     * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or

     *        {@code false} otherwise. This carries the risk that any failure of the VPN provider

     *        could break networking for all apps. This has no effect when clearing.

     *        {@code false} otherwise. This has no effect when clearing.

     * @throws SecurityException if {@code admin} is not a device or a profile owner.

     * @throws NameNotFoundException if {@code vpnPackage} is not installed.

     * @throws UnsupportedOperationException if {@code vpnPackage} exists but does not support being

    public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage,

            boolean lockdownEnabled)

            throws NameNotFoundException, UnsupportedOperationException {

        setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled, Collections.emptyList());

    }

    /**

     * A version of {@link #setAlwaysOnVpnPackage(ComponentName, String, boolean)} that allows the

     * admin to specify a set of apps that should be able to access the network directly when VPN

     * is not connected. When VPN connects these apps switch over to VPN if allowed to use that VPN.

     * System apps can always bypass VPN.

     * <p> Note that the system doesn't update the whitelist when packages are installed or

     * uninstalled, the admin app must call this method to keep the list up to date.

     *

     * @param vpnPackage package name for an installed VPN app on the device, or {@code null}

     *         to remove an existing always-on VPN configuration

     * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or

     *         {@code false} otherwise. This has no effect when clearing.

     * @param lockdownWhitelist Packages that will be able to access the network directly when VPN

     *         is in lockdown mode but not connected. Has no effect when clearing.

     * @throws SecurityException if {@code admin} is not a device or a profile

     *         owner.

     * @throws NameNotFoundException if {@code vpnPackage} or one of

     *         {@code lockdownWhitelist} is not installed.

     * @throws UnsupportedOperationException if {@code vpnPackage} exists but does

     *         not support being set as always-on, or if always-on VPN is not

     *         available.

     */

    public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage,

            boolean lockdownEnabled, @Nullable List<String> lockdownWhitelist)

            throws NameNotFoundException, UnsupportedOperationException {

        throwIfParentInstance("setAlwaysOnVpnPackage");

        if (mService != null) {

            try {

                if (!mService.setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled)) {

                    throw new NameNotFoundException(vpnPackage);

                mService.setAlwaysOnVpnPackage(

                        admin, vpnPackage, lockdownEnabled, lockdownWhitelist);

            } catch (ServiceSpecificException e) {

                switch (e.errorCode) {

                    case ERROR_VPN_PACKAGE_NOT_FOUND:

                        throw new NameNotFoundException(e.getMessage());

                    default:

                        throw new RuntimeException(

                                "Unknown error setting always-on VPN: " + e.errorCode);

                }

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

        }

    }

    /**

     * Called by device or profile owner to query whether current always-on VPN is configured in

     * lockdown mode. Returns {@code false} when no always-on configuration is set.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     *

     * @throws SecurityException if {@code admin} is not a device or a profile owner.

     *

     * @see #setAlwaysOnVpnPackage(ComponentName, String, boolean)

     */

    public boolean isAlwaysOnVpnLockdownEnabled(@NonNull ComponentName admin) {

        throwIfParentInstance("isAlwaysOnVpnLockdownEnabled");

        if (mService != null) {

            try {

                return mService.isAlwaysOnVpnLockdownEnabled(admin);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

        return false;

    }

    /**

     * Called by device or profile owner to query the list of packages that are allowed to access

     * the network directly when always-on VPN is in lockdown mode but not connected. Returns

     * {@code null} when always-on VPN is not active or not in lockdown mode.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     *

     * @throws SecurityException if {@code admin} is not a device or a profile owner.

     *

     * @see #setAlwaysOnVpnPackage(ComponentName, String, boolean, List)

     */

    public List<String> getAlwaysOnVpnLockdownWhitelist(@NonNull ComponentName admin) {

        throwIfParentInstance("getAlwaysOnVpnLockdownWhitelist");

        if (mService != null) {

            try {

                return mService.getAlwaysOnVpnLockdownWhitelist(admin);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

        return null;

    }

    /**

     * Called by a device or profile owner to read the name of the package administering an

     * always-on VPN connection for the current user. If there is no such package, or the always-on

    void setCertInstallerPackage(in ComponentName who, String installerPackage);

    String getCertInstallerPackage(in ComponentName who);

    boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage, boolean lockdown);

    boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage, boolean lockdown, in List<String> lockdownWhitelist);

    String getAlwaysOnVpnPackage(in ComponentName who);

    boolean isAlwaysOnVpnLockdownEnabled(in ComponentName who);

    List<String> getAlwaysOnVpnLockdownWhitelist(in ComponentName who);

    void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity);

    void clearPackagePersistentPreferredActivities(in ComponentName admin, String packageName);

     *                   to remove an existing always-on VPN configuration.

     * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or

     *        {@code false} otherwise.

     * @param lockdownWhitelist The list of packages that are allowed to access network directly

     *         when VPN is in lockdown mode but is not running. Non-existent packages are ignored so

     *         this method must be called when a package that should be whitelisted is installed or

     *         uninstalled.

     * @return {@code true} if the package is set as always-on VPN controller;

     *         {@code false} otherwise.

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)

    public boolean setAlwaysOnVpnPackageForUser(int userId, @Nullable String vpnPackage,

            boolean lockdownEnabled) {

            boolean lockdownEnabled, @Nullable List<String> lockdownWhitelist) {

        try {

            return mService.setAlwaysOnVpnPackage(userId, vpnPackage, lockdownEnabled);

            return mService.setAlwaysOnVpnPackage(

                    userId, vpnPackage, lockdownEnabled, lockdownWhitelist);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

     *         or {@code null} if none is set.

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)

    public String getAlwaysOnVpnPackageForUser(int userId) {

        try {

            return mService.getAlwaysOnVpnPackage(userId);

        }

    }

    /**

     * @return whether always-on VPN is in lockdown mode.

     *

     * @hide

     **/

    @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)

    public boolean isVpnLockdownEnabled(int userId) {

        try {

            return mService.isVpnLockdownEnabled(userId);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

    }

    /**

     * @return the list of packages that are allowed to access network when always-on VPN is in

     * lockdown mode but not connected. Returns {@code null} when VPN lockdown is not active.

     *

     * @hide

     **/

    @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)

    public List<String> getVpnLockdownWhitelist(int userId) {

        try {

            return mService.getVpnLockdownWhitelist(userId);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

    }

    /**

     * Returns details about the currently active default data network

     * for a given uid.  This is for internal use only to avoid spying

    boolean updateLockdownVpn();

    boolean isAlwaysOnVpnPackageSupported(int userId, String packageName);

    boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown);

    boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown,

            in List<String> lockdownWhitelist);

    String getAlwaysOnVpnPackage(int userId);

    boolean isVpnLockdownEnabled(int userId);

    List<String> getVpnLockdownWhitelist(int userId);

    int checkMobileProvisioning(int suggestedTimeOutMs);