Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dc67971a authored by Robin Lee's avatar Robin Lee
Browse files

Add lockdownEnabled parameter to always-on VPN API 

Allows callers to opt-out of blockading network traffic during boot and
on VPN app failure.

Bug: 26694104
Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
parent 7544ac22

api/current.txt

+1 −1
Original line number Original line Diff line number Diff line
@@ -5965,7 +5965,7 @@ package android.app.admin { 
    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);

    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);

    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);

    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);

    method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);

    method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);

    method public void setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public void setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String, boolean) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);

    method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);

    method public void setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle);

    method public void setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle);

    method public void setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;

    method public void setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;

api/system-current.txt

+1 −1
Original line number Original line Diff line number Diff line
@@ -6126,7 +6126,7 @@ package android.app.admin { 
    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);

    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);

    method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);

    method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);

    method public deprecated boolean setActiveProfileOwner(android.content.ComponentName, java.lang.String) throws java.lang.IllegalArgumentException;

    method public deprecated boolean setActiveProfileOwner(android.content.ComponentName, java.lang.String) throws java.lang.IllegalArgumentException;

    method public void setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public void setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String, boolean) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);

    method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);

    method public void setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle);

    method public void setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle);

    method public void setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;

    method public void setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;

api/test-current.txt

+1 −1
Original line number Original line Diff line number Diff line
@@ -5969,7 +5969,7 @@ package android.app.admin { 
    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);

    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);

    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);

    method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);

    method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);

    method public void setAccountManagementDisabled(android.content.ComponentName, java.lang.String, boolean);

    method public void setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public void setAlwaysOnVpnPackage(android.content.ComponentName, java.lang.String, boolean) throws android.content.pm.PackageManager.NameNotFoundException, java.lang.UnsupportedOperationException;

    method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);

    method public boolean setApplicationHidden(android.content.ComponentName, java.lang.String, boolean);

    method public void setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle);

    method public void setApplicationRestrictions(android.content.ComponentName, java.lang.String, android.os.Bundle);

    method public void setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;

    method public void setApplicationRestrictionsManagingPackage(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;

core/java/android/app/admin/DevicePolicyManager.java

+20 −3
Original line number Original line Diff line number Diff line
@@ -2996,6 +2996,19 @@ public class DevicePolicyManager { 
        return null;

        return null;

    }

    }





    /**

     * Called by a device or profile owner to configure an always-on VPN connection through a

     * specific application for the current user.

     *

     * @deprecated this version only exists for compability with previous developer preview builds.

     *             TODO: delete once there are no longer any live references.

     * @hide

     */

    public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage)

            throws NameNotFoundException, UnsupportedOperationException {

        setAlwaysOnVpnPackage(admin, vpnPackage, /* lockdownEnabled */ true);

    }



    /**

    /**

     * Called by a device or profile owner to configure an always-on VPN connection through a

     * Called by a device or profile owner to configure an always-on VPN connection through a

     * specific application for the current user. This connection is automatically granted and

     * specific application for the current user. This connection is automatically granted and
@@ -3007,6 +3020,9 @@ public class DevicePolicyManager { 
     *

     *

     * @param vpnPackage The package name for an installed VPN app on the device, or {@code null} to

     * @param vpnPackage The package name for an installed VPN app on the device, or {@code null} to

     *        remove an existing always-on VPN configuration.

     *        remove an existing always-on VPN configuration.

     * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or

     *        {@code false} otherwise. This carries the risk that any failure of the VPN provider

     *        could break networking for all apps. This has no effect when clearing.

     * @return {@code true} if the package is set as always-on VPN controller; {@code false}

     * @return {@code true} if the package is set as always-on VPN controller; {@code false}

     *         otherwise.

     *         otherwise.

     * @throws SecurityException if {@code admin} is not a device or a profile owner.

     * @throws SecurityException if {@code admin} is not a device or a profile owner.
@@ -3014,12 +3030,13 @@ public class DevicePolicyManager { 
     * @throws UnsupportedOperationException if {@code vpnPackage} exists but does not support being

     * @throws UnsupportedOperationException if {@code vpnPackage} exists but does not support being

     *         set as always-on, or if always-on VPN is not available.

     *         set as always-on, or if always-on VPN is not available.

     */

     */

    public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage)

    public void setAlwaysOnVpnPackage(@NonNull ComponentName admin, @Nullable String vpnPackage,

            boolean lockdownEnabled)

            throws NameNotFoundException, UnsupportedOperationException {

            throws NameNotFoundException, UnsupportedOperationException {

        throwIfParentInstance("setAlwaysOnVpnPackage");

        throwIfParentInstance("setAlwaysOnVpnPackage");

        if (mService != null) {

        if (mService != null) {

            try {

            try {

                if (!mService.setAlwaysOnVpnPackage(admin, vpnPackage)) {

                if (!mService.setAlwaysOnVpnPackage(admin, vpnPackage, lockdownEnabled)) {

                    throw new NameNotFoundException(vpnPackage);

                    throw new NameNotFoundException(vpnPackage);

                }

                }

            } catch (RemoteException e) {

            } catch (RemoteException e) {

core/java/android/app/admin/IDevicePolicyManager.aidl

+1 −1
Original line number Original line Diff line number Diff line
@@ -157,7 +157,7 @@ interface IDevicePolicyManager { 
    void setCertInstallerPackage(in ComponentName who, String installerPackage);

    void setCertInstallerPackage(in ComponentName who, String installerPackage);

    String getCertInstallerPackage(in ComponentName who);

    String getCertInstallerPackage(in ComponentName who);





    boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage);

    boolean setAlwaysOnVpnPackage(in ComponentName who, String vpnPackage, boolean lockdown);

    String getAlwaysOnVpnPackage(in ComponentName who);

    String getAlwaysOnVpnPackage(in ComponentName who);





    void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity);

    void addPersistentPreferredActivity(in ComponentName admin, in IntentFilter filter, in ComponentName activity);