commit 17e6183b85ba3038acb935aaa01415058b2e6ddd
author Robin Lee <rgl@google.com> Mon May 09 13:46:28 2016 +0100
committer Robin Lee <rgl@google.com> Thu May 19 00:26:53 2016 +0100
tree 24620c64f25a59c5f016861048990f9e0df54863
parent 4d03abcd49af490dba3850d341b955dd72f24959

Lock down networking when waiting for always-on

Fix: 26694104
Fix: 27042309
Fix: 28335277
Change-Id: I47a4c9d2b98235195b1356af3dabf7235870e4fa

services/core/java/com/android/server/NetworkManagementService.java

diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index e5b301e..8b2d003 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1845,6 +1845,22 @@
     }
 
     @Override
+    public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges)
+            throws ServiceSpecificException {
+        try {
+            mNetdService.networkRejectNonSecureVpn(add, uidRanges);
+        } catch (ServiceSpecificException e) {
+            Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")"
+                    + ": netd command failed", e);
+            throw e;
+        } catch (RemoteException e) {
+            Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")"
+                    + ": netd command failed", e);
+            throw e.rethrowAsRuntimeException();
+        }
+    }
+
+    @Override
     public void setUidCleartextNetworkPolicy(int uid, int policy) {
         if (Binder.getCallingUid() != uid) {
             mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);