commit 42065ac64cba166dc0fe602957ea8fe80bf406e2
author Sreeram Ramachandran <sreeram@google.com> Sun Jul 27 00:37:35 2014 -0700
committer Sreeram Ramachandran <sreeram@google.com> Mon Jul 28 18:52:41 2014 +0000
tree 989ef8d227a36fc807ce585969ba32f235c04154
parent 4c4064fa66f551f49b7e1017b1ebe65a05f9df21

Prohibit address families by default unless a VPN explicitly allows them.

Bug: 15972465
Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589

core/java/android/net/VpnService.java

diff --git a/core/java/android/net/VpnService.java b/core/java/android/net/VpnService.java
index 4b07e3f..9b66997 100644
--- a/core/java/android/net/VpnService.java
+++ b/core/java/android/net/VpnService.java
@@ -373,6 +373,7 @@
                 throw new IllegalArgumentException("Bad address");
             }
             mAddresses.add(new LinkAddress(address, prefixLength));
+            mConfig.updateAllowedFamilies(address);
             return this;
         }
 
@@ -413,6 +414,7 @@
                 }
             }
             mRoutes.add(new RouteInfo(new LinkAddress(address, prefixLength), null));
+            mConfig.updateAllowedFamilies(address);
             return this;
         }
 
@@ -497,7 +499,14 @@
          * @return this {@link Builder} object to facilitate chaining of method calls.
          */
         public Builder allowFamily(int family) {
-            // TODO
+            if (family == AF_INET) {
+                mConfig.allowIPv4 = true;
+            } else if (family == AF_INET6) {
+                mConfig.allowIPv6 = true;
+            } else {
+                throw new IllegalArgumentException(family + " is neither " + AF_INET + " nor " +
+                        AF_INET6);
+            }
             return this;
         }