Prohibit address families by default unless a VPN explicitly allows them.
Bug: 15972465
Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
diff --git a/core/java/android/net/VpnService.java b/core/java/android/net/VpnService.java
index 4b07e3f..9b66997 100644
--- a/core/java/android/net/VpnService.java
+++ b/core/java/android/net/VpnService.java
@@ -373,6 +373,7 @@
throw new IllegalArgumentException("Bad address");
}
mAddresses.add(new LinkAddress(address, prefixLength));
+ mConfig.updateAllowedFamilies(address);
return this;
}
@@ -413,6 +414,7 @@
}
}
mRoutes.add(new RouteInfo(new LinkAddress(address, prefixLength), null));
+ mConfig.updateAllowedFamilies(address);
return this;
}
@@ -497,7 +499,14 @@
* @return this {@link Builder} object to facilitate chaining of method calls.
*/
public Builder allowFamily(int family) {
- // TODO
+ if (family == AF_INET) {
+ mConfig.allowIPv4 = true;
+ } else if (family == AF_INET6) {
+ mConfig.allowIPv6 = true;
+ } else {
+ throw new IllegalArgumentException(family + " is neither " + AF_INET + " nor " +
+ AF_INET6);
+ }
return this;
}