commit 633f0e875dd6bda31f575fe4bc0187e9f245403f
author Sreeram Ramachandran <sreeram@google.com> Wed Jul 09 21:11:12 2014 -0700
committer Sreeram Ramachandran <sreeram@google.com> Thu Jul 10 21:33:58 2014 +0000
tree 5177336aaa69164008905afe2ea8546cc91bb5b5
parent 1e2554b99719c95f8c4acdfc170e0d07f2815ed2

Let VpnService specify a white/black list of apps that are allowed access.

New API with stub implementation to be filled out later.

Bug: 13651397
Change-Id: Ibabd6c22495ce58dc88142bb958c1ef12adcf78e

api/current.txt

diff --git a/api/current.txt b/api/current.txt
index 87bb6ae..2011043 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -852,7 +852,7 @@
     field public static final int mirrorForRtl = 16843726; // 0x10103ce
     field public static final int mode = 16843134; // 0x101017e
     field public static final int moreIcon = 16843061; // 0x1010135
-    field public static final int multiArch = 16843918; // 0x101048e
+    field public static final int multiArch = 16843919; // 0x101048f
     field public static final int multiprocess = 16842771; // 0x1010013
     field public static final int name = 16842755; // 0x1010003
     field public static final int navigationBarColor = 16843860; // 0x1010454
@@ -16841,6 +16841,8 @@
     ctor public VpnService.Builder();
     method public android.net.VpnService.Builder addAddress(java.net.InetAddress, int);
     method public android.net.VpnService.Builder addAddress(java.lang.String, int);
+    method public android.net.VpnService.Builder addAllowedApplication(java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;
+    method public android.net.VpnService.Builder addDisallowedApplication(java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;
     method public android.net.VpnService.Builder addDnsServer(java.net.InetAddress);
     method public android.net.VpnService.Builder addDnsServer(java.lang.String);
     method public android.net.VpnService.Builder addRoute(java.net.InetAddress, int);

core/java/android/net/VpnService.java

diff --git a/core/java/android/net/VpnService.java b/core/java/android/net/VpnService.java
index e9de79d..680b8f26d 100644
--- a/core/java/android/net/VpnService.java
+++ b/core/java/android/net/VpnService.java
@@ -24,6 +24,7 @@
 import android.app.Service;
 import android.content.Context;
 import android.content.Intent;
+import android.content.pm.PackageManager;
 import android.net.NetworkUtils;
 import android.os.Binder;
 import android.os.IBinder;
@@ -501,6 +502,57 @@
         }
 
         /**
+         * Adds an application that's allowed to access the VPN connection.
+         *
+         * If this method is called at least once, only applications added through this method (and
+         * no others) are allowed access. Else (if this method is never called), all applications
+         * are allowed by default.
+         *
+         * A {@link Builder} may have only a set of allowed applications OR a set of disallowed
+         * ones, but not both. Calling this method after {@link #addDisallowedApplication} has
+         * already been called, or vice versa, will throw an {@link UnsupportedOperationException}.
+         *
+         * {@code packageName} must be the canonical name of a currently installed application.
+         * {@link PackageManager.NameNotFoundException} is thrown if there's no such application.
+         *
+         * @throws {@link PackageManager.NameNotFoundException} If the application isn't installed.
+         *
+         * @param packageName The full name (e.g.: "com.google.apps.contacts") of an application.
+         *
+         * @return this {@link Builder} object to facilitate chaining method calls.
+         */
+        public Builder addAllowedApplication(String packageName)
+                throws PackageManager.NameNotFoundException {
+            // TODO
+            return this;
+        }
+
+        /**
+         * Adds an application that's denied access to the VPN connection.
+         *
+         * By default, all applications are allowed access, except for those denied through this
+         * method.
+         *
+         * A {@link Builder} may have only a set of allowed applications OR a set of disallowed
+         * ones, but not both. Calling this method after {@link #addAllowedApplication} has already
+         * been called, or vice versa, will throw an {@link UnsupportedOperationException}.
+         *
+         * {@code packageName} must be the canonical name of a currently installed application.
+         * {@link PackageManager.NameNotFoundException} is thrown if there's no such application.
+         *
+         * @throws {@link PackageManager.NameNotFoundException} If the application isn't installed.
+         *
+         * @param packageName The full name (e.g.: "com.google.apps.contacts") of an application.
+         *
+         * @return this {@link Builder} object to facilitate chaining method calls.
+         */
+        public Builder addDisallowedApplication(String packageName)
+                throws PackageManager.NameNotFoundException {
+            // TODO
+            return this;
+        }
+
+        /**
          * Create a VPN interface using the parameters supplied to this
          * builder. The interface works on IP packets, and a file descriptor
          * is returned for the application to access them. Each read