Implement support for bypassable VPNs.
Bypassable VPNs grab all traffic by default (just like secure VPNs), but:
+ They allow all apps to choose other networks using the multinetwork APIs.
If these other networks are insecure ("untrusted"), they will enforce that the
app holds the necessary permissions, such as CHANGE_NETWORK_STATE.
+ They support consistent routing. If an app has an existing connection over
some other network when the bypassable VPN comes up, it's not interrupted.
Bug: 15347374
Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index db423b0..75a7878 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -1947,11 +1947,12 @@
}
@Override
- public void createVirtualNetwork(int netId, boolean hasDNS) {
+ public void createVirtualNetwork(int netId, boolean hasDNS, boolean secure) {
mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
try {
- mConnector.execute("network", "create", netId, "vpn", hasDNS ? "1" : "0");
+ mConnector.execute("network", "create", netId, "vpn", hasDNS ? "1" : "0",
+ secure ? "1" : "0");
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}