Implement support for bypassable VPNs. Bypassable VPNs grab all traffic by default (just like secure VPNs), but: + They allow all apps to choose other networks using the multinetwork APIs. If these other networks are insecure ("untrusted"), they will enforce that the app holds the necessary permissions, such as CHANGE_NETWORK_STATE. + They support consistent routing. If an app has an existing connection over some other network when the bypassable VPN comes up, it's not interrupted. Bug: 15347374 Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3

commit: 95684ba176a9fe5ea59207d7202e47fa12bbfdbe [log] [tgz]
author: Sreeram Ramachandran <sreeram@google.com> Wed Jul 23 13:27:31 2014 -0700
committer: Sreeram Ramachandran <sreeram@google.com> Fri Jul 25 14:58:08 2014 -0700
tree: 0e26a0409c05a8c8ae8daabc0fb004d1fc5f0087
parent: 111bec203e82bdc9fb2c27df7c232465dffeee5f [diff] [blame]
diff --git a/server/NetworkController.h b/server/NetworkController.h
index f0b42c4..f065ba5 100644
--- a/server/NetworkController.h
+++ b/server/NetworkController.h

@@ -56,7 +56,7 @@
     bool isVirtualNetwork(unsigned netId) const;
 
     int createPhysicalNetwork(unsigned netId, Permission permission) WARN_UNUSED_RESULT;
-    int createVirtualNetwork(unsigned netId, bool hasDns) WARN_UNUSED_RESULT;
+    int createVirtualNetwork(unsigned netId, bool hasDns, bool secure) WARN_UNUSED_RESULT;
     int destroyNetwork(unsigned netId) WARN_UNUSED_RESULT;
 
     int addInterfaceToNetwork(unsigned netId, const char* interface) WARN_UNUSED_RESULT;
commit	95684ba176a9fe5ea59207d7202e47fa12bbfdbe	[log] [tgz]
author	Sreeram Ramachandran <sreeram@google.com>	Wed Jul 23 13:27:31 2014 -0700
committer	Sreeram Ramachandran <sreeram@google.com>	Fri Jul 25 14:58:08 2014 -0700
tree	0e26a0409c05a8c8ae8daabc0fb004d1fc5f0087
parent	111bec203e82bdc9fb2c27df7c232465dffeee5f [diff] [blame]