Server API to only allow networking by VPN apps Secure virtual networks already create rules to route all traffic into theirselves. This depends on the secure network already existing. API creates an ip rule at a priority level below SECURE_VPN which can catch traffic before VPN comes up, if it is a requirement that no traffic ever leaves without first going through VPN. Bug: 26694104 Bug: 26354134 Change-Id: If23df0760c6eb0ad137fc26c5124e48edf23b722

commit: b8087363143050d214d48e5620a330776ca95a69 [log] [tgz]
author: Robin Lee <rgl@google.com> Wed Mar 30 18:43:08 2016 +0100
committer: Robin Lee <rgl@google.com> Tue Apr 19 10:09:31 2016 +0100
tree: 72dd7eb2cc094cc7b92796ef37e1682ab108da37
parent: 4ef94642636182e68495f606a65c00f8a830aad4 [diff] [blame]
diff --git a/server/NetdNativeService.h b/server/NetdNativeService.h
index 57bb72b..96759e1 100644
--- a/server/NetdNativeService.h
+++ b/server/NetdNativeService.h

@@ -38,7 +38,8 @@
             const String16& chainName, bool isWhitelist,
             const std::vector<int32_t>& uids, bool *ret) override;
     binder::Status bandwidthEnableDataSaver(bool enable, bool *ret) override;
-
+    binder::Status networkRejectNonSecureVpn(bool enable, const std::vector<UidRange>& uids)
+            override;
 };
 
 }  // namespace net
commit	b8087363143050d214d48e5620a330776ca95a69	[log] [tgz]
author	Robin Lee <rgl@google.com>	Wed Mar 30 18:43:08 2016 +0100
committer	Robin Lee <rgl@google.com>	Tue Apr 19 10:09:31 2016 +0100
tree	72dd7eb2cc094cc7b92796ef37e1682ab108da37
parent	4ef94642636182e68495f606a65c00f8a830aad4 [diff] [blame]