diff options
author | Jeff Sharkey <jsharkey@android.com> | 2012-08-25 00:05:46 -0700 |
---|---|---|
committer | Jeff Sharkey <jsharkey@android.com> | 2012-08-27 12:35:05 -0700 |
commit | 69ddab4575ff684c533c995e07ca15fe18543fc0 (patch) | |
tree | dfae3a89b9027c33d47b58f80200af021bbe7426 /keystore | |
parent | 080ca09c7f4c0033d0efece23687b71f7f8febc9 (diff) | |
download | frameworks_base-69ddab4575ff684c533c995e07ca15fe18543fc0.zip frameworks_base-69ddab4575ff684c533c995e07ca15fe18543fc0.tar.gz frameworks_base-69ddab4575ff684c533c995e07ca15fe18543fc0.tar.bz2 |
Always-on VPN.
Adds support for always-on VPN profiles, also called "lockdown." When
enabled, LockdownVpnTracker manages the netd firewall to prevent
unencrypted traffic from leaving the device. It creates narrow rules
to only allow traffic to the selected VPN server. When an egress
network becomes available, LockdownVpnTracker will try bringing up
the VPN connection, and will reconnect if disconnected.
ConnectivityService augments any NetworkInfo based on the lockdown
VPN status to help apps wait until the VPN is connected.
This feature requires that VPN profiles use an IP address for both
VPN server and DNS. It also blocks non-default APN access when
enabled. Waits for USER_PRESENT after boot to check KeyStore status.
Bug: 5756357
Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
Diffstat (limited to 'keystore')
-rw-r--r-- | keystore/java/android/security/Credentials.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index f6bf432..b233ff6 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -61,6 +61,9 @@ public class Credentials { /** Key prefix for WIFI. */ public static final String WIFI = "WIFI_"; + /** Key containing suffix of lockdown VPN profile. */ + public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN"; + /** Data type for public keys. */ public static final String EXTRA_PUBLIC_KEY = "KEY"; |