core/java/android/net/VpnManager.java - platform/frameworks/base.git - Git at Google

 /*
  * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.net;

 import static android.annotation.SystemApi.Client.MODULE_LIBRARIES;

 import static com.android.internal.util.Preconditions.checkNotNull;

 import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.RequiresPermission;
 import android.annotation.SystemApi;
 import android.annotation.UserIdInt;
 import android.app.Activity;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.res.Resources;
 import android.os.RemoteException;

 import com.android.internal.net.LegacyVpnInfo;
 import com.android.internal.net.VpnConfig;
 import com.android.internal.net.VpnProfile;

 import java.io.IOException;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.security.GeneralSecurityException;
 import java.util.List;

 /**
  * This class provides an interface for apps to manage platform VPN profiles
  *
  * <p>Apps can use this API to provide profiles with which the platform can set up a VPN without
  * further app intermediation. When a VPN profile is present and the app is selected as an always-on
  * VPN, the platform will directly trigger the negotiation of the VPN without starting or waking the
  * app (unlike VpnService).
  *
  * <p>VPN apps using supported protocols should preferentially use this API over the {@link
  * VpnService} API for ease-of-development and reduced maintainance burden. This also give the user
  * the guarantee that VPN network traffic is not subjected to on-device packet interception.
  *
  * @see Ikev2VpnProfile
  */
 public class VpnManager {
     /** Type representing a lack of VPN @hide */
     @SystemApi(client = MODULE_LIBRARIES)
     public static final int TYPE_VPN_NONE = -1;

     /**
      * A VPN created by an app using the {@link VpnService} API.
      * @hide
      */
     @SystemApi(client = MODULE_LIBRARIES)
     public static final int TYPE_VPN_SERVICE = 1;

     /**
      * A VPN created using a {@link VpnManager} API such as {@link #startProvisionedVpnProfile}.
      * @hide
      */
     @SystemApi(client = MODULE_LIBRARIES)
     public static final int TYPE_VPN_PLATFORM = 2;

     /**
      * An IPsec VPN created by the built-in LegacyVpnRunner.
      * @hide
      */
     @SystemApi(client = MODULE_LIBRARIES)
     public static final int TYPE_VPN_LEGACY = 3;

     /**
      * An VPN created by OEM code through other means than {@link VpnService} or {@link VpnManager}.
      * @hide
      */
     @SystemApi(client = MODULE_LIBRARIES)
     public static final int TYPE_VPN_OEM = 4;

     /**
      * Channel for VPN notifications.
      * @hide
      */
     public static final String NOTIFICATION_CHANNEL_VPN = "VPN";

     /**
      * Action sent in the intent when an error occurred.
      *
      * @hide
      */
     public static final String ACTION_VPN_MANAGER_ERROR = "android.net.action.VPN_MANAGER_ERROR";

     /**
      * An IKE protocol error. Codes are the codes from IkeProtocolException, RFC 7296.
      *
      * @hide
      */
     public static final String CATEGORY_ERROR_IKE = "android.net.category.ERROR_IKE";

     /**
      * User deactivated the VPN, either by turning it off or selecting a different VPN provider.
      * The error code is always 0.
      *
      * @hide
      */
     public static final String CATEGORY_ERROR_USER_DEACTIVATED =
             "android.net.category.ERROR_USER_DEACTIVATED";

     /**
      * Network error. Error codes are ERROR_CODE_NETWORK_*.
      *
      * @hide
      */
     public static final String CATEGORY_ERROR_NETWORK = "android.net.category.ERROR_NETWORK";

     /**
      * The key of the session that experienced this error, as returned by
      * startProvisionedVpnProfileSession.
      *
      * @hide
      */
     public static final String EXTRA_SESSION_KEY = "android.net.extra.SESSION_KEY";

     /**
      * Extra for the Network object that was the underlying network at the time of the failure, or
      * null if none.
      *
      * @hide
      */
     public static final String EXTRA_UNDERLYING_NETWORK = "android.net.extra.UNDERLYING_NETWORK";

     /**
      * The NetworkCapabilities of the underlying network.
      *
      * @hide
      */
     public static final String EXTRA_UNDERLYING_NETWORK_CAPABILITIES =
             "android.net.extra.UNDERLYING_NETWORK_CAPABILITIES";

     /**
      * The LinkProperties of the underlying network.
      *
      * @hide
      */
     public static final String EXTRA_UNDERLYING_LINK_PROPERTIES =
             "android.net.extra.UNDERLYING_LINK_PROPERTIES";

     /**
      * A long timestamp with SystemClock.elapsedRealtime base for when the event happened.
      *
      * @hide
      */
     public static final String EXTRA_TIMESTAMP = "android.net.extra.TIMESTAMP";

     /**
      * Extra for the error type. This is ERROR_NOT_RECOVERABLE or ERROR_RECOVERABLE.
      *
      * @hide
      */
     public static final String EXTRA_ERROR_TYPE = "android.net.extra.ERROR_TYPE";

     /**
      * Extra for the error code. The value will be 0 for CATEGORY_ERROR_USER_DEACTIVATED, one of
      * ERROR_CODE_NETWORK_* for ERROR_CATEGORY_NETWORK or one of values defined in
      * IkeProtocolException#ErrorType for CATEGORY_ERROR_IKE.
      *
      * @hide
      */
     public static final String EXTRA_ERROR_CODE = "android.net.extra.ERROR_CODE";

     /**
      * This error is fatal, e.g. the VPN was disabled or configuration error. The stack will not
      * retry connection.
      *
      * @hide
      */
     public static final int ERROR_NOT_RECOVERABLE = 1;

     /**
      * The stack experienced an error but will retry with exponential backoff, e.g. network timeout.
      *
      * @hide
      */
     public static final int ERROR_RECOVERABLE = 2;

     /**
      * An error code to indicate that there was an UnknownHostException.
      *
      * @hide
      */
     public static final int ERROR_CODE_NETWORK_UNKNOWN_HOST = 0;

     /**
      * An error code to indicate that there is a SocketTimeoutException.
      *
      * @hide
      */
     public static final int ERROR_CODE_NETWORK_TIMEOUT = 1;

     /**
      * An error code to indicate that the connection is refused.
      *
      * @hide
      */
     public static final int ERROR_CODE_NETWORK_CONNECT = 2;

     /**
      * An error code to indicate the connection was reset. (e.g. SocketException)
      *
      * @hide
      */
     public static final int ERROR_CODE_NETWORK_CONNECTION_RESET = 3;

     /**
      * An error code to indicate that there is an IOException.
      *
      * @hide
      */
     public static final int ERROR_CODE_NETWORK_IO = 4;

     /** @hide */
     @IntDef(value = {TYPE_VPN_NONE, TYPE_VPN_SERVICE, TYPE_VPN_PLATFORM, TYPE_VPN_LEGACY,
             TYPE_VPN_OEM})
     @Retention(RetentionPolicy.SOURCE)
     public @interface VpnType {}

     @NonNull private final Context mContext;
     @NonNull private final IVpnManager mService;

     private static Intent getIntentForConfirmation() {
         final Intent intent = new Intent();
         final ComponentName componentName = ComponentName.unflattenFromString(
                 Resources.getSystem().getString(
                         com.android.internal.R.string.config_platformVpnConfirmDialogComponent));
         intent.setComponent(componentName);
         return intent;
     }

     /**
      * Create an instance of the VpnManager with the given context.
      *
      * <p>Internal only. Applications are expected to obtain an instance of the VpnManager via the
      * {@link Context.getSystemService()} method call.
      *
      * @hide
      */
     public VpnManager(@NonNull Context ctx, @NonNull IVpnManager service) {
         mContext = checkNotNull(ctx, "missing Context");
         mService = checkNotNull(service, "missing IVpnManager");
     }

     /**
      * Install a VpnProfile configuration keyed on the calling app's package name.
      *
      * <p>This method returns {@code null} if user consent has already been granted, or an {@link
      * Intent} to a system activity. If an intent is returned, the application should launch the
      * activity using {@link Activity#startActivityForResult} to request user consent. The activity
      * may pop up a dialog to require user action, and the result will come back via its {@link
      * Activity#onActivityResult}. If the result is {@link Activity#RESULT_OK}, the user has
      * consented, and the VPN profile can be started.
      *
      * @param profile the VpnProfile provided by this package. Will override any previous VpnProfile
      *     stored for this package.
      * @return an Intent requesting user consent to start the VPN, or null if consent is not
      *     required based on privileges or previous user consent.
      */
     @Nullable
     public Intent provisionVpnProfile(@NonNull PlatformVpnProfile profile) {
         final VpnProfile internalProfile;

         try {
             internalProfile = profile.toVpnProfile();
         } catch (GeneralSecurityException | IOException e) {
             // Conversion to VpnProfile failed; this is an invalid profile. Both of these exceptions
             // indicate a failure to convert a PrivateKey or X509Certificate to a Base64 encoded
             // string as required by the VpnProfile.
             throw new IllegalArgumentException("Failed to serialize PlatformVpnProfile", e);
         }

         try {
             // Profile can never be null; it either gets set, or an exception is thrown.
             if (mService.provisionVpnProfile(internalProfile, mContext.getOpPackageName())) {
                 return null;
             }
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
         return getIntentForConfirmation();
     }

     /**
      * Delete the VPN profile configuration that was provisioned by the calling app
      *
      * @throws SecurityException if this would violate user settings
      */
     public void deleteProvisionedVpnProfile() {
         try {
             mService.deleteVpnProfile(mContext.getOpPackageName());
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Request the startup of a previously provisioned VPN.
      *
      * @throws SecurityException exception if user or device settings prevent this VPN from being
      *     setup, or if user consent has not been granted
      */
     public void startProvisionedVpnProfile() {
         try {
             mService.startVpnProfile(mContext.getOpPackageName());
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /** Tear down the VPN provided by the calling app (if any) */
     public void stopProvisionedVpnProfile() {
         try {
             mService.stopVpnProfile(mContext.getOpPackageName());
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Return the VPN configuration for the given user ID.
      * @hide
      */
     @Nullable
     public VpnConfig getVpnConfig(@UserIdInt int userId) {
         try {
             return mService.getVpnConfig(userId);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Resets all VPN settings back to factory defaults.
      * @hide
      */
     @RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS)
     public void factoryReset() {
         try {
             mService.factoryReset();
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Prepare for a VPN application.
      * VPN permissions are checked in the {@link Vpn} class. If the caller is not {@code userId},
      * {@link android.Manifest.permission.INTERACT_ACROSS_USERS_FULL} permission is required.
      *
      * @param oldPackage Package name of the application which currently controls VPN, which will
      *                   be replaced. If there is no such application, this should should either be
      *                   {@code null} or {@link VpnConfig.LEGACY_VPN}.
      * @param newPackage Package name of the application which should gain control of VPN, or
      *                   {@code null} to disable.
      * @param userId User for whom to prepare the new VPN.
      *
      * @hide
      */
     public boolean prepareVpn(@Nullable String oldPackage, @Nullable String newPackage,
             int userId) {
         try {
             return mService.prepareVpn(oldPackage, newPackage, userId);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Set whether the VPN package has the ability to launch VPNs without user intervention. This
      * method is used by system-privileged apps. VPN permissions are checked in the {@link Vpn}
      * class. If the caller is not {@code userId}, {@link
      * android.Manifest.permission.INTERACT_ACROSS_USERS_FULL} permission is required.
      *
      * @param packageName The package for which authorization state should change.
      * @param userId User for whom {@code packageName} is installed.
      * @param vpnType The {@link VpnManager.VpnType} constant representing what class of VPN
      *     permissions should be granted. When unauthorizing an app, {@link
      *     VpnManager.TYPE_VPN_NONE} should be used.
      * @hide
      */
     public void setVpnPackageAuthorization(
             String packageName, int userId, @VpnManager.VpnType int vpnType) {
         try {
             mService.setVpnPackageAuthorization(packageName, userId, vpnType);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Checks if a VPN app supports always-on mode.
      *
      * In order to support the always-on feature, an app has to
      * <ul>
      *     <li>target {@link VERSION_CODES#N API 24} or above, and
      *     <li>not opt out through the {@link VpnService#SERVICE_META_DATA_SUPPORTS_ALWAYS_ON}
      *         meta-data field.
      * </ul>
      *
      * @param userId The identifier of the user for whom the VPN app is installed.
      * @param vpnPackage The canonical package name of the VPN app.
      * @return {@code true} if and only if the VPN app exists and supports always-on mode.
      * @hide
      */
     public boolean isAlwaysOnVpnPackageSupportedForUser(int userId, @Nullable String vpnPackage) {
         try {
             return mService.isAlwaysOnVpnPackageSupported(userId, vpnPackage);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Configures an always-on VPN connection through a specific application.
      * This connection is automatically granted and persisted after a reboot.
      *
      * <p>The designated package should declare a {@link VpnService} in its
      *    manifest guarded by {@link android.Manifest.permission.BIND_VPN_SERVICE},
      *    otherwise the call will fail.
      *
      * @param userId The identifier of the user to set an always-on VPN for.
      * @param vpnPackage The package name for an installed VPN app on the device, or {@code null}
      *                   to remove an existing always-on VPN configuration.
      * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or
      *        {@code false} otherwise.
      * @param lockdownAllowlist The list of packages that are allowed to access network directly
      *         when VPN is in lockdown mode but is not running. Non-existent packages are ignored so
      *         this method must be called when a package that should be allowed is installed or
      *         uninstalled.
      * @return {@code true} if the package is set as always-on VPN controller;
      *         {@code false} otherwise.
      * @hide
      */
     @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
     public boolean setAlwaysOnVpnPackageForUser(int userId, @Nullable String vpnPackage,
             boolean lockdownEnabled, @Nullable List<String> lockdownAllowlist) {
         try {
             return mService.setAlwaysOnVpnPackage(
                     userId, vpnPackage, lockdownEnabled, lockdownAllowlist);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Returns the package name of the currently set always-on VPN application.
      * If there is no always-on VPN set, or the VPN is provided by the system instead
      * of by an app, {@code null} will be returned.
      *
      * @return Package name of VPN controller responsible for always-on VPN,
      *         or {@code null} if none is set.
      * @hide
      */
     @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
     public String getAlwaysOnVpnPackageForUser(int userId) {
         try {
             return mService.getAlwaysOnVpnPackage(userId);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * @return whether always-on VPN is in lockdown mode.
      *
      * @hide
      **/
     @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
     public boolean isVpnLockdownEnabled(int userId) {
         try {
             return mService.isVpnLockdownEnabled(userId);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * @return the list of packages that are allowed to access network when always-on VPN is in
      * lockdown mode but not connected. Returns {@code null} when VPN lockdown is not active.
      *
      * @hide
      **/
     @RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
     public List<String> getVpnLockdownAllowlist(int userId) {
         try {
             return mService.getVpnLockdownAllowlist(userId);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Return the legacy VPN information for the specified user ID.
      * @hide
      */
     public LegacyVpnInfo getLegacyVpnInfo(@UserIdInt int userId) {
         try {
             return mService.getLegacyVpnInfo(userId);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Starts a legacy VPN.
      *
      * Legacy VPN is deprecated starting from Android S. So this API shouldn't be called if the
      * initial SDK version of device is Android S+. Otherwise, UnsupportedOperationException will be
      * thrown.
      * @hide
      */
     public void startLegacyVpn(VpnProfile profile) {
         try {
             mService.startLegacyVpn(profile);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }

     /**
      * Informs the service that legacy lockdown VPN state should be updated (e.g., if its keystore
      * entry has been updated). If the LockdownVpn mechanism is enabled, updates the vpn
      * with a reload of its profile.
      *
      * <p>This method can only be called by the system UID
      * @return a boolean indicating success
      *
      * @hide
      */
     public boolean updateLockdownVpn() {
         try {
             return mService.updateLockdownVpn();
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
     }
 }
	/*
	* Copyright (C) 2019 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.net;

	import static android.annotation.SystemApi.Client.MODULE_LIBRARIES;

	import static com.android.internal.util.Preconditions.checkNotNull;

	import android.annotation.IntDef;
	import android.annotation.NonNull;
	import android.annotation.Nullable;
	import android.annotation.RequiresPermission;
	import android.annotation.SystemApi;
	import android.annotation.UserIdInt;
	import android.app.Activity;
	import android.content.ComponentName;
	import android.content.Context;
	import android.content.Intent;
	import android.content.res.Resources;
	import android.os.RemoteException;

	import com.android.internal.net.LegacyVpnInfo;
	import com.android.internal.net.VpnConfig;
	import com.android.internal.net.VpnProfile;

	import java.io.IOException;
	import java.lang.annotation.Retention;
	import java.lang.annotation.RetentionPolicy;
	import java.security.GeneralSecurityException;
	import java.util.List;

	/**
	* This class provides an interface for apps to manage platform VPN profiles
	*
	* <p>Apps can use this API to provide profiles with which the platform can set up a VPN without
	* further app intermediation. When a VPN profile is present and the app is selected as an always-on
	* VPN, the platform will directly trigger the negotiation of the VPN without starting or waking the
	* app (unlike VpnService).
	*
	* <p>VPN apps using supported protocols should preferentially use this API over the {@link
	* VpnService} API for ease-of-development and reduced maintainance burden. This also give the user
	* the guarantee that VPN network traffic is not subjected to on-device packet interception.
	*
	* @see Ikev2VpnProfile
	*/
	public class VpnManager {
	/** Type representing a lack of VPN @hide */
	@SystemApi(client = MODULE_LIBRARIES)
	public static final int TYPE_VPN_NONE = -1;

	/**
	* A VPN created by an app using the {@link VpnService} API.
	* @hide
	*/
	@SystemApi(client = MODULE_LIBRARIES)
	public static final int TYPE_VPN_SERVICE = 1;

	/**
	* A VPN created using a {@link VpnManager} API such as {@link #startProvisionedVpnProfile}.
	* @hide
	*/
	@SystemApi(client = MODULE_LIBRARIES)
	public static final int TYPE_VPN_PLATFORM = 2;

	/**
	* An IPsec VPN created by the built-in LegacyVpnRunner.
	* @hide
	*/
	@SystemApi(client = MODULE_LIBRARIES)
	public static final int TYPE_VPN_LEGACY = 3;

	/**
	* An VPN created by OEM code through other means than {@link VpnService} or {@link VpnManager}.
	* @hide
	*/
	@SystemApi(client = MODULE_LIBRARIES)
	public static final int TYPE_VPN_OEM = 4;

	/**
	* Channel for VPN notifications.
	* @hide
	*/
	public static final String NOTIFICATION_CHANNEL_VPN = "VPN";

	/**
	* Action sent in the intent when an error occurred.
	*
	* @hide
	*/
	public static final String ACTION_VPN_MANAGER_ERROR = "android.net.action.VPN_MANAGER_ERROR";

	/**
	* An IKE protocol error. Codes are the codes from IkeProtocolException, RFC 7296.
	*
	* @hide
	*/
	public static final String CATEGORY_ERROR_IKE = "android.net.category.ERROR_IKE";

	/**
	* User deactivated the VPN, either by turning it off or selecting a different VPN provider.
	* The error code is always 0.
	*
	* @hide
	*/
	public static final String CATEGORY_ERROR_USER_DEACTIVATED =
	"android.net.category.ERROR_USER_DEACTIVATED";

	/**
	* Network error. Error codes are ERROR_CODE_NETWORK_*.
	*
	* @hide
	*/
	public static final String CATEGORY_ERROR_NETWORK = "android.net.category.ERROR_NETWORK";

	/**
	* The key of the session that experienced this error, as returned by
	* startProvisionedVpnProfileSession.
	*
	* @hide
	*/
	public static final String EXTRA_SESSION_KEY = "android.net.extra.SESSION_KEY";

	/**
	* Extra for the Network object that was the underlying network at the time of the failure, or
	* null if none.
	*
	* @hide
	*/
	public static final String EXTRA_UNDERLYING_NETWORK = "android.net.extra.UNDERLYING_NETWORK";

	/**
	* The NetworkCapabilities of the underlying network.
	*
	* @hide
	*/
	public static final String EXTRA_UNDERLYING_NETWORK_CAPABILITIES =
	"android.net.extra.UNDERLYING_NETWORK_CAPABILITIES";

	/**
	* The LinkProperties of the underlying network.
	*
	* @hide
	*/
	public static final String EXTRA_UNDERLYING_LINK_PROPERTIES =
	"android.net.extra.UNDERLYING_LINK_PROPERTIES";

	/**
	* A long timestamp with SystemClock.elapsedRealtime base for when the event happened.
	*
	* @hide
	*/
	public static final String EXTRA_TIMESTAMP = "android.net.extra.TIMESTAMP";

	/**
	* Extra for the error type. This is ERROR_NOT_RECOVERABLE or ERROR_RECOVERABLE.
	*
	* @hide
	*/
	public static final String EXTRA_ERROR_TYPE = "android.net.extra.ERROR_TYPE";

	/**
	* Extra for the error code. The value will be 0 for CATEGORY_ERROR_USER_DEACTIVATED, one of
	* ERROR_CODE_NETWORK_* for ERROR_CATEGORY_NETWORK or one of values defined in
	* IkeProtocolException#ErrorType for CATEGORY_ERROR_IKE.
	*
	* @hide
	*/
	public static final String EXTRA_ERROR_CODE = "android.net.extra.ERROR_CODE";

	/**
	* This error is fatal, e.g. the VPN was disabled or configuration error. The stack will not
	* retry connection.
	*
	* @hide
	*/
	public static final int ERROR_NOT_RECOVERABLE = 1;

	/**
	* The stack experienced an error but will retry with exponential backoff, e.g. network timeout.
	*
	* @hide
	*/
	public static final int ERROR_RECOVERABLE = 2;

	/**
	* An error code to indicate that there was an UnknownHostException.
	*
	* @hide
	*/
	public static final int ERROR_CODE_NETWORK_UNKNOWN_HOST = 0;

	/**
	* An error code to indicate that there is a SocketTimeoutException.
	*
	* @hide
	*/
	public static final int ERROR_CODE_NETWORK_TIMEOUT = 1;

	/**
	* An error code to indicate that the connection is refused.
	*
	* @hide
	*/
	public static final int ERROR_CODE_NETWORK_CONNECT = 2;

	/**
	* An error code to indicate the connection was reset. (e.g. SocketException)
	*
	* @hide
	*/
	public static final int ERROR_CODE_NETWORK_CONNECTION_RESET = 3;

	/**
	* An error code to indicate that there is an IOException.
	*
	* @hide
	*/
	public static final int ERROR_CODE_NETWORK_IO = 4;

	/** @hide */
	@IntDef(value = {TYPE_VPN_NONE, TYPE_VPN_SERVICE, TYPE_VPN_PLATFORM, TYPE_VPN_LEGACY,
	TYPE_VPN_OEM})
	@Retention(RetentionPolicy.SOURCE)
	public @interface VpnType {}

	@NonNull private final Context mContext;
	@NonNull private final IVpnManager mService;

	private static Intent getIntentForConfirmation() {
	final Intent intent = new Intent();
	final ComponentName componentName = ComponentName.unflattenFromString(
	Resources.getSystem().getString(
	com.android.internal.R.string.config_platformVpnConfirmDialogComponent));
	intent.setComponent(componentName);
	return intent;
	}

	/**
	* Create an instance of the VpnManager with the given context.
	*
	* <p>Internal only. Applications are expected to obtain an instance of the VpnManager via the
	* {@link Context.getSystemService()} method call.
	*
	* @hide
	*/
	public VpnManager(@NonNull Context ctx, @NonNull IVpnManager service) {
	mContext = checkNotNull(ctx, "missing Context");
	mService = checkNotNull(service, "missing IVpnManager");
	}

	/**
	* Install a VpnProfile configuration keyed on the calling app's package name.
	*
	* <p>This method returns {@code null} if user consent has already been granted, or an {@link
	* Intent} to a system activity. If an intent is returned, the application should launch the
	* activity using {@link Activity#startActivityForResult} to request user consent. The activity
	* may pop up a dialog to require user action, and the result will come back via its {@link
	* Activity#onActivityResult}. If the result is {@link Activity#RESULT_OK}, the user has
	* consented, and the VPN profile can be started.
	*
	* @param profile the VpnProfile provided by this package. Will override any previous VpnProfile
	* stored for this package.
	* @return an Intent requesting user consent to start the VPN, or null if consent is not
	* required based on privileges or previous user consent.
	*/
	@Nullable
	public Intent provisionVpnProfile(@NonNull PlatformVpnProfile profile) {
	final VpnProfile internalProfile;

	try {
	internalProfile = profile.toVpnProfile();
	} catch (GeneralSecurityException \| IOException e) {
	// Conversion to VpnProfile failed; this is an invalid profile. Both of these exceptions
	// indicate a failure to convert a PrivateKey or X509Certificate to a Base64 encoded
	// string as required by the VpnProfile.
	throw new IllegalArgumentException("Failed to serialize PlatformVpnProfile", e);
	}

	try {
	// Profile can never be null; it either gets set, or an exception is thrown.
	if (mService.provisionVpnProfile(internalProfile, mContext.getOpPackageName())) {
	return null;
	}
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	return getIntentForConfirmation();
	}

	/**
	* Delete the VPN profile configuration that was provisioned by the calling app
	*
	* @throws SecurityException if this would violate user settings
	*/
	public void deleteProvisionedVpnProfile() {
	try {
	mService.deleteVpnProfile(mContext.getOpPackageName());
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Request the startup of a previously provisioned VPN.
	*
	* @throws SecurityException exception if user or device settings prevent this VPN from being
	* setup, or if user consent has not been granted
	*/
	public void startProvisionedVpnProfile() {
	try {
	mService.startVpnProfile(mContext.getOpPackageName());
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/** Tear down the VPN provided by the calling app (if any) */
	public void stopProvisionedVpnProfile() {
	try {
	mService.stopVpnProfile(mContext.getOpPackageName());
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Return the VPN configuration for the given user ID.
	* @hide
	*/
	@Nullable
	public VpnConfig getVpnConfig(@UserIdInt int userId) {
	try {
	return mService.getVpnConfig(userId);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Resets all VPN settings back to factory defaults.
	* @hide
	*/
	@RequiresPermission(android.Manifest.permission.NETWORK_SETTINGS)
	public void factoryReset() {
	try {
	mService.factoryReset();
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Prepare for a VPN application.
	* VPN permissions are checked in the {@link Vpn} class. If the caller is not {@code userId},
	* {@link android.Manifest.permission.INTERACT_ACROSS_USERS_FULL} permission is required.
	*
	* @param oldPackage Package name of the application which currently controls VPN, which will
	* be replaced. If there is no such application, this should should either be
	* {@code null} or {@link VpnConfig.LEGACY_VPN}.
	* @param newPackage Package name of the application which should gain control of VPN, or
	* {@code null} to disable.
	* @param userId User for whom to prepare the new VPN.
	*
	* @hide
	*/
	public boolean prepareVpn(@Nullable String oldPackage, @Nullable String newPackage,
	int userId) {
	try {
	return mService.prepareVpn(oldPackage, newPackage, userId);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Set whether the VPN package has the ability to launch VPNs without user intervention. This
	* method is used by system-privileged apps. VPN permissions are checked in the {@link Vpn}
	* class. If the caller is not {@code userId}, {@link
	* android.Manifest.permission.INTERACT_ACROSS_USERS_FULL} permission is required.
	*
	* @param packageName The package for which authorization state should change.
	* @param userId User for whom {@code packageName} is installed.
	* @param vpnType The {@link VpnManager.VpnType} constant representing what class of VPN
	* permissions should be granted. When unauthorizing an app, {@link
	* VpnManager.TYPE_VPN_NONE} should be used.
	* @hide
	*/
	public void setVpnPackageAuthorization(
	String packageName, int userId, @VpnManager.VpnType int vpnType) {
	try {
	mService.setVpnPackageAuthorization(packageName, userId, vpnType);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Checks if a VPN app supports always-on mode.
	*
	* In order to support the always-on feature, an app has to
	* <ul>
	* <li>target {@link VERSION_CODES#N API 24} or above, and
	* <li>not opt out through the {@link VpnService#SERVICE_META_DATA_SUPPORTS_ALWAYS_ON}
	* meta-data field.
	* </ul>
	*
	* @param userId The identifier of the user for whom the VPN app is installed.
	* @param vpnPackage The canonical package name of the VPN app.
	* @return {@code true} if and only if the VPN app exists and supports always-on mode.
	* @hide
	*/
	public boolean isAlwaysOnVpnPackageSupportedForUser(int userId, @Nullable String vpnPackage) {
	try {
	return mService.isAlwaysOnVpnPackageSupported(userId, vpnPackage);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Configures an always-on VPN connection through a specific application.
	* This connection is automatically granted and persisted after a reboot.
	*
	* <p>The designated package should declare a {@link VpnService} in its
	* manifest guarded by {@link android.Manifest.permission.BIND_VPN_SERVICE},
	* otherwise the call will fail.
	*
	* @param userId The identifier of the user to set an always-on VPN for.
	* @param vpnPackage The package name for an installed VPN app on the device, or {@code null}
	* to remove an existing always-on VPN configuration.
	* @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or
	* {@code false} otherwise.
	* @param lockdownAllowlist The list of packages that are allowed to access network directly
	* when VPN is in lockdown mode but is not running. Non-existent packages are ignored so
	* this method must be called when a package that should be allowed is installed or
	* uninstalled.
	* @return {@code true} if the package is set as always-on VPN controller;
	* {@code false} otherwise.
	* @hide
	*/
	@RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
	public boolean setAlwaysOnVpnPackageForUser(int userId, @Nullable String vpnPackage,
	boolean lockdownEnabled, @Nullable List<String> lockdownAllowlist) {
	try {
	return mService.setAlwaysOnVpnPackage(
	userId, vpnPackage, lockdownEnabled, lockdownAllowlist);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Returns the package name of the currently set always-on VPN application.
	* If there is no always-on VPN set, or the VPN is provided by the system instead
	* of by an app, {@code null} will be returned.
	*
	* @return Package name of VPN controller responsible for always-on VPN,
	* or {@code null} if none is set.
	* @hide
	*/
	@RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
	public String getAlwaysOnVpnPackageForUser(int userId) {
	try {
	return mService.getAlwaysOnVpnPackage(userId);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* @return whether always-on VPN is in lockdown mode.
	*
	* @hide
	**/
	@RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
	public boolean isVpnLockdownEnabled(int userId) {
	try {
	return mService.isVpnLockdownEnabled(userId);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* @return the list of packages that are allowed to access network when always-on VPN is in
	* lockdown mode but not connected. Returns {@code null} when VPN lockdown is not active.
	*
	* @hide
	**/
	@RequiresPermission(android.Manifest.permission.CONTROL_ALWAYS_ON_VPN)
	public List<String> getVpnLockdownAllowlist(int userId) {
	try {
	return mService.getVpnLockdownAllowlist(userId);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Return the legacy VPN information for the specified user ID.
	* @hide
	*/
	public LegacyVpnInfo getLegacyVpnInfo(@UserIdInt int userId) {
	try {
	return mService.getLegacyVpnInfo(userId);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Starts a legacy VPN.
	*
	* Legacy VPN is deprecated starting from Android S. So this API shouldn't be called if the
	* initial SDK version of device is Android S+. Otherwise, UnsupportedOperationException will be
	* thrown.
	* @hide
	*/
	public void startLegacyVpn(VpnProfile profile) {
	try {
	mService.startLegacyVpn(profile);
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}

	/**
	* Informs the service that legacy lockdown VPN state should be updated (e.g., if its keystore
	* entry has been updated). If the LockdownVpn mechanism is enabled, updates the vpn
	* with a reload of its profile.
	*
	* <p>This method can only be called by the system UID
	* @return a boolean indicating success
	*
	* @hide
	*/
	public boolean updateLockdownVpn() {
	try {
	return mService.updateLockdownVpn();
	} catch (RemoteException e) {
	throw e.rethrowFromSystemServer();
	}
	}
	}