From 94e69beca33401fcbe048e975fb684ab7f8c407c Mon Sep 17 00:00:00 2001
From: Robin Lee <rgl@google.com>
Date: Tue, 3 May 2016 13:23:03 +0100
Subject: [PATCH] Add lockdownEnabled parameter to always-on VPN API

Allows callers to opt-out of blockading network traffic during boot and
on VPN app failure.

Bug: 26694104
Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
---
 core/java/android/net/ConnectivityManager.java            | 8 +++++---
 core/java/android/net/IConnectivityManager.aidl           | 2 +-
 .../core/java/com/android/server/ConnectivityService.java | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
index faf5c64e5a..e65462b1ec 100644
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java
@@ -792,14 +792,16 @@ public class ConnectivityManager {
      * @param userId The identifier of the user to set an always-on VPN for.
      * @param vpnPackage The package name for an installed VPN app on the device, or {@code null}
      *                   to remove an existing always-on VPN configuration.
-
+     * @param lockdownEnabled {@code true} to disallow networking when the VPN is not connected or
+     *        {@code false} otherwise.
      * @return {@code true} if the package is set as always-on VPN controller;
      *         {@code false} otherwise.
      * @hide
      */
-    public boolean setAlwaysOnVpnPackageForUser(int userId, @Nullable String vpnPackage) {
+    public boolean setAlwaysOnVpnPackageForUser(int userId, @Nullable String vpnPackage,
+            boolean lockdownEnabled) {
         try {
-            return mService.setAlwaysOnVpnPackage(userId, vpnPackage);
+            return mService.setAlwaysOnVpnPackage(userId, vpnPackage, lockdownEnabled);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
diff --git a/core/java/android/net/IConnectivityManager.aidl b/core/java/android/net/IConnectivityManager.aidl
index c897c4506c..e7a072ca96 100644
--- a/core/java/android/net/IConnectivityManager.aidl
+++ b/core/java/android/net/IConnectivityManager.aidl
@@ -122,7 +122,7 @@ interface IConnectivityManager
     VpnInfo[] getAllVpnInfo();
 
     boolean updateLockdownVpn();
-    boolean setAlwaysOnVpnPackage(int userId, String packageName);
+    boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown);
     String getAlwaysOnVpnPackage(int userId);
 
     int checkMobileProvisioning(int suggestedTimeOutMs);
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index d85827e990..100ada807e 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -3309,7 +3309,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
     }
 
     @Override
-    public boolean setAlwaysOnVpnPackage(int userId, String packageName) {
+    public boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown) {
         enforceConnectivityInternalPermission();
         enforceCrossUserPermission(userId);