VpnService.Builder
public
class
VpnService.Builder
extends Object
Helper class to create a VPN interface. This class should be always
used within the scope of the outer VpnService.
Summary
Inherited methods |
|---|
From class
java.lang.Object
Object
|
clone()
Creates and returns a copy of this object.
|
boolean
|
equals(Object obj)
Indicates whether some other object is "equal to" this one.
|
void
|
finalize()
Called by the garbage collector on an object when garbage collection
determines that there are no more references to the object.
|
final
Class<?>
|
getClass()
Returns the runtime class of this Object.
|
int
|
hashCode()
Returns a hash code value for the object.
|
final
void
|
notify()
Wakes up a single thread that is waiting on this object's
monitor.
|
final
void
|
notifyAll()
Wakes up all threads that are waiting on this object's monitor.
|
String
|
toString()
Returns a string representation of the object.
|
final
void
|
wait(long timeoutMillis, int nanos)
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted, or until a
certain amount of real time has elapsed.
|
final
void
|
wait(long timeoutMillis)
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted, or until a
certain amount of real time has elapsed.
|
final
void
|
wait()
Causes the current thread to wait until it is awakened, typically
by being notified or interrupted.
|
|
Public constructors
Builder
public Builder ()
Public methods
addAddress
public VpnService.Builder addAddress (InetAddress address,
int prefixLength)
Add a network address to the VPN interface. Both IPv4 and IPv6
addresses are supported. At least one address must be set before
calling establish().
Adding an address implicitly allows traffic from that address family
(i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
| Parameters |
|---|
address |
InetAddress: This value cannot be null. |
prefixLength |
int |
addAddress
public VpnService.Builder addAddress (String address,
int prefixLength)
Convenience method to add a network address to the VPN interface
using a numeric address string. See InetAddress for the
definitions of numeric address formats.
Adding an address implicitly allows traffic from that address family
(i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
| Parameters |
|---|
address |
String: This value cannot be null. |
prefixLength |
int |
addAllowedApplication
public VpnService.Builder addAllowedApplication (String packageName)
Adds an application that's allowed to access the VPN connection.
If this method is called at least once, only applications added through this method (and
no others) are allowed access. Else (if this method is never called), all applications
are allowed by default. If some applications are added, other, un-added applications
will use networking as if the VPN wasn't running.
A Builder may have only a set of allowed applications OR a set of disallowed
ones, but not both. Calling this method after addDisallowedApplication(String) has
already been called, or vice versa, will throw an UnsupportedOperationException.
packageName must be the canonical name of a currently installed application.
PackageManager.NameNotFoundException is thrown if there's no such application.
| Parameters |
|---|
packageName |
String: The full name (e.g.: "com.google.apps.contacts") of an application.
This value cannot be null. |
addDisallowedApplication
public VpnService.Builder addDisallowedApplication (String packageName)
Adds an application that's denied access to the VPN connection.
By default, all applications are allowed access, except for those denied through this
method. Denied applications will use networking as if the VPN wasn't running.
A Builder may have only a set of allowed applications OR a set of disallowed
ones, but not both. Calling this method after addAllowedApplication(String) has already
been called, or vice versa, will throw an UnsupportedOperationException.
packageName must be the canonical name of a currently installed application.
PackageManager.NameNotFoundException is thrown if there's no such application.
| Parameters |
|---|
packageName |
String: The full name (e.g.: "com.google.apps.contacts") of an application.
This value cannot be null. |
addDnsServer
public VpnService.Builder addDnsServer (String address)
Convenience method to add a DNS server to the VPN connection
using a numeric address string. See InetAddress for the
definitions of numeric address formats.
Adding a server implicitly allows traffic from that address family
(i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
| Parameters |
|---|
address |
String: This value cannot be null. |
addDnsServer
public VpnService.Builder addDnsServer (InetAddress address)
Add a DNS server to the VPN connection. Both IPv4 and IPv6
addresses are supported. If none is set, the DNS servers of
the default network will be used.
Adding a server implicitly allows traffic from that address family
(i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
| Parameters |
|---|
address |
InetAddress: This value cannot be null. |
addRoute
public VpnService.Builder addRoute (IpPrefix prefix)
Add a network route to the VPN interface. Both IPv4 and IPv6
routes are supported.
Adding a route implicitly allows traffic from that address family
(i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
Calling this method overrides previous calls to excludeRoute(IpPrefix) for the same
destination.
If multiple routes match the packet destination, route with the longest prefix takes
precedence.
| Parameters |
|---|
prefix |
IpPrefix: This value cannot be null. |
addRoute
public VpnService.Builder addRoute (InetAddress address,
int prefixLength)
Add a network route to the VPN interface. Both IPv4 and IPv6
routes are supported.
Adding a route implicitly allows traffic from that address family
(i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
Calling this method overrides previous calls to excludeRoute(IpPrefix) for the same
destination.
If multiple routes match the packet destination, route with the longest prefix takes
precedence.
| Parameters |
|---|
address |
InetAddress: This value cannot be null. |
prefixLength |
int |
addRoute
public VpnService.Builder addRoute (String address,
int prefixLength)
Convenience method to add a network route to the VPN interface
using a numeric address string. See InetAddress for the
definitions of numeric address formats.
Adding a route implicitly allows traffic from that address family
(i.e., IPv4 or IPv6) to be routed over the VPN. @see #allowFamily
Calling this method overrides previous calls to excludeRoute(IpPrefix) for the same
destination.
If multiple routes match the packet destination, route with the longest prefix takes
precedence.
| Parameters |
|---|
address |
String: This value cannot be null. |
prefixLength |
int |
addSearchDomain
public VpnService.Builder addSearchDomain (String domain)
Add a search domain to the DNS resolver.
| Parameters |
|---|
domain |
String: This value cannot be null. |
allowBypass
public VpnService.Builder allowBypass ()
Allows all apps to bypass this VPN connection.
By default, all traffic from apps is forwarded through the VPN interface and it is not
possible for apps to side-step the VPN. If this method is called, apps may use methods
such as ConnectivityManager#bindProcessToNetwork to instead send/receive
directly over the underlying network or any other network they have permissions for.
allowFamily
public VpnService.Builder allowFamily (int family)
Allows traffic from the specified address family.
By default, if no address, route or DNS server of a specific family (IPv4 or IPv6) is
added to this VPN, then all outgoing traffic of that family is blocked. If any address,
route or DNS server is added, that family is allowed.
This method allows an address family to be unblocked even without adding an address,
route or DNS server of that family. Traffic of that family will then typically
fall-through to the underlying network if it's supported.
family must be either AF_INET (for IPv4) or AF_INET6 (for IPv6).
IllegalArgumentException is thrown if it's neither.
| Parameters |
|---|
family |
int: The address family (AF_INET or AF_INET6) to allow. |
establish
public ParcelFileDescriptor establish ()
Create a VPN interface using the parameters supplied to this
builder. The interface works on IP packets, and a file descriptor
is returned for the application to access them. Each read
retrieves an outgoing packet which was routed to the interface.
Each write injects an incoming packet just like it was received
from the interface. The file descriptor is put into non-blocking
mode by default to avoid blocking Java threads. To use the file
descriptor completely in native space, see
ParcelFileDescriptor#detachFd(). The application MUST
close the file descriptor when the VPN connection is terminated.
The VPN interface will be removed and the network will be
restored by the system automatically.
To avoid conflicts, there can be only one active VPN interface
at the same time. Usually network parameters are never changed
during the lifetime of a VPN connection. It is also common for an
application to create a new file descriptor after closing the
previous one. However, it is rare but not impossible to have two
interfaces while performing a seamless handover. In this case, the
old interface will be deactivated when the new one is created
successfully. Both file descriptors are valid but now outgoing
packets will be routed to the new interface. Therefore, after
draining the old file descriptor, the application MUST close it
and start using the new file descriptor. If the new interface
cannot be created, the existing interface and its file descriptor
remain untouched.
An exception will be thrown if the interface cannot be created
for any reason. However, this method returns null if the
application is not prepared or is revoked. This helps solve
possible race conditions between other VPN applications.
excludeRoute
public VpnService.Builder excludeRoute (IpPrefix prefix)
Exclude a network route from the VPN interface. Both IPv4 and IPv6
routes are supported.
Calling this method overrides previous calls to addRoute(IpPrefix) for the same
destination.
If multiple routes match the packet destination, route with the longest prefix takes
precedence.
| Parameters |
|---|
prefix |
IpPrefix: This value cannot be null. |
setBlocking
public VpnService.Builder setBlocking (boolean blocking)
Sets the VPN interface's file descriptor to be in blocking/non-blocking mode.
By default, the file descriptor returned by establish() is non-blocking.
| Parameters |
|---|
blocking |
boolean: True to put the descriptor into blocking mode; false for non-blocking. |
public VpnService.Builder setConfigureIntent (PendingIntent intent)
Set the PendingIntent to an activity for users to
configure the VPN connection. If it is not set, the button
to configure will not be shown in system-managed dialogs.
| Parameters |
|---|
intent |
PendingIntent: This value cannot be null. |
setHttpProxy
public VpnService.Builder setHttpProxy (ProxyInfo proxyInfo)
Sets an HTTP proxy for the VPN network.
This proxy is only a recommendation and it is possible that some apps
will ignore it.
PAC proxies are not supported over VPNs.
Apps that do use the proxy cannot distinguish between routes handled
and not handled by the VPN and will try to access HTTP resources over the proxy
regardless of the destination. In practice this means using a proxy with a split
tunnel generally won't work as expected, because HTTP accesses on routes not handled by
the VPN will not reach as the proxy won't be available outside of the VPN network.
| Parameters |
|---|
proxyInfo |
ProxyInfo: This value cannot be null. |
setMetered
public VpnService.Builder setMetered (boolean isMetered)
Marks the VPN network as metered. A VPN network is classified as metered when the user is
sensitive to heavy data usage due to monetary costs and/or data limitations. In such
cases, you should set this to true so that apps on the system can avoid doing
large data transfers. Otherwise, set this to false. Doing so would cause VPN
network to inherit its meteredness from its underlying networks.
VPN apps targeting Build.VERSION_CODES.Q or above will be
considered metered by default.
| Parameters |
|---|
isMetered |
boolean: true if VPN network should be treated as metered regardless of
underlying network meteredness |
setMtu
public VpnService.Builder setMtu (int mtu)
Set the maximum transmission unit (MTU) of the VPN interface. If
it is not set, the default value in the operating system will be
used.
setSession
public VpnService.Builder setSession (String session)
Set the name of this session. It will be displayed in
system-managed dialogs and notifications. This is recommended
not required.
| Parameters |
|---|
session |
String: This value cannot be null. |
setUnderlyingNetworks
public VpnService.Builder setUnderlyingNetworks (Network[] networks)
Sets the underlying networks used by the VPN for its upstream connections.
| Parameters |
|---|
networks |
Network: An array of networks the VPN uses to tunnel traffic to/from its servers.
This value may be null. |
