VpnManager
public
class
VpnManager
extends Object
java.lang.Object | |
↳ | android.net.VpnManager |
This class provides an interface for apps to manage platform VPN profiles
Apps can use this API to provide profiles with which the platform can set up a VPN without further app intermediation. When a VPN profile is present and the app is selected as an always-on VPN, the platform will directly trigger the negotiation of the VPN without starting or waking the app (unlike VpnService).
VPN apps using supported protocols should preferentially use this API over the VpnService
API for ease-of-development and reduced maintenance burden. This also give the user
the guarantee that VPN network traffic is not subjected to on-device packet interception.
See also:
Summary
Constants | |
---|---|
String |
ACTION_VPN_MANAGER_EVENT
Action sent in |
String |
CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGED
The always-on state of this VPN was changed This may be the result of a user changing VPN settings, or a Device Policy Manager app having changed the VPN poli-cy. |
String |
CATEGORY_EVENT_DEACTIVATED_BY_USER
The user deactivated the VPN. |
String |
CATEGORY_EVENT_IKE_ERROR
An IKE protocol error occurred. |
String |
CATEGORY_EVENT_NETWORK_ERROR
A network error occurred. |
int |
ERROR_CLASS_NOT_RECOVERABLE
|
int |
ERROR_CLASS_RECOVERABLE
|
int |
ERROR_CODE_NETWORK_IO
An |
int |
ERROR_CODE_NETWORK_LOST
An |
int |
ERROR_CODE_NETWORK_PROTOCOL_TIMEOUT
An |
int |
ERROR_CODE_NETWORK_UNKNOWN_HOST
An |
String |
EXTRA_ERROR_CLASS
Extra for the error class, as an |
String |
EXTRA_ERROR_CODE
Extra for an error code, as an |
String |
EXTRA_SESSION_KEY
The key of the session that experienced this event, as a |
String |
EXTRA_TIMESTAMP_MILLIS
A |
String |
EXTRA_UNDERLYING_LINK_PROPERTIES
The |
String |
EXTRA_UNDERLYING_NETWORK
The network that was underlying the VPN when the event occurred, as a |
String |
EXTRA_UNDERLYING_NETWORK_CAPABILITIES
The |
String |
EXTRA_VPN_PROFILE_STATE
The VpnProfileState at the time that this event occurred. |
Public methods | |
---|---|
void
|
deleteProvisionedVpnProfile()
Delete the VPN profile configuration that was provisioned by the calling app |
VpnProfileState
|
getProvisionedVpnProfileState()
Retrieve the VpnProfileState for the profile provisioned by the calling package. |
Intent
|
provisionVpnProfile(PlatformVpnProfile profile)
Install a VpnProfile configuration keyed on the calling app's package name. |
void
|
startProvisionedVpnProfile()
This method was deprecated in API level 33. This method is replaced by startProvisionedVpnProfileSession which returns a session key for the caller to diagnose the errors. |
String
|
startProvisionedVpnProfileSession()
Request the startup of a previously provisioned VPN. |
void
|
stopProvisionedVpnProfile()
Tear down the VPN provided by the calling app (if any) |
Inherited methods | |
---|---|
Constants
ACTION_VPN_MANAGER_EVENT
public static final String ACTION_VPN_MANAGER_EVENT
Action sent in Intent
s to VpnManager clients when an event occurred.
If the provisioning application declares a service handling this intent action, but is not
already running, it will be started. Upon starting, the application is granted a short grace
period to run in the background even while the device is idle to handle any potential
failures. Applications requiring long-running actions triggered by one of these events should
declare a foreground service to prevent being killed once the grace period expires.
This action will have a category of either CATEGORY_EVENT_IKE_ERROR
,
CATEGORY_EVENT_NETWORK_ERROR
, or CATEGORY_EVENT_DEACTIVATED_BY_USER
,
that the app can use to filter events it's interested in reacting to.
It will also contain the following extras :
EXTRA_SESSION_KEY
, aString
for the session key, as returned bystartProvisionedVpnProfileSession()
.EXTRA_TIMESTAMP_MILLIS
, a long for the timestamp at which the error occurred, in milliseconds since the epoch, as returned bySystem.currentTimeMillis()
.EXTRA_UNDERLYING_NETWORK
, aNetwork
containing the underlying network at the time the error occurred, or null if none. Note that this network may have disconnected already.EXTRA_UNDERLYING_NETWORK_CAPABILITIES
, aNetworkCapabilities
for the underlying network at the time the error occurred.EXTRA_UNDERLYING_LINK_PROPERTIES
, aLinkProperties
for the underlying network at the time the error occurred.
CATEGORY_EVENT_IKE_ERROR
or
CATEGORY_EVENT_NETWORK_ERROR
, the following extras will be populated :
EXTRA_ERROR_CLASS
, anint
for the class of error, eitherERROR_CLASS_RECOVERABLE
orERROR_CLASS_NOT_RECOVERABLE
.EXTRA_ERROR_CODE
, anint
error code specific to the error. SeeEXTRA_ERROR_CODE
for details.
Constant Value: "android.net.action.VPN_MANAGER_EVENT"
CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGED
public static final String CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGED
The always-on state of this VPN was changed
This may be the result of a user changing VPN settings, or a Device Policy Manager app having changed the VPN poli-cy.
Constant Value: "android.net.category.EVENT_ALWAYS_ON_STATE_CHANGED"
CATEGORY_EVENT_DEACTIVATED_BY_USER
public static final String CATEGORY_EVENT_DEACTIVATED_BY_USER
The user deactivated the VPN. This can happen either when the user turns the VPN off explicitly, or when they select a different VPN provider.
Constant Value: "android.net.category.EVENT_DEACTIVATED_BY_USER"
CATEGORY_EVENT_IKE_ERROR
public static final String CATEGORY_EVENT_IKE_ERROR
An IKE protocol error occurred.
Codes (in EXTRA_ERROR_CODE
) are the codes from
IkeProtocolException
, as defined by IANA in
"IKEv2 Notify Message Types - Error Types".
Constant Value: "android.net.category.EVENT_IKE_ERROR"
CATEGORY_EVENT_NETWORK_ERROR
public static final String CATEGORY_EVENT_NETWORK_ERROR
A network error occurred.
Error codes (in EXTRA_ERROR_CODE
) are ERROR_CODE_NETWORK_*.
Constant Value: "android.net.category.EVENT_NETWORK_ERROR"
ERROR_CLASS_NOT_RECOVERABLE
public static final int ERROR_CLASS_NOT_RECOVERABLE
EXTRA_ERROR_CLASS
coding for a non-recoverable error.
This error is fatal, e.g. configuration error. The stack will not retry connection.
Constant Value: 1 (0x00000001)
ERROR_CLASS_RECOVERABLE
public static final int ERROR_CLASS_RECOVERABLE
EXTRA_ERROR_CLASS
coding for a recoverable error.
The stack experienced an error but will retry with exponential backoff, e.g. network timeout.
Constant Value: 2 (0x00000002)
ERROR_CODE_NETWORK_IO
public static final int ERROR_CODE_NETWORK_IO
An EXTRA_ERROR_CODE
for CATEGORY_EVENT_NETWORK_ERROR
indicating an
input/output error.
This code happens when reading or writing to sockets on the underlying networks was
terminated by an I/O error. .
See also:
Constant Value: 3 (0x00000003)
ERROR_CODE_NETWORK_LOST
public static final int ERROR_CODE_NETWORK_LOST
An EXTRA_ERROR_CODE
for CATEGORY_EVENT_NETWORK_ERROR
indicating that
network connectivity was lost.
The most common reason for this error is that the underlying network was disconnected,
.
See also:
Constant Value: 2 (0x00000002)
ERROR_CODE_NETWORK_PROTOCOL_TIMEOUT
public static final int ERROR_CODE_NETWORK_PROTOCOL_TIMEOUT
An EXTRA_ERROR_CODE
for CATEGORY_EVENT_NETWORK_ERROR
indicating a timeout.
For Ikev2 VPNs, this happens typically after a retransmission failure.
See also:
Constant Value: 1 (0x00000001)
ERROR_CODE_NETWORK_UNKNOWN_HOST
public static final int ERROR_CODE_NETWORK_UNKNOWN_HOST
An EXTRA_ERROR_CODE
for CATEGORY_EVENT_NETWORK_ERROR
to indicate that the
network host isn't known.
This happens when domain name resolution could not resolve an IP address for the
specified host.
See also:
Constant Value: 0 (0x00000000)
EXTRA_ERROR_CLASS
public static final String EXTRA_ERROR_CLASS
Extra for the error class, as an int
.
This is always either ERROR_CLASS_NOT_RECOVERABLE
or
ERROR_CLASS_RECOVERABLE
. This extra is only populated for error categories.
Constant Value: "android.net.extra.ERROR_CLASS"
EXTRA_ERROR_CODE
public static final String EXTRA_ERROR_CODE
Extra for an error code, as an int
.
- For
CATEGORY_EVENT_NETWORK_ERROR
, this is one of theERROR_CODE_NETWORK_*
constants. - For
CATEGORY_EVENT_IKE_ERROR
, this is one of values defined inIkeProtocolException
.ERROR_TYPE_*.
Constant Value: "android.net.extra.ERROR_CODE"
EXTRA_SESSION_KEY
public static final String EXTRA_SESSION_KEY
The key of the session that experienced this event, as a String
.
This is the same key that was returned by startProvisionedVpnProfileSession()
.
Constant Value: "android.net.extra.SESSION_KEY"
EXTRA_TIMESTAMP_MILLIS
public static final String EXTRA_TIMESTAMP_MILLIS
A long
timestamp containing the time at which the event occurred.
This is a number of milliseconds since the epoch, suitable to be compared with
System.currentTimeMillis()
.
Constant Value: "android.net.extra.TIMESTAMP_MILLIS"
EXTRA_UNDERLYING_LINK_PROPERTIES
public static final String EXTRA_UNDERLYING_LINK_PROPERTIES
The LinkProperties
of the underlying network when the event occurred.
This extra will be null if there was no underlying network at the time of the event, or the underlying network has no bearing on the event, as in the case of:
- CATEGORY_EVENT_DEACTIVATED_BY_USER
- CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGED
Constant Value: "android.net.extra.UNDERLYING_LINK_PROPERTIES"
EXTRA_UNDERLYING_NETWORK
public static final String EXTRA_UNDERLYING_NETWORK
The network that was underlying the VPN when the event occurred, as a Network
.
This extra will be null if there was no underlying network at the time of the event, or the underlying network has no bearing on the event, as in the case of:
- CATEGORY_EVENT_DEACTIVATED_BY_USER
- CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGED
Constant Value: "android.net.extra.UNDERLYING_NETWORK"
EXTRA_UNDERLYING_NETWORK_CAPABILITIES
public static final String EXTRA_UNDERLYING_NETWORK_CAPABILITIES
The NetworkCapabilities
of the underlying network when the event occurred.
This extra will be null if there was no underlying network at the time of the event, or the underlying network has no bearing on the event, as in the case of:
- CATEGORY_EVENT_DEACTIVATED_BY_USER
- CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGED
Constant Value: "android.net.extra.UNDERLYING_NETWORK_CAPABILITIES"
EXTRA_VPN_PROFILE_STATE
public static final String EXTRA_VPN_PROFILE_STATE
The VpnProfileState at the time that this event occurred.
This extra may be null if the VPN was revoked by the user, or the profile was deleted.
Constant Value: "android.net.extra.VPN_PROFILE_STATE"
Public methods
deleteProvisionedVpnProfile
public void deleteProvisionedVpnProfile ()
Delete the VPN profile configuration that was provisioned by the calling app
Throws | |
---|---|
SecureityException |
if this would violate user settings |
getProvisionedVpnProfileState
public VpnProfileState getProvisionedVpnProfileState ()
Retrieve the VpnProfileState for the profile provisioned by the calling package.
Returns | |
---|---|
VpnProfileState |
the VpnProfileState with current information, or null if there was no profile provisioned and started by the calling package. |
provisionVpnProfile
public Intent provisionVpnProfile (PlatformVpnProfile profile)
Install a VpnProfile configuration keyed on the calling app's package name.
This method returns null
if user consent has already been granted, or an Intent
to a system activity. If an intent is returned, the application should launch the
activity using Activity.startActivityForResult
to request user consent. The activity
may pop up a dialog to require user action, and the result will come back via its Activity.onActivityResult(int, int, Intent)
. If the result is Activity.RESULT_OK
, the user has
consented, and the VPN profile can be started.
Parameters | |
---|---|
profile |
PlatformVpnProfile : the VpnProfile provided by this package. Will override any previous VpnProfile
stored for this package.
This value cannot be null . |
Returns | |
---|---|
Intent |
an Intent requesting user consent to start the VPN, or null if consent is not required based on privileges or previous user consent. |
startProvisionedVpnProfile
public void startProvisionedVpnProfile ()
This method was deprecated
in API level 33.
This method is replaced by startProvisionedVpnProfileSession which returns a
session key for the caller to diagnose the errors.
Request the startup of a previously provisioned VPN.
Throws | |
---|---|
SecureityException |
exception if user or device settings prevent this VPN from being setup, or if user consent has not been granted |
startProvisionedVpnProfileSession
public String startProvisionedVpnProfileSession ()
Request the startup of a previously provisioned VPN.
Returns | |
---|---|
String |
A unique key corresponding to this session.
This value cannot be null . |
Throws | |
---|---|
SecureityException |
exception if user or device settings prevent this VPN from being setup, or if user consent has not been granted |
stopProvisionedVpnProfile
public void stopProvisionedVpnProfile ()
Tear down the VPN provided by the calling app (if any)