Apply per-app proxy rules at VPN boundary#60
Draft
cagedbird043 wants to merge 2 commits into
Draft
Conversation
cagedbird043
force-pushed
the
fix/per-app-proxy-vpn-builder
branch
from
d72a828 to
6ddb6a0
Compare
nekohasekai
force-pushed
the
dev
branch
2 times, most recently
from
a3acee6 to
8a19c2a
Compare
cagedbird043
force-pushed
the
fix/per-app-proxy-vpn-builder
branch
2 times, most recently
from
0128520 to
40c186f
Compare
Profile override settings are app-owned state, while imported profiles may omit include_package or exclude_package entirely. The VPN boundary should keep Android's VpnService.Builder package rules synchronized with the enabled per-app proxy settings instead of depending on profile fields to be present. Constraint: Profile override settings are app-owned state and imported profiles may omit include_package or exclude_package entirely. Rejected: Depend on libbox override fields as the only source for VpnService.Builder package rules | the Android per-app proxy UI should stay authoritative when enabled. Confidence: medium Scope-risk: narrow Directive: Keep VpnService.Builder package rules synchronized with Settings when per-app proxy override is enabled; use profile TunOptions only as the fallback. Tested: ./gradlew :app:compileOtherDebugKotlin Not-tested: Physical Android VPN startup with per-app override enabled. Co-authored-by: OmX <omx@oh-my-codex.dev>
cagedbird043
force-pushed
the
fix/per-app-proxy-vpn-builder
branch
from
40c186f to
0fe0e5b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When Android per-app proxy override is enabled, treat the app Settings as the authoritative source for VpnService.Builder allowed/disallowed applications. Imported profiles may omit include_package/exclude_package entirely, so VPN startup should not depend on those profile fields being present before applying the app-level override.
This keeps profile TunOptions as the fallback when the app override is disabled.
Tested: ./gradlew :app:compileOtherDebugKotlin