Android-x86
Fork
Spenden

  • R/O
  • HTTP
  • SSH
  • HTTPS

system-netd: Commit

system/netd


Commit MetaInfo

Revisioneb1e84c5deec7ccb0dfbed04d2c69cd66fba076b (tree)
Zeit2017-08-10 10:48:06
AutorErik Kline <ek@goog...>
CommiterChih-Wei Huang

Log Message

Only set protectFromVpn if explicitlySelected is also true.

When a secure VPN is up, setting protectFromVpn=1 and explicitlySelected=0
causes the probe routing lookups used by _have_ipv4 and _have_ipv6 to skip
the VPN rule, instead selecting the default network.

This means that the address families for which we query DNS records are
determined by the address families of the the default network, not those of
the VPN.

If explicitlySelected==true, setting protectFromVpn=true (if the app can
protect its sockets) results in querying the address families from the
specified network, which is correct.

Test: as follows

- built
- flashed
- booted
- runtest -x netd_integration_test.cpp passes
- testing per bug discussion

Bug: 37131664
Bug: 37347238
Change-Id: I7cf322a047494fd70c3c4d8862d53d6a6dac66de

Ändern Zusammenfassung

Diff

--- a/server/NetworkController.cpp
+++ b/server/NetworkController.cpp
@@ -47,6 +47,8 @@
4747 #include "RouteController.h"
4848 #include "VirtualNetwork.h"
4949
50+#define DBG 0
51+
5052 namespace {
5153
5254 // Keep these in sync with ConnectivityService.java.
@@ -284,12 +286,17 @@ void NetworkController::getNetworkContext(
284286 Fwmark fwmark;
285287 fwmark.netId = nc.app_netid;
286288 fwmark.explicitlySelected = explicitlySelected;
287- fwmark.protectedFromVpn = canProtect(uid);
289+ fwmark.protectedFromVpn = explicitlySelected && canProtect(uid);
288290 fwmark.permission = getPermissionForUser(uid);
289291 nc.app_mark = fwmark.intValue;
290292
291293 nc.dns_mark = getNetworkForDns(&(nc.dns_netid), uid);
292294
295+ if (DBG) {
296+ ALOGD("app_netid:0x%x app_mark:0x%x dns_netid:0x%x dns_mark:0x%x uid:%d",
297+ nc.app_netid, nc.app_mark, nc.dns_netid, nc.dns_mark, uid);
298+ }
299+
293300 if (netcontext) {
294301 *netcontext = nc;
295302 }
--- a/server/NetworkController.h
+++ b/server/NetworkController.h
@@ -113,7 +113,6 @@ private:
113113 std::map<unsigned, Network*> mNetworks; // Map keys are NetIds.
114114 std::map<uid_t, Permission> mUsers;
115115 std::set<uid_t> mProtectableUsers;
116-
117116 };
118117
119118 #endif // NETD_SERVER_NETWORK_CONTROLLER_H
Show on old repository browser