LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prohibit address families by default unless a VPN explicitly allows them.

Browse Source 
Bug: 15972465
Change-Id: I3278d94536fefacc86390c1ba4231680f7be8589
This commit is contained in:
Sreeram Ramachandran
2014-07-27 00:37:35 -07:00
parent 53a2a7573b
commit 0bb9c07eba
2 changed files with 65 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
core/java/android/net/NetworkAgent.java
View File

@@ -106,6 +106,20 @@ public abstract class NetworkAgent extends Handler {
*/
public static final int EVENT_UID_RANGES_REMOVED = BASE + 6;
/**
* Sent by the NetworkAgent to ConnectivityService to block all routes for a certain address
* family (AF_INET or AF_INET6) on this Network. For VPNs only.
* obj = Integer representing the family (AF_INET or AF_INET6)
*/
public static final int EVENT_BLOCK_ADDRESS_FAMILY = BASE + 7;
/**
* Sent by the NetworkAgent to ConnectivityService to unblock routes for a certain address
* family (AF_INET or AF_INET6) on this Network. For VPNs only.
* obj = Integer representing the family (AF_INET or AF_INET6)
*/
public static final int EVENT_UNBLOCK_ADDRESS_FAMILY = BASE + 8;
public NetworkAgent(Looper looper, Context context, String logTag, NetworkInfo ni,
NetworkCapabilities nc, LinkProperties lp, int score) {
this(looper, context, logTag, ni, nc, lp, score, null);
@@ -228,6 +242,21 @@ public abstract class NetworkAgent extends Handler {
queueOrSendMessage(EVENT_UID_RANGES_REMOVED, ranges);
}
/**
* Called by the VPN code when it wants to block an address family from being routed, typically
* because the VPN network doesn't support that family.
*/
public void blockAddressFamily(int family) {
queueOrSendMessage(EVENT_BLOCK_ADDRESS_FAMILY, family);
}
/**
* Called by the VPN code when it wants to unblock an address family from being routed.
*/
public void unblockAddressFamily(int family) {
queueOrSendMessage(EVENT_UNBLOCK_ADDRESS_FAMILY, family);
}
/**
* Called when ConnectivityService has indicated they no longer want this network.
* The parent factory should (previously) have received indication of the change

38
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -2940,7 +2940,9 @@ public class ConnectivityService extends IConnectivityManager.Stub {
}
try {
mNetd.addVpnUidRanges(nai.network.netId, (UidRange[])msg.obj);
} catch (RemoteException e) {
} catch (Exception e) {
// Never crash!
loge("Exception in addVpnUidRanges: " + e);
}
break;
}
@@ -2952,7 +2954,39 @@ public class ConnectivityService extends IConnectivityManager.Stub {
}
try {
mNetd.removeVpnUidRanges(nai.network.netId, (UidRange[])msg.obj);
} catch (RemoteException e) {
} catch (Exception e) {
// Never crash!
loge("Exception in removeVpnUidRanges: " + e);
}
break;
}
case NetworkAgent.EVENT_BLOCK_ADDRESS_FAMILY: {
NetworkAgentInfo nai = mNetworkAgentInfos.get(msg.replyTo);
if (nai == null) {
loge("EVENT_BLOCK_ADDRESS_FAMILY from unknown NetworkAgent");
break;
}
try {
mNetd.blockAddressFamily((Integer) msg.obj, nai.network.netId,
nai.linkProperties.getInterfaceName());
} catch (Exception e) {
// Never crash!
loge("Exception in blockAddressFamily: " + e);
}
break;
}
case NetworkAgent.EVENT_UNBLOCK_ADDRESS_FAMILY: {
NetworkAgentInfo nai = mNetworkAgentInfos.get(msg.replyTo);
if (nai == null) {
loge("EVENT_UNBLOCK_ADDRESS_FAMILY from unknown NetworkAgent");
break;
}
try {
mNetd.unblockAddressFamily((Integer) msg.obj, nai.network.netId,
nai.linkProperties.getInterfaceName());
} catch (Exception e) {
// Never crash!
loge("Exception in blockAddressFamily: " + e);
}
break;
}