LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support routing sockets as another user

Browse Source 
Add support for routing sockets as if they were another user's.
This is for services that handle delegated network tasks like MediaServer and DownloadManager.

Change-Id: Id20efc1f5c2cce6f8838d777762f6c0a703a9437
This commit is contained in:
Chad Brubaker
2013-07-11 13:29:30 -07:00
parent b7652cde9d
commit 11f2225c3d
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/java/android/net/IConnectivityManager.aidl
View File

@@ -119,6 +119,8 @@ interface IConnectivityManager
boolean prepareVpn(String oldPackage, String newPackage); boolean prepareVpn(String oldPackage, String newPackage);
void markSocketAsUser(in ParcelFileDescriptor socket, int uid);
ParcelFileDescriptor establishVpn(in VpnConfig config); ParcelFileDescriptor establishVpn(in VpnConfig config);
void startLegacyVpn(in VpnProfile profile); void startLegacyVpn(in VpnProfile profile);

27
services/java/com/android/server/ConnectivityService.java
View File

@@ -1749,6 +1749,16 @@ public class ConnectivityService extends IConnectivityManager.Stub {
"ConnectivityService"); "ConnectivityService");
} }
private void enforceMarkNetworkSocketPermission() {
//Media server special case
if (Binder.getCallingUid() == Process.MEDIA_UID) {
return;
}
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.MARK_NETWORK_SOCKET,
"ConnectivityService");
}
/** /**
* Handle a {@code DISCONNECTED} event. If this pertains to the non-active * Handle a {@code DISCONNECTED} event. If this pertains to the non-active
* network, we ignore it. If it is for the active network, we send out a * network, we ignore it. If it is for the active network, we send out a
@@ -3350,6 +3360,23 @@ public class ConnectivityService extends IConnectivityManager.Stub {
} }
} }
@Override
public void markSocketAsUser(ParcelFileDescriptor socket, int uid) {
enforceMarkNetworkSocketPermission();
final long token = Binder.clearCallingIdentity();
try {
int mark = mNetd.getMarkForUid(uid);
// Clear the mark on the socket if no mark is needed to prevent socket reuse issues
if (mark == -1) {
mark = 0;
}
NetworkUtils.markSocket(socket.getFd(), mark);
} catch (RemoteException e) {
} finally {
Binder.restoreCallingIdentity(token);
}
}
/** /**
* Configure a TUN interface and return its file descriptor. Parameters * Configure a TUN interface and return its file descriptor. Parameters
* are encoded and opaque to this class. This method is used by VpnBuilder * are encoded and opaque to this class. This method is used by VpnBuilder