Use netd socketDestroy for VPN in T-
aosp/2490881 updated to use InetDiagMessage.destroyLiveTcpSocket for all devices. But it is possible that netd socketDestory is modified in T- devices. So this CL revert changes to keep using netd socketDestroy in T- devices. Test: atest FrameworksNetTests Bug: 284253763 Change-Id: I9b61f10e975d2e38e9829a8c01d3af706e2518ef
This commit is contained in:
Motomu Utsumi
@@ -8614,10 +8614,18 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void maybeCloseSockets(NetworkAgentInfo nai, Set<UidRange> ranges,
|
private void maybeCloseSockets(NetworkAgentInfo nai, Set<UidRange> ranges,
|
||||||
Set<Integer> exemptUids) {
|
UidRangeParcel[] uidRangeParcels, int[] exemptUids) {
|
||||||
if (nai.isVPN() && !nai.networkAgentConfig.allowBypass) {
|
if (nai.isVPN() && !nai.networkAgentConfig.allowBypass) {
|
||||||
try {
|
try {
|
||||||
mDeps.destroyLiveTcpSockets(UidRange.toIntRanges(ranges), exemptUids);
|
if (mDeps.isAtLeastU()) {
|
||||||
|
final Set<Integer> exemptUidSet = new ArraySet<>();
|
||||||
|
for (final int uid: exemptUids) {
|
||||||
|
exemptUidSet.add(uid);
|
||||||
|
}
|
||||||
|
mDeps.destroyLiveTcpSockets(UidRange.toIntRanges(ranges), exemptUidSet);
|
||||||
|
} else {
|
||||||
|
mNetd.socketDestroy(uidRangeParcels, exemptUids);
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
loge("Exception in socket destroy: ", e);
|
loge("Exception in socket destroy: ", e);
|
||||||
}
|
}
|
||||||
@@ -8625,16 +8633,16 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void updateVpnUidRanges(boolean add, NetworkAgentInfo nai, Set<UidRange> uidRanges) {
|
private void updateVpnUidRanges(boolean add, NetworkAgentInfo nai, Set<UidRange> uidRanges) {
|
||||||
final Set<Integer> exemptUids = new ArraySet<>();
|
int[] exemptUids = new int[2];
|
||||||
// TODO: Excluding VPN_UID is necessary in order to not to kill the TCP connection used
|
// TODO: Excluding VPN_UID is necessary in order to not to kill the TCP connection used
|
||||||
// by PPTP. Fix this by making Vpn set the owner UID to VPN_UID instead of system when
|
// by PPTP. Fix this by making Vpn set the owner UID to VPN_UID instead of system when
|
||||||
// starting a legacy VPN, and remove VPN_UID here. (b/176542831)
|
// starting a legacy VPN, and remove VPN_UID here. (b/176542831)
|
||||||
exemptUids.add(VPN_UID);
|
exemptUids[0] = VPN_UID;
|
||||||
exemptUids.add(nai.networkCapabilities.getOwnerUid());
|
exemptUids[1] = nai.networkCapabilities.getOwnerUid();
|
||||||
UidRangeParcel[] ranges = toUidRangeStableParcels(uidRanges);
|
UidRangeParcel[] ranges = toUidRangeStableParcels(uidRanges);
|
||||||
|
|
||||||
// Close sockets before modifying uid ranges so that RST packets can reach to the server.
|
// Close sockets before modifying uid ranges so that RST packets can reach to the server.
|
||||||
maybeCloseSockets(nai, uidRanges, exemptUids);
|
maybeCloseSockets(nai, uidRanges, ranges, exemptUids);
|
||||||
try {
|
try {
|
||||||
if (add) {
|
if (add) {
|
||||||
mNetd.networkAddUidRangesParcel(new NativeUidRangeConfig(
|
mNetd.networkAddUidRangesParcel(new NativeUidRangeConfig(
|
||||||
@@ -8648,7 +8656,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
" on netId " + nai.network.netId + ". " + e);
|
" on netId " + nai.network.netId + ". " + e);
|
||||||
}
|
}
|
||||||
// Close sockets that established connection while requesting netd.
|
// Close sockets that established connection while requesting netd.
|
||||||
maybeCloseSockets(nai, uidRanges, exemptUids);
|
maybeCloseSockets(nai, uidRanges, ranges, exemptUids);
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isProxySetOnAnyDefaultNetwork() {
|
private boolean isProxySetOnAnyDefaultNetwork() {
|
||||||
|
|||||||
@@ -12725,9 +12725,16 @@ public class ConnectivityServiceTest {
|
|||||||
throws Exception {
|
throws Exception {
|
||||||
InOrder inOrder = inOrder(mMockNetd, mDestroySocketsWrapper);
|
InOrder inOrder = inOrder(mMockNetd, mDestroySocketsWrapper);
|
||||||
final Set<Integer> exemptUidSet = new ArraySet<>(List.of(exemptUid, Process.VPN_UID));
|
final Set<Integer> exemptUidSet = new ArraySet<>(List.of(exemptUid, Process.VPN_UID));
|
||||||
|
ArgumentCaptor<int[]> exemptUidCaptor = ArgumentCaptor.forClass(int[].class);
|
||||||
|
|
||||||
inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets(
|
if (mDeps.isAtLeastU()) {
|
||||||
UidRange.toIntRanges(vpnRanges), exemptUidSet);
|
inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets(
|
||||||
|
UidRange.toIntRanges(vpnRanges), exemptUidSet);
|
||||||
|
} else {
|
||||||
|
inOrder.verify(mMockNetd).socketDestroy(eq(toUidRangeStableParcels(vpnRanges)),
|
||||||
|
exemptUidCaptor.capture());
|
||||||
|
assertContainsExactly(exemptUidCaptor.getValue(), Process.VPN_UID, exemptUid);
|
||||||
|
}
|
||||||
|
|
||||||
if (add) {
|
if (add) {
|
||||||
inOrder.verify(mMockNetd, times(1)).networkAddUidRangesParcel(
|
inOrder.verify(mMockNetd, times(1)).networkAddUidRangesParcel(
|
||||||
@@ -12739,8 +12746,14 @@ public class ConnectivityServiceTest {
|
|||||||
toUidRangeStableParcels(vpnRanges), PREFERENCE_ORDER_VPN));
|
toUidRangeStableParcels(vpnRanges), PREFERENCE_ORDER_VPN));
|
||||||
}
|
}
|
||||||
|
|
||||||
inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets(
|
if (mDeps.isAtLeastU()) {
|
||||||
UidRange.toIntRanges(vpnRanges), exemptUidSet);
|
inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets(
|
||||||
|
UidRange.toIntRanges(vpnRanges), exemptUidSet);
|
||||||
|
} else {
|
||||||
|
inOrder.verify(mMockNetd).socketDestroy(eq(toUidRangeStableParcels(vpnRanges)),
|
||||||
|
exemptUidCaptor.capture());
|
||||||
|
assertContainsExactly(exemptUidCaptor.getValue(), Process.VPN_UID, exemptUid);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
Reference in New Issue
Block a user