LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Only apply VPN isolation if it's fully routed"

Browse Source
This commit is contained in:
Lorenzo Colitti
2020-04-02 04:10:12 +00:00
committed by Gerrit Code Review
parent e71d3cf971 ab8cf306ea
commit 5c5d1a1282
6 changed files with 146 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
core/java/android/net/LinkProperties.java
View File

@@ -1073,6 +1073,21 @@ public final class LinkProperties implements Parcelable {
return false;
}
/**
* Returns true if this link has an IPv4 unreachable default route.
*
* @return {@code true} if there is an IPv4 unreachable default route, {@code false} otherwise.
* @hide
*/
public boolean hasIpv4UnreachableDefaultRoute() {
for (RouteInfo r : mRoutes) {
if (r.isIPv4UnreachableDefault()) {
return true;
}
}
return false;
}
/**
* For backward compatibility.
* This was annotated with @UnsupportedAppUsage in P, so we can't remove the method completely
@@ -1101,6 +1116,21 @@ public final class LinkProperties implements Parcelable {
return false;
}
/**
* Returns true if this link has an IPv6 unreachable default route.
*
* @return {@code true} if there is an IPv6 unreachable default route, {@code false} otherwise.
* @hide
*/
public boolean hasIpv6UnreachableDefaultRoute() {
for (RouteInfo r : mRoutes) {
if (r.isIPv6UnreachableDefault()) {
return true;
}
}
return false;
}
/**
* For backward compatibility.
* This was annotated with @UnsupportedAppUsage in P, so we can't remove the method completely

26
core/java/android/net/RouteInfo.java
View File

@@ -425,6 +425,16 @@ public final class RouteInfo implements Parcelable {
return mType == RTN_UNICAST && mDestination.getPrefixLength() == 0;
}
/**
* Indicates if this route is an unreachable default route.
*
* @return {@code true} if it's an unreachable route with prefix length of 0.
* @hide
*/
private boolean isUnreachableDefaultRoute() {
return mType == RTN_UNREACHABLE && mDestination.getPrefixLength() == 0;
}
/**
* Indicates if this route is an IPv4 default route.
* @hide
@@ -433,6 +443,14 @@ public final class RouteInfo implements Parcelable {
return isDefaultRoute() && mDestination.getAddress() instanceof Inet4Address;
}
/**
* Indicates if this route is an IPv4 unreachable default route.
* @hide
*/
public boolean isIPv4UnreachableDefault() {
return isUnreachableDefaultRoute() && mDestination.getAddress() instanceof Inet4Address;
}
/**
* Indicates if this route is an IPv6 default route.
* @hide
@@ -441,6 +459,14 @@ public final class RouteInfo implements Parcelable {
return isDefaultRoute() && mDestination.getAddress() instanceof Inet6Address;
}
/**
* Indicates if this route is an IPv6 unreachable default route.
* @hide
*/
public boolean isIPv6UnreachableDefault() {
return isUnreachableDefaultRoute() && mDestination.getAddress() instanceof Inet6Address;
}
/**
* Indicates if this route is a host route (ie, matches only a single host address).
*

3
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -6304,7 +6304,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
&& !nai.networkAgentConfig.allowBypass
&& nc.getOwnerUid() != Process.SYSTEM_UID
&& lp.getInterfaceName() != null
&& (lp.hasIPv4DefaultRoute() || lp.hasIPv6DefaultRoute());
&& (lp.hasIPv4DefaultRoute() || lp.hasIpv4UnreachableDefaultRoute())
&& (lp.hasIPv6DefaultRoute() || lp.hasIpv6UnreachableDefaultRoute());
}
private void updateUids(NetworkAgentInfo nai, NetworkCapabilities prevNc,

25
tests/net/common/java/android/net/LinkPropertiesTest.java
View File

@@ -16,6 +16,8 @@
package android.net;
import static android.net.RouteInfo.RTN_UNREACHABLE;
import static com.android.testutils.ParcelUtilsKt.assertParcelSane;
import static com.android.testutils.ParcelUtilsKt.assertParcelingIsLossless;
import static com.android.testutils.ParcelUtilsKt.parcelingRoundTrip;
@@ -46,6 +48,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Arrays;
@@ -1257,4 +1260,26 @@ public class LinkPropertiesTest {
final LinkProperties Ipv6 = makeIpv6LinkProperties();
assertTrue(Ipv6.hasIpv6DnsServer());
}
@Test @IgnoreUpTo(Build.VERSION_CODES.Q)
public void testHasIpv4UnreachableDefaultRoute() {
final LinkProperties lp = makeTestObject();
assertFalse(lp.hasIpv4UnreachableDefaultRoute());
assertFalse(lp.hasIpv6UnreachableDefaultRoute());
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), RTN_UNREACHABLE));
assertTrue(lp.hasIpv4UnreachableDefaultRoute());
assertFalse(lp.hasIpv6UnreachableDefaultRoute());
}
@Test @IgnoreUpTo(Build.VERSION_CODES.Q)
public void testHasIpv6UnreachableDefaultRoute() {
final LinkProperties lp = makeTestObject();
assertFalse(lp.hasIpv6UnreachableDefaultRoute());
assertFalse(lp.hasIpv4UnreachableDefaultRoute());
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), RTN_UNREACHABLE));
assertTrue(lp.hasIpv6UnreachableDefaultRoute());
assertFalse(lp.hasIpv4UnreachableDefaultRoute());
}
}

58
tests/net/common/java/android/net/RouteInfoTest.java
View File

@@ -31,6 +31,7 @@ import static org.junit.Assert.fail;
import android.os.Build;
import androidx.core.os.BuildCompat;
import androidx.test.filters.SmallTest;
import androidx.test.runner.AndroidJUnit4;
@@ -62,6 +63,11 @@ public class RouteInfoTest {
return new IpPrefix(prefix);
}
private static boolean isAtLeastR() {
// BuildCompat.isAtLeastR is documented to return false on release SDKs (including R)
return Build.VERSION.SDK_INT > Build.VERSION_CODES.Q || BuildCompat.isAtLeastR();
}
@Test
public void testConstructor() {
RouteInfo r;
@@ -195,78 +201,130 @@ public class RouteInfoTest {
assertTrue(r.isDefaultRoute());
assertTrue(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("::/0"), Address("::"), "wlan0");
assertFalse(r.isHostRoute());
assertTrue(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertTrue(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("192.0.2.0/24"), null, "wlan0");
assertFalse(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("2001:db8::/48"), null, "wlan0");
assertFalse(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("192.0.2.0/32"), Address("0.0.0.0"), "wlan0");
assertTrue(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("2001:db8::/128"), Address("::"), "wlan0");
assertTrue(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("192.0.2.0/32"), null, "wlan0");
assertTrue(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("2001:db8::/128"), null, "wlan0");
assertTrue(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("::/128"), Address("fe80::"), "wlan0");
assertTrue(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("0.0.0.0/32"), Address("192.0.2.1"), "wlan0");
assertTrue(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(Prefix("0.0.0.0/32"), Address("192.0.2.1"), "wlan0");
assertTrue(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), RTN_UNREACHABLE);
assertFalse(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertTrue(r.isIPv4UnreachableDefault());
assertFalse(r.isIPv6UnreachableDefault());
}
r = new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), RTN_UNREACHABLE);
assertFalse(r.isHostRoute());
assertFalse(r.isDefaultRoute());
assertFalse(r.isIPv4Default());
assertFalse(r.isIPv6Default());
if (isAtLeastR()) {
assertFalse(r.isIPv4UnreachableDefault());
assertTrue(r.isIPv6UnreachableDefault());
}
}
@Test

5
tests/net/java/com/android/server/ConnectivityServiceTest.java
View File

@@ -6330,6 +6330,7 @@ public class ConnectivityServiceTest {
LinkProperties lp = new LinkProperties();
lp.setInterfaceName("tun0");
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null));
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), RTN_UNREACHABLE));
// The uid range needs to cover the test app so the network is visible to it.
final Set<UidRange> vpnRange = Collections.singleton(UidRange.createForUser(VPN_USER));
final TestNetworkAgentWrapper vpnNetworkAgent = establishVpn(lp, VPN_UID, vpnRange);
@@ -6355,6 +6356,7 @@ public class ConnectivityServiceTest {
public void testLegacyVpnDoesNotResultInInterfaceFilteringRule() throws Exception {
LinkProperties lp = new LinkProperties();
lp.setInterfaceName("tun0");
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null));
// The uid range needs to cover the test app so the network is visible to it.
final Set<UidRange> vpnRange = Collections.singleton(UidRange.createForUser(VPN_USER));
@@ -6386,6 +6388,7 @@ public class ConnectivityServiceTest {
LinkProperties lp = new LinkProperties();
lp.setInterfaceName("tun0");
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null));
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
// The uid range needs to cover the test app so the network is visible to it.
final Set<UidRange> vpnRange = Collections.singleton(UidRange.createForUser(VPN_USER));
final TestNetworkAgentWrapper vpnNetworkAgent = establishVpn(lp, VPN_UID, vpnRange);
@@ -6422,6 +6425,7 @@ public class ConnectivityServiceTest {
reset(mMockNetd);
lp = new LinkProperties();
lp.setInterfaceName("tun1");
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), RTN_UNREACHABLE));
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
vpnNetworkAgent.sendLinkProperties(lp);
waitForIdle();
@@ -6434,6 +6438,7 @@ public class ConnectivityServiceTest {
public void testUidUpdateChangesInterfaceFilteringRule() throws Exception {
LinkProperties lp = new LinkProperties();
lp.setInterfaceName("tun0");
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), RTN_UNREACHABLE));
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
// The uid range needs to cover the test app so the network is visible to it.
final UidRange vpnRange = UidRange.createForUser(VPN_USER);