LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Block address families with routes, not NetworkAgent side channel

Browse Source 
Now that we support unreachable routes, use those to block
address families on VPNs. This is a much more elegant solution.
Also update LinkProperties when IP addresses are added and
removed, fixing a TODO.

Bug: 17462989
Change-Id: Ib749d84710dca70d672350b9f129bb91419ec77e
This commit is contained in:
Lorenzo Colitti
2014-09-20 00:14:31 +09:00
parent 2129034e25
commit 83d12dbbb7
2 changed files with 2 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
core/java/android/net/NetworkAgent.java
View File

@@ -106,20 +106,6 @@ public abstract class NetworkAgent extends Handler {
*/ */
public static final int EVENT_UID_RANGES_REMOVED = BASE + 6; public static final int EVENT_UID_RANGES_REMOVED = BASE + 6;
/**
* Sent by the NetworkAgent to ConnectivityService to block all routes for a certain address
* family (AF_INET or AF_INET6) on this Network. For VPNs only.
* obj = Integer representing the family (AF_INET or AF_INET6)
*/
public static final int EVENT_BLOCK_ADDRESS_FAMILY = BASE + 7;
/**
* Sent by the NetworkAgent to ConnectivityService to unblock routes for a certain address
* family (AF_INET or AF_INET6) on this Network. For VPNs only.
* obj = Integer representing the family (AF_INET or AF_INET6)
*/
public static final int EVENT_UNBLOCK_ADDRESS_FAMILY = BASE + 8;
/** /**
* Sent by ConnectivitySerice to the NetworkAgent to inform the agent of the * Sent by ConnectivitySerice to the NetworkAgent to inform the agent of the
* networks status - whether we could use the network or could not, due to * networks status - whether we could use the network or could not, due to
@@ -127,7 +113,7 @@ public abstract class NetworkAgent extends Handler {
* *
* arg1 = either {@code VALID_NETWORK} or {@code INVALID_NETWORK} * arg1 = either {@code VALID_NETWORK} or {@code INVALID_NETWORK}
*/ */
public static final int CMD_REPORT_NETWORK_STATUS = BASE + 9; public static final int CMD_REPORT_NETWORK_STATUS = BASE + 7;
public static final int VALID_NETWORK = 1; public static final int VALID_NETWORK = 1;
public static final int INVALID_NETWORK = 2; public static final int INVALID_NETWORK = 2;
@@ -137,7 +123,7 @@ public abstract class NetworkAgent extends Handler {
* explicitly selected. This should be sent before the NetworkInfo is marked * explicitly selected. This should be sent before the NetworkInfo is marked
* CONNECTED so it can be given special treatment at that time. * CONNECTED so it can be given special treatment at that time.
*/ */
public static final int EVENT_SET_EXPLICITLY_SELECTED = BASE + 10; public static final int EVENT_SET_EXPLICITLY_SELECTED = BASE + 8;
public NetworkAgent(Looper looper, Context context, String logTag, NetworkInfo ni, public NetworkAgent(Looper looper, Context context, String logTag, NetworkInfo ni,
NetworkCapabilities nc, LinkProperties lp, int score) { NetworkCapabilities nc, LinkProperties lp, int score) {
@@ -272,21 +258,6 @@ public abstract class NetworkAgent extends Handler {
queueOrSendMessage(EVENT_UID_RANGES_REMOVED, ranges); queueOrSendMessage(EVENT_UID_RANGES_REMOVED, ranges);
} }
/**
* Called by the VPN code when it wants to block an address family from being routed, typically
* because the VPN network doesn't support that family.
*/
public void blockAddressFamily(int family) {
queueOrSendMessage(EVENT_BLOCK_ADDRESS_FAMILY, family);
}
/**
* Called by the VPN code when it wants to unblock an address family from being routed.
*/
public void unblockAddressFamily(int family) {
queueOrSendMessage(EVENT_UNBLOCK_ADDRESS_FAMILY, family);
}
/** /**
* Called by the bearer to indicate this network was manually selected by the user. * Called by the bearer to indicate this network was manually selected by the user.
* This should be called before the NetworkInfo is marked CONNECTED so that this * This should be called before the NetworkInfo is marked CONNECTED so that this

30
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -1888,36 +1888,6 @@ public class ConnectivityService extends IConnectivityManager.Stub {
} }
break; break;
} }
case NetworkAgent.EVENT_BLOCK_ADDRESS_FAMILY: {
NetworkAgentInfo nai = mNetworkAgentInfos.get(msg.replyTo);
if (nai == null) {
loge("EVENT_BLOCK_ADDRESS_FAMILY from unknown NetworkAgent");
break;
}
try {
mNetd.blockAddressFamily((Integer) msg.obj, nai.network.netId,
nai.linkProperties.getInterfaceName());
} catch (Exception e) {
// Never crash!
loge("Exception in blockAddressFamily: " + e);
}
break;
}
case NetworkAgent.EVENT_UNBLOCK_ADDRESS_FAMILY: {
NetworkAgentInfo nai = mNetworkAgentInfos.get(msg.replyTo);
if (nai == null) {
loge("EVENT_UNBLOCK_ADDRESS_FAMILY from unknown NetworkAgent");
break;
}
try {
mNetd.unblockAddressFamily((Integer) msg.obj, nai.network.netId,
nai.linkProperties.getInterfaceName());
} catch (Exception e) {
// Never crash!
loge("Exception in blockAddressFamily: " + e);
}
break;
}
case NetworkAgent.EVENT_SET_EXPLICITLY_SELECTED: { case NetworkAgent.EVENT_SET_EXPLICITLY_SELECTED: {
NetworkAgentInfo nai = mNetworkAgentInfos.get(msg.replyTo); NetworkAgentInfo nai = mNetworkAgentInfos.get(msg.replyTo);
if (nai == null) { if (nai == null) {