Revert "Revert "Block incoming non-VPN packets to apps under fully-routed VPN""

This reverts commit bc571c7cc8. Reason for revert: Rolling forward, will fix tests in same CL stack. Bug: 114231106 Bug: 130397860 Test: FrameworksNetTests Change-Id: Ia8a0c99b4e1fd5dff26c881715cd876618ca4321
2019-04-12 10:48:06 +00:00
parent 27a60a1aff
commit bad9d911b8
7 changed files with 739 additions and 104 deletions
--- a/core/java/android/net/NetworkCapabilities.java
+++ b/core/java/android/net/NetworkCapabilities.java
@@ -822,6 +822,11 @@ public final class NetworkCapabilities implements Parcelable {
        mEstablishingVpnAppUid = uid;
    }

+    /** @hide */
+    public int getEstablishingVpnAppUid() {
+        return mEstablishingVpnAppUid;
+    }
+
    /**
     * Value indicating that link bandwidth is unspecified.
     * @hide
--- a/core/java/android/net/UidRange.java
+++ b/core/java/android/net/UidRange.java
@@ -21,6 +21,8 @@ import static android.os.UserHandle.PER_USER_RANGE;
 import android.os.Parcel;
 import android.os.Parcelable;

+import java.util.Collection;
+
 /**
 * An inclusive range of UIDs.
 *
@@ -42,10 +44,16 @@ public final class UidRange implements Parcelable {
        return new UidRange(userId * PER_USER_RANGE, (userId + 1) * PER_USER_RANGE - 1);
    }

+    /** Returns the smallest user Id which is contained in this UidRange */
    public int getStartUser() {
        return start / PER_USER_RANGE;
    }

+    /** Returns the largest user Id which is contained in this UidRange */
+    public int getEndUser() {
+        return stop / PER_USER_RANGE;
+    }
+
    public boolean contains(int uid) {
        return start <= uid && uid <= stop;
    }
@@ -117,4 +125,23 @@ public final class UidRange implements Parcelable {
                return new UidRange[size];
            }
    };
+
+    /**
+     * Returns whether any of the UidRange in the collection contains the specified uid
+     *
+     * @param ranges The collection of UidRange to check
+     * @param uid the uid in question
+     * @return {@code true} if the uid is contained within the ranges, {@code false} otherwise
+     *
+     * @see UidRange#contains(int)
+     */
+    public static boolean containsUid(Collection<UidRange> ranges, int uid) {
+        if (ranges == null) return false;
+        for (UidRange range : ranges) {
+            if (range.contains(uid)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }