diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index c95295cb87..81cc0e1efa 100755 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -8620,10 +8620,18 @@ public class ConnectivityService extends IConnectivityManager.Stub } private void maybeCloseSockets(NetworkAgentInfo nai, Set ranges, - Set exemptUids) { + UidRangeParcel[] uidRangeParcels, int[] exemptUids) { if (nai.isVPN() && !nai.networkAgentConfig.allowBypass) { try { - mDeps.destroyLiveTcpSockets(UidRange.toIntRanges(ranges), exemptUids); + if (mDeps.isAtLeastU()) { + final Set exemptUidSet = new ArraySet<>(); + for (final int uid: exemptUids) { + exemptUidSet.add(uid); + } + mDeps.destroyLiveTcpSockets(UidRange.toIntRanges(ranges), exemptUidSet); + } else { + mNetd.socketDestroy(uidRangeParcels, exemptUids); + } } catch (Exception e) { loge("Exception in socket destroy: ", e); } @@ -8631,16 +8639,16 @@ public class ConnectivityService extends IConnectivityManager.Stub } private void updateVpnUidRanges(boolean add, NetworkAgentInfo nai, Set uidRanges) { - final Set exemptUids = new ArraySet<>(); + int[] exemptUids = new int[2]; // TODO: Excluding VPN_UID is necessary in order to not to kill the TCP connection used // by PPTP. Fix this by making Vpn set the owner UID to VPN_UID instead of system when // starting a legacy VPN, and remove VPN_UID here. (b/176542831) - exemptUids.add(VPN_UID); - exemptUids.add(nai.networkCapabilities.getOwnerUid()); + exemptUids[0] = VPN_UID; + exemptUids[1] = nai.networkCapabilities.getOwnerUid(); UidRangeParcel[] ranges = toUidRangeStableParcels(uidRanges); // Close sockets before modifying uid ranges so that RST packets can reach to the server. - maybeCloseSockets(nai, uidRanges, exemptUids); + maybeCloseSockets(nai, uidRanges, ranges, exemptUids); try { if (add) { mNetd.networkAddUidRangesParcel(new NativeUidRangeConfig( @@ -8654,7 +8662,7 @@ public class ConnectivityService extends IConnectivityManager.Stub " on netId " + nai.network.netId + ". " + e); } // Close sockets that established connection while requesting netd. - maybeCloseSockets(nai, uidRanges, exemptUids); + maybeCloseSockets(nai, uidRanges, ranges, exemptUids); } private boolean isProxySetOnAnyDefaultNetwork() { diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java index c79c295974..8066f22afb 100755 --- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java +++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java @@ -12931,9 +12931,16 @@ public class ConnectivityServiceTest { throws Exception { InOrder inOrder = inOrder(mMockNetd, mDestroySocketsWrapper); final Set exemptUidSet = new ArraySet<>(List.of(exemptUid, Process.VPN_UID)); + ArgumentCaptor exemptUidCaptor = ArgumentCaptor.forClass(int[].class); - inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets( - UidRange.toIntRanges(vpnRanges), exemptUidSet); + if (mDeps.isAtLeastU()) { + inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets( + UidRange.toIntRanges(vpnRanges), exemptUidSet); + } else { + inOrder.verify(mMockNetd).socketDestroy(eq(toUidRangeStableParcels(vpnRanges)), + exemptUidCaptor.capture()); + assertContainsExactly(exemptUidCaptor.getValue(), Process.VPN_UID, exemptUid); + } if (add) { inOrder.verify(mMockNetd, times(1)).networkAddUidRangesParcel( @@ -12945,8 +12952,14 @@ public class ConnectivityServiceTest { toUidRangeStableParcels(vpnRanges), PREFERENCE_ORDER_VPN)); } - inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets( - UidRange.toIntRanges(vpnRanges), exemptUidSet); + if (mDeps.isAtLeastU()) { + inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets( + UidRange.toIntRanges(vpnRanges), exemptUidSet); + } else { + inOrder.verify(mMockNetd).socketDestroy(eq(toUidRangeStableParcels(vpnRanges)), + exemptUidCaptor.capture()); + assertContainsExactly(exemptUidCaptor.getValue(), Process.VPN_UID, exemptUid); + } } @Test