Merge "Snap for 4857239 from ab9c653aaf67575ba22c5e6d3eebe3f2fa8191d6 to oreo-vts-release" into oreo-vts-releaseandroid-vts-8.0_r9android-vts-8.0_r13android-vts-8.0_r12android-vts-8.0_r11android-vts-8.0_r10oreo-vts-release

3 files changed, 5 insertions, 55 deletions

diff --git a/server/PhysicalNetwork.cpp b/server/PhysicalNetwork.cpp
index 579d0bdd..ccac3233 100644
--- a/server/PhysicalNetwork.cpp
+++ b/server/PhysicalNetwork.cpp
@@ -86,18 +86,6 @@ int PhysicalNetwork::destroySocketsLackingPermission(Permission permission) {
     return 0;
 }
 
-void PhysicalNetwork::invalidateRouteCache(const std::string& interface) {
-    for (const auto& dst : { "0.0.0.0/0", "::/0" }) {
-        // If any of these operations fail, there's no point in logging because RouteController will
-        // have already logged a message. There's also no point returning an error since there's
-        // nothing we can do.
-        (void) RouteController::addRoute(interface.c_str(), dst, "throw",
-                                         RouteController::INTERFACE);
-        (void) RouteController::removeRoute(interface.c_str(), dst, "throw",
-                                         RouteController::INTERFACE);
-    }
-}
-
 int PhysicalNetwork::setPermission(Permission permission) {
     if (permission == mPermission) {
         return 0;
@@ -115,7 +103,6 @@ int PhysicalNetwork::setPermission(Permission permission) {
                   interface.c_str(), mNetId, mPermission, permission);
             return ret;
         }
-        invalidateRouteCache(interface);
     }
     if (mIsDefault) {
         for (const std::string& interface : mInterfaces) {
diff --git a/server/PhysicalNetwork.h b/server/PhysicalNetwork.h
index 89c9443b..9200955f 100644
--- a/server/PhysicalNetwork.h
+++ b/server/PhysicalNetwork.h
@@ -50,7 +50,6 @@ private:
     int addInterface(const std::string& interface) override WARN_UNUSED_RESULT;
     int removeInterface(const std::string& interface) override WARN_UNUSED_RESULT;
     int destroySocketsLackingPermission(Permission permission);
-    void invalidateRouteCache(const std::string& interface);
 
     Delegate* const mDelegate;
     Permission mPermission;
diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index 376dd9d2..f2894cb3 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -81,14 +81,6 @@ const char* const ROUTE_TABLE_NAME_LEGACY_SYSTEM  = "legacy_system";
 const char* const ROUTE_TABLE_NAME_LOCAL = "local";
 const char* const ROUTE_TABLE_NAME_MAIN  = "main";
 
-// None of our routes specify priority, which causes them to have the default
-// priority. For throw routes, we use a fixed priority of 100000. This is
-// because we use throw routes either for maximum-length routes (/32 for IPv4,
-// /128 for IPv6), which we never create with any other priority, or for
-// purposely-low-priority default routes that should never match if there is
-// any other route in the table.
-uint32_t PRIO_THROW = 100000;
-
 // These values are upstream, but not yet in our headers.
 // TODO: delete these definitions when updating the headers.
 const uint16_t FRA_UID_RANGE = 20;
@@ -126,7 +118,6 @@ rtattr FRATTR_UID_RANGE = { U16_RTA_LENGTH(sizeof(fib_rule_uid_range)), FRA_UID_
 
 rtattr RTATTR_TABLE     = { U16_RTA_LENGTH(sizeof(uint32_t)),           RTA_TABLE };
 rtattr RTATTR_OIF       = { U16_RTA_LENGTH(sizeof(uint32_t)),           RTA_OIF };
-rtattr RTATTR_PRIO      = { U16_RTA_LENGTH(sizeof(uint32_t)),           RTA_PRIORITY };
 
 uint8_t PADDING_BUFFER[RTA_ALIGNTO] = {0, 0, 0, 0};
 
@@ -380,8 +371,6 @@ WARN_UNUSED_RESULT int modifyIpRoute(uint16_t action, uint32_t table, const char
         }
     }
 
-    bool isDefaultThrowRoute = (type == RTN_THROW && prefixLength == 0);
-
     // Assemble a rtmsg and put it in an array of iovec structures.
     rtmsg route = {
         .rtm_protocol = RTPROT_STATIC,
@@ -405,8 +394,6 @@ WARN_UNUSED_RESULT int modifyIpRoute(uint16_t action, uint32_t table, const char
         { &ifindex,      interface != OIF_NONE ? sizeof(ifindex) : 0 },
         { &rtaGateway,   nexthop ? sizeof(rtaGateway) : 0 },
         { rawNexthop,    nexthop ? static_cast<size_t>(rawLength) : 0 },
-        { &RTATTR_PRIO,  isDefaultThrowRoute ? sizeof(RTATTR_PRIO) : 0 },
-        { &PRIO_THROW,   isDefaultThrowRoute ? sizeof(PRIO_THROW) : 0 },
     };
 
     uint16_t flags = (action == RTM_NEWROUTE) ? NETLINK_CREATE_REQUEST_FLAGS :
@@ -563,7 +550,8 @@ WARN_UNUSED_RESULT int modifyOutputInterfaceRules(const char* interface, uint32_
 // This is for sockets that have not explicitly requested a particular network, but have been
 // bound to one when they called connect(). This ensures that sockets connected on a particular
 // network stay on that network even if the default network changes.
-WARN_UNUSED_RESULT int modifyImplicitNetworkRule(unsigned netId, uint32_t table, bool add) {
+WARN_UNUSED_RESULT int modifyImplicitNetworkRule(unsigned netId, uint32_t table,
+                                                 Permission permission, bool add) {
     Fwmark fwmark;
     Fwmark mask;
 
@@ -573,8 +561,8 @@ WARN_UNUSED_RESULT int modifyImplicitNetworkRule(unsigned netId, uint32_t table,
     fwmark.explicitlySelected = false;
     mask.explicitlySelected = true;
 
-    fwmark.permission = PERMISSION_NONE;
-    mask.permission = PERMISSION_NONE;
+    fwmark.permission = permission;
+    mask.permission = permission;
 
     return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_IMPLICIT_NETWORK, table,
                         fwmark.intValue, mask.intValue);
@@ -736,31 +724,7 @@ WARN_UNUSED_RESULT int modifyPhysicalNetwork(unsigned netId, const char* interfa
                                             add)) {
         return ret;
     }
-
-    // Only set implicit rules for networks that don't require permissions.
-    //
-    // This is so that if the default network ceases to be the default network and then switches
-    // from requiring no permissions to requiring permissions, we ensure that apps only use the
-    // network if they explicitly select it. This is consistent with destroySocketsLackingPermission
-    // - it closes all sockets on the network except sockets that are explicitly selected.
-    //
-    // The lack of this rule only affects the special case above, because:
-    // - The only cases where we implicitly bind a socket to a network are the default network and
-    //   the bypassable VPN that applies to the app, if any.
-    // - This rule doesn't affect VPNs because they don't support permissions at all.
-    // - The default network doesn't require permissions. While we support doing this, the framework
-    //   never does it (partly because we'd end up in the situation where we tell apps that there is
-    //   a default network, but they can't use it).
-    // - If the network is still the default network, the presence or absence of this rule does not
-    //   matter.
-    //
-    // Therefore, for the lack of this rule to affect a socket, the socket has to have been
-    // implicitly bound to a network because at the time of connect() it was the default, and that
-    // network must no longer be the default, and must now require permissions.
-    if (permission == PERMISSION_NONE) {
-        return modifyImplicitNetworkRule(netId, table, add);
-    }
-    return 0;
+    return modifyImplicitNetworkRule(netId, table, permission, add);
 }
 
 WARN_UNUSED_RESULT int modifyRejectNonSecureNetworkRule(const UidRanges& uidRanges, bool add) {