Add special subpriority that does not set default network for uids

This CL changes the valid subPriority range from 0-999 to 0-998 and uses
999 as a special value that does not set the network as the default for
the given uids.

We have evaluated adding a boolean to the UidRangesParcel, but that
would require us to keep track of it in mUidRangeMap and separating
Network::appliesToUser into two functions (isUsersDefaultNetwork and
doesUserHaveAccess). In addition, per uid deny rules are not supported,
so there is really no benefit to the use of multiple subPriorities in
explicit and implicit rules.

Test: atest PerAppNetworkPermissionsTest
Change-Id: I7522de13e36f2bdc3d192264d78b96423d76c607

1 files changed, 7 insertions, 3 deletions

diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index 02135431..5a9ecc6c 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -833,9 +833,13 @@ int RouteController::modifyPhysicalNetwork(unsigned netId, const char* interface
                                                add, IMPLICIT)) {
                 return ret;
             }
-            if (int ret = modifyUidDefaultNetworkRule(table, range.start, range.stop, subPriority,
-                                                      add)) {
-                return ret;
+            // SUB_PRIORITY_NO_DEFAULT is "special" and does not require a
+            // default network rule, see UidRanges.h.
+            if (subPriority != UidRanges::SUB_PRIORITY_NO_DEFAULT) {
+                if (int ret = modifyUidDefaultNetworkRule(table, range.start, range.stop,
+                                                          subPriority, add)) {
+                    return ret;
+                }
             }
         }
     }