diff options
author | Patrick Rohr <prohr@google.com> | 2022-01-25 13:50:31 +0100 |
---|---|---|
committer | Patrick Rohr <prohr@google.com> | 2022-01-26 00:09:22 +0100 |
commit | e6f198c9c5042f4c59032b55170a61d274dc5491 (patch) | |
tree | f21c70492c28f2e8d2d5682494bb23d996467960 /server/RouteController.cpp | |
parent | e2f1b5a25d3e079ef4d07a64925f5a8fc253c59d (diff) | |
download | netd-e6f198c9c5042f4c59032b55170a61d274dc5491.tar.gz |
Add special subpriority that does not set default network for uids
This CL changes the valid subPriority range from 0-999 to 0-998 and uses
999 as a special value that does not set the network as the default for
the given uids.
We have evaluated adding a boolean to the UidRangesParcel, but that
would require us to keep track of it in mUidRangeMap and separating
Network::appliesToUser into two functions (isUsersDefaultNetwork and
doesUserHaveAccess). In addition, per uid deny rules are not supported,
so there is really no benefit to the use of multiple subPriorities in
explicit and implicit rules.
Test: atest PerAppNetworkPermissionsTest
Change-Id: I7522de13e36f2bdc3d192264d78b96423d76c607
Diffstat (limited to 'server/RouteController.cpp')
-rw-r--r-- | server/RouteController.cpp | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/server/RouteController.cpp b/server/RouteController.cpp index 02135431..5a9ecc6c 100644 --- a/server/RouteController.cpp +++ b/server/RouteController.cpp @@ -833,9 +833,13 @@ int RouteController::modifyPhysicalNetwork(unsigned netId, const char* interface add, IMPLICIT)) { return ret; } - if (int ret = modifyUidDefaultNetworkRule(table, range.start, range.stop, subPriority, - add)) { - return ret; + // SUB_PRIORITY_NO_DEFAULT is "special" and does not require a + // default network rule, see UidRanges.h. + if (subPriority != UidRanges::SUB_PRIORITY_NO_DEFAULT) { + if (int ret = modifyUidDefaultNetworkRule(table, range.start, range.stop, + subPriority, add)) { + return ret; + } } } } |