PANS - Support unreachable default network

Framework provides several preferences in PANS feature. To meet those preferences, Netd needs to support two operations for framework: (1) Set OEM-paid network as default network for apps. (2) Prohibit apps to use default network if it is not explicitly selected. The #1 is supported by previous commit already. This commit implements the #2, which adds a new IP rule priority for unconnected socket, reuses existing IP rule priorities in explicit and implicit network selection. Rules are looks like: 15000: from all fwmark 0x10034/0x1ffff iif lo uidrange x-y unreachable ... 22000: from all fwmark 0x34/0x1ffff iif lo uidrange x-y unreachable ... 27000: from all fwmark 0x0/0xffff iif lo uidrange x-y unreachable An UNREACHABLE network (netId 52) is created for framework to specify that the default network is unavailable for designated apps. Bug: 181579204 Test: atest Change-Id: I21530928a85870df673e2d1387fde130fe5a0104
author: Ken Chen <cken@google.com> 2021-03-17 01:57:19 +0800
committer: Ken Chen <cken@google.com> 2021-03-26 10:32:49 +0800
commit: 4e8ef9b24e5f5c1f9760f593e2e022750c314f5e (patch)
tree: 27b326d21ae707a076d24c7b3277d39dae9928c7 /server/UnreachableNetwork.cpp
parent: b573648fce613ecd94dce54a8744e6e06544856c (diff)
download: netd-4e8ef9b24e5f5c1f9760f593e2e022750c314f5e.tar.gz
1 files changed, 58 insertions, 0 deletions
diff --git a/server/UnreachableNetwork.cpp b/server/UnreachableNetwork.cpp
new file mode 100644
index 00000000..0fb556b9
--- /dev/null
+++ b/server/UnreachableNetwork.cpp
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "Netd"
+
+#include "UnreachableNetwork.h"
+
+#include "RouteController.h"
+
+namespace android {
+namespace net {
+
+// The unreachable network is used to reject traffic. It is used for system purposes only.
+UnreachableNetwork::UnreachableNetwork(unsigned netId) : Network(netId) {}
+
+int UnreachableNetwork::addUsers(const UidRanges& uidRanges) {
+    if (hasInvalidUidRanges(uidRanges)) {
+        return -EINVAL;
+    }
+
+    int ret = RouteController::addUsersToUnreachableNetwork(mNetId, uidRanges);
+    if (ret) {
+        ALOGE("failed to add users to unreachable network");
+        return ret;
+    }
+    mUidRanges.add(uidRanges);
+    return 0;
+}
+
+int UnreachableNetwork::removeUsers(const UidRanges& uidRanges) {
+    int ret = RouteController::removeUsersFromUnreachableNetwork(mNetId, uidRanges);
+    if (ret) {
+        ALOGE("failed to remove users from unreachable network");
+        return ret;
+    }
+    mUidRanges.remove(uidRanges);
+    return 0;
+}
+
+Network::Type UnreachableNetwork::getType() const {
+    return UNREACHABLE;
+}
+
+}  // namespace net
+}  // namespace android
author	Ken Chen <cken@google.com>	2021-03-17 01:57:19 +0800
committer	Ken Chen <cken@google.com>	2021-03-26 10:32:49 +0800
commit	4e8ef9b24e5f5c1f9760f593e2e022750c314f5e (patch)
tree	27b326d21ae707a076d24c7b3277d39dae9928c7 /server/UnreachableNetwork.cpp
parent	b573648fce613ecd94dce54a8744e6e06544856c (diff)
download	netd-4e8ef9b24e5f5c1f9760f593e2e022750c314f5e.tar.gz