diff options
| author | Chad Brubaker <cbrubaker@google.com> | 2013-07-11 13:29:30 -0700 |
|---|---|---|
| committer | Chad Brubaker <cbrubaker@google.com> | 2013-07-15 12:14:10 -0700 |
| commit | d475c7042408a82b848a551ac453f59f96c20bf4 (patch) | |
| tree | 192804358e1808520ed06f92e39fc1ceedc2eecb /services/java/com/android/server/ConnectivityService.java | |
| parent | c2865195b66490bd1f9d3df4fe4f5e2a46e2196a (diff) | |
Support routing sockets as another user
Add support for routing sockets as if they were another user's.
This is for services that handle delegated network tasks like MediaServer and DownloadManager.
Change-Id: Id20efc1f5c2cce6f8838d777762f6c0a703a9437
Diffstat (limited to 'services/java/com/android/server/ConnectivityService.java')
| -rw-r--r-- | services/java/com/android/server/ConnectivityService.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/services/java/com/android/server/ConnectivityService.java b/services/java/com/android/server/ConnectivityService.java index a6344cafabf0..476a6fdffb1a 100644 --- a/services/java/com/android/server/ConnectivityService.java +++ b/services/java/com/android/server/ConnectivityService.java @@ -1749,6 +1749,16 @@ public class ConnectivityService extends IConnectivityManager.Stub { "ConnectivityService"); } + private void enforceMarkNetworkSocketPermission() { + //Media server special case + if (Binder.getCallingUid() == Process.MEDIA_UID) { + return; + } + mContext.enforceCallingOrSelfPermission( + android.Manifest.permission.MARK_NETWORK_SOCKET, + "ConnectivityService"); + } + /** * Handle a {@code DISCONNECTED} event. If this pertains to the non-active * network, we ignore it. If it is for the active network, we send out a @@ -3350,6 +3360,23 @@ public class ConnectivityService extends IConnectivityManager.Stub { } } + @Override + public void markSocketAsUser(ParcelFileDescriptor socket, int uid) { + enforceMarkNetworkSocketPermission(); + final long token = Binder.clearCallingIdentity(); + try { + int mark = mNetd.getMarkForUid(uid); + // Clear the mark on the socket if no mark is needed to prevent socket reuse issues + if (mark == -1) { + mark = 0; + } + NetworkUtils.markSocket(socket.getFd(), mark); + } catch (RemoteException e) { + } finally { + Binder.restoreCallingIdentity(token); + } + } + /** * Configure a TUN interface and return its file descriptor. Parameters * are encoded and opaque to this class. This method is used by VpnBuilder |