diff options
| author | Sreeram Ramachandran <sreeram@google.com> | 2014-05-22 14:21:49 -0700 |
|---|---|---|
| committer | Sreeram Ramachandran <sreeram@google.com> | 2014-05-30 18:27:40 +0000 |
| commit | 82eab785bd5cb2eff0a263f5b0dcde13e9139588 (patch) | |
| tree | 76c295e087df8391bee5d452728c5efe99e2f17e /server/NetworkController.cpp | |
| parent | ce8f583ff6620a19602d3c4604557e1b1501cafa (diff) | |
Support legacy routes added by apps via ensureRouteToHost().
This adds the routes to two fixed tables:
+ LEGACY, which has higher priority than other non-explicit lookup tables
(per-network and default network).
+ PRIVILEGED_LEGACY, available only to system apps and has higher priority than
VPNs (system apps are those with the CONNECTIVITY_INTERNAL permission).
This will be changed to per-UID tables once the kernel supports UID-based
routing, so that these legacy routes are scoped to each app and not global.
Also, fix a TODO: The framework (as of http://ag/471599) will not set the
gateway argument if it's actually a direct-connected route.
Change-Id: I0ee1ca89fdc859d75a89021ca8c1902811b1e4a9
(cherry picked from commit 38b7af1f2cb9579895465fabc37865f5dadcac25)
Diffstat (limited to 'server/NetworkController.cpp')
| -rw-r--r-- | server/NetworkController.cpp | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/server/NetworkController.cpp b/server/NetworkController.cpp index a26821fe..4e211142 100644 --- a/server/NetworkController.cpp +++ b/server/NetworkController.cpp @@ -340,13 +340,13 @@ bool NetworkController::setPermissionForNetwork(Permission newPermission, } bool NetworkController::addRoute(unsigned netId, const char* interface, const char* destination, - const char* nexthop) { - return modifyRoute(netId, interface, destination, nexthop, true); + const char* nexthop, bool legacy, unsigned uid) { + return modifyRoute(netId, interface, destination, nexthop, true, legacy, uid); } bool NetworkController::removeRoute(unsigned netId, const char* interface, const char* destination, - const char* nexthop) { - return modifyRoute(netId, interface, destination, nexthop, false); + const char* nexthop, bool legacy, unsigned uid) { + return modifyRoute(netId, interface, destination, nexthop, false, legacy, uid); } bool NetworkController::isValidNetwork(unsigned netId) const { @@ -359,7 +359,7 @@ bool NetworkController::isValidNetwork(unsigned netId) const { } bool NetworkController::modifyRoute(unsigned netId, const char* interface, const char* destination, - const char* nexthop, bool add) { + const char* nexthop, bool add, bool legacy, unsigned uid) { if (!isValidNetwork(netId)) { ALOGE("invalid netId %u", netId); errno = EINVAL; @@ -372,8 +372,19 @@ bool NetworkController::modifyRoute(unsigned netId, const char* interface, const return false; } - return add ? mRouteController->addRoute(interface, destination, nexthop) : - mRouteController->removeRoute(interface, destination, nexthop); + RouteController::TableType tableType; + if (legacy) { + if (mPermissionsController->getPermissionForUser(uid) & PERMISSION_CONNECTIVITY_INTERNAL) { + tableType = RouteController::PRIVILEGED_LEGACY; + } else { + tableType = RouteController::LEGACY; + } + } else { + tableType = RouteController::INTERFACE; + } + + return add ? mRouteController->addRoute(interface, destination, nexthop, tableType, uid) : + mRouteController->removeRoute(interface, destination, nexthop, tableType, uid); } NetworkController::UidEntry::UidEntry(int start, int end, unsigned netId, bool forward_dns) |