Only tag/untag AF_INET and AF_INET6 sockets.
Socket tagging only actually works for real network sockets, so skip
tagging all other socket families like AF_LOCAL.
For calls like accept() and close() that don't readily have family
information, use the Linux-specific SO_DOMAIN option to pull it from
the kernel. Define both SO_DOMAIN and SO_PROTOCOL for anyone to use
in the future.
Test: builds, boots, only tags internet sockets
Bug: 30414041
Change-Id: I17fc935a7bef2c8f4a1f44eb2cf907b41283afde
diff --git a/luni/src/main/java/android/system/OsConstants.java b/luni/src/main/java/android/system/OsConstants.java
index 96846ca..10ea52f 100644
--- a/luni/src/main/java/android/system/OsConstants.java
+++ b/luni/src/main/java/android/system/OsConstants.java
@@ -449,6 +449,7 @@
public static final int SO_BINDTODEVICE = placeholder();
public static final int SO_BROADCAST = placeholder();
public static final int SO_DEBUG = placeholder();
+ /** @hide */ public static final int SO_DOMAIN = placeholder();
public static final int SO_DONTROUTE = placeholder();
public static final int SO_ERROR = placeholder();
public static final int SO_KEEPALIVE = placeholder();
@@ -456,6 +457,7 @@
public static final int SO_OOBINLINE = placeholder();
public static final int SO_PASSCRED = placeholder();
public static final int SO_PEERCRED = placeholder();
+ /** @hide */ public static final int SO_PROTOCOL = placeholder();
public static final int SO_RCVBUF = placeholder();
public static final int SO_RCVLOWAT = placeholder();
public static final int SO_RCVTIMEO = placeholder();
diff --git a/luni/src/main/java/libcore/io/BlockGuardOs.java b/luni/src/main/java/libcore/io/BlockGuardOs.java
index aa6a3b7..18aae9b 100644
--- a/luni/src/main/java/libcore/io/BlockGuardOs.java
+++ b/luni/src/main/java/libcore/io/BlockGuardOs.java
@@ -33,7 +33,6 @@
import java.net.SocketException;
import java.nio.ByteBuffer;
import static android.system.OsConstants.*;
-import static dalvik.system.BlockGuard.DISALLOW_NETWORK;
/**
* Informs BlockGuard of any activity it should be aware of.
@@ -62,7 +61,11 @@
@Override public FileDescriptor accept(FileDescriptor fd, SocketAddress peerAddress) throws ErrnoException, SocketException {
BlockGuard.getThreadPolicy().onNetwork();
- return tagSocket(os.accept(fd, peerAddress));
+ final FileDescriptor acceptFd = os.accept(fd, peerAddress);
+ if (isInetSocket(acceptFd)) {
+ tagSocket(acceptFd);
+ }
+ return acceptFd;
}
@Override public boolean access(String path, int mode) throws ErrnoException {
@@ -92,7 +95,9 @@
// connections in methods like onDestroy which will run on the UI thread.
BlockGuard.getThreadPolicy().onNetwork();
}
- untagSocket(fd);
+ if (isInetSocket(fd)) {
+ untagSocket(fd);
+ }
}
} catch (ErrnoException ignored) {
// We're called via Socket.close (which doesn't ask for us to be called), so we
@@ -103,6 +108,14 @@
os.close(fd);
}
+ private static boolean isInetSocket(FileDescriptor fd) throws ErrnoException{
+ return isInetDomain(Libcore.os.getsockoptInt(fd, SOL_SOCKET, SO_DOMAIN));
+ }
+
+ private static boolean isInetDomain(int domain) {
+ return (domain == AF_INET) || (domain == AF_INET6);
+ }
+
private static boolean isLingerSocket(FileDescriptor fd) throws ErrnoException {
StructLinger linger = Libcore.os.getsockoptLinger(fd, SOL_SOCKET, SO_LINGER);
return linger.isOn() && linger.l_linger > 0;
@@ -293,7 +306,7 @@
@Override public FileDescriptor socket(int domain, int type, int protocol) throws ErrnoException {
final FileDescriptor fd = os.socket(domain, type, protocol);
- if (domain != AF_UNIX && domain != AF_NETLINK) {
+ if (isInetDomain(domain)) {
tagSocket(fd);
}
return fd;
@@ -301,7 +314,7 @@
@Override public void socketpair(int domain, int type, int protocol, FileDescriptor fd1, FileDescriptor fd2) throws ErrnoException {
os.socketpair(domain, type, protocol, fd1, fd2);
- if (domain != AF_UNIX && domain != AF_NETLINK) {
+ if (isInetDomain(domain)) {
tagSocket(fd1);
tagSocket(fd2);
}
diff --git a/luni/src/main/native/android_system_OsConstants.cpp b/luni/src/main/native/android_system_OsConstants.cpp
index a8b2c2f..3cb3ee9 100644
--- a/luni/src/main/native/android_system_OsConstants.cpp
+++ b/luni/src/main/native/android_system_OsConstants.cpp
@@ -503,6 +503,9 @@
#endif
initConstant(env, c, "SO_BROADCAST", SO_BROADCAST);
initConstant(env, c, "SO_DEBUG", SO_DEBUG);
+#if defined(SO_DOMAIN)
+ initConstant(env, c, "SO_DOMAIN", SO_DOMAIN);
+#endif
initConstant(env, c, "SO_DONTROUTE", SO_DONTROUTE);
initConstant(env, c, "SO_ERROR", SO_ERROR);
initConstant(env, c, "SO_KEEPALIVE", SO_KEEPALIVE);
@@ -514,6 +517,9 @@
#if defined(SO_PEERCRED)
initConstant(env, c, "SO_PEERCRED", SO_PEERCRED);
#endif
+#if defined(SO_PROTOCOL)
+ initConstant(env, c, "SO_PROTOCOL", SO_PROTOCOL);
+#endif
initConstant(env, c, "SO_RCVBUF", SO_RCVBUF);
initConstant(env, c, "SO_RCVLOWAT", SO_RCVLOWAT);
initConstant(env, c, "SO_RCVTIMEO", SO_RCVTIMEO);