Use AF_INET sockets when checking netIds in setNetworkFor{Process,Resolv}().
AF_UNIX sockets don't need to be marked, so we don't give netd the permission to
operate on them (cf: netd.te). I.e., netd doesn't expect to receive them.
Make sure that the creation of the AF_INET socket doesn't trigger another
wasteful check with netd by calling the libc version directly.
Bug: 13885501
Change-Id: I6b549232e57cacd47501edcefa4c0b4b79df9da0
diff --git a/client/NetdClient.cpp b/client/NetdClient.cpp
index c0acdc0..714f110 100644
--- a/client/NetdClient.cpp
+++ b/client/NetdClient.cpp
@@ -111,9 +111,14 @@
return true;
}
// Verify that we are allowed to use |netId|, by creating a socket and trying to have it marked
- // with the netId. Don't create an AF_INET socket, because then the creation itself might cause
- // another check with the fwmark server (see netdClientSocket()), which would be wasteful.
- int socketFd = socket(AF_UNIX, SOCK_DGRAM, 0);
+ // with the netId. Call libcSocket() directly; else the socket creation (via netdClientSocket())
+ // might itself cause another check with the fwmark server, which would be wasteful.
+ int socketFd;
+ if (libcSocket) {
+ socketFd = libcSocket(AF_INET6, SOCK_DGRAM, 0);
+ } else {
+ socketFd = socket(AF_INET6, SOCK_DGRAM, 0);
+ }
if (socketFd < 0) {
return false;
}