Mark sockets on accept().
The kernel marks the netId into the accepted socket, so we just set the socket
owner's permission bits here in userspace.
We also check the permissions required by the network and return an error if
they are not satisfied. This avoids the "half-open" problem where an app listens
on all networks (interfaces) with bind(0), and receives an incoming connection
on a privileged interface that it can't send responses over.
(cherry picked from commit 920747a009efbb815465d980ec6a918531e74e9f)
Change-Id: I5d09be413cf720fbed905f96313b007997ada76c
diff --git a/FwmarkServer.cpp b/FwmarkServer.cpp
index 0166226..54bb373 100644
--- a/FwmarkServer.cpp
+++ b/FwmarkServer.cpp
@@ -115,8 +115,12 @@
}
case FWMARK_COMMAND_ON_ACCEPT: {
- // on socket accept
- // TODO
+ // Called after a socket accept(). The kernel would've marked the netId into the socket
+ // already, so we just need to check permissions here.
+ if (!mPermissionsController->isUserPermittedOnNetwork(client->getUid(), fwmark.netId)) {
+ errno = EPERM;
+ return;
+ }
break;
}