Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 5009d5ef3fbcdc69d772b528fd22184b7d605afa^! / . / server / VirtualNetwork.cpp
commit5009d5ef3fbcdc69d772b528fd22184b7d605afa[log] [tgz]
authorSreeram Ramachandran <sreeram@google.com>Thu Jul 03 12:20:48 2014 -0700
committerSreeram Ramachandran <sreeram@google.com>Mon Jul 07 16:19:33 2014 -0700
treec4375c84299cd6aca384ce100549456e7d91a09e
parented4bd1f7d219f9f5f56763ea02cf4947e78397f6 [diff] [blame]
Update routing rules.

As per the latest changes to: http://go/android-multinetwork-routing

Functional changes:
+ Add explicit=NO to the implicit network rules, though it's a no-op.
+ Remove most of the UID=0 (kernel access) rules since they are no longer
  needed, except in one case to allow access to a VPN.
+ Add the explicit, protect and permissions bits to the incoming packet mark.
+ VPNs now don't need an implicit network rule.
+ Modifying network permissions now modifies the incoming packet mark as well.

Cosmetic changes:
+ Renamed the legacy tables to match their permissions (SYSTEM and NETWORK).
+ Renamed most functions and methods for clarity and consistency.
+ Renamed and adjusted some ule priorities.
+ Move most rule modifications into their own functions, to prevent brittle
  reliance on the previous state of the fwmark/mask variables.

Change-Id: I958a7e158ee918d5254de606fcfa55fe23327438

diff --git a/server/VirtualNetwork.cpp b/server/VirtualNetwork.cpp
index 5ffee6e..024d2cf 100644
--- a/server/VirtualNetwork.cpp
+++ b/server/VirtualNetwork.cpp

@@ -31,7 +31,8 @@
     if (hasInterface(interface)) {
         return 0;
     }
-    if (int ret = RouteController::addInterfaceToVpn(mNetId, interface.c_str(), mUidRanges)) {
+    if (int ret = RouteController::addInterfaceToVirtualNetwork(mNetId, interface.c_str(),
+                                                                mUidRanges)) {
         ALOGE("failed to add interface %s to VPN netId %u", interface.c_str(), mNetId);
         return ret;
     }
@@ -43,7 +44,8 @@
     if (!hasInterface(interface)) {
         return 0;
     }
-    if (int ret = RouteController::removeInterfaceFromVpn(mNetId, interface.c_str(), mUidRanges)) {
+    if (int ret = RouteController::removeInterfaceFromVirtualNetwork(mNetId, interface.c_str(),
+                                                                     mUidRanges)) {
         ALOGE("failed to remove interface %s from VPN netId %u", interface.c_str(), mNetId);
         return ret;
     }
@@ -57,7 +59,8 @@
 
 int VirtualNetwork::addUsers(const UidRanges& uidRanges) {
     for (const std::string& interface : mInterfaces) {
-        if (int ret = RouteController::addUsersToVpn(mNetId, interface.c_str(), uidRanges)) {
+        if (int ret = RouteController::addUsersToVirtualNetwork(mNetId, interface.c_str(),
+                                                                uidRanges)) {
             ALOGE("failed to add users on interface %s of netId %u", interface.c_str(), mNetId);
             return ret;
         }
@@ -68,7 +71,8 @@
 
 int VirtualNetwork::removeUsers(const UidRanges& uidRanges) {
     for (const std::string& interface : mInterfaces) {
-        if (int ret = RouteController::removeUsersFromVpn(mNetId, interface.c_str(), uidRanges)) {
+        if (int ret = RouteController::removeUsersFromVirtualNetwork(mNetId, interface.c_str(),
+                                                                     uidRanges)) {
             ALOGE("failed to remove users on interface %s of netId %u", interface.c_str(), mNetId);
             return ret;
         }