Drop PROHIBIT_NON_VPN priority 11500 -> 12500
So that the rule can be kept up 100% of the time instead of dropping
it when VPN comes on.
Bug: 26694104
Change-Id: I1df6b8f588e54d72e34dbcbd15492513e07fac3d
diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index 1e17509..4e43a47 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -47,8 +47,8 @@
const uint32_t RULE_PRIORITY_VPN_OVERRIDE_SYSTEM = 10000;
const uint32_t RULE_PRIORITY_VPN_OVERRIDE_OIF = 10500;
const uint32_t RULE_PRIORITY_VPN_OUTPUT_TO_LOCAL = 11000;
-const uint32_t RULE_PRIORITY_PROHIBIT_NON_VPN = 11500;
const uint32_t RULE_PRIORITY_SECURE_VPN = 12000;
+const uint32_t RULE_PRIORITY_PROHIBIT_NON_VPN = 12500;
const uint32_t RULE_PRIORITY_EXPLICIT_NETWORK = 13000;
const uint32_t RULE_PRIORITY_OUTPUT_INTERFACE = 14000;
const uint32_t RULE_PRIORITY_LEGACY_SYSTEM = 15000;
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp
index bdc147a..6785c78 100644
--- a/tests/binder_test.cpp
+++ b/tests/binder_test.cpp
@@ -235,7 +235,7 @@
static bool ipRuleExistsForRange(const uint32_t priority, const UidRange& range,
const std::string& action, const char* ipVersion) {
// Output looks like this:
- // "11500:\tfrom all fwmark 0x0/0x20000 iif lo uidrange 1000-2000 prohibit"
+ // "12500:\tfrom all fwmark 0x0/0x20000 iif lo uidrange 1000-2000 prohibit"
std::vector<std::string> rules = listIpRules(ipVersion);
std::string prefix = StringPrintf("%" PRIu32 ":", priority);
@@ -259,7 +259,7 @@
}
TEST_F(BinderTest, TestNetworkRejectNonSecureVpn) {
- constexpr uint32_t RULE_PRIORITY = 11500;
+ constexpr uint32_t RULE_PRIORITY = 12500;
constexpr int baseUid = MULTIUSER_APP_PER_USER_RANGE * 5;
std::vector<UidRange> uidRanges = {