commit a1067c8d2b2165f1058a3a8216bed4efacfa1c80
author Lorenzo Colitti <lorenzo@google.com> Thu Oct 02 22:47:41 2014 +0900
committer Lorenzo Colitti <lorenzo@google.com> Thu Oct 02 23:52:14 2014 +0900
tree 551acbe6cd529cc0f13c036822986da3c8586c9b
parent e8164ddc8204b626c1144a0a504754bf6622c6fd

Improve error return values on network selection.

It's very confusing to see EPERM when opening or connecting a
socket when the problem is not security-related. In the (common)
case where an app cannot select a network because it does not
exist, return ENONET ("Machine is not on network") instead.

Also, return EREMOTEIO for when we can't figure out who the user
is, and use EPERM for VPN denials and EACCES for permission
bits.

Bug: 17702933
Change-Id: Ia680c485e0ea1efad1ad374231d994e9bfd4cd5a

server/NetworkController.h

diff --git a/server/NetworkController.h b/server/NetworkController.h
index d6f9a6b..5596f0c 100644
--- a/server/NetworkController.h
+++ b/server/NetworkController.h
@@ -67,7 +67,7 @@
 
     Permission getPermissionForUser(uid_t uid) const;
     void setPermissionForUsers(Permission permission, const std::vector<uid_t>& uids);
-    bool canUserSelectNetwork(uid_t uid, unsigned netId) const;
+    int checkUserNetworkAccess(uid_t uid, unsigned netId) const;
     int setPermissionForNetworks(Permission permission,
                                  const std::vector<unsigned>& netIds) WARN_UNUSED_RESULT;
 
@@ -93,7 +93,7 @@
     Network* getNetworkLocked(unsigned netId) const;
     VirtualNetwork* getVirtualNetworkForUserLocked(uid_t uid) const;
     Permission getPermissionForUserLocked(uid_t uid) const;
-    bool canUserSelectNetworkLocked(uid_t uid, unsigned netId) const;
+    int checkUserNetworkAccessLocked(uid_t uid, unsigned netId) const;
 
     int modifyRoute(unsigned netId, const char* interface, const char* destination,
                     const char* nexthop, bool add, bool legacy, uid_t uid) WARN_UNUSED_RESULT;