Add UID range support to VPNs.
This adds the necessary routing rules.
Future CLs will add the ability to select the right netId for connect(),
setNetworkForSocket(), DNS resolutions, etc.
Bug: 15409918
Change-Id: I88a67660d49cecda834dd72ab947fbfed250f09d
diff --git a/server/VirtualNetwork.cpp b/server/VirtualNetwork.cpp
index 11998da..bc94d00 100644
--- a/server/VirtualNetwork.cpp
+++ b/server/VirtualNetwork.cpp
@@ -31,7 +31,7 @@
if (hasInterface(interface)) {
return 0;
}
- if (int ret = RouteController::addInterfaceToVpn(mNetId, interface.c_str())) {
+ if (int ret = RouteController::addInterfaceToVpn(mNetId, interface.c_str(), mUidRanges)) {
ALOGE("failed to add interface %s to VPN netId %u", interface.c_str(), mNetId);
return ret;
}
@@ -43,10 +43,32 @@
if (!hasInterface(interface)) {
return 0;
}
- if (int ret = RouteController::removeInterfaceFromVpn(mNetId, interface.c_str())) {
+ if (int ret = RouteController::removeInterfaceFromVpn(mNetId, interface.c_str(), mUidRanges)) {
ALOGE("failed to remove interface %s from VPN netId %u", interface.c_str(), mNetId);
return ret;
}
mInterfaces.erase(interface);
return 0;
}
+
+int VirtualNetwork::addUsers(const UidRanges& uidRanges) {
+ for (const std::string& interface : mInterfaces) {
+ if (int ret = RouteController::addUsersToVpn(mNetId, interface.c_str(), uidRanges)) {
+ ALOGE("failed to add users on interface %s of netId %u", interface.c_str(), mNetId);
+ return ret;
+ }
+ }
+ mUidRanges.add(uidRanges);
+ return 0;
+}
+
+int VirtualNetwork::removeUsers(const UidRanges& uidRanges) {
+ for (const std::string& interface : mInterfaces) {
+ if (int ret = RouteController::removeUsersFromVpn(mNetId, interface.c_str(), uidRanges)) {
+ ALOGE("failed to remove users on interface %s of netId %u", interface.c_str(), mNetId);
+ return ret;
+ }
+ }
+ mUidRanges.remove(uidRanges);
+ return 0;
+}