commit b8087363143050d214d48e5620a330776ca95a69
author Robin Lee <rgl@google.com> Wed Mar 30 18:43:08 2016 +0100
committer Robin Lee <rgl@google.com> Tue Apr 19 10:09:31 2016 +0100
tree 72dd7eb2cc094cc7b92796ef37e1682ab108da37
parent 4ef94642636182e68495f606a65c00f8a830aad4

Server API to only allow networking by VPN apps

Secure virtual networks already create rules to route all traffic into
theirselves. This depends on the secure network already existing.

API creates an ip rule at a priority level below SECURE_VPN which
can catch traffic before VPN comes up, if it is a requirement that no
traffic ever leaves without first going through VPN.

Bug: 26694104
Bug: 26354134
Change-Id: If23df0760c6eb0ad137fc26c5124e48edf23b722

server/UidRanges.cpp

diff --git a/server/UidRanges.cpp b/server/UidRanges.cpp
index 64c1b45..a2b8dde 100644
--- a/server/UidRanges.cpp
+++ b/server/UidRanges.cpp
@@ -75,6 +75,15 @@
     return true;
 }
 
+void UidRanges::createFrom(const std::vector<android::net::UidRange>& ranges) {
+    mRanges.resize(ranges.size());
+    std::transform(ranges.begin(), ranges.end(), mRanges.begin(),
+            [](const android::net::UidRange& range) {
+                return Range(range.getStart(), range.getStop());
+            });
+    std::sort(mRanges.begin(), mRanges.end());
+}
+
 void UidRanges::add(const UidRanges& other) {
     auto middle = mRanges.insert(mRanges.end(), other.mRanges.begin(), other.mRanges.end());
     std::inplace_merge(mRanges.begin(), middle, mRanges.end());