Add FwmarkServer support for querying whether a UID can access a NetID
This new FwmarkServer API is only accessible from system apps.
Bug:20470604
Change-Id: Ie2376cdddc10f658fcc5802ef3e8dc9f1948d5c0
diff --git a/client/NetdClient.cpp b/client/NetdClient.cpp
index 3157d3a..392b0af 100644
--- a/client/NetdClient.cpp
+++ b/client/NetdClient.cpp
@@ -65,7 +65,7 @@
}
if (FwmarkClient::shouldSetFwmark(family)) {
FwmarkCommand command = {FwmarkCommand::ON_ACCEPT, 0, 0};
- if (int error = FwmarkClient().send(&command, sizeof(command), acceptedSocket)) {
+ if (int error = FwmarkClient().send(&command, acceptedSocket)) {
return closeFdAndSetErrno(acceptedSocket, error);
}
}
@@ -75,7 +75,7 @@
int netdClientConnect(int sockfd, const sockaddr* addr, socklen_t addrlen) {
if (sockfd >= 0 && addr && FwmarkClient::shouldSetFwmark(addr->sa_family)) {
FwmarkCommand command = {FwmarkCommand::ON_CONNECT, 0, 0};
- if (int error = FwmarkClient().send(&command, sizeof(command), sockfd)) {
+ if (int error = FwmarkClient().send(&command, sockfd)) {
errno = -error;
return -1;
}
@@ -185,7 +185,7 @@
return -EBADF;
}
FwmarkCommand command = {FwmarkCommand::SELECT_NETWORK, netId, 0};
- return FwmarkClient().send(&command, sizeof(command), socketFd);
+ return FwmarkClient().send(&command, socketFd);
}
extern "C" int setNetworkForProcess(unsigned netId) {
@@ -201,7 +201,7 @@
return -EBADF;
}
FwmarkCommand command = {FwmarkCommand::PROTECT_FROM_VPN, 0, 0};
- return FwmarkClient().send(&command, sizeof(command), socketFd);
+ return FwmarkClient().send(&command, socketFd);
}
extern "C" int setNetworkForUser(uid_t uid, int socketFd) {
@@ -209,5 +209,10 @@
return -EBADF;
}
FwmarkCommand command = {FwmarkCommand::SELECT_FOR_USER, 0, uid};
- return FwmarkClient().send(&command, sizeof(command), socketFd);
+ return FwmarkClient().send(&command, socketFd);
+}
+
+extern "C" int queryUserAccess(uid_t uid, unsigned netId) {
+ FwmarkCommand command = {FwmarkCommand::QUERY_USER_ACCESS, netId, uid};
+ return FwmarkClient().send(&command, -1);
}