Add FwmarkServer support for querying whether a UID can access a NetID
This new FwmarkServer API is only accessible from system apps.
Bug:20470604
Change-Id: Ie2376cdddc10f658fcc5802ef3e8dc9f1948d5c0
diff --git a/server/FwmarkServer.cpp b/server/FwmarkServer.cpp
index b11e075..530e96a 100644
--- a/server/FwmarkServer.cpp
+++ b/server/FwmarkServer.cpp
@@ -75,6 +75,15 @@
return -EBADMSG;
}
+ Permission permission = mNetworkController->getPermissionForUser(client->getUid());
+
+ if (command.cmdId == FwmarkCommand::QUERY_USER_ACCESS) {
+ if ((permission & PERMISSION_SYSTEM) != PERMISSION_SYSTEM) {
+ return -EPERM;
+ }
+ return mNetworkController->checkUserNetworkAccess(command.uid, command.netId);
+ }
+
cmsghdr* const cmsgh = CMSG_FIRSTHDR(&message);
if (cmsgh && cmsgh->cmsg_level == SOL_SOCKET && cmsgh->cmsg_type == SCM_RIGHTS &&
cmsgh->cmsg_len == CMSG_LEN(sizeof(*socketFd))) {
@@ -91,8 +100,6 @@
return -errno;
}
- Permission permission = mNetworkController->getPermissionForUser(client->getUid());
-
switch (command.cmdId) {
case FwmarkCommand::ON_ACCEPT: {
// Called after a socket accept(). The kernel would've marked the NetId and necessary