Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / d794e580dbe1a8b4192850b0e117654401514af8^! / . / client / NetdClient.cpp
commitd794e580dbe1a8b4192850b0e117654401514af8[log] [tgz]
authorSreeram Ramachandran <sreeram@google.com>Thu Jun 19 10:03:07 2014 -0700
committerSreeram Ramachandran <sreeram@google.com>Thu Jun 19 10:03:07 2014 -0700
tree89a6c77efea605e69cc22a33cee61d53c593f4a5
parenta561e121c724e9163b2e256e15eef660e3a326da [diff] [blame]
Add a client API to protect a socket from VPNs.

The server side hasn't been implemented yet (see FwmarkServer.cpp).

A UID can only be in a single VPN at any time, so there's no need
to specify a netId or vpnId.

Change-Id: Ie9c4590a9900e1ebf28418c4b9c4760cc0a5501a

diff --git a/client/NetdClient.cpp b/client/NetdClient.cpp
index 25e809c..ba6dadd 100644
--- a/client/NetdClient.cpp
+++ b/client/NetdClient.cpp

@@ -180,3 +180,12 @@
 extern "C" bool setNetworkForResolv(unsigned netId) {
     return setNetworkForTarget(netId, &netIdForResolv);
 }
+
+extern "C" bool protectFromVpn(int socketFd) {
+    if (socketFd < 0) {
+        errno = EBADF;
+        return false;
+    }
+    FwmarkCommand command = {FwmarkCommand::PROTECT_FROM_VPN, 0};
+    return FwmarkClient().send(&command, sizeof(command), socketFd);
+}