Replace the usage of UidRange (142408a4) · Commits · e / os / android_frameworks_base

packages/Connectivity/framework/src/android/net/NetworkCapabilities.java

+19 −12

Original line number	Original line	Diff line number	Diff line
	@@ -33,6 +33,7 @@ import android.os.Parcelable;
	import android.os.Process;		import android.os.Process;
	import android.text.TextUtils;		import android.text.TextUtils;
	import android.util.ArraySet;		import android.util.ArraySet;
			import android.util.Range;
	import android.util.proto.ProtoOutputStream;		import android.util.proto.ProtoOutputStream;

	import com.android.internal.annotations.VisibleForTesting;		import com.android.internal.annotations.VisibleForTesting;
	@@ -216,7 +217,7 @@ public final class NetworkCapabilities implements Parcelable {
	setTransportInfo(null);		setTransportInfo(null);
	}		}
	mSignalStrength = nc.mSignalStrength;		mSignalStrength = nc.mSignalStrength;
	setUids(nc.mUids); // Will make the defensive copy		mUids = (nc.mUids == null) ? null : new ArraySet<>(nc.mUids);
	setAdministratorUids(nc.getAdministratorUids());		setAdministratorUids(nc.getAdministratorUids());
	mOwnerUid = nc.mOwnerUid;		mOwnerUid = nc.mOwnerUid;
	mUnwantedNetworkCapabilities = nc.mUnwantedNetworkCapabilities;		mUnwantedNetworkCapabilities = nc.mUnwantedNetworkCapabilities;
	@@ -1519,9 +1520,8 @@ public final class NetworkCapabilities implements Parcelable {
	* @hide		* @hide
	*/		*/
	public @NonNull NetworkCapabilities setSingleUid(int uid) {		public @NonNull NetworkCapabilities setSingleUid(int uid) {
	final ArraySet<UidRange> identity = new ArraySet<>(1);		mUids = new ArraySet<>(1);
	identity.add(new UidRange(uid, uid));		mUids.add(new UidRange(uid, uid));
	setUids(identity);
	return this;		return this;
	}		}

	@@ -1530,12 +1530,8 @@ public final class NetworkCapabilities implements Parcelable {
	* This makes a copy of the set so that callers can't modify it after the call.		* This makes a copy of the set so that callers can't modify it after the call.
	* @hide		* @hide
	*/		*/
	public @NonNull NetworkCapabilities setUids(Set<UidRange> uids) {		public @NonNull NetworkCapabilities setUids(@Nullable Set<Range<Integer>> uids) {
	if (null == uids) {		mUids = UidRange.fromIntRanges(uids);
	mUids = null;
	} else {
	mUids = new ArraySet<>(uids);
	}
	return this;		return this;
	}		}

	@@ -1544,8 +1540,19 @@ public final class NetworkCapabilities implements Parcelable {
	* This returns a copy of the set so that callers can't modify the original object.		* This returns a copy of the set so that callers can't modify the original object.
	* @hide		* @hide
	*/		*/
	public @Nullable Set<UidRange> getUids() {		public @Nullable Set<Range<Integer>> getUids() {
	return null == mUids ? null : new ArraySet<>(mUids);		return UidRange.toIntRanges(mUids);
			}

			/**
			* Get the list of UIDs this network applies to.
			* This returns a copy of the set so that callers can't modify the original object.
			* @hide
			*/
			public @Nullable Set<UidRange> getUidRanges() {
			if (mUids == null) return null;

			return new ArraySet<>(mUids);
	}		}

	/**		/**

packages/Connectivity/framework/src/android/net/NetworkRequest.java

+3 −2

Original line number	Original line	Diff line number	Diff line
	@@ -45,6 +45,7 @@ import android.os.Parcel;
	import android.os.Parcelable;		import android.os.Parcelable;
	import android.os.Process;		import android.os.Process;
	import android.text.TextUtils;		import android.text.TextUtils;
			import android.util.Range;
	import android.util.proto.ProtoOutputStream;		import android.util.proto.ProtoOutputStream;

	import java.util.Arrays;		import java.util.Arrays;
	@@ -277,11 +278,11 @@ public class NetworkRequest implements Parcelable {
	* Set the watched UIDs for this request. This will be reset and wiped out unless		* Set the watched UIDs for this request. This will be reset and wiped out unless
	* the calling app holds the CHANGE_NETWORK_STATE permission.		* the calling app holds the CHANGE_NETWORK_STATE permission.
	*		*
	* @param uids The watched UIDs as a set of UidRanges, or null for everything.		* @param uids The watched UIDs as a set of {@code Range<Integer>}, or null for everything.
	* @return The builder to facilitate chaining.		* @return The builder to facilitate chaining.
	* @hide		* @hide
	*/		*/
	public Builder setUids(Set<UidRange> uids) {		public Builder setUids(@Nullable Set<Range<Integer>> uids) {
	mNetworkCapabilities.setUids(uids);		mNetworkCapabilities.setUids(uids);
	return this;		return this;
	}		}

packages/Connectivity/framework/src/android/net/UidRange.java

+31 −0

Original line number	Original line	Diff line number	Diff line
	@@ -20,8 +20,11 @@ import android.annotation.Nullable;
	import android.os.Parcel;		import android.os.Parcel;
	import android.os.Parcelable;		import android.os.Parcelable;
	import android.os.UserHandle;		import android.os.UserHandle;
			import android.util.ArraySet;
			import android.util.Range;

	import java.util.Collection;		import java.util.Collection;
			import java.util.Set;

	/**		/**
	* An inclusive range of UIDs.		* An inclusive range of UIDs.
	@@ -149,4 +152,32 @@ public final class UidRange implements Parcelable {
	}		}
	return false;		return false;
	}		}

			/**
			* Convert a set of {@code Range<Integer>} to a set of {@link UidRange}.
			*/
			@Nullable
			public static ArraySet<UidRange> fromIntRanges(@Nullable Set<Range<Integer>> ranges) {
			if (null == ranges) return null;

			final ArraySet<UidRange> uids = new ArraySet<>();
			for (Range<Integer> range : ranges) {
			uids.add(new UidRange(range.getLower(), range.getUpper()));
			}
			return uids;
			}

			/**
			* Convert a set of {@link UidRange} to a set of {@code Range<Integer>}.
			*/
			@Nullable
			public static ArraySet<Range<Integer>> toIntRanges(@Nullable Set<UidRange> ranges) {
			if (null == ranges) return null;

			final ArraySet<Range<Integer>> uids = new ArraySet<>();
			for (UidRange range : ranges) {
			uids.add(new Range<Integer>(range.start, range.stop));
			}
			return uids;
			}
	}		}

services/core/java/com/android/server/ConnectivityService.java

+10 −12

Original line number	Original line	Diff line number	Diff line
	@@ -1338,7 +1338,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	netCap.addCapability(NET_CAPABILITY_INTERNET);		netCap.addCapability(NET_CAPABILITY_INTERNET);
	netCap.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);		netCap.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);
	netCap.removeCapability(NET_CAPABILITY_NOT_VPN);		netCap.removeCapability(NET_CAPABILITY_NOT_VPN);
	netCap.setUids(Collections.singleton(uids));		netCap.setUids(UidRange.toIntRanges(Collections.singleton(uids)));
	return netCap;		return netCap;
	}		}

	@@ -2968,7 +2968,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	if (0 == defaultRequest.mRequests.size()) {		if (0 == defaultRequest.mRequests.size()) {
	pw.println("none, this should never occur.");		pw.println("none, this should never occur.");
	} else {		} else {
	pw.println(defaultRequest.mRequests.get(0).networkCapabilities.getUids());		pw.println(defaultRequest.mRequests.get(0).networkCapabilities.getUidRanges());
	}		}
	pw.decreaseIndent();		pw.decreaseIndent();
	pw.decreaseIndent();		pw.decreaseIndent();
	@@ -5393,9 +5393,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
	private Set<UidRange> getUids() {		private Set<UidRange> getUids() {
	// networkCapabilities.getUids() returns a defensive copy.		// networkCapabilities.getUids() returns a defensive copy.
	// multilayer requests will all have the same uids so return the first one.		// multilayer requests will all have the same uids so return the first one.
	final Set<UidRange> uids = null == mRequests.get(0).networkCapabilities.getUids()		final Set<UidRange> uids = mRequests.get(0).networkCapabilities.getUidRanges();
	? new ArraySet<>() : mRequests.get(0).networkCapabilities.getUids();		return (null == uids) ? new ArraySet<>() : uids;
	return uids;
	}		}

	NetworkRequestInfo(@NonNull final NetworkRequest r, @Nullable final PendingIntent pi,		NetworkRequestInfo(@NonNull final NetworkRequest r, @Nullable final PendingIntent pi,
	@@ -6206,7 +6205,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	for (final NetworkRequestInfo nri : mDefaultNetworkRequests) {		for (final NetworkRequestInfo nri : mDefaultNetworkRequests) {
	// Currently, all network requests will have the same uids therefore checking the first		// Currently, all network requests will have the same uids therefore checking the first
	// one is sufficient. If/when uids are tracked at the nri level, this can change.		// one is sufficient. If/when uids are tracked at the nri level, this can change.
	final Set<UidRange> uids = nri.mRequests.get(0).networkCapabilities.getUids();		final Set<UidRange> uids = nri.mRequests.get(0).networkCapabilities.getUidRanges();
	if (null == uids) {		if (null == uids) {
	continue;		continue;
	}		}
	@@ -6647,7 +6646,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	return;		return;
	}		}

	final Set<UidRange> ranges = nai.networkCapabilities.getUids();		final Set<UidRange> ranges = nai.networkCapabilities.getUidRanges();
	final int vpnAppUid = nai.networkCapabilities.getOwnerUid();		final int vpnAppUid = nai.networkCapabilities.getOwnerUid();
	// TODO: this create a window of opportunity for apps to receive traffic between the time		// TODO: this create a window of opportunity for apps to receive traffic between the time
	// when the old rules are removed and the time when new rules are added. To fix this,		// when the old rules are removed and the time when new rules are added. To fix this,
	@@ -7012,8 +7011,8 @@ public class ConnectivityService extends IConnectivityManager.Stub

	private void updateUids(NetworkAgentInfo nai, NetworkCapabilities prevNc,		private void updateUids(NetworkAgentInfo nai, NetworkCapabilities prevNc,
	NetworkCapabilities newNc) {		NetworkCapabilities newNc) {
	Set<UidRange> prevRanges = null == prevNc ? null : prevNc.getUids();		Set<UidRange> prevRanges = null == prevNc ? null : prevNc.getUidRanges();
	Set<UidRange> newRanges = null == newNc ? null : newNc.getUids();		Set<UidRange> newRanges = null == newNc ? null : newNc.getUidRanges();
	if (null == prevRanges) prevRanges = new ArraySet<>();		if (null == prevRanges) prevRanges = new ArraySet<>();
	if (null == newRanges) newRanges = new ArraySet<>();		if (null == newRanges) newRanges = new ArraySet<>();
	final Set<UidRange> prevRangesCopy = new ArraySet<>(prevRanges);		final Set<UidRange> prevRangesCopy = new ArraySet<>(prevRanges);
	@@ -9344,7 +9343,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
	final ArrayList<NetworkRequest> nrs = new ArrayList<>();		final ArrayList<NetworkRequest> nrs = new ArrayList<>();
	nrs.add(createNetworkRequest(NetworkRequest.Type.REQUEST, pref.capabilities));		nrs.add(createNetworkRequest(NetworkRequest.Type.REQUEST, pref.capabilities));
	nrs.add(createDefaultRequest());		nrs.add(createDefaultRequest());
	setNetworkRequestUids(nrs, pref.capabilities.getUids());		setNetworkRequestUids(nrs, UidRange.fromIntRanges(pref.capabilities.getUids()));
	final NetworkRequestInfo nri = new NetworkRequestInfo(nrs);		final NetworkRequestInfo nri = new NetworkRequestInfo(nrs);
	result.add(nri);		result.add(nri);
	}		}
	@@ -9560,9 +9559,8 @@ public class ConnectivityService extends IConnectivityManager.Stub

	private static void setNetworkRequestUids(@NonNull final List<NetworkRequest> requests,		private static void setNetworkRequestUids(@NonNull final List<NetworkRequest> requests,
	@NonNull final Set<UidRange> uids) {		@NonNull final Set<UidRange> uids) {
	final Set<UidRange> ranges = new ArraySet<>(uids);
	for (final NetworkRequest req : requests) {		for (final NetworkRequest req : requests) {
	req.networkCapabilities.setUids(ranges);		req.networkCapabilities.setUids(UidRange.toIntRanges(uids));
	}		}
	}		}

services/core/java/com/android/server/connectivity/Vpn.java

+45 −35

Original line number	Original line	Diff line number	Diff line
	@@ -19,6 +19,7 @@ package com.android.server.connectivity;
	import static android.Manifest.permission.BIND_VPN_SERVICE;		import static android.Manifest.permission.BIND_VPN_SERVICE;
	import static android.net.ConnectivityManager.NETID_UNSET;		import static android.net.ConnectivityManager.NETID_UNSET;
	import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;		import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;
			import static android.os.UserHandle.PER_USER_RANGE;
	import static android.net.RouteInfo.RTN_THROW;		import static android.net.RouteInfo.RTN_THROW;
	import static android.net.RouteInfo.RTN_UNREACHABLE;		import static android.net.RouteInfo.RTN_UNREACHABLE;
	import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN;		import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN;
	@@ -70,7 +71,6 @@ import android.net.NetworkProvider;
	import android.net.NetworkRequest;		import android.net.NetworkRequest;
	import android.net.NetworkScore;		import android.net.NetworkScore;
	import android.net.RouteInfo;		import android.net.RouteInfo;
	import android.net.UidRange;
	import android.net.UidRangeParcel;		import android.net.UidRangeParcel;
	import android.net.UnderlyingNetworkInfo;		import android.net.UnderlyingNetworkInfo;
	import android.net.VpnManager;		import android.net.VpnManager;
	@@ -1351,7 +1351,7 @@ public class Vpn {
	String oldInterface = mInterface;		String oldInterface = mInterface;
	Connection oldConnection = mConnection;		Connection oldConnection = mConnection;
	NetworkAgent oldNetworkAgent = mNetworkAgent;		NetworkAgent oldNetworkAgent = mNetworkAgent;
	Set<UidRange> oldUsers = mNetworkCapabilities.getUids();		Set<Range<Integer>> oldUsers = mNetworkCapabilities.getUids();

	// Configure the interface. Abort if any of these steps fails.		// Configure the interface. Abort if any of these steps fails.
	ParcelFileDescriptor tun = ParcelFileDescriptor.adoptFd(jniCreate(config.mtu));		ParcelFileDescriptor tun = ParcelFileDescriptor.adoptFd(jniCreate(config.mtu));
	@@ -1457,7 +1457,7 @@ public class Vpn {
	}		}

	/**		/**
	* Creates a {@link Set} of non-intersecting {@link UidRange} objects including all UIDs		* Creates a {@link Set} of non-intersecting {@code Range<Integer>} objects including all UIDs
	* associated with one user, and any restricted profiles attached to that user.		* associated with one user, and any restricted profiles attached to that user.
	*		*
	* <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,		* <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
	@@ -1470,10 +1470,10 @@ public class Vpn {
	* @param disallowedApplications (optional) List of applications to deny.		* @param disallowedApplications (optional) List of applications to deny.
	*/		*/
	@VisibleForTesting		@VisibleForTesting
	Set<UidRange> createUserAndRestrictedProfilesRanges(@UserIdInt int userId,		Set<Range<Integer>> createUserAndRestrictedProfilesRanges(@UserIdInt int userId,
	@Nullable List<String> allowedApplications,		@Nullable List<String> allowedApplications,
	@Nullable List<String> disallowedApplications) {		@Nullable List<String> disallowedApplications) {
	final Set<UidRange> ranges = new ArraySet<>();		final Set<Range<Integer>> ranges = new ArraySet<>();

	// Assign the top-level user to the set of ranges		// Assign the top-level user to the set of ranges
	addUserToRanges(ranges, userId, allowedApplications, disallowedApplications);		addUserToRanges(ranges, userId, allowedApplications, disallowedApplications);
	@@ -1497,20 +1497,20 @@ public class Vpn {
	}		}

	/**		/**
	* Updates a {@link Set} of non-intersecting {@link UidRange} objects to include all UIDs		* Updates a {@link Set} of non-intersecting {@code Range<Integer>} objects to include all UIDs
	* associated with one user.		* associated with one user.
	*		*
	* <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,		* <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
	* the UID ranges will match the app allowlist or denylist specified there. Otherwise, all UIDs		* the UID ranges will match the app allowlist or denylist specified there. Otherwise, all UIDs
	* in the user will be included.		* in the user will be included.
	*		*
	* @param ranges {@link Set} of {@link UidRange}s to which to add.		* @param ranges {@link Set} of {@code Range<Integer>}s to which to add.
	* @param userId The userId to add to {@param ranges}.		* @param userId The userId to add to {@param ranges}.
	* @param allowedApplications (optional) allowlist of applications to include.		* @param allowedApplications (optional) allowlist of applications to include.
	* @param disallowedApplications (optional) denylist of applications to exclude.		* @param disallowedApplications (optional) denylist of applications to exclude.
	*/		*/
	@VisibleForTesting		@VisibleForTesting
	void addUserToRanges(@NonNull Set<UidRange> ranges, @UserIdInt int userId,		void addUserToRanges(@NonNull Set<Range<Integer>> ranges, @UserIdInt int userId,
	@Nullable List<String> allowedApplications,		@Nullable List<String> allowedApplications,
	@Nullable List<String> disallowedApplications) {		@Nullable List<String> disallowedApplications) {
	if (allowedApplications != null) {		if (allowedApplications != null) {
	@@ -1520,40 +1520,41 @@ public class Vpn {
	if (start == -1) {		if (start == -1) {
	start = uid;		start = uid;
	} else if (uid != stop + 1) {		} else if (uid != stop + 1) {
	ranges.add(new UidRange(start, stop));		ranges.add(new Range<Integer>(start, stop));
	start = uid;		start = uid;
	}		}
	stop = uid;		stop = uid;
	}		}
	if (start != -1) ranges.add(new UidRange(start, stop));		if (start != -1) ranges.add(new Range<Integer>(start, stop));
	} else if (disallowedApplications != null) {		} else if (disallowedApplications != null) {
	// Add all ranges for user skipping UIDs for disallowedApplications.		// Add all ranges for user skipping UIDs for disallowedApplications.
	final UidRange userRange = UidRange.createForUser(UserHandle.of(userId));		final Range<Integer> userRange = createUidRangeForUser(userId);
	int start = userRange.start;		int start = userRange.getLower();
	for (int uid : getAppsUids(disallowedApplications, userId)) {		for (int uid : getAppsUids(disallowedApplications, userId)) {
	if (uid == start) {		if (uid == start) {
	start++;		start++;
	} else {		} else {
	ranges.add(new UidRange(start, uid - 1));		ranges.add(new Range<Integer>(start, uid - 1));
	start = uid + 1;		start = uid + 1;
	}		}
	}		}
	if (start <= userRange.stop) ranges.add(new UidRange(start, userRange.stop));		if (start <= userRange.getUpper()) {
			ranges.add(new Range<Integer>(start, userRange.getUpper()));
			}
	} else {		} else {
	// Add all UIDs for the user.		// Add all UIDs for the user.
	ranges.add(UidRange.createForUser(UserHandle.of(userId)));		ranges.add(createUidRangeForUser(userId));
	}		}
	}		}

	// Returns the subset of the full list of active UID ranges the VPN applies to (mVpnUsers) that		// Returns the subset of the full list of active UID ranges the VPN applies to (mVpnUsers) that
	// apply to userId.		// apply to userId.
	private static List<UidRange> uidRangesForUser(int userId, Set<UidRange> existingRanges) {		private static List<Range<Integer>> uidRangesForUser(int userId,
	// UidRange#createForUser returns the entire range of UIDs available to a macro-user.		Set<Range<Integer>> existingRanges) {
	// This is something like 0-99999 ; {@see UserHandle#PER_USER_RANGE}		final Range<Integer> userRange = createUidRangeForUser(userId);
	final UidRange userRange = UidRange.createForUser(UserHandle.of(userId));		final List<Range<Integer>> ranges = new ArrayList<>();
	final List<UidRange> ranges = new ArrayList<>();		for (Range<Integer> range : existingRanges) {
	for (UidRange range : existingRanges) {		if (userRange.contains(range)) {
	if (userRange.containsRange(range)) {
	ranges.add(range);		ranges.add(range);
	}		}
	}		}
	@@ -1570,7 +1571,7 @@ public class Vpn {
	UserInfo user = mUserManager.getUserInfo(userId);		UserInfo user = mUserManager.getUserInfo(userId);
	if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {		if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {
	synchronized(Vpn.this) {		synchronized(Vpn.this) {
	final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();		final Set<Range<Integer>> existingRanges = mNetworkCapabilities.getUids();
	if (existingRanges != null) {		if (existingRanges != null) {
	try {		try {
	addUserToRanges(existingRanges, userId, mConfig.allowedApplications,		addUserToRanges(existingRanges, userId, mConfig.allowedApplications,
	@@ -1598,10 +1599,10 @@ public class Vpn {
	UserInfo user = mUserManager.getUserInfo(userId);		UserInfo user = mUserManager.getUserInfo(userId);
	if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {		if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {
	synchronized(Vpn.this) {		synchronized(Vpn.this) {
	final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();		final Set<Range<Integer>> existingRanges = mNetworkCapabilities.getUids();
	if (existingRanges != null) {		if (existingRanges != null) {
	try {		try {
	final List<UidRange> removedRanges =		final List<Range<Integer>> removedRanges =
	uidRangesForUser(userId, existingRanges);		uidRangesForUser(userId, existingRanges);
	existingRanges.removeAll(removedRanges);		existingRanges.removeAll(removedRanges);
	mNetworkCapabilities.setUids(existingRanges);		mNetworkCapabilities.setUids(existingRanges);
	@@ -1662,7 +1663,7 @@ public class Vpn {
	final Set<UidRangeParcel> rangesToRemove = new ArraySet<>(mBlockedUidsAsToldToConnectivity);		final Set<UidRangeParcel> rangesToRemove = new ArraySet<>(mBlockedUidsAsToldToConnectivity);
	final Set<UidRangeParcel> rangesToAdd;		final Set<UidRangeParcel> rangesToAdd;
	if (enforce) {		if (enforce) {
	final Set<UidRange> restrictedProfilesRanges =		final Set<Range<Integer>> restrictedProfilesRanges =
	createUserAndRestrictedProfilesRanges(mUserId,		createUserAndRestrictedProfilesRanges(mUserId,
	/* allowedApplications */ null,		/* allowedApplications */ null,
	/* disallowedApplications */ exemptedPackages);		/* disallowedApplications */ exemptedPackages);
	@@ -1671,11 +1672,12 @@ public class Vpn {
	// The UID range of the first user (0-99999) would block the IPSec traffic, which comes		// The UID range of the first user (0-99999) would block the IPSec traffic, which comes
	// directly from the kernel and is marked as uid=0. So we adjust the range to allow		// directly from the kernel and is marked as uid=0. So we adjust the range to allow
	// it through (b/69873852).		// it through (b/69873852).
	for (UidRange range : restrictedProfilesRanges) {		for (Range<Integer> range : restrictedProfilesRanges) {
	if (range.start == 0 && range.stop != 0) {		if (range.getLower() == 0 && range.getUpper() != 0) {
	rangesThatShouldBeBlocked.add(new UidRangeParcel(1, range.stop));		rangesThatShouldBeBlocked.add(new UidRangeParcel(1, range.getUpper()));
	} else if (range.start != 0) {		} else if (range.getLower() != 0) {
	rangesThatShouldBeBlocked.add(new UidRangeParcel(range.start, range.stop));		rangesThatShouldBeBlocked.add(
			new UidRangeParcel(range.getLower(), range.getUpper()));
	}		}
	}		}

	@@ -1697,12 +1699,12 @@ public class Vpn {
	}		}

	/**		/**
	* Tell ConnectivityService to add or remove a list of {@link UidRange}s to the list of UIDs		* Tell ConnectivityService to add or remove a list of {@link UidRangeParcel}s to the list of
	* that are only allowed to make connections through sockets that have had {@code protect()}		* UIDs that are only allowed to make connections through sockets that have had
	* called on them.		* {@code protect()} called on them.
	*		*
	* @param enforce {@code true} to add to the denylist, {@code false} to remove.		* @param enforce {@code true} to add to the denylist, {@code false} to remove.
	* @param ranges {@link Collection} of {@link UidRange}s to add (if {@param enforce} is		* @param ranges {@link Collection} of {@link UidRangeParcel}s to add (if {@param enforce} is
	* {@code true}) or to remove.		* {@code true}) or to remove.
	* @return {@code true} if all of the UIDs were added/removed. {@code false} otherwise,		* @return {@code true} if all of the UIDs were added/removed. {@code false} otherwise,
	* including added ranges that already existed or removed ones that didn't.		* including added ranges that already existed or removed ones that didn't.
	@@ -3346,4 +3348,12 @@ public class Vpn {
	firstChildSessionCallback);		firstChildSessionCallback);
	}		}
	}		}

			/**
			* Returns the entire range of UIDs available to a macro-user. This is something like 0-99999.
			*/
			@VisibleForTesting
			static Range<Integer> createUidRangeForUser(int userId) {
			return new Range<Integer>(userId * PER_USER_RANGE, (userId + 1) * PER_USER_RANGE - 1);
			}
	}		}