Loading core/java/android/os/INetworkManagementService.aidl +6 −6 Original line number Diff line number Diff line Loading @@ -388,10 +388,10 @@ interface INetworkManagementService /** * Setup a new physical network. * @param permission null if no permissions required to access this network. PERMISSION_NETWORK * or PERMISSION_SYSTEM to set respective permission. * @param permission PERMISSION_NONE if no permissions required to access this network. * PERMISSION_NETWORK or PERMISSION_SYSTEM to set respective permission. */ void createPhysicalNetwork(int netId, String permission); void createPhysicalNetwork(int netId, int permission); /** * Setup a new VPN. Loading Loading @@ -420,10 +420,10 @@ interface INetworkManagementService /** * Set permission for a network. * @param permission null to clear permissions. PERMISSION_NETWORK or PERMISSION_SYSTEM to set * permission. * @param permission PERMISSION_NONE to clear permissions. * PERMISSION_NETWORK or PERMISSION_SYSTEM to set permission. */ void setNetworkPermission(int netId, String permission); void setNetworkPermission(int netId, int permission); void setPermission(String permission, in int[] uids); void clearPermission(in int[] uids); Loading services/core/java/com/android/server/ConnectivityService.java +7 −8 Original line number Diff line number Diff line Loading @@ -4782,15 +4782,14 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private String getNetworkPermission(NetworkCapabilities nc) { // TODO: make these permission strings AIDL constants instead. private int getNetworkPermission(NetworkCapabilities nc) { if (!nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) { return NetworkManagementService.PERMISSION_SYSTEM; return INetd.PERMISSION_SYSTEM; } if (!nc.hasCapability(NET_CAPABILITY_FOREGROUND)) { return NetworkManagementService.PERMISSION_NETWORK; return INetd.PERMISSION_NETWORK; } return null; return INetd.PERMISSION_NONE; } /** Loading Loading @@ -4863,9 +4862,9 @@ public class ConnectivityService extends IConnectivityManager.Stub if (Objects.equals(nai.networkCapabilities, newNc)) return; final String oldPermission = getNetworkPermission(nai.networkCapabilities); final String newPermission = getNetworkPermission(newNc); if (!Objects.equals(oldPermission, newPermission) && nai.created && !nai.isVPN()) { final int oldPermission = getNetworkPermission(nai.networkCapabilities); final int newPermission = getNetworkPermission(newNc); if (oldPermission != newPermission && nai.created && !nai.isVPN()) { try { mNMS.setNetworkPermission(nai.network.netId, newPermission); } catch (RemoteException e) { Loading services/core/java/com/android/server/NetworkManagementService.java +97 −145 Original line number Diff line number Diff line Loading @@ -169,19 +169,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub */ public static final String LIMIT_GLOBAL_ALERT = "globalAlert"; /** * String to pass to netd to indicate that a network is only accessible * to apps that have the CHANGE_NETWORK_STATE permission. */ public static final String PERMISSION_NETWORK = "NETWORK"; /** * String to pass to netd to indicate that a network is only * accessible to system apps and those with the CONNECTIVITY_INTERNAL * permission. */ public static final String PERMISSION_SYSTEM = "SYSTEM"; static class NetdResponseCode { /* Keep in sync with system/netd/server/ResponseCode.h */ public static final int InterfaceListResult = 110; Loading Loading @@ -222,6 +209,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub static final int DAEMON_MSG_MOBILE_CONN_REAL_TIME_INFO = 1; static final boolean MODIFY_OPERATION_ADD = true; static final boolean MODIFY_OPERATION_REMOVE = false; /** * Binder context for this service */ Loading Loading @@ -1117,41 +1107,47 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void addRoute(int netId, RouteInfo route) { modifyRoute("add", "" + netId, route); modifyRoute(MODIFY_OPERATION_ADD, netId, route); } @Override public void removeRoute(int netId, RouteInfo route) { modifyRoute("remove", "" + netId, route); modifyRoute(MODIFY_OPERATION_REMOVE, netId, route); } private void modifyRoute(String action, String netId, RouteInfo route) { private void modifyRoute(boolean add, int netId, RouteInfo route) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); final Command cmd = new Command("network", "route", action, netId); // create triplet: interface dest-ip-addr/prefixlength gateway-ip-addr cmd.appendArg(route.getInterface()); cmd.appendArg(route.getDestination().toString()); final String ifName = route.getInterface(); final String dst = route.getDestination().toString(); final String nextHop; switch (route.getType()) { case RouteInfo.RTN_UNICAST: if (route.hasGateway()) { cmd.appendArg(route.getGateway().getHostAddress()); nextHop = route.getGateway().getHostAddress(); } else { nextHop = INetd.NEXTHOP_NONE; } break; case RouteInfo.RTN_UNREACHABLE: cmd.appendArg("unreachable"); nextHop = INetd.NEXTHOP_UNREACHABLE; break; case RouteInfo.RTN_THROW: cmd.appendArg("throw"); nextHop = INetd.NEXTHOP_THROW; break; default: nextHop = INetd.NEXTHOP_NONE; break; } try { mConnector.execute(cmd); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); if (add) { mNetdService.networkAddRoute(netId, ifName, dst, nextHop); } else { mNetdService.networkRemoveRoute(netId, ifName, dst, nextHop); } } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading Loading @@ -1911,44 +1907,21 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void addVpnUidRanges(int netId, UidRange[] ranges) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[3 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "users"; argv[1] = "add"; argv[2] = netId; int argc = 3; // Avoid overly long commands by limiting number of UID ranges per command. for (int i = 0; i < ranges.length; i++) { argv[argc++] = ranges[i].toString(); if (i == (ranges.length - 1) || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 3; } mNetdService.networkAddUidRanges(netId, ranges); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } @Override public void removeVpnUidRanges(int netId, UidRange[] ranges) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[3 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "users"; argv[1] = "remove"; argv[2] = netId; int argc = 3; // Avoid overly long commands by limiting number of UID ranges per command. for (int i = 0; i < ranges.length; i++) { argv[argc++] = ranges[i].toString(); if (i == (ranges.length - 1) || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 3; } mNetdService.networkRemoveUidRanges(netId, ranges); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading Loading @@ -2406,17 +2379,13 @@ public class NetworkManagementService extends INetworkManagementService.Stub } @Override public void createPhysicalNetwork(int netId, String permission) { public void createPhysicalNetwork(int netId, int permission) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { if (permission != null) { mConnector.execute("network", "create", netId, permission); } else { mConnector.execute("network", "create", netId); } } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkCreatePhysical(netId, permission); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2425,10 +2394,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "create", netId, "vpn", hasDNS ? "1" : "0", secure ? "1" : "0"); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkCreateVpn(netId, hasDNS, secure); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2449,20 +2417,24 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void addInterfaceToNetwork(String iface, int netId) { modifyInterfaceInNetwork("add", "" + netId, iface); modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, netId, iface); } @Override public void removeInterfaceFromNetwork(String iface, int netId) { modifyInterfaceInNetwork("remove", "" + netId, iface); modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, netId, iface); } private void modifyInterfaceInNetwork(String action, String netId, String iface) { private void modifyInterfaceInNetwork(boolean add, int netId, String iface) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "interface", action, netId, iface); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); if (add) { mNetdService.networkAddInterface(netId, iface); } else { mNetdService.networkRemoveInterface(netId, iface); } } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2470,20 +2442,20 @@ public class NetworkManagementService extends INetworkManagementService.Stub public void addLegacyRouteForNetId(int netId, RouteInfo routeInfo, int uid) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); final Command cmd = new Command("network", "route", "legacy", uid, "add", netId); // create triplet: interface dest-ip-addr/prefixlength gateway-ip-addr final LinkAddress la = routeInfo.getDestinationLinkAddress(); cmd.appendArg(routeInfo.getInterface()); cmd.appendArg(la.getAddress().getHostAddress() + "/" + la.getPrefixLength()); final String ifName = routeInfo.getInterface(); final String dst = la.toString(); final String nextHop; if (routeInfo.hasGateway()) { cmd.appendArg(routeInfo.getGateway().getHostAddress()); nextHop = routeInfo.getGateway().getHostAddress(); } else { nextHop = ""; } try { mConnector.execute(cmd); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkAddLegacyRoute(netId, ifName, dst, nextHop, uid); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2492,9 +2464,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "default", "set", netId); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetDefault(netId); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2503,49 +2475,41 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "default", "clear"); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkClearDefault(); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } @Override public void setNetworkPermission(int netId, String permission) { public void setNetworkPermission(int netId, int permission) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { if (permission != null) { mConnector.execute("network", "permission", "network", "set", permission, netId); } else { mConnector.execute("network", "permission", "network", "clear", netId); } } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetPermissionForNetwork(netId, permission); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } private int parsePermission(String permission) { if (permission.equals("NETWORK")) { return INetd.PERMISSION_NETWORK; } if (permission.equals("SYSTEM")) { return INetd.PERMISSION_SYSTEM; } return INetd.PERMISSION_NONE; } @Override public void setPermission(String permission, int[] uids) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[4 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "permission"; argv[1] = "user"; argv[2] = "set"; argv[3] = permission; int argc = 4; // Avoid overly long commands by limiting number of UIDs per command. for (int i = 0; i < uids.length; ++i) { argv[argc++] = uids[i]; if (i == uids.length - 1 || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 4; } try { mNetdService.networkSetPermissionForUser(parsePermission(permission), uids); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2553,22 +2517,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub public void clearPermission(int[] uids) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[3 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "permission"; argv[1] = "user"; argv[2] = "clear"; int argc = 3; // Avoid overly long commands by limiting number of UIDs per command. for (int i = 0; i < uids.length; ++i) { argv[argc++] = uids[i]; if (i == uids.length - 1 || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 3; } try { mNetdService.networkClearPermissionForUser(uids); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2577,9 +2529,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "protect", "allow", uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetProtectAllow(uid); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2588,26 +2540,26 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "protect", "deny", uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetProtectDeny(uid); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } @Override public void addInterfaceToLocalNetwork(String iface, List<RouteInfo> routes) { modifyInterfaceInNetwork("add", "local", iface); modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, INetd.NETID_LOCAL, iface); for (RouteInfo route : routes) { if (!route.isDefaultRoute()) { modifyRoute("add", "local", route); modifyRoute(MODIFY_OPERATION_ADD, INetd.NETID_LOCAL, route); } } } @Override public void removeInterfaceFromLocalNetwork(String iface) { modifyInterfaceInNetwork("remove", "local", iface); modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, INetd.NETID_LOCAL, iface); } @Override Loading @@ -2616,7 +2568,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub for (RouteInfo route : routes) { try { modifyRoute("remove", "local", route); modifyRoute(MODIFY_OPERATION_REMOVE, INetd.NETID_LOCAL, route); } catch (IllegalStateException e) { failures++; } Loading Loading
core/java/android/os/INetworkManagementService.aidl +6 −6 Original line number Diff line number Diff line Loading @@ -388,10 +388,10 @@ interface INetworkManagementService /** * Setup a new physical network. * @param permission null if no permissions required to access this network. PERMISSION_NETWORK * or PERMISSION_SYSTEM to set respective permission. * @param permission PERMISSION_NONE if no permissions required to access this network. * PERMISSION_NETWORK or PERMISSION_SYSTEM to set respective permission. */ void createPhysicalNetwork(int netId, String permission); void createPhysicalNetwork(int netId, int permission); /** * Setup a new VPN. Loading Loading @@ -420,10 +420,10 @@ interface INetworkManagementService /** * Set permission for a network. * @param permission null to clear permissions. PERMISSION_NETWORK or PERMISSION_SYSTEM to set * permission. * @param permission PERMISSION_NONE to clear permissions. * PERMISSION_NETWORK or PERMISSION_SYSTEM to set permission. */ void setNetworkPermission(int netId, String permission); void setNetworkPermission(int netId, int permission); void setPermission(String permission, in int[] uids); void clearPermission(in int[] uids); Loading
services/core/java/com/android/server/ConnectivityService.java +7 −8 Original line number Diff line number Diff line Loading @@ -4782,15 +4782,14 @@ public class ConnectivityService extends IConnectivityManager.Stub } } private String getNetworkPermission(NetworkCapabilities nc) { // TODO: make these permission strings AIDL constants instead. private int getNetworkPermission(NetworkCapabilities nc) { if (!nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) { return NetworkManagementService.PERMISSION_SYSTEM; return INetd.PERMISSION_SYSTEM; } if (!nc.hasCapability(NET_CAPABILITY_FOREGROUND)) { return NetworkManagementService.PERMISSION_NETWORK; return INetd.PERMISSION_NETWORK; } return null; return INetd.PERMISSION_NONE; } /** Loading Loading @@ -4863,9 +4862,9 @@ public class ConnectivityService extends IConnectivityManager.Stub if (Objects.equals(nai.networkCapabilities, newNc)) return; final String oldPermission = getNetworkPermission(nai.networkCapabilities); final String newPermission = getNetworkPermission(newNc); if (!Objects.equals(oldPermission, newPermission) && nai.created && !nai.isVPN()) { final int oldPermission = getNetworkPermission(nai.networkCapabilities); final int newPermission = getNetworkPermission(newNc); if (oldPermission != newPermission && nai.created && !nai.isVPN()) { try { mNMS.setNetworkPermission(nai.network.netId, newPermission); } catch (RemoteException e) { Loading
services/core/java/com/android/server/NetworkManagementService.java +97 −145 Original line number Diff line number Diff line Loading @@ -169,19 +169,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub */ public static final String LIMIT_GLOBAL_ALERT = "globalAlert"; /** * String to pass to netd to indicate that a network is only accessible * to apps that have the CHANGE_NETWORK_STATE permission. */ public static final String PERMISSION_NETWORK = "NETWORK"; /** * String to pass to netd to indicate that a network is only * accessible to system apps and those with the CONNECTIVITY_INTERNAL * permission. */ public static final String PERMISSION_SYSTEM = "SYSTEM"; static class NetdResponseCode { /* Keep in sync with system/netd/server/ResponseCode.h */ public static final int InterfaceListResult = 110; Loading Loading @@ -222,6 +209,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub static final int DAEMON_MSG_MOBILE_CONN_REAL_TIME_INFO = 1; static final boolean MODIFY_OPERATION_ADD = true; static final boolean MODIFY_OPERATION_REMOVE = false; /** * Binder context for this service */ Loading Loading @@ -1117,41 +1107,47 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void addRoute(int netId, RouteInfo route) { modifyRoute("add", "" + netId, route); modifyRoute(MODIFY_OPERATION_ADD, netId, route); } @Override public void removeRoute(int netId, RouteInfo route) { modifyRoute("remove", "" + netId, route); modifyRoute(MODIFY_OPERATION_REMOVE, netId, route); } private void modifyRoute(String action, String netId, RouteInfo route) { private void modifyRoute(boolean add, int netId, RouteInfo route) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); final Command cmd = new Command("network", "route", action, netId); // create triplet: interface dest-ip-addr/prefixlength gateway-ip-addr cmd.appendArg(route.getInterface()); cmd.appendArg(route.getDestination().toString()); final String ifName = route.getInterface(); final String dst = route.getDestination().toString(); final String nextHop; switch (route.getType()) { case RouteInfo.RTN_UNICAST: if (route.hasGateway()) { cmd.appendArg(route.getGateway().getHostAddress()); nextHop = route.getGateway().getHostAddress(); } else { nextHop = INetd.NEXTHOP_NONE; } break; case RouteInfo.RTN_UNREACHABLE: cmd.appendArg("unreachable"); nextHop = INetd.NEXTHOP_UNREACHABLE; break; case RouteInfo.RTN_THROW: cmd.appendArg("throw"); nextHop = INetd.NEXTHOP_THROW; break; default: nextHop = INetd.NEXTHOP_NONE; break; } try { mConnector.execute(cmd); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); if (add) { mNetdService.networkAddRoute(netId, ifName, dst, nextHop); } else { mNetdService.networkRemoveRoute(netId, ifName, dst, nextHop); } } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading Loading @@ -1911,44 +1907,21 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void addVpnUidRanges(int netId, UidRange[] ranges) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[3 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "users"; argv[1] = "add"; argv[2] = netId; int argc = 3; // Avoid overly long commands by limiting number of UID ranges per command. for (int i = 0; i < ranges.length; i++) { argv[argc++] = ranges[i].toString(); if (i == (ranges.length - 1) || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 3; } mNetdService.networkAddUidRanges(netId, ranges); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } @Override public void removeVpnUidRanges(int netId, UidRange[] ranges) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[3 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "users"; argv[1] = "remove"; argv[2] = netId; int argc = 3; // Avoid overly long commands by limiting number of UID ranges per command. for (int i = 0; i < ranges.length; i++) { argv[argc++] = ranges[i].toString(); if (i == (ranges.length - 1) || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 3; } mNetdService.networkRemoveUidRanges(netId, ranges); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading Loading @@ -2406,17 +2379,13 @@ public class NetworkManagementService extends INetworkManagementService.Stub } @Override public void createPhysicalNetwork(int netId, String permission) { public void createPhysicalNetwork(int netId, int permission) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { if (permission != null) { mConnector.execute("network", "create", netId, permission); } else { mConnector.execute("network", "create", netId); } } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkCreatePhysical(netId, permission); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2425,10 +2394,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "create", netId, "vpn", hasDNS ? "1" : "0", secure ? "1" : "0"); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkCreateVpn(netId, hasDNS, secure); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2449,20 +2417,24 @@ public class NetworkManagementService extends INetworkManagementService.Stub @Override public void addInterfaceToNetwork(String iface, int netId) { modifyInterfaceInNetwork("add", "" + netId, iface); modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, netId, iface); } @Override public void removeInterfaceFromNetwork(String iface, int netId) { modifyInterfaceInNetwork("remove", "" + netId, iface); modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, netId, iface); } private void modifyInterfaceInNetwork(String action, String netId, String iface) { private void modifyInterfaceInNetwork(boolean add, int netId, String iface) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "interface", action, netId, iface); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); if (add) { mNetdService.networkAddInterface(netId, iface); } else { mNetdService.networkRemoveInterface(netId, iface); } } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2470,20 +2442,20 @@ public class NetworkManagementService extends INetworkManagementService.Stub public void addLegacyRouteForNetId(int netId, RouteInfo routeInfo, int uid) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); final Command cmd = new Command("network", "route", "legacy", uid, "add", netId); // create triplet: interface dest-ip-addr/prefixlength gateway-ip-addr final LinkAddress la = routeInfo.getDestinationLinkAddress(); cmd.appendArg(routeInfo.getInterface()); cmd.appendArg(la.getAddress().getHostAddress() + "/" + la.getPrefixLength()); final String ifName = routeInfo.getInterface(); final String dst = la.toString(); final String nextHop; if (routeInfo.hasGateway()) { cmd.appendArg(routeInfo.getGateway().getHostAddress()); nextHop = routeInfo.getGateway().getHostAddress(); } else { nextHop = ""; } try { mConnector.execute(cmd); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkAddLegacyRoute(netId, ifName, dst, nextHop, uid); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2492,9 +2464,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "default", "set", netId); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetDefault(netId); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2503,49 +2475,41 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "default", "clear"); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkClearDefault(); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } @Override public void setNetworkPermission(int netId, String permission) { public void setNetworkPermission(int netId, int permission) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { if (permission != null) { mConnector.execute("network", "permission", "network", "set", permission, netId); } else { mConnector.execute("network", "permission", "network", "clear", netId); } } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetPermissionForNetwork(netId, permission); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } private int parsePermission(String permission) { if (permission.equals("NETWORK")) { return INetd.PERMISSION_NETWORK; } if (permission.equals("SYSTEM")) { return INetd.PERMISSION_SYSTEM; } return INetd.PERMISSION_NONE; } @Override public void setPermission(String permission, int[] uids) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[4 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "permission"; argv[1] = "user"; argv[2] = "set"; argv[3] = permission; int argc = 4; // Avoid overly long commands by limiting number of UIDs per command. for (int i = 0; i < uids.length; ++i) { argv[argc++] = uids[i]; if (i == uids.length - 1 || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 4; } try { mNetdService.networkSetPermissionForUser(parsePermission(permission), uids); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2553,22 +2517,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub public void clearPermission(int[] uids) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Object[] argv = new Object[3 + MAX_UID_RANGES_PER_COMMAND]; argv[0] = "permission"; argv[1] = "user"; argv[2] = "clear"; int argc = 3; // Avoid overly long commands by limiting number of UIDs per command. for (int i = 0; i < uids.length; ++i) { argv[argc++] = uids[i]; if (i == uids.length - 1 || argc == argv.length) { try { mConnector.execute("network", Arrays.copyOf(argv, argc)); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } argc = 3; } try { mNetdService.networkClearPermissionForUser(uids); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2577,9 +2529,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "protect", "allow", uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetProtectAllow(uid); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } Loading @@ -2588,26 +2540,26 @@ public class NetworkManagementService extends INetworkManagementService.Stub mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); try { mConnector.execute("network", "protect", "deny", uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); mNetdService.networkSetProtectDeny(uid); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } } @Override public void addInterfaceToLocalNetwork(String iface, List<RouteInfo> routes) { modifyInterfaceInNetwork("add", "local", iface); modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, INetd.NETID_LOCAL, iface); for (RouteInfo route : routes) { if (!route.isDefaultRoute()) { modifyRoute("add", "local", route); modifyRoute(MODIFY_OPERATION_ADD, INetd.NETID_LOCAL, route); } } } @Override public void removeInterfaceFromLocalNetwork(String iface) { modifyInterfaceInNetwork("remove", "local", iface); modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, INetd.NETID_LOCAL, iface); } @Override Loading @@ -2616,7 +2568,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub for (RouteInfo route : routes) { try { modifyRoute("remove", "local", route); modifyRoute(MODIFY_OPERATION_REMOVE, INetd.NETID_LOCAL, route); } catch (IllegalStateException e) { failures++; } Loading
