Don't allow seamless handover to networks requiring permissions.

Currently, implicitly-marked sockets continue to work when the
network changes permission. This makes it so that UDP sockets
connected on a foreground network will continue to work even if
the network moves into the background (e.g., when the linger
timer fires on cell data with mobile data always on).

Instead, make it so that sockets implicitly marked to a network
become unroutable when the network starts requiring permissions.
Explicitly-marked sockets will continue to be routed on the
network, as usual.

This is consistent with what we do for TCP: when a network
changes permissions, all implicitly-marked sockets on that
network are closed using SOCK_DESTROY.

This change should not affect any other behaviour because:

- Netd only ever implicitly marks sockets to the default network
  or to a bypassable VPN that applies to the caller.
- In both cases, at the time of marking, the network does not
  require permissions because:
  - VPNs don't support permissions.
  - The default network never requires any permissions:
    - ConnectivityService's mDefaultRequest specifies
    - The only case where a NOT_RESTRICTED network can require a
      permission is if it's a background network, and the default
      network is, by definition, never a background network.
- VPNs can't change permissions.
- If the network is still the default network, the lack of this
  implicit rule doesn't matter.

Therefore, the only case where this rule can alter routing is if
a socket is implicitly marked on the default network and that
network, after ceasing to be the default, changes permissions.

Bug: 64103722
Test: builds
Test: manually observed IP rules while changing network permissions
Change-Id: I255a9d216c50aa47bb951be9bd6cce59a12c6165
Merged-In: I255a9d216c50aa47bb951be9bd6cce59a12c6165
(cherry picked from commit d688dc8e440a6a5a51151bbc400eb6d00814fcf0)
1 file changed