Don't allow seamless handover to networks requiring permissions.
Currently, implicitly-marked sockets continue to work when the
network changes permission. This makes it so that UDP sockets
connected on a foreground network will continue to work even if
the network moves into the background (e.g., when the linger
timer fires on cell data with mobile data always on).
Instead, make it so that sockets implicitly marked to a network
become unroutable when the network starts requiring permissions.
Explicitly-marked sockets will continue to be routed on the
network, as usual.
This is consistent with what we do for TCP: when a network
changes permissions, all implicitly-marked sockets on that
network are closed using SOCK_DESTROY.
This change should not affect any other behaviour because:
- Netd only ever implicitly marks sockets to the default network
or to a bypassable VPN that applies to the caller.
- In both cases, at the time of marking, the network does not
require permissions because:
- VPNs don't support permissions.
- The default network never requires any permissions:
- ConnectivityService's mDefaultRequest specifies
- The only case where a NOT_RESTRICTED network can require a
permission is if it's a background network, and the default
network is, by definition, never a background network.
- VPNs can't change permissions.
- If the network is still the default network, the lack of this
implicit rule doesn't matter.
Therefore, the only case where this rule can alter routing is if
a socket is implicitly marked on the default network and that
network, after ceasing to be the default, changes permissions.
Test: manually observed IP rules while changing network permissions
(cherry picked from commit 050085a56162dff203979e8c62cb57449f5f7a26)
1 file changed