Google Git
Sign in
android / platform / system / netd / 4fafa6f6918cd8004357acd33ebe66523fc9f9fb
commit4fafa6f6918cd8004357acd33ebe66523fc9f9fb[log] [tgz]
authorPatrick Rohr <prohr@google.com>Tue Apr 23 11:36:21 2024 -0700
committerPatrick Rohr <prohr@google.com>Wed Apr 24 10:01:35 2024 -0700
tree5de8dbfaead419456f0a1d7393d16ebf4fabc513
parent418de29604ba353365f8108f13ca4afe4310ff94 [diff]
Support allowing a UID to bypass VPNs only on a specific network

Until now, allowProtect() protected the UID from a VPN no matter the
network. In this scenario, in order to support CCT for CaptivePortal,
Chrome would have to be granted the ability to protect itself from VPN
no matter the network it is currently using.

This change adds a netId to mProtectableUsers, so allowProtect() can
either apply globally (using NETID_UNSET), a specific network, or both.
UIDs that can protect their sockets on specific networks cannot protect
their sockets from VPNs in general. They can only bypass VPNs when
explicitly binding sockets to the specified network.

Test: TH
Change-Id: Ide7c3e76f28ce89a45673667c05b46f1e61d3f74
4 files changed
tree: 5de8dbfaead419456f0a1d7393d16ebf4fabc513
  1. client/
  2. include/
  3. netutils_wrappers/
  4. server/
  5. tests/
  6. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  7. .editorconfig
  8. Android.bp
  9. NOTICE
  10. OWNERS
  11. PREUPLOAD.cfg
  12. TEST_MAPPING