Examples with UidRange android.net.UidRange used on opensource projects

Example 21 with UidRange

use of android.net.UidRange in project platform_frameworks_base by android.

the class Vpn method onUserAdded.

public void onUserAdded(int userHandle) {
    // If the user is restricted tie them to the parent user's VPN
    UserInfo user = UserManager.get(mContext).getUserInfo(userHandle);
    if (user.isRestricted() && user.restrictedProfileParentId == mUserHandle) {
        synchronized (Vpn.this) {
            if (mVpnUsers != null) {
                try {
                    addUserToRanges(mVpnUsers, userHandle, mConfig.allowedApplications, mConfig.disallowedApplications);
                    if (mNetworkAgent != null) {
                        final List<UidRange> ranges = uidRangesForUser(userHandle);
                        mNetworkAgent.addUidRanges(ranges.toArray(new UidRange[ranges.size()]));
                    }
                } catch (Exception e) {
                    Log.wtf(TAG, "Failed to add restricted user to owner", e);
                }
            }
            if (mAlwaysOn) {
                setVpnForcedLocked(mLockdown);
            }
        }
    }
}

Example 22 with UidRange

use of android.net.UidRange in project android_frameworks_base by DirtyUnicorns.

the class Vpn method agentConnect.

private void agentConnect() {
    LinkProperties lp = makeLinkProperties();
    if (lp.hasIPv4DefaultRoute() || lp.hasIPv6DefaultRoute()) {
        mNetworkCapabilities.addCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET);
    } else {
        mNetworkCapabilities.removeCapability(NetworkCapabilities.NET_CAPABILITY_INTERNET);
    }
    mNetworkInfo.setDetailedState(DetailedState.CONNECTING, null, null);
    NetworkMisc networkMisc = new NetworkMisc();
    networkMisc.allowBypass = mConfig.allowBypass && !mLockdown;
    long token = Binder.clearCallingIdentity();
    try {
        mNetworkAgent = new NetworkAgent(mLooper, mContext, NETWORKTYPE, mNetworkInfo, mNetworkCapabilities, lp, 0, networkMisc) {

            @Override
            public void unwanted() {
            // We are user controlled, not driven by NetworkRequest.
            }
        };
    } finally {
        Binder.restoreCallingIdentity(token);
    }
    mVpnUsers = createUserAndRestrictedProfilesRanges(mUserHandle, mConfig.allowedApplications, mConfig.disallowedApplications);
    mNetworkAgent.addUidRanges(mVpnUsers.toArray(new UidRange[mVpnUsers.size()]));
    mNetworkInfo.setIsAvailable(true);
    updateState(DetailedState.CONNECTED, "agentConnect");
}

Example 23 with UidRange

use of android.net.UidRange in project android_frameworks_base by AOSPA.

the class NetworkManagementService method closeSocketsForFirewallChainLocked.

private void closeSocketsForFirewallChainLocked(int chain, String chainName) {
    // UID ranges to close sockets on.
    UidRange[] ranges;
    // UID ranges whose sockets we won't touch.
    int[] exemptUids;
    final SparseIntArray rules = getUidFirewallRules(chain);
    int numUids = 0;
    if (getFirewallType(chain) == FIREWALL_TYPE_WHITELIST) {
        // Close all sockets on all non-system UIDs...
        ranges = new UidRange[] { // specify their ranges here.
        new UidRange(Process.FIRST_APPLICATION_UID, Integer.MAX_VALUE) };
        // ... except for the UIDs that have allow rules.
        exemptUids = new int[rules.size()];
        for (int i = 0; i < exemptUids.length; i++) {
            if (rules.valueAt(i) == NetworkPolicyManager.FIREWALL_RULE_ALLOW) {
                exemptUids[numUids] = rules.keyAt(i);
                numUids++;
            }
        }
        // fix setFirewallEnabled to grab mQuotaLock and clear rules.
        if (numUids != exemptUids.length) {
            exemptUids = Arrays.copyOf(exemptUids, numUids);
        }
    } else {
        // Close sockets for every UID that has a deny rule...
        ranges = new UidRange[rules.size()];
        for (int i = 0; i < ranges.length; i++) {
            if (rules.valueAt(i) == NetworkPolicyManager.FIREWALL_RULE_DENY) {
                int uid = rules.keyAt(i);
                ranges[numUids] = new UidRange(uid, uid);
                numUids++;
            }
        }
        // As above; usually numUids == ranges.length, but not always.
        if (numUids != ranges.length) {
            ranges = Arrays.copyOf(ranges, numUids);
        }
        // ... with no exceptions.
        exemptUids = new int[0];
    }
    try {
        mNetdService.socketDestroy(ranges, exemptUids);
    } catch (RemoteException | ServiceSpecificException e) {
        Slog.e(TAG, "Error closing sockets after enabling chain " + chainName + ": " + e);
    }
}

Example 24 with UidRange

use of android.net.UidRange in project android_frameworks_base by AOSPA.

the class Vpn method establish.

/**
     * Establish a VPN network and return the file descriptor of the VPN
     * interface. This methods returns {@code null} if the application is
     * revoked or not prepared.
     *
     * @param config The parameters to configure the network.
     * @return The file descriptor of the VPN interface.
     */
public synchronized ParcelFileDescriptor establish(VpnConfig config) {
    // Check if the caller is already prepared.
    UserManager mgr = UserManager.get(mContext);
    if (Binder.getCallingUid() != mOwnerUID) {
        return null;
    }
    // Check to ensure consent hasn't been revoked since we were prepared.
    if (!isVpnUserPreConsented(mPackage)) {
        return null;
    }
    // Check if the service is properly declared.
    Intent intent = new Intent(VpnConfig.SERVICE_INTERFACE);
    intent.setClassName(mPackage, config.user);
    long token = Binder.clearCallingIdentity();
    try {
        // Restricted users are not allowed to create VPNs, they are tied to Owner
        UserInfo user = mgr.getUserInfo(mUserHandle);
        if (user.isRestricted()) {
            throw new SecurityException("Restricted users cannot establish VPNs");
        }
        ResolveInfo info = AppGlobals.getPackageManager().resolveService(intent, null, 0, mUserHandle);
        if (info == null) {
            throw new SecurityException("Cannot find " + config.user);
        }
        if (!BIND_VPN_SERVICE.equals(info.serviceInfo.permission)) {
            throw new SecurityException(config.user + " does not require " + BIND_VPN_SERVICE);
        }
    } catch (RemoteException e) {
        throw new SecurityException("Cannot find " + config.user);
    } finally {
        Binder.restoreCallingIdentity(token);
    }
    // Save the old config in case we need to go back.
    VpnConfig oldConfig = mConfig;
    String oldInterface = mInterface;
    Connection oldConnection = mConnection;
    NetworkAgent oldNetworkAgent = mNetworkAgent;
    mNetworkAgent = null;
    Set<UidRange> oldUsers = mVpnUsers;
    // Configure the interface. Abort if any of these steps fails.
    ParcelFileDescriptor tun = ParcelFileDescriptor.adoptFd(jniCreate(config.mtu));
    try {
        updateState(DetailedState.CONNECTING, "establish");
        String interfaze = jniGetName(tun.getFd());
        // TEMP use the old jni calls until there is support for netd address setting
        StringBuilder builder = new StringBuilder();
        for (LinkAddress address : config.addresses) {
            builder.append(" " + address);
        }
        if (jniSetAddresses(interfaze, builder.toString()) < 1) {
            throw new IllegalArgumentException("At least one address must be specified");
        }
        Connection connection = new Connection();
        if (!mContext.bindServiceAsUser(intent, connection, Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE, new UserHandle(mUserHandle))) {
            throw new IllegalStateException("Cannot bind " + config.user);
        }
        mConnection = connection;
        mInterface = interfaze;
        // Fill more values.
        config.user = mPackage;
        config.interfaze = mInterface;
        config.startTime = SystemClock.elapsedRealtime();
        mConfig = config;
        // Set up forwarding and DNS rules.
        agentConnect();
        if (oldConnection != null) {
            mContext.unbindService(oldConnection);
        }
        // Remove the old tun's user forwarding rules
        // The new tun's user rules have already been added so they will take over
        // as rules are deleted. This prevents data leakage as the rules are moved over.
        agentDisconnect(oldNetworkAgent);
        if (oldInterface != null && !oldInterface.equals(interfaze)) {
            jniReset(oldInterface);
        }
        try {
            IoUtils.setBlocking(tun.getFileDescriptor(), config.blocking);
        } catch (IOException e) {
            throw new IllegalStateException("Cannot set tunnel's fd as blocking=" + config.blocking, e);
        }
    } catch (RuntimeException e) {
        IoUtils.closeQuietly(tun);
        agentDisconnect();
        // restore old state
        mConfig = oldConfig;
        mConnection = oldConnection;
        mVpnUsers = oldUsers;
        mNetworkAgent = oldNetworkAgent;
        mInterface = oldInterface;
        throw e;
    }
    Log.i(TAG, "Established by " + config.user + " on " + mInterface);
    return tun;
}

Example 25 with UidRange

use of android.net.UidRange in project android_frameworks_base by AOSPA.

the class Vpn method uidRangesForUser.

// Returns the subset of the full list of active UID ranges the VPN applies to (mVpnUsers) that
// apply to userHandle.
private List<UidRange> uidRangesForUser(int userHandle) {
    final UidRange userRange = UidRange.createForUser(userHandle);
    final List<UidRange> ranges = new ArrayList<UidRange>();
    for (UidRange range : mVpnUsers) {
        if (userRange.containsRange(range)) {
            ranges.add(range);
        }
    }
    return ranges;
}