Don't allow seamless handover to networks requiring permissions.
Currently, implicitly-marked sockets continue to work when the
network changes permission. This makes it so that UDP sockets
connected on a foreground network will continue to work even if
the network moves into the background (e.g., when the linger
timer fires on cell data with mobile data always on).
Instead, make it so that sockets implicitly marked to a network
become unroutable when the network starts requiring permissions.
Explicitly-marked sockets will continue to be routed on the
network, as usual.
This is consistent with what we do for TCP: when a network
changes permissions, all implicitly-marked sockets on that
network are closed using SOCK_DESTROY.
This change should not affect any other behaviour because:
- Netd only ever implicitly marks sockets to the default network
or to a bypassable VPN that applies to the caller.
- In both cases, at the time of marking, the network does not
require permissions because:
- VPNs don't support permissions.
- The default network never requires any permissions:
- ConnectivityService's mDefaultRequest specifies
NOT_RESTRICTED.
- The only case where a NOT_RESTRICTED network can require a
permission is if it's a background network, and the default
network is, by definition, never a background network.
- VPNs can't change permissions.
- If the network is still the default network, the lack of this
implicit rule doesn't matter.
Therefore, the only case where this rule can alter routing is if
a socket is implicitly marked on the default network and that
network, after ceasing to be the default, changes permissions.
(cherry picked from commit 6bd4a48ed735c7fc5c1143bf0b2f06b8a2879e61)
Bug: 64103722
Test: builds
Test: manually observed IP rules while changing network permissions
Change-Id: I944df3a97c8062e7c3af00f72e18e693bee0a3a6
1 file changed