Move SocketUtils out of the connectivity module
SocketUtils contains system APIs for modules to interact for sockets,
wrapping internal APIs. It should be part of the platform to keep access
to the internal APIs.
This involves splitting NetworkUtils.protectVpn to NetworkUtilsInternal,
since SocketUtils and VpnService are the only users of that method.
The @UnsupportedAppUsage NetworkUtils.protectVpn has low usage
count, and is already available through VpnService.protect.
Bug: 181512874
Test: boots, VPN working
Change-Id: I7028d334975f7536c06afac7a22200c33db707ac
diff --git a/core/jni/android_net_NetUtils.cpp b/core/jni/android_net_NetworkUtils.cpp
similarity index 94%
rename from core/jni/android_net_NetUtils.cpp
rename to core/jni/android_net_NetworkUtils.cpp
index e2af87e..7508108 100644
--- a/core/jni/android_net_NetUtils.cpp
+++ b/core/jni/android_net_NetworkUtils.cpp
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#define LOG_TAG "NetUtils"
+#define LOG_TAG "NetworkUtils"
#include <vector>
@@ -123,15 +123,6 @@
return setNetworkForSocket(netId, AFileDescriptor_getFD(env, javaFd));
}
-static jboolean android_net_utils_protectFromVpn(JNIEnv *env, jobject thiz, jint socket)
-{
- return (jboolean) !protectFromVpn(socket);
-}
-
-static jboolean android_net_utils_protectFromVpnWithFd(JNIEnv *env, jobject thiz, jobject javaFd) {
- return android_net_utils_protectFromVpn(env, thiz, AFileDescriptor_getFD(env, javaFd));
-}
-
static jboolean android_net_utils_queryUserAccess(JNIEnv *env, jobject thiz, jint uid, jint netId)
{
return (jboolean) !queryUserAccess(uid, netId);
@@ -276,8 +267,6 @@
{ "getBoundNetworkForProcess", "()I", (void*) android_net_utils_getBoundNetworkForProcess },
{ "bindProcessToNetworkForHostResolution", "(I)Z", (void*) android_net_utils_bindProcessToNetworkForHostResolution },
{ "bindSocketToNetwork", "(Ljava/io/FileDescriptor;I)I", (void*) android_net_utils_bindSocketToNetwork },
- { "protectFromVpn", "(I)Z", (void*) android_net_utils_protectFromVpn },
- { "protectFromVpn", "(Ljava/io/FileDescriptor;)Z", (void*) android_net_utils_protectFromVpnWithFd },
{ "queryUserAccess", "(II)Z", (void*)android_net_utils_queryUserAccess },
{ "attachDropAllBPFFilter", "(Ljava/io/FileDescriptor;)V", (void*) android_net_utils_attachDropAllBPFFilter },
{ "detachBPFFilter", "(Ljava/io/FileDescriptor;)V", (void*) android_net_utils_detachBPFFilter },
diff --git a/framework/api/system-current.txt b/framework/api/system-current.txt
index 41ebc57..b541e52 100644
--- a/framework/api/system-current.txt
+++ b/framework/api/system-current.txt
@@ -392,16 +392,3 @@
}
-package android.net.util {
-
- public final class SocketUtils {
- method public static void bindSocketToInterface(@NonNull java.io.FileDescriptor, @NonNull String) throws android.system.ErrnoException;
- method public static void closeSocket(@Nullable java.io.FileDescriptor) throws java.io.IOException;
- method @NonNull public static java.net.SocketAddress makeNetlinkSocketAddress(int, int);
- method @NonNull public static java.net.SocketAddress makePacketSocketAddress(int, int);
- method @Deprecated @NonNull public static java.net.SocketAddress makePacketSocketAddress(int, @NonNull byte[]);
- method @NonNull public static java.net.SocketAddress makePacketSocketAddress(int, int, @NonNull byte[]);
- }
-
-}
-
diff --git a/framework/src/android/net/NetworkUtils.java b/framework/src/android/net/NetworkUtils.java
index b5e8a61..9e42bbe 100644
--- a/framework/src/android/net/NetworkUtils.java
+++ b/framework/src/android/net/NetworkUtils.java
@@ -87,22 +87,6 @@
public static native int bindSocketToNetwork(FileDescriptor fd, int netId);
/**
- * Protect {@code fd} from VPN connections. After protecting, data sent through
- * this socket will go directly to the underlying network, so its traffic will not be
- * forwarded through the VPN.
- */
- @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553,
- publicAlternatives = "Use {@link android.net.VpnService#protect} instead.")
- public static native boolean protectFromVpn(FileDescriptor fd);
-
- /**
- * Protect {@code socketfd} from VPN connections. After protecting, data sent through
- * this socket will go directly to the underlying network, so its traffic will not be
- * forwarded through the VPN.
- */
- public native static boolean protectFromVpn(int socketfd);
-
- /**
* Determine if {@code uid} can access network designated by {@code netId}.
* @return {@code true} if {@code uid} can access network, {@code false} otherwise.
*/
diff --git a/framework/src/android/net/util/SocketUtils.java b/framework/src/android/net/util/SocketUtils.java
deleted file mode 100644
index e64060f..0000000
--- a/framework/src/android/net/util/SocketUtils.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.net.util;
-
-import static android.system.OsConstants.SOL_SOCKET;
-import static android.system.OsConstants.SO_BINDTODEVICE;
-
-import android.annotation.NonNull;
-import android.annotation.Nullable;
-import android.annotation.SystemApi;
-import android.net.NetworkUtils;
-import android.system.ErrnoException;
-import android.system.NetlinkSocketAddress;
-import android.system.Os;
-import android.system.PacketSocketAddress;
-
-import libcore.io.IoBridge;
-
-import java.io.FileDescriptor;
-import java.io.IOException;
-import java.net.SocketAddress;
-
-/**
- * Collection of utilities to interact with raw sockets.
- * @hide
- */
-@SystemApi
-public final class SocketUtils {
- /**
- * Create a raw datagram socket that is bound to an interface.
- *
- * <p>Data sent through the socket will go directly to the underlying network, ignoring VPNs.
- */
- public static void bindSocketToInterface(@NonNull FileDescriptor socket, @NonNull String iface)
- throws ErrnoException {
- // SO_BINDTODEVICE actually takes a string. This works because the first member
- // of struct ifreq is a NULL-terminated interface name.
- // TODO: add a setsockoptString()
- Os.setsockoptIfreq(socket, SOL_SOCKET, SO_BINDTODEVICE, iface);
- NetworkUtils.protectFromVpn(socket);
- }
-
- /**
- * Make a socket address to communicate with netlink.
- */
- @NonNull
- public static SocketAddress makeNetlinkSocketAddress(int portId, int groupsMask) {
- return new NetlinkSocketAddress(portId, groupsMask);
- }
-
- /**
- * Make socket address that packet sockets can bind to.
- *
- * @param protocol the layer 2 protocol of the packets to receive. One of the {@code ETH_P_*}
- * constants in {@link android.system.OsConstants}.
- * @param ifIndex the interface index on which packets will be received.
- */
- @NonNull
- public static SocketAddress makePacketSocketAddress(int protocol, int ifIndex) {
- return new PacketSocketAddress(
- protocol /* sll_protocol */,
- ifIndex /* sll_ifindex */,
- null /* sll_addr */);
- }
-
- /**
- * Make a socket address that packet socket can send packets to.
- * @deprecated Use {@link #makePacketSocketAddress(int, int, byte[])} instead.
- *
- * @param ifIndex the interface index on which packets will be sent.
- * @param hwAddr the hardware address to which packets will be sent.
- */
- @Deprecated
- @NonNull
- public static SocketAddress makePacketSocketAddress(int ifIndex, @NonNull byte[] hwAddr) {
- return new PacketSocketAddress(
- 0 /* sll_protocol */,
- ifIndex /* sll_ifindex */,
- hwAddr /* sll_addr */);
- }
-
- /**
- * Make a socket address that a packet socket can send packets to.
- *
- * @param protocol the layer 2 protocol of the packets to send. One of the {@code ETH_P_*}
- * constants in {@link android.system.OsConstants}.
- * @param ifIndex the interface index on which packets will be sent.
- * @param hwAddr the hardware address to which packets will be sent.
- */
- @NonNull
- public static SocketAddress makePacketSocketAddress(int protocol, int ifIndex,
- @NonNull byte[] hwAddr) {
- return new PacketSocketAddress(
- protocol /* sll_protocol */,
- ifIndex /* sll_ifindex */,
- hwAddr /* sll_addr */);
- }
-
- /**
- * @see IoBridge#closeAndSignalBlockedThreads(FileDescriptor)
- */
- public static void closeSocket(@Nullable FileDescriptor fd) throws IOException {
- IoBridge.closeAndSignalBlockedThreads(fd);
- }
-
- private SocketUtils() {}
-}