Document valid port range.
Switch the port parameters to long, since Java int can't hold the
largest u32 value.
Throw an exception if out of range values are passed.
Also enforce the >= 1024 restriction in VS, just in case we start
using privileged vsock ports for something.
Use a port number > 2^31 in one of our tests just to make sure it
works.
BYPASS_INCLUSIVE_LANGUAGE_REASON='man' used to refer to the manual command.
Bug: 261037705
Test: atest MicrodroidTests
Change-Id: Icf22d9c2e746f300b184e66469fb6b62c574b6ff
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 072afec..186052d 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs
@@ -973,13 +973,16 @@
if !matches!(&*self.instance.vm_state.lock().unwrap(), VmState::Running { .. }) {
return Err(Status::new_service_specific_error_str(-1, Some("VM is not running")));
}
- let stream =
- VsockStream::connect_with_cid_port(self.instance.cid, port as u32).map_err(|e| {
- Status::new_service_specific_error_str(
- -1,
- Some(format!("Failed to connect: {:?}", e)),
- )
- })?;
+ let port = port as u32;
+ if port < 1024 {
+ return Err(Status::new_service_specific_error_str(
+ -1,
+ Some(format!("Can't connect to privileged port {port}")),
+ ));
+ }
+ let stream = VsockStream::connect_with_cid_port(self.instance.cid, port).map_err(|e| {
+ Status::new_service_specific_error_str(-1, Some(format!("Failed to connect: {:?}", e)))
+ })?;
Ok(vsock_stream_to_pfd(stream))
}
}