-
Sreeram Ramachandran authored
This lets SYSTEM apps mark a socket with the network that would apply to an arbitrary UID. I.e., either the VPN that applies to that user, or the default network, if there's no such VPN. This command will be used by system apps that proxy stuff for a user, so that they can route the same way that user would have. Examples of such system apps are the DnsProxyListener, MediaServer and DownloadManager. The "explicit" bit is NOT set, so that if the user's VPN is a split tunnel, the route lookup will fall-through to the default network as desired. The "protect" bit is set, so that the socket bypasses any VPN applicable to the system app itself. Note that even if the uid being proxied for is also subject to the same VPN, this still works because the relevant rule doesn't care about the protected bit (see modifyVpnSystemPermissionRule() in RouteController.cpp). Change-Id: I4d501e5214b127f4ae9eaeb7befb1751cd102308
a69d9472
