-
Luke Huang authored
This is a Client-only solution. - Add to NetdClient a per-process std::atomic_boolean similar to netIdForProcess and netIdForResolv. - The boolean says whether the process should be allowed Internet connectivity. - Add an @hide method to NetUtils.java to set the boolean; call it from the initialization code of the new process just after forking from zygote. - Make netdClientSocket and dnsOpenProxy check the boolean. If the boolean is false, return EPERM from socket calls. Bug: 150028556 Test: atest netd_integration_test Test: atest CtsAppSecurityHostTestCases:UseProcessTest Change-Id: Ic697afd284ba250e56bd9492241452762da1577086983208Luke Huang authoredThis is a Client-only solution. - Add to NetdClient a per-process std::atomic_boolean similar to netIdForProcess and netIdForResolv. - The boolean says whether the process should be allowed Internet connectivity. - Add an @hide method to NetUtils.java to set the boolean; call it from the initialization code of the new process just after forking from zygote. - Make netdClientSocket and dnsOpenProxy check the boolean. If the boolean is false, return EPERM from socket calls. Bug: 150028556 Test: atest netd_integration_test Test: atest CtsAppSecurityHostTestCases:UseProcessTest Change-Id: Ic697afd284ba250e56bd9492241452762da15770
Loading