Revert "Replace the usage of UidRange"

Revert "Add shims for NetworkRequest" Revert submission 1626206-replaceUidRange Reason for revert: Breaking build - b/183106405 Reverted Changes: I0b79c73e8:Add shims for NetworkRequest I4bc0daf5a:Replace the usage of UidRange I4e5aec6ef:Replace the usage of UidRange I107c329d4:Expose uids related APIs in NetworkRequest and Net... Change-Id: I6290429db1c8e787f8138b55b98fd92a74ac6402
author: Anthony Stange <stange@google.com> 2021-03-18 16:30:59 +0000
committer: Anthony Stange <stange@google.com> 2021-03-18 16:30:59 +0000
commit: 5b7aad6995711879823b6a035792b13c5cc06f59 (patch)
tree: 43a688e36ca1575318feb23150af3b93b34f7cbc /services
parent: 24c33f7c4b2a8c11899d3e584b7b0787f01256af (diff)
2 files changed, 47 insertions, 55 deletions
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index e2aa6e76efa6..d99da057c34d 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -1343,7 +1343,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
         netCap.addCapability(NET_CAPABILITY_INTERNET);
         netCap.addCapability(NET_CAPABILITY_NOT_VCN_MANAGED);
         netCap.removeCapability(NET_CAPABILITY_NOT_VPN);
-        netCap.setUids(UidRange.toIntRanges(Collections.singleton(uids)));
+        netCap.setUids(Collections.singleton(uids));
         return netCap;
     }
 
@@ -2903,7 +2903,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
             if (0 == defaultRequest.mRequests.size()) {
                 pw.println("none, this should never occur.");
             } else {
-                pw.println(defaultRequest.mRequests.get(0).networkCapabilities.getUidRanges());
+                pw.println(defaultRequest.mRequests.get(0).networkCapabilities.getUids());
             }
             pw.decreaseIndent();
             pw.decreaseIndent();
@@ -5320,8 +5320,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
         private Set<UidRange> getUids() {
             // networkCapabilities.getUids() returns a defensive copy.
             // multilayer requests will all have the same uids so return the first one.
-            final Set<UidRange> uids = mRequests.get(0).networkCapabilities.getUidRanges();
-            return (null == uids) ? new ArraySet<>() : uids;
+            final Set<UidRange> uids = null == mRequests.get(0).networkCapabilities.getUids()
+                    ? new ArraySet<>() : mRequests.get(0).networkCapabilities.getUids();
+            return uids;
         }
 
         NetworkRequestInfo(@NonNull final NetworkRequest r, @Nullable final PendingIntent pi,
@@ -6127,7 +6128,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
         for (final NetworkRequestInfo nri : mDefaultNetworkRequests) {
             // Currently, all network requests will have the same uids therefore checking the first
             // one is sufficient. If/when uids are tracked at the nri level, this can change.
-            final Set<UidRange> uids = nri.mRequests.get(0).networkCapabilities.getUidRanges();
+            final Set<UidRange> uids = nri.mRequests.get(0).networkCapabilities.getUids();
             if (null == uids) {
                 continue;
             }
@@ -6568,7 +6569,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
             return;
         }
 
-        final Set<UidRange> ranges = nai.networkCapabilities.getUidRanges();
+        final Set<UidRange> ranges = nai.networkCapabilities.getUids();
         final int vpnAppUid = nai.networkCapabilities.getOwnerUid();
         // TODO: this create a window of opportunity for apps to receive traffic between the time
         // when the old rules are removed and the time when new rules are added. To fix this,
@@ -6933,8 +6934,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
 
     private void updateUids(NetworkAgentInfo nai, NetworkCapabilities prevNc,
             NetworkCapabilities newNc) {
-        Set<UidRange> prevRanges = null == prevNc ? null : prevNc.getUidRanges();
-        Set<UidRange> newRanges = null == newNc ? null : newNc.getUidRanges();
+        Set<UidRange> prevRanges = null == prevNc ? null : prevNc.getUids();
+        Set<UidRange> newRanges = null == newNc ? null : newNc.getUids();
         if (null == prevRanges) prevRanges = new ArraySet<>();
         if (null == newRanges) newRanges = new ArraySet<>();
         final Set<UidRange> prevRangesCopy = new ArraySet<>(prevRanges);
@@ -9265,7 +9266,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
             final ArrayList<NetworkRequest> nrs = new ArrayList<>();
             nrs.add(createNetworkRequest(NetworkRequest.Type.REQUEST, pref.capabilities));
             nrs.add(createDefaultRequest());
-            setNetworkRequestUids(nrs, UidRange.fromIntRanges(pref.capabilities.getUids()));
+            setNetworkRequestUids(nrs, pref.capabilities.getUids());
             final NetworkRequestInfo nri = new NetworkRequestInfo(nrs);
             result.add(nri);
         }
@@ -9481,8 +9482,9 @@ public class ConnectivityService extends IConnectivityManager.Stub
 
     private static void setNetworkRequestUids(@NonNull final List<NetworkRequest> requests,
             @NonNull final Set<UidRange> uids) {
+        final Set<UidRange> ranges = new ArraySet<>(uids);
         for (final NetworkRequest req : requests) {
-            req.networkCapabilities.setUids(UidRange.toIntRanges(uids));
+            req.networkCapabilities.setUids(ranges);
         }
     }
 
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index 8d09d784147d..124c3741ad57 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -19,7 +19,6 @@ package com.android.server.connectivity;
 import static android.Manifest.permission.BIND_VPN_SERVICE;
 import static android.net.ConnectivityManager.NETID_UNSET;
 import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_METERED;
-import static android.os.UserHandle.PER_USER_RANGE;
 import static android.net.RouteInfo.RTN_THROW;
 import static android.net.RouteInfo.RTN_UNREACHABLE;
 import static android.net.VpnManager.NOTIFICATION_CHANNEL_VPN;
@@ -70,6 +69,7 @@ import android.net.NetworkInfo.DetailedState;
 import android.net.NetworkProvider;
 import android.net.NetworkRequest;
 import android.net.RouteInfo;
+import android.net.UidRange;
 import android.net.UidRangeParcel;
 import android.net.UnderlyingNetworkInfo;
 import android.net.VpnManager;
@@ -1346,7 +1346,7 @@ public class Vpn {
         String oldInterface = mInterface;
         Connection oldConnection = mConnection;
         NetworkAgent oldNetworkAgent = mNetworkAgent;
-        Set<Range<Integer>> oldUsers = mNetworkCapabilities.getUids();
+        Set<UidRange> oldUsers = mNetworkCapabilities.getUids();
 
         // Configure the interface. Abort if any of these steps fails.
         ParcelFileDescriptor tun = ParcelFileDescriptor.adoptFd(jniCreate(config.mtu));
@@ -1452,7 +1452,7 @@ public class Vpn {
     }
 
     /**
-     * Creates a {@link Set} of non-intersecting {@code Range<Integer>} objects including all UIDs
+     * Creates a {@link Set} of non-intersecting {@link UidRange} objects including all UIDs
      * associated with one user, and any restricted profiles attached to that user.
      *
      * <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
@@ -1465,10 +1465,10 @@ public class Vpn {
      * @param disallowedApplications (optional) List of applications to deny.
      */
     @VisibleForTesting
-    Set<Range<Integer>> createUserAndRestrictedProfilesRanges(@UserIdInt int userId,
+    Set<UidRange> createUserAndRestrictedProfilesRanges(@UserIdInt int userId,
             @Nullable List<String> allowedApplications,
             @Nullable List<String> disallowedApplications) {
-        final Set<Range<Integer>> ranges = new ArraySet<>();
+        final Set<UidRange> ranges = new ArraySet<>();
 
         // Assign the top-level user to the set of ranges
         addUserToRanges(ranges, userId, allowedApplications, disallowedApplications);
@@ -1492,20 +1492,20 @@ public class Vpn {
     }
 
     /**
-     * Updates a {@link Set} of non-intersecting {@code Range<Integer>} objects to include all UIDs
+     * Updates a {@link Set} of non-intersecting {@link UidRange} objects to include all UIDs
      * associated with one user.
      *
      * <p>If one of {@param allowedApplications} or {@param disallowedApplications} is provided,
      * the UID ranges will match the app allowlist or denylist specified there. Otherwise, all UIDs
      * in the user will be included.
      *
-     * @param ranges {@link Set} of {@code Range<Integer>}s to which to add.
+     * @param ranges {@link Set} of {@link UidRange}s to which to add.
      * @param userId The userId to add to {@param ranges}.
      * @param allowedApplications (optional) allowlist of applications to include.
      * @param disallowedApplications (optional) denylist of applications to exclude.
      */
     @VisibleForTesting
-    void addUserToRanges(@NonNull Set<Range<Integer>> ranges, @UserIdInt int userId,
+    void addUserToRanges(@NonNull Set<UidRange> ranges, @UserIdInt int userId,
             @Nullable List<String> allowedApplications,
             @Nullable List<String> disallowedApplications) {
         if (allowedApplications != null) {
@@ -1515,41 +1515,40 @@ public class Vpn {
                 if (start == -1) {
                     start = uid;
                 } else if (uid != stop + 1) {
-                    ranges.add(new Range<Integer>(start, stop));
+                    ranges.add(new UidRange(start, stop));
                     start = uid;
                 }
                 stop = uid;
             }
-            if (start != -1) ranges.add(new Range<Integer>(start, stop));
+            if (start != -1) ranges.add(new UidRange(start, stop));
         } else if (disallowedApplications != null) {
             // Add all ranges for user skipping UIDs for disallowedApplications.
-            final Range<Integer> userRange = createUidRangeForUser(userId);
-            int start = userRange.getLower();
+            final UidRange userRange = UidRange.createForUser(UserHandle.of(userId));
+            int start = userRange.start;
             for (int uid : getAppsUids(disallowedApplications, userId)) {
                 if (uid == start) {
                     start++;
                 } else {
-                    ranges.add(new Range<Integer>(start, uid - 1));
+                    ranges.add(new UidRange(start, uid - 1));
                     start = uid + 1;
                 }
             }
-            if (start <= userRange.getUpper()) {
-                ranges.add(new Range<Integer>(start, userRange.getUpper()));
-            }
+            if (start <= userRange.stop) ranges.add(new UidRange(start, userRange.stop));
         } else {
             // Add all UIDs for the user.
-            ranges.add(createUidRangeForUser(userId));
+            ranges.add(UidRange.createForUser(UserHandle.of(userId)));
         }
     }
 
     // Returns the subset of the full list of active UID ranges the VPN applies to (mVpnUsers) that
     // apply to userId.
-    private static List<Range<Integer>> uidRangesForUser(int userId,
-            Set<Range<Integer>> existingRanges) {
-        final Range<Integer> userRange = createUidRangeForUser(userId);
-        final List<Range<Integer>> ranges = new ArrayList<>();
-        for (Range<Integer> range : existingRanges) {
-            if (userRange.contains(range)) {
+    private static List<UidRange> uidRangesForUser(int userId, Set<UidRange> existingRanges) {
+        // UidRange#createForUser returns the entire range of UIDs available to a macro-user.
+        // This is something like 0-99999 ; {@see UserHandle#PER_USER_RANGE}
+        final UidRange userRange = UidRange.createForUser(UserHandle.of(userId));
+        final List<UidRange> ranges = new ArrayList<>();
+        for (UidRange range : existingRanges) {
+            if (userRange.containsRange(range)) {
                 ranges.add(range);
             }
         }
@@ -1566,7 +1565,7 @@ public class Vpn {
         UserInfo user = mUserManager.getUserInfo(userId);
         if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {
             synchronized(Vpn.this) {
-                final Set<Range<Integer>> existingRanges = mNetworkCapabilities.getUids();
+                final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
                 if (existingRanges != null) {
                     try {
                         addUserToRanges(existingRanges, userId, mConfig.allowedApplications,
@@ -1594,10 +1593,10 @@ public class Vpn {
         UserInfo user = mUserManager.getUserInfo(userId);
         if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {
             synchronized(Vpn.this) {
-                final Set<Range<Integer>> existingRanges = mNetworkCapabilities.getUids();
+                final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
                 if (existingRanges != null) {
                     try {
-                        final List<Range<Integer>> removedRanges =
+                        final List<UidRange> removedRanges =
                                 uidRangesForUser(userId, existingRanges);
                         existingRanges.removeAll(removedRanges);
                         mNetworkCapabilities.setUids(existingRanges);
@@ -1658,7 +1657,7 @@ public class Vpn {
         final Set<UidRangeParcel> rangesToRemove = new ArraySet<>(mBlockedUidsAsToldToConnectivity);
         final Set<UidRangeParcel> rangesToAdd;
         if (enforce) {
-            final Set<Range<Integer>> restrictedProfilesRanges =
+            final Set<UidRange> restrictedProfilesRanges =
                     createUserAndRestrictedProfilesRanges(mUserId,
                     /* allowedApplications */ null,
                     /* disallowedApplications */ exemptedPackages);
@@ -1667,12 +1666,11 @@ public class Vpn {
             // The UID range of the first user (0-99999) would block the IPSec traffic, which comes
             // directly from the kernel and is marked as uid=0. So we adjust the range to allow
             // it through (b/69873852).
-            for (Range<Integer> range : restrictedProfilesRanges) {
-                if (range.getLower() == 0 && range.getUpper() != 0) {
-                    rangesThatShouldBeBlocked.add(new UidRangeParcel(1, range.getUpper()));
-                } else if (range.getLower() != 0) {
-                    rangesThatShouldBeBlocked.add(
-                            new UidRangeParcel(range.getLower(), range.getUpper()));
+            for (UidRange range : restrictedProfilesRanges) {
+                if (range.start == 0 && range.stop != 0) {
+                    rangesThatShouldBeBlocked.add(new UidRangeParcel(1, range.stop));
+                } else if (range.start != 0) {
+                    rangesThatShouldBeBlocked.add(new UidRangeParcel(range.start, range.stop));
                 }
             }
 
@@ -1694,12 +1692,12 @@ public class Vpn {
     }
 
     /**
-     * Tell ConnectivityService to add or remove a list of {@link UidRangeParcel}s to the list of
-     * UIDs that are only allowed to make connections through sockets that have had
-     * {@code protect()} called on them.
+     * Tell ConnectivityService to add or remove a list of {@link UidRange}s to the list of UIDs
+     * that are only allowed to make connections through sockets that have had {@code protect()}
+     * called on them.
      *
      * @param enforce {@code true} to add to the denylist, {@code false} to remove.
-     * @param ranges {@link Collection} of {@link UidRangeParcel}s to add (if {@param enforce} is
+     * @param ranges {@link Collection} of {@link UidRange}s to add (if {@param enforce} is
      *               {@code true}) or to remove.
      * @return {@code true} if all of the UIDs were added/removed. {@code false} otherwise,
      *         including added ranges that already existed or removed ones that didn't.
@@ -3340,12 +3338,4 @@ public class Vpn {
                     firstChildSessionCallback);
         }
     }
-
-    /**
-     * Returns the entire range of UIDs available to a macro-user. This is something like 0-99999.
-     */
-    @VisibleForTesting
-    static Range<Integer> createUidRangeForUser(int userId) {
-        return new Range<Integer>(userId * PER_USER_RANGE, (userId + 1) * PER_USER_RANGE - 1);
-    }
 }
author	Anthony Stange <stange@google.com>	2021-03-18 16:30:59 +0000
committer	Anthony Stange <stange@google.com>	2021-03-18 16:30:59 +0000
commit	5b7aad6995711879823b6a035792b13c5cc06f59 (patch)
tree	43a688e36ca1575318feb23150af3b93b34f7cbc /services
parent	24c33f7c4b2a8c11899d3e584b7b0787f01256af (diff)