From 5779c9c2d9f1f7a28279fe907aebbb43981286fd Mon Sep 17 00:00:00 2001 From: Chia-chi Yeh Date: Thu, 14 Jul 2011 16:19:19 -0700 Subject: [PATCH] VPN: close the socket in protectVpn() to avoid leaking descriptors. Change-Id: Idda0c2ea1770abc490566e894711bcb08f60b354 --- core/java/android/net/IConnectivityManager.aidl | 2 +- .../com/android/server/ConnectivityService.java | 32 ++++++++++++---------- .../java/com/android/server/connectivity/Vpn.java | 14 ++-------- 3 files changed, 21 insertions(+), 27 deletions(-) diff --git a/core/java/android/net/IConnectivityManager.aidl b/core/java/android/net/IConnectivityManager.aidl index d6f564351e0a..d95fc8de70c3 100644 --- a/core/java/android/net/IConnectivityManager.aidl +++ b/core/java/android/net/IConnectivityManager.aidl @@ -100,7 +100,7 @@ interface IConnectivityManager void setDataDependency(int networkType, boolean met); - void protectVpn(in ParcelFileDescriptor socket); + boolean protectVpn(in ParcelFileDescriptor socket); boolean prepareVpn(String oldPackage, String newPackage); diff --git a/services/java/com/android/server/ConnectivityService.java b/services/java/com/android/server/ConnectivityService.java index 85891a2d4276..bf5deb723190 100644 --- a/services/java/com/android/server/ConnectivityService.java +++ b/services/java/com/android/server/ConnectivityService.java @@ -2528,8 +2528,23 @@ public class ConnectivityService extends IConnectivityManager.Stub { * @hide */ @Override - public void protectVpn(ParcelFileDescriptor socket) { - mVpn.protect(socket, getDefaultInterface()); + public boolean protectVpn(ParcelFileDescriptor socket) { + try { + int type = mActiveDefaultNetwork; + if (ConnectivityManager.isNetworkTypeValid(type)) { + mVpn.protect(socket, mNetTrackers[type].getLinkProperties().getInterfaceName()); + return true; + } + } catch (Exception e) { + // ignore + } finally { + try { + socket.close(); + } catch (Exception e) { + // ignore + } + } + return false; } /** @@ -2577,19 +2592,6 @@ public class ConnectivityService extends IConnectivityManager.Stub { return mVpn.getLegacyVpnInfo(); } - private String getDefaultInterface() { - if (ConnectivityManager.isNetworkTypeValid(mActiveDefaultNetwork)) { - NetworkStateTracker tracker = mNetTrackers[mActiveDefaultNetwork]; - if (tracker != null) { - LinkProperties properties = tracker.getLinkProperties(); - if (properties != null) { - return properties.getInterfaceName(); - } - } - } - throw new IllegalStateException("No default interface"); - } - /** * Callback for VPN subsystem. Currently VPN is not adapted to the service * through NetworkStateTracker since it works differently. For example, it diff --git a/services/java/com/android/server/connectivity/Vpn.java b/services/java/com/android/server/connectivity/Vpn.java index 55ba8e27354d..9fb93494d768 100644 --- a/services/java/com/android/server/connectivity/Vpn.java +++ b/services/java/com/android/server/connectivity/Vpn.java @@ -70,22 +70,14 @@ public class Vpn extends INetworkManagementEventObserver.Stub { /** * Protect a socket from routing changes by binding it to the given - * interface. The socket IS closed by this method. + * interface. The socket is NOT closed by this method. * * @param socket The socket to be bound. * @param name The name of the interface. */ public void protect(ParcelFileDescriptor socket, String interfaze) { - try { - mContext.enforceCallingPermission(VPN, "protect"); - jniProtect(socket.getFd(), interfaze); - } finally { - try { - socket.close(); - } catch (Exception e) { - // ignore - } - } + mContext.enforceCallingPermission(VPN, "protect"); + jniProtect(socket.getFd(), interfaze); } /** -- 2.11.0