Merge "VPN: close the socket in protectVpn() to avoid leaking descriptors."

3 files changed, 21 insertions, 27 deletions

diff --git a/core/java/android/net/IConnectivityManager.aidl b/core/java/android/net/IConnectivityManager.aidl
index d6f5643..d95fc8d 100644
--- a/core/java/android/net/IConnectivityManager.aidl
+++ b/core/java/android/net/IConnectivityManager.aidl
@@ -100,7 +100,7 @@ interface IConnectivityManager
 
     void setDataDependency(int networkType, boolean met);
 
-    void protectVpn(in ParcelFileDescriptor socket);
+    boolean protectVpn(in ParcelFileDescriptor socket);
 
     boolean prepareVpn(String oldPackage, String newPackage);
 
diff --git a/services/java/com/android/server/ConnectivityService.java b/services/java/com/android/server/ConnectivityService.java
index 85891a2..bf5deb7 100644
--- a/services/java/com/android/server/ConnectivityService.java
+++ b/services/java/com/android/server/ConnectivityService.java
@@ -2528,8 +2528,23 @@ public class ConnectivityService extends IConnectivityManager.Stub {
      * @hide
      */
     @Override
-    public void protectVpn(ParcelFileDescriptor socket) {
-        mVpn.protect(socket, getDefaultInterface());
+    public boolean protectVpn(ParcelFileDescriptor socket) {
+        try {
+            int type = mActiveDefaultNetwork;
+            if (ConnectivityManager.isNetworkTypeValid(type)) {
+                mVpn.protect(socket, mNetTrackers[type].getLinkProperties().getInterfaceName());
+                return true;
+            }
+        } catch (Exception e) {
+            // ignore
+        } finally {
+            try {
+                socket.close();
+            } catch (Exception e) {
+                // ignore
+            }
+        }
+        return false;
     }
 
     /**
@@ -2577,19 +2592,6 @@ public class ConnectivityService extends IConnectivityManager.Stub {
         return mVpn.getLegacyVpnInfo();
     }
 
-    private String getDefaultInterface() {
-        if (ConnectivityManager.isNetworkTypeValid(mActiveDefaultNetwork)) {
-            NetworkStateTracker tracker = mNetTrackers[mActiveDefaultNetwork];
-            if (tracker != null) {
-                LinkProperties properties = tracker.getLinkProperties();
-                if (properties != null) {
-                    return properties.getInterfaceName();
-                }
-            }
-        }
-        throw new IllegalStateException("No default interface");
-    }
-
     /**
      * Callback for VPN subsystem. Currently VPN is not adapted to the service
      * through NetworkStateTracker since it works differently. For example, it
diff --git a/services/java/com/android/server/connectivity/Vpn.java b/services/java/com/android/server/connectivity/Vpn.java
index 55ba8e2..9fb9349 100644
--- a/services/java/com/android/server/connectivity/Vpn.java
+++ b/services/java/com/android/server/connectivity/Vpn.java
@@ -70,22 +70,14 @@ public class Vpn extends INetworkManagementEventObserver.Stub {
 
     /**
      * Protect a socket from routing changes by binding it to the given
-     * interface. The socket IS closed by this method.
+     * interface. The socket is NOT closed by this method.
      *
      * @param socket The socket to be bound.
      * @param name The name of the interface.
      */
     public void protect(ParcelFileDescriptor socket, String interfaze) {
-        try {
-            mContext.enforceCallingPermission(VPN, "protect");
-            jniProtect(socket.getFd(), interfaze);
-        } finally {
-            try {
-                socket.close();
-            } catch (Exception e) {
-                // ignore
-            }
-        }
+        mContext.enforceCallingPermission(VPN, "protect");
+        jniProtect(socket.getFd(), interfaze);
     }
 
     /**