Add in sandbox UIDs when configuring VPN.

SDK sandboxes that belong to an application should follow the same VPN configuration that their corresponding app does. Bug: 225317905 Test: atest VpnTest Change-Id: I634f47a013fa2e42908d963fcd0634778298fee5
author: Martijn Coenen <maco@google.com> 2022-04-20 07:37:59 +0000
committer: Martijn Coenen <maco@google.com> 2022-04-22 13:45:56 +0000
commit: 55c261ade61ba6879e007c57b734e69972b8ecfc (patch)
tree: 36d65279403393a70e4031b400a1f56a3436c050
parent: 54a348cf8400790bc28d2b3a6f213260367a5bd8 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index d9db28a9aa78..054838ad0fb5 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -1533,11 +1533,17 @@ public class Vpn {
     }
 
     // Note: Return type guarantees results are deduped and sorted, which callers require.
+    // This method also adds the SDK sandbox UIDs corresponding to the applications by default,
+    // since apps are generally not aware of them, yet they should follow the VPN configuration
+    // of the app they belong to.
     private SortedSet<Integer> getAppsUids(List<String> packageNames, int userId) {
         SortedSet<Integer> uids = new TreeSet<>();
         for (String app : packageNames) {
             int uid = getAppUid(app, userId);
             if (uid != -1) uids.add(uid);
+            if (Process.isApplicationUid(uid)) {
+                uids.add(Process.toSdkSandboxUid(uid));
+            }
         }
         return uids;
     }
author	Martijn Coenen <maco@google.com>	2022-04-20 07:37:59 +0000
committer	Martijn Coenen <maco@google.com>	2022-04-22 13:45:56 +0000
commit	55c261ade61ba6879e007c57b734e69972b8ecfc (patch)
tree	36d65279403393a70e4031b400a1f56a3436c050
parent	54a348cf8400790bc28d2b3a6f213260367a5bd8 (diff)