Merge "Update language to comply with Android’s inclusive language guidance."

    /**

     * Control network activity of a UID over interfaces with a quota limit.

     */

    void setUidMeteredNetworkBlacklist(int uid, boolean enable);

    void setUidMeteredNetworkWhitelist(int uid, boolean enable);

    void setUidMeteredNetworkDenylist(int uid, boolean enable);

    void setUidMeteredNetworkAllowlist(int uid, boolean enable);

    boolean setDataSaverModeEnabled(boolean enable);

    void setUidCleartextNetworkPolicy(int uid, int policy);

    /** Set of interfaces with active alerts. */

    @GuardedBy("mQuotaLock")

    private HashMap<String, Long> mActiveAlerts = Maps.newHashMap();

    /** Set of UIDs blacklisted on metered networks. */

    /** Set of UIDs denylisted on metered networks. */

    @GuardedBy("mRulesLock")

    private SparseBooleanArray mUidRejectOnMetered = new SparseBooleanArray();

    /** Set of UIDs whitelisted on metered networks. */

    /** Set of UIDs allowlisted on metered networks. */

    @GuardedBy("mRulesLock")

    private SparseBooleanArray mUidAllowOnMetered = new SparseBooleanArray();

    /** Set of UIDs with cleartext penalties. */

            synchronized (mRulesLock) {

                size = mUidRejectOnMetered.size();

                if (size > 0) {

                    if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered blacklist rules");

                    if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered denylist rules");

                    uidRejectOnQuota = mUidRejectOnMetered;

                    mUidRejectOnMetered = new SparseBooleanArray();

                }

                size = mUidAllowOnMetered.size();

                if (size > 0) {

                    if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered whitelist rules");

                    if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered allowlist rules");

                    uidAcceptOnQuota = mUidAllowOnMetered;

                    mUidAllowOnMetered = new SparseBooleanArray();

                }

            }

            if (uidRejectOnQuota != null) {

                for (int i = 0; i < uidRejectOnQuota.size(); i++) {

                    setUidMeteredNetworkBlacklist(uidRejectOnQuota.keyAt(i),

                    setUidMeteredNetworkDenylist(uidRejectOnQuota.keyAt(i),

                            uidRejectOnQuota.valueAt(i));

                }

            }

            if (uidAcceptOnQuota != null) {

                for (int i = 0; i < uidAcceptOnQuota.size(); i++) {

                    setUidMeteredNetworkWhitelist(uidAcceptOnQuota.keyAt(i),

                    setUidMeteredNetworkAllowlist(uidAcceptOnQuota.keyAt(i),

                            uidAcceptOnQuota.valueAt(i));

                }

            }

        }

    }

    private void setUidOnMeteredNetworkList(int uid, boolean blacklist, boolean enable) {

    private void setUidOnMeteredNetworkList(int uid, boolean denylist, boolean enable) {

        NetworkStack.checkNetworkStackPermission(mContext);

        synchronized (mQuotaLock) {

            boolean oldEnable;

            SparseBooleanArray quotaList;

            synchronized (mRulesLock) {

                quotaList = blacklist ? mUidRejectOnMetered : mUidAllowOnMetered;

                quotaList = denylist ? mUidRejectOnMetered : mUidAllowOnMetered;

                oldEnable = quotaList.get(uid, false);

            }

            if (oldEnable == enable) {

            Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "inetd bandwidth");

            try {

                if (blacklist) {

                if (denylist) {

                    if (enable) {

                        mNetdService.bandwidthAddNaughtyApp(uid);

                    } else {

    }

    @Override

    public void setUidMeteredNetworkBlacklist(int uid, boolean enable) {

    public void setUidMeteredNetworkDenylist(int uid, boolean enable) {

        setUidOnMeteredNetworkList(uid, true, enable);

    }

    @Override

    public void setUidMeteredNetworkWhitelist(int uid, boolean enable) {

    public void setUidMeteredNetworkAllowlist(int uid, boolean enable) {

        setUidOnMeteredNetworkList(uid, false, enable);

    }

                    }

                }

            }

            // Normally, whitelist chains only contain deny rules, so numUids == exemptUids.length.

            // Normally, allowlist chains only contain deny rules, so numUids == exemptUids.length.

            // But the code does not guarantee this in any way, and at least in one case - if we add

            // a UID rule to the firewall, and then disable the firewall - the chains can contain

            // the wrong type of rule. In this case, don't close connections that we shouldn't.

            // Close any sockets that were opened by the affected UIDs. This has to be done after

            // disabling network connectivity, in case they react to the socket close by reopening

            // the connection and race with the iptables commands that enable the firewall. All

            // whitelist and blacklist chains allow RSTs through.

            // allowlist and denylist chains allow RSTs through.

            if (enable) {

                closeSocketsForFirewallChainLocked(chain, chainName);

            }

            } else {

                ruleName = "deny";

            }

        } else { // Blacklist mode

        } else { // Denylist mode

            if (rule == FIREWALL_RULE_DENY) {

                ruleName = "deny";

            } else {

            pw.print("Active alert ifaces: "); pw.println(mActiveAlerts.toString());

            pw.print("Data saver mode: "); pw.println(mDataSaverMode);

            synchronized (mRulesLock) {

                dumpUidRuleOnQuotaLocked(pw, "blacklist", mUidRejectOnMetered);

                dumpUidRuleOnQuotaLocked(pw, "whitelist", mUidAllowOnMetered);

                dumpUidRuleOnQuotaLocked(pw, "denylist", mUidRejectOnMetered);

                dumpUidRuleOnQuotaLocked(pw, "allowlist", mUidAllowOnMetered);

            }

        }

            }

        }

        void setUidOnMeteredNetworkList(boolean blacklist, int uid, boolean enable) {

        void setUidOnMeteredNetworkList(boolean denylist, int uid, boolean enable) {

            synchronized (mRulesLock) {

                if (blacklist) {

                if (denylist) {

                    mUidRejectOnMetered.put(uid, enable);

                } else {

                    mUidAllowOnMetered.put(uid, enable);

    static final int NTWK_BLOCKED_POWER = 0;

    static final int NTWK_ALLOWED_NON_METERED = 1;

    static final int NTWK_BLOCKED_BLACKLIST = 2;

    static final int NTWK_ALLOWED_WHITELIST = 3;

    static final int NTWK_ALLOWED_TMP_WHITELIST = 4;

    static final int NTWK_BLOCKED_DENYLIST = 2;

    static final int NTWK_ALLOWED_ALLOWLIST = 3;

    static final int NTWK_ALLOWED_TMP_ALLOWLIST = 4;

    static final int NTWK_BLOCKED_BG_RESTRICT = 5;

    static final int NTWK_ALLOWED_DEFAULT = 6;

    static final int NTWK_ALLOWED_SYSTEM = 7;

                return "blocked by power restrictions";

            case NTWK_ALLOWED_NON_METERED:

                return "allowed on unmetered network";

            case NTWK_BLOCKED_BLACKLIST:

                return "blacklisted on metered network";

            case NTWK_ALLOWED_WHITELIST:

                return "whitelisted on metered network";

            case NTWK_ALLOWED_TMP_WHITELIST:

                return "temporary whitelisted on metered network";

            case NTWK_BLOCKED_DENYLIST:

                return "denylisted on metered network";

            case NTWK_ALLOWED_ALLOWLIST:

                return "allowlisted on metered network";

            case NTWK_ALLOWED_TMP_ALLOWLIST:

                return "temporary allowlisted on metered network";

            case NTWK_BLOCKED_BG_RESTRICT:

                return "blocked when background is restricted";

            case NTWK_ALLOWED_DEFAULT: