Loading services/core/java/com/android/server/NetworkManagementService.java +64 −53 Original line number Diff line number Diff line Loading @@ -64,6 +64,7 @@ import android.net.NetworkStats; import android.net.NetworkUtils; import android.net.RouteInfo; import android.net.UidRange; import android.net.util.NetdService; import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiConfiguration.KeyMgmt; import android.os.BatteryStats; Loading Loading @@ -340,7 +341,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub if (DBG) Slog.d(TAG, "Awaiting socket connection"); connectedSignal.await(); if (DBG) Slog.d(TAG, "Connected"); if (DBG) Slog.d(TAG, "Connecting native netd service"); service.connectNativeNetdService(); if (DBG) Slog.d(TAG, "Connected"); return service; } Loading Loading @@ -549,14 +552,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub } private void connectNativeNetdService() { boolean nativeServiceAvailable = false; try { mNetdService = INetd.Stub.asInterface(ServiceManager.getService(NETD_SERVICE_NAME)); nativeServiceAvailable = mNetdService.isAlive(); } catch (RemoteException e) {} if (!nativeServiceAvailable) { Slog.wtf(TAG, "Can't connect to NativeNetdService " + NETD_SERVICE_NAME); } mNetdService = NetdService.get(); } /** Loading @@ -569,6 +565,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub // only enable bandwidth control when support exists final boolean hasKernelSupport = new File("/proc/net/xt_qtaguid/ctrl").exists(); // push any existing quota or UID rules synchronized (mQuotaLock) { if (hasKernelSupport) { Slog.d(TAG, "enabling bandwidth control"); try { Loading @@ -583,13 +583,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub SystemProperties.set(PROP_QTAGUID_ENABLED, mBandwidthControlEnabled ? "1" : "0"); if (mBandwidthControlEnabled) { try { getBatteryStats().noteNetworkStatsEnabled(); } catch (RemoteException e) { } } try { mConnector.execute("strict", "enable"); mStrictEnabled = true; Loading @@ -597,9 +590,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub Log.wtf(TAG, "Failed strict enable", e); } // push any existing quota or UID rules synchronized (mQuotaLock) { setDataSaverModeEnabled(mDataSaverMode); int size = mActiveQuotas.size(); Loading Loading @@ -672,6 +662,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub setFirewallChainEnabled(FIREWALL_CHAIN_POWERSAVE, true); } } if (mBandwidthControlEnabled) { try { getBatteryStats().noteNetworkStatsEnabled(); } catch (RemoteException e) { } } } /** Loading Loading @@ -1716,25 +1714,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } @Override public void setUidCleartextNetworkPolicy(int uid, int policy) { if (Binder.getCallingUid() != uid) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); } synchronized (mQuotaLock) { final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT); if (oldPolicy == policy) { return; } if (!mStrictEnabled) { // Module isn't enabled yet; stash the requested policy away to // apply later once the daemon is connected. mUidCleartextPolicy.put(uid, policy); return; } private void applyUidCleartextNetworkPolicy(int uid, int policy) { final String policyString; switch (policy) { case StrictMode.NETWORK_POLICY_ACCEPT: Loading @@ -1757,6 +1737,37 @@ public class NetworkManagementService extends INetworkManagementService.Stub throw e.rethrowAsParcelableException(); } } @Override public void setUidCleartextNetworkPolicy(int uid, int policy) { if (Binder.getCallingUid() != uid) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); } synchronized (mQuotaLock) { final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT); if (oldPolicy == policy) { // This also ensures we won't needlessly apply an ACCEPT policy if we've just // enabled strict and the underlying iptables rules are empty. return; } if (!mStrictEnabled) { // Module isn't enabled yet; stash the requested policy away to // apply later once the daemon is connected. mUidCleartextPolicy.put(uid, policy); return; } // netd does not keep state on strict mode policies, and cannot replace a non-accept // policy without deleting it first. Rather than add state to netd, just always send // it an accept policy when switching between two non-accept policies. if (oldPolicy != StrictMode.NETWORK_POLICY_ACCEPT && policy != StrictMode.NETWORK_POLICY_ACCEPT) { applyUidCleartextNetworkPolicy(uid, policy); } } applyUidCleartextNetworkPolicy(uid, policy); } @Override Loading Loading
services/core/java/com/android/server/NetworkManagementService.java +64 −53 Original line number Diff line number Diff line Loading @@ -64,6 +64,7 @@ import android.net.NetworkStats; import android.net.NetworkUtils; import android.net.RouteInfo; import android.net.UidRange; import android.net.util.NetdService; import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiConfiguration.KeyMgmt; import android.os.BatteryStats; Loading Loading @@ -340,7 +341,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub if (DBG) Slog.d(TAG, "Awaiting socket connection"); connectedSignal.await(); if (DBG) Slog.d(TAG, "Connected"); if (DBG) Slog.d(TAG, "Connecting native netd service"); service.connectNativeNetdService(); if (DBG) Slog.d(TAG, "Connected"); return service; } Loading Loading @@ -549,14 +552,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub } private void connectNativeNetdService() { boolean nativeServiceAvailable = false; try { mNetdService = INetd.Stub.asInterface(ServiceManager.getService(NETD_SERVICE_NAME)); nativeServiceAvailable = mNetdService.isAlive(); } catch (RemoteException e) {} if (!nativeServiceAvailable) { Slog.wtf(TAG, "Can't connect to NativeNetdService " + NETD_SERVICE_NAME); } mNetdService = NetdService.get(); } /** Loading @@ -569,6 +565,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub // only enable bandwidth control when support exists final boolean hasKernelSupport = new File("/proc/net/xt_qtaguid/ctrl").exists(); // push any existing quota or UID rules synchronized (mQuotaLock) { if (hasKernelSupport) { Slog.d(TAG, "enabling bandwidth control"); try { Loading @@ -583,13 +583,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub SystemProperties.set(PROP_QTAGUID_ENABLED, mBandwidthControlEnabled ? "1" : "0"); if (mBandwidthControlEnabled) { try { getBatteryStats().noteNetworkStatsEnabled(); } catch (RemoteException e) { } } try { mConnector.execute("strict", "enable"); mStrictEnabled = true; Loading @@ -597,9 +590,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub Log.wtf(TAG, "Failed strict enable", e); } // push any existing quota or UID rules synchronized (mQuotaLock) { setDataSaverModeEnabled(mDataSaverMode); int size = mActiveQuotas.size(); Loading Loading @@ -672,6 +662,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub setFirewallChainEnabled(FIREWALL_CHAIN_POWERSAVE, true); } } if (mBandwidthControlEnabled) { try { getBatteryStats().noteNetworkStatsEnabled(); } catch (RemoteException e) { } } } /** Loading Loading @@ -1716,25 +1714,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } @Override public void setUidCleartextNetworkPolicy(int uid, int policy) { if (Binder.getCallingUid() != uid) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); } synchronized (mQuotaLock) { final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT); if (oldPolicy == policy) { return; } if (!mStrictEnabled) { // Module isn't enabled yet; stash the requested policy away to // apply later once the daemon is connected. mUidCleartextPolicy.put(uid, policy); return; } private void applyUidCleartextNetworkPolicy(int uid, int policy) { final String policyString; switch (policy) { case StrictMode.NETWORK_POLICY_ACCEPT: Loading @@ -1757,6 +1737,37 @@ public class NetworkManagementService extends INetworkManagementService.Stub throw e.rethrowAsParcelableException(); } } @Override public void setUidCleartextNetworkPolicy(int uid, int policy) { if (Binder.getCallingUid() != uid) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); } synchronized (mQuotaLock) { final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT); if (oldPolicy == policy) { // This also ensures we won't needlessly apply an ACCEPT policy if we've just // enabled strict and the underlying iptables rules are empty. return; } if (!mStrictEnabled) { // Module isn't enabled yet; stash the requested policy away to // apply later once the daemon is connected. mUidCleartextPolicy.put(uid, policy); return; } // netd does not keep state on strict mode policies, and cannot replace a non-accept // policy without deleting it first. Rather than add state to netd, just always send // it an accept policy when switching between two non-accept policies. if (oldPolicy != StrictMode.NETWORK_POLICY_ACCEPT && policy != StrictMode.NETWORK_POLICY_ACCEPT) { applyUidCleartextNetworkPolicy(uid, policy); } } applyUidCleartextNetworkPolicy(uid, policy); } @Override Loading
