Merge "Speed up NetworkPolicy thread during user creation" into rvc-dev am:...

import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.SystemClock;

import android.os.Trace;

import android.os.UserHandle;

import android.provider.Settings.Global;

import android.telephony.TelephonyManager;

    private final CountDownLatch mAdminDataAvailableLatch = new CountDownLatch(1);

    // Cache the active network scorer queried from the network scorer service

    private volatile String mCachedNetworkScorer = null;

    // The last time the network scorer service was queried

    private volatile long mCachedNetworkScorerAtMillis = 0L;

    // How long before querying the network scorer again. During this time, subsequent queries will

    // get the cached value

    private static final long NETWORK_SCORER_CACHE_DURATION_MILLIS = 5000L;

    // Messages for the handler

    static final int MSG_INFORM_LISTENERS = 3;

    static final int MSG_FORCE_IDLE_STATE = 4;

            return new int[0];

        }

        Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "getIdleUidsForUser");

        final long elapsedRealtime = mInjector.elapsedRealtime();

        List<ApplicationInfo> apps;

                uidStates.setValueAt(index, value + 1 + (idle ? 1<<16 : 0));

            }

        }

        if (DEBUG) {

            Slog.d(TAG, "getIdleUids took " + (mInjector.elapsedRealtime() - elapsedRealtime));

        }

            }

        }

        Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);

        return res;

    }

    }

    private boolean isActiveNetworkScorer(String packageName) {

        String activeScorer = mInjector.getActiveNetworkScorer();

        return packageName != null && packageName.equals(activeScorer);

        // Validity of network scorer cache is limited to a few seconds. Fetch it again

        // if longer since query.

        // This is a temporary optimization until there's a callback mechanism for changes to network scorer.

        final long now = SystemClock.elapsedRealtime();

        if (mCachedNetworkScorer == null

                || mCachedNetworkScorerAtMillis < now - NETWORK_SCORER_CACHE_DURATION_MILLIS) {

            mCachedNetworkScorer = mInjector.getActiveNetworkScorer();

            mCachedNetworkScorerAtMillis = now;

        }

        return packageName != null && packageName.equals(mCachedNetworkScorer);

    }

    private void informListeners(String packageName, int userId, int bucket, int reason,

    private final NetworkPolicyLogger mLogger = new NetworkPolicyLogger();

    /** List of apps indexed by appId and whether they have the internet permission */

    @GuardedBy("mUidRulesFirstLock")

    private final SparseBooleanArray mInternetPermissionMap = new SparseBooleanArray();

    // TODO: keep whitelist of system-critical services that should never have

    // rules enforced, such as system, phone, and radio UIDs.

                // update rules for UID, since it might be subject to

                // global background data policy

                if (LOGV) Slog.v(TAG, "ACTION_PACKAGE_ADDED for uid=" + uid);

                // Clear the cache for the app

                synchronized (mUidRulesFirstLock) {

                    mInternetPermissionMap.delete(UserHandle.getAppId(uid));

                    updateRestrictionRulesForUidUL(uid);

                }

            }

                    synchronized (mUidRulesFirstLock) {

                        // Remove any persistable state for the given user; both cleaning up after a

                        // USER_REMOVED, and one last sanity check during USER_ADDED

                        removeUserStateUL(userId, true);

                        removeUserStateUL(userId, true, false);

                        // Removing outside removeUserStateUL since that can also be called when

                        // user resets app preferences.

                        mMeteredRestrictedUids.remove(userId);

        setUidPolicyUncheckedUL(uid, policy, false);

        final boolean notifyApp;

        if (!isUidValidForWhitelistRules(uid)) {

        if (!isUidValidForWhitelistRulesUL(uid)) {

            notifyApp = false;

        } else {

            final boolean wasBlacklisted = oldPolicy == POLICY_REJECT_METERED_BACKGROUND;

     * if any changes that are made.

     */

    @GuardedBy("mUidRulesFirstLock")

    boolean removeUserStateUL(int userId, boolean writePolicy) {

    boolean removeUserStateUL(int userId, boolean writePolicy, boolean updateGlobalRules) {

        mLogger.removingUserState(userId);

        boolean changed = false;

            changed = true;

        }

        synchronized (mNetworkPoliciesSecondLock) {

            if (updateGlobalRules) {

                updateRulesForGlobalChangeAL(true);

            }

            if (writePolicy && changed) {

                writePolicyAL();

            }

                        // quick check: if this uid doesn't have INTERNET permission, it

                        // doesn't have network access anyway, so it is a waste to mess

                        // with it here.

                        if (hasInternetPermissions(uid)) {

                        if (hasInternetPermissionUL(uid)) {

                            uidRules.put(uid, FIREWALL_RULE_DENY);

                        }

                    }

    @GuardedBy("mUidRulesFirstLock")

    void updateRuleForAppIdleUL(int uid) {

        if (!isUidValidForBlacklistRules(uid)) return;

        if (!isUidValidForBlacklistRulesUL(uid)) return;

        if (Trace.isTagEnabled(Trace.TRACE_TAG_NETWORK)) {

            Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "updateRuleForAppIdleUL: " + uid );

    // TODO: the MEDIA / DRM restriction might not be needed anymore, in which case both

    // methods below could be merged into a isUidValidForRules() method.

    private boolean isUidValidForBlacklistRules(int uid) {

    @GuardedBy("mUidRulesFirstLock")

    private boolean isUidValidForBlacklistRulesUL(int uid) {

        // allow rules on specific system services, and any apps

        if (uid == android.os.Process.MEDIA_UID || uid == android.os.Process.DRM_UID

            || (UserHandle.isApp(uid) && hasInternetPermissions(uid))) {

                || isUidValidForWhitelistRulesUL(uid)) {

            return true;

        }

        return false;

    }

    private boolean isUidValidForWhitelistRules(int uid) {

        return UserHandle.isApp(uid) && hasInternetPermissions(uid);

    @GuardedBy("mUidRulesFirstLock")

    private boolean isUidValidForWhitelistRulesUL(int uid) {

        return UserHandle.isApp(uid) && hasInternetPermissionUL(uid);

    }

    /**

     * <p>

     * Useful for the cases where the lack of network access can simplify the rules.

     */

    private boolean hasInternetPermissions(int uid) {

    @GuardedBy("mUidRulesFirstLock")

    private boolean hasInternetPermissionUL(int uid) {

        try {

            if (mIPm.checkUidPermission(Manifest.permission.INTERNET, uid)

                    != PackageManager.PERMISSION_GRANTED) {

                return false;

            final int appId = UserHandle.getAppId(uid);

            final boolean hasPermission;

            if (mInternetPermissionMap.indexOfKey(appId) < 0) {

                hasPermission =

                        mIPm.checkUidPermission(Manifest.permission.INTERNET, uid)

                                == PackageManager.PERMISSION_GRANTED;

                mInternetPermissionMap.put(appId, hasPermission);

            } else {

                hasPermission = mInternetPermissionMap.get(appId);

            }

            return hasPermission;

        } catch (RemoteException e) {

        }

        return true;

    }

    private void updateRulesForDataUsageRestrictionsULInner(int uid) {

        if (!isUidValidForWhitelistRules(uid)) {

        if (!isUidValidForWhitelistRulesUL(uid)) {

            if (LOGD) Slog.d(TAG, "no need to update restrict data rules for uid " + uid);

            return;

        }

     *

     * @return the new computed rules for the uid

     */

    @GuardedBy("mUidRulesFirstLock")

    private int updateRulesForPowerRestrictionsUL(int uid, int oldUidRules, boolean paroled) {

        if (Trace.isTagEnabled(Trace.TRACE_TAG_NETWORK)) {

            Trace.traceBegin(Trace.TRACE_TAG_NETWORK,

        }

    }

    @GuardedBy("mUidRulesFirstLock")

    private int updateRulesForPowerRestrictionsULInner(int uid, int oldUidRules, boolean paroled) {

        if (!isUidValidForBlacklistRules(uid)) {

        if (!isUidValidForBlacklistRulesUL(uid)) {

            if (LOGD) Slog.d(TAG, "no need to update restrict power rules for uid " + uid);

            return RULE_NONE;

        }

        @Override

        public void resetUserState(int userId) {

            synchronized (mUidRulesFirstLock) {

                boolean changed = removeUserStateUL(userId, false);

                boolean changed = removeUserStateUL(userId, false, true);

                changed = addDefaultRestrictBackgroundWhitelistUidsUL(userId) || changed;

                if (changed) {

                    synchronized (mNetworkPoliciesSecondLock) {