Refactored whitelist restrict background uids.

 */

public class NetworkPolicyManager {

    /* POLICY_* are masks and can be ORed */

    /* POLICY_* are masks and can be ORed, although currently they are not.*/

    /** No specific network policy, use system default. */

    public static final int POLICY_NONE = 0x0;

    /** Reject network usage on metered networks when application in background. */

    public static final int POLICY_REJECT_METERED_BACKGROUND = 0x1;

    /** Allow metered network use in the background even when in data usage save mode. */

    public static final int POLICY_ALLOW_METERED_BACKGROUND = 0x4;

    /*

     * Rules defining whether an uid has access to a network given its type (metered / non-metered).

import static android.net.NetworkPolicyManager.MASK_ALL_NETWORKS;

import static android.net.NetworkPolicyManager.MASK_METERED_NETWORKS;

import static android.net.NetworkPolicyManager.POLICY_ALLOW_METERED_BACKGROUND;

import static android.net.NetworkPolicyManager.POLICY_NONE;

import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND;

import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL;

        uidPoliciesToStringTest(POLICY_NONE, "0 (NONE)");

        uidPoliciesToStringTest(POLICY_REJECT_METERED_BACKGROUND,

                "1 (REJECT_METERED_BACKGROUND)");

        uidPoliciesToStringTest(POLICY_ALLOW_METERED_BACKGROUND,

                "4 (ALLOW_BACKGROUND_BATTERY_SAVE)");

    }

    private void uidPoliciesToStringTest(int policyRules, String... expectedOptions) {

import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW;

import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT;

import static android.net.NetworkPolicyManager.FIREWALL_RULE_DENY;

import static android.net.NetworkPolicyManager.POLICY_ALLOW_METERED_BACKGROUND;

import static android.net.NetworkPolicyManager.POLICY_NONE;

import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND;

import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL;

    @GuardedBy("mUidRulesFirstLock")

    private final SparseBooleanArray mPowerSaveTempWhitelistAppIds = new SparseBooleanArray();

    /**

     * UIDs that have been white-listed to avoid restricted background.

     */

    @GuardedBy("mUidRulesFirstLock")

    private final SparseBooleanArray mRestrictBackgroundWhitelistUids = new SparseBooleanArray();

    /**

     * UIDs that have been initially white-listed by system to avoid restricted background.

     */

     * Whitelists pre-defined apps for restrict background, but only if the user didn't already

     * revoke the whitelist.

     *

     * @return whether any uid has been added to {@link #mRestrictBackgroundWhitelistUids}.

     * @return whether any uid has been whitelisted.

     */

    boolean addDefaultRestrictBackgroundWhitelistUidsUL() {

        final List<UserInfo> users = mUserManager.getUsers();

            if (!mRestrictBackgroundWhitelistRevokedUids.get(uid)) {

                Slog.i(TAG, "adding default package " + pkg + " (uid " + uid + " for user "

                        + userId + ") to restrict background whitelist");

                mRestrictBackgroundWhitelistUids.append(uid, true);

                setUidPolicyUncheckedUL(uid, POLICY_ALLOW_METERED_BACKGROUND, false);

                changed = true;

            }

        }

            final XmlPullParser in = Xml.newPullParser();

            in.setInput(fis, StandardCharsets.UTF_8.name());

             // Must save the <restrict-background> tags and convert them to <uid-policy> later,

             // to skip UIDs that were explicitly blacklisted.

            final SparseBooleanArray whitelistedRestrictBackground = new SparseBooleanArray();

            int type;

            int version = VERSION_INIT;

            boolean insideWhitelist = false;

                        insideWhitelist = true;

                    } else if (TAG_RESTRICT_BACKGROUND.equals(tag) && insideWhitelist) {

                        final int uid = readIntAttribute(in, ATTR_UID);

                        mRestrictBackgroundWhitelistUids.put(uid, true);

                        whitelistedRestrictBackground.append(uid, true);

                    } else if (TAG_REVOKED_RESTRICT_BACKGROUND.equals(tag) && insideWhitelist) {

                        final int uid = readIntAttribute(in, ATTR_UID);

                        mRestrictBackgroundWhitelistRevokedUids.put(uid, true);

                }

            }

            final int size = whitelistedRestrictBackground.size();

            for (int i = 0; i < size; i++) {

                final int uid = whitelistedRestrictBackground.keyAt(i);

                final int policy = mUidPolicy.get(uid, POLICY_NONE);

                if ((policy & POLICY_REJECT_METERED_BACKGROUND) != 0) {

                    Slog.w(TAG, "ignoring restrict-background-whitelist for " + uid

                            + " because its policy is " + uidPoliciesToString(policy));

                    continue;

                }

                if (UserHandle.isApp(uid)) {

                    final int newPolicy = policy | POLICY_ALLOW_METERED_BACKGROUND;

                    if (LOGV)

                        Log.v(TAG, "new policy for " + uid + ": " + uidPoliciesToString(newPolicy));

                    setUidPolicyUncheckedUL(uid, newPolicy, false);

                } else {

                    Slog.w(TAG, "unable to update policy on UID " + uid);

                }

            }

        } catch (FileNotFoundException e) {

            // missing policy is okay, probably first boot

            upgradeLegacyBackgroundDataUL();

            // write all whitelists

            out.startTag(null, TAG_WHITELIST);

            // restrict background whitelist

            int size = mRestrictBackgroundWhitelistUids.size();

            for (int i = 0; i < size; i++) {

                final int uid = mRestrictBackgroundWhitelistUids.keyAt(i);

                out.startTag(null, TAG_RESTRICT_BACKGROUND);

                writeIntAttribute(out, ATTR_UID, uid);

                out.endTag(null, TAG_RESTRICT_BACKGROUND);

            }

            // revoked restrict background whitelist

            size = mRestrictBackgroundWhitelistRevokedUids.size();

            int size = mRestrictBackgroundWhitelistRevokedUids.size();

            for (int i = 0; i < size; i++) {

                final int uid = mRestrictBackgroundWhitelistRevokedUids.keyAt(i);

                out.startTag(null, TAG_REVOKED_RESTRICT_BACKGROUND);

        if (LOGV) Slog.v(TAG, "removeUserStateUL()");

        boolean changed = false;

        // Remove entries from restricted background UID whitelist

        int[] wlUids = new int[0];

        for (int i = 0; i < mRestrictBackgroundWhitelistUids.size(); i++) {

            final int uid = mRestrictBackgroundWhitelistUids.keyAt(i);

            if (UserHandle.getUserId(uid) == userId) {

                wlUids = appendInt(wlUids, uid);

            }

        }

        if (wlUids.length > 0) {

            for (int uid : wlUids) {

                removeRestrictBackgroundWhitelistedUidUL(uid, false, false);

            }

            changed = true;

        }

        // Remove entries from revoked default restricted background UID whitelist

        for (int i = mRestrictBackgroundWhitelistRevokedUids.size() - 1; i >= 0; i--) {

            final int uid = mRestrictBackgroundWhitelistRevokedUids.keyAt(i);

        }

    }

    /**

     * @deprecated - should use {@link #setUidPolicy(int, int)} directly.

     */

    @Override

    @Deprecated

    public void addRestrictBackgroundWhitelistedUid(int uid) {

        mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);

        final boolean oldStatus;

        final boolean needFirewallRules;

        int changed;

        synchronized (mUidRulesFirstLock) {

            oldStatus = mRestrictBackgroundWhitelistUids.get(uid);

            final int oldUidPolicy = mUidPolicy.get(uid, POLICY_NONE);

            oldStatus = (oldUidPolicy & POLICY_ALLOW_METERED_BACKGROUND) != 0;

            if (oldStatus) {

                if (LOGD) Slog.d(TAG, "uid " + uid + " is already whitelisted");

                return;

            }

            needFirewallRules = isUidValidForWhitelistRules(uid);

            Slog.i(TAG, "adding uid " + uid + " to restrict background whitelist");

            mRestrictBackgroundWhitelistUids.append(uid, true);

            setUidPolicyUncheckedUL(uid, oldUidPolicy, POLICY_ALLOW_METERED_BACKGROUND, false);

            if (mDefaultRestrictBackgroundWhitelistUids.get(uid)

                    && mRestrictBackgroundWhitelistRevokedUids.get(uid)) {

                if (LOGD) Slog.d(TAG, "Removing uid " + uid

                Boolean.TRUE).sendToTarget();

    }

    /**

     * @deprecated - should use {@link #setUidPolicy(int, int)} directly.

     */

    @Override

    @Deprecated

    public void removeRestrictBackgroundWhitelistedUid(int uid) {

        mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);

        final boolean changed;

     */

    private boolean removeRestrictBackgroundWhitelistedUidUL(int uid, boolean uidDeleted,

            boolean updateNow) {

        final boolean oldStatus = mRestrictBackgroundWhitelistUids.get(uid);

        final boolean oldStatus =

                (mUidPolicy.get(uid, POLICY_NONE) & POLICY_ALLOW_METERED_BACKGROUND) != 0;

        if (!oldStatus && !uidDeleted) {

            if (LOGD) Slog.d(TAG, "uid " + uid + " was not whitelisted before");

            return false;

        final boolean needFirewallRules = uidDeleted || isUidValidForWhitelistRules(uid);

        if (oldStatus) {

            Slog.i(TAG, "removing uid " + uid + " from restrict background whitelist");

            mRestrictBackgroundWhitelistUids.delete(uid);

            mUidPolicy.delete(uid);

        }

        if (mDefaultRestrictBackgroundWhitelistUids.get(uid)

                && !mRestrictBackgroundWhitelistRevokedUids.get(uid)) {

        return mRestrictBackground && needFirewallRules;

    }

    /**

     * @deprecated - should use {@link #getUidsWithPolicy(int)} instead, but first need to change

     * that method to use logical OR (|).

     */

    @Override

    @Deprecated

    public int[] getRestrictBackgroundWhitelistedUids() {

        mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);

        int[] whitelist = null;

        synchronized (mUidRulesFirstLock) {

            final int size = mRestrictBackgroundWhitelistUids.size();

            final int[] whitelist = new int[size];

            for (int i = 0; i < size; i++) {

                whitelist[i] = mRestrictBackgroundWhitelistUids.keyAt(i);

            // First calculate size

            int size = 0;

            int policySize = mUidPolicy.size();

            for (int i = 0; i < policySize; i++) {

                if ((mUidPolicy.valueAt(i) & POLICY_ALLOW_METERED_BACKGROUND) != 0) {

                    size ++;

                }

            }

            whitelist = new int[size];

            // Then populate it.

            if (size > 0) {

                int index = 0;

                for (int i = 0; i < policySize; i++) {

                    final int uid = mUidPolicy.keyAt(i);

                    if ((mUidPolicy.valueAt(i) & POLICY_ALLOW_METERED_BACKGROUND) != 0) {

                        whitelist[index++] = uid;

                    }

                }

            }

        }

        if (LOGV) {

            Slog.v(TAG, "getRestrictBackgroundWhitelistedUids(): "

                        + mRestrictBackgroundWhitelistUids);

                    + Arrays.toString(whitelist));

        }

        return whitelist;

    }

    }

    @Override

    public int getRestrictBackgroundByCaller() {

            if (!mRestrictBackground) {

                return RESTRICT_BACKGROUND_STATUS_DISABLED;

            }

            return mRestrictBackgroundWhitelistUids.get(uid)

            return (mUidPolicy.get(uid) & POLICY_ALLOW_METERED_BACKGROUND) != 0

                    ? RESTRICT_BACKGROUND_STATUS_WHITELISTED

                    : RESTRICT_BACKGROUND_STATUS_ENABLED;

        }

                    fout.decreaseIndent();

                }

                size = mRestrictBackgroundWhitelistUids.size();

                final int[] restrictBackgroundWhitelistUids =

                        getRestrictBackgroundWhitelistedUids();

                size = restrictBackgroundWhitelistUids.length;

                if (size > 0) {

                    fout.println("Restrict background whitelist uids:");

                    fout.increaseIndent();

                    for (int i = 0; i < size; i++) {

                        fout.print("UID=");

                        fout.print(mRestrictBackgroundWhitelistUids.keyAt(i));

                        fout.print(restrictBackgroundWhitelistUids[i]);

                        fout.println();

                    }

                    fout.decreaseIndent();

        final boolean isForeground = isUidForegroundOnRestrictBackgroundUL(uid);

        final boolean isBlacklisted = (uidPolicy & POLICY_REJECT_METERED_BACKGROUND) != 0;

        final boolean isWhitelisted = mRestrictBackgroundWhitelistUids.get(uid);

        final boolean isWhitelisted = (uidPolicy & POLICY_ALLOW_METERED_BACKGROUND) != 0;

        final int oldRule = oldUidRules & MASK_METERED_NETWORKS;

        int newRule = RULE_NONE;

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>

<whitelist>

  <restrict-background uid="10004" />

  <restrict-background uid="10008" />

  <restrict-background uid="10015" />

  <restrict-background uid="10016" />

</whitelist>

<policy-list version="10">

  <uid-policy uid="10004" policy="0" />

  <uid-policy uid="10008" policy="1" />

  <uid-policy uid="10015" policy="2" />

  <uid-policy uid="10016" policy="4" />

</policy-list>

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>

<policy-list version="10">

  <uid-policy uid="10004" policy="4" />

  <uid-policy uid="10008" policy="4" />

  <uid-policy uid="10015" policy="4" />

  <uid-policy uid="10016" policy="0" />

  <uid-policy uid="10023" policy="1" />

  <uid-policy uid="10042" policy="2" />

</policy-list>