Loading core/java/android/net/NetworkPolicyManager.java +2 −0 Original line number Original line Diff line number Diff line Loading @@ -68,10 +68,12 @@ public class NetworkPolicyManager { public static final int FIREWALL_CHAIN_NONE = 0; public static final int FIREWALL_CHAIN_NONE = 0; public static final int FIREWALL_CHAIN_DOZABLE = 1; public static final int FIREWALL_CHAIN_DOZABLE = 1; public static final int FIREWALL_CHAIN_STANDBY = 2; public static final int FIREWALL_CHAIN_STANDBY = 2; public static final int FIREWALL_CHAIN_POWERSAVE = 3; public static final String FIREWALL_CHAIN_NAME_NONE = "none"; public static final String FIREWALL_CHAIN_NAME_NONE = "none"; public static final String FIREWALL_CHAIN_NAME_DOZABLE = "dozable"; public static final String FIREWALL_CHAIN_NAME_DOZABLE = "dozable"; public static final String FIREWALL_CHAIN_NAME_STANDBY = "standby"; public static final String FIREWALL_CHAIN_NAME_STANDBY = "standby"; public static final String FIREWALL_CHAIN_NAME_POWERSAVE = "powersave"; private static final boolean ALLOW_PLATFORM_APP_POLICY = true; private static final boolean ALLOW_PLATFORM_APP_POLICY = true; Loading services/core/java/com/android/server/NetworkManagementService.java +54 −28 Original line number Original line Diff line number Diff line Loading @@ -22,8 +22,10 @@ import static android.Manifest.permission.SHUTDOWN; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_TYPE_BLACKLIST; import static android.net.NetworkPolicyManager.FIREWALL_TYPE_BLACKLIST; Loading @@ -43,7 +45,6 @@ import static com.android.server.NetworkManagementService.NetdResponseCode.Tethe import static com.android.server.NetworkManagementService.NetdResponseCode.TetheringStatsListResult; import static com.android.server.NetworkManagementService.NetdResponseCode.TetheringStatsListResult; import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult; import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult; import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED; import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED; import android.annotation.NonNull; import android.annotation.NonNull; import android.app.ActivityManagerNative; import android.app.ActivityManagerNative; import android.content.Context; import android.content.Context; Loading Loading @@ -226,6 +227,12 @@ public class NetworkManagementService extends INetworkManagementService.Stub */ */ @GuardedBy("mQuotaLock") @GuardedBy("mQuotaLock") private SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); private SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); /** * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches * to device on power-save mode. */ @GuardedBy("mQuotaLock") private SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ /** Set of states for the child firewall chains. True if the chain is active. */ @GuardedBy("mQuotaLock") @GuardedBy("mQuotaLock") final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -621,6 +628,20 @@ public class NetworkManagementService extends INetworkManagementService.Stub if (mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)) { if (mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)) { setFirewallChainEnabled(FIREWALL_CHAIN_DOZABLE, true); setFirewallChainEnabled(FIREWALL_CHAIN_DOZABLE, true); } } size = mUidFirewallPowerSaveRules.size(); if (size > 0) { Slog.d(TAG, "Pushing " + size + " active firewall powersave UID rules"); final SparseIntArray uidFirewallRules = mUidFirewallPowerSaveRules; mUidFirewallPowerSaveRules = new SparseIntArray(); for (int i = 0; i < uidFirewallRules.size(); i++) { setFirewallUidRuleInternal(FIREWALL_CHAIN_POWERSAVE, uidFirewallRules.keyAt(i), uidFirewallRules.valueAt(i)); } } if (mFirewallChainStates.get(FIREWALL_CHAIN_POWERSAVE)) { setFirewallChainEnabled(FIREWALL_CHAIN_POWERSAVE, true); } } } } } Loading Loading @@ -2023,6 +2044,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: chainName = FIREWALL_CHAIN_NAME_DOZABLE; chainName = FIREWALL_CHAIN_NAME_DOZABLE; break; break; case FIREWALL_CHAIN_POWERSAVE: chainName = FIREWALL_CHAIN_NAME_POWERSAVE; break; default: default: throw new IllegalArgumentException("Bad child chain: " + chain); throw new IllegalArgumentException("Bad child chain: " + chain); } } Loading @@ -2039,6 +2063,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub return FIREWALL_TYPE_BLACKLIST; return FIREWALL_TYPE_BLACKLIST; case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: return FIREWALL_TYPE_WHITELIST; return FIREWALL_TYPE_WHITELIST; case FIREWALL_CHAIN_POWERSAVE: return FIREWALL_TYPE_WHITELIST; default: default: return isFirewallEnabled() ? FIREWALL_TYPE_WHITELIST : FIREWALL_TYPE_BLACKLIST; return isFirewallEnabled() ? FIREWALL_TYPE_WHITELIST : FIREWALL_TYPE_BLACKLIST; } } Loading Loading @@ -2138,6 +2164,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub return mUidFirewallStandbyRules; return mUidFirewallStandbyRules; case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: return mUidFirewallDozableRules; return mUidFirewallDozableRules; case FIREWALL_CHAIN_POWERSAVE: return mUidFirewallPowerSaveRules; case FIREWALL_CHAIN_NONE: case FIREWALL_CHAIN_NONE: return mUidFirewallRules; return mUidFirewallRules; default: default: Loading @@ -2151,6 +2179,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub return FIREWALL_CHAIN_NAME_STANDBY; return FIREWALL_CHAIN_NAME_STANDBY; case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: return FIREWALL_CHAIN_NAME_DOZABLE; return FIREWALL_CHAIN_NAME_DOZABLE; case FIREWALL_CHAIN_POWERSAVE: return FIREWALL_CHAIN_NAME_POWERSAVE; case FIREWALL_CHAIN_NONE: case FIREWALL_CHAIN_NONE: return FIREWALL_CHAIN_NAME_NONE; return FIREWALL_CHAIN_NAME_NONE; default: default: Loading Loading @@ -2271,43 +2301,25 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } synchronized (mUidFirewallRules) { synchronized (mUidFirewallRules) { pw.print("UID firewall rule: ["); dumpUidFirewallRule(pw, "", mUidFirewallRules); final int size = mUidFirewallRules.size(); for (int i = 0; i < size; i++) { pw.print(mUidFirewallRules.keyAt(i)); pw.print(":"); pw.print(mUidFirewallRules.valueAt(i)); if (i < size - 1) pw.print(","); } pw.println("]"); } } pw.println("UID firewall standby chain enabled: " + pw.println("UID firewall standby chain enabled: " + mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY)); mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY)); synchronized (mUidFirewallStandbyRules) { synchronized (mUidFirewallStandbyRules) { pw.print("UID firewall standby rule: ["); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_STANDBY, mUidFirewallStandbyRules); final int size = mUidFirewallStandbyRules.size(); for (int i = 0; i < size; i++) { pw.print(mUidFirewallStandbyRules.keyAt(i)); pw.print(":"); pw.print(mUidFirewallStandbyRules.valueAt(i)); if (i < size - 1) pw.print(","); } pw.println("]"); } } pw.println("UID firewall dozable chain enabled: " + pw.println("UID firewall dozable chain enabled: " + mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)); mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)); synchronized (mUidFirewallDozableRules) { synchronized (mUidFirewallDozableRules) { pw.print("UID firewall dozable rule: ["); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_DOZABLE, mUidFirewallDozableRules); final int size = mUidFirewallDozableRules.size(); for (int i = 0; i < size; i++) { pw.print(mUidFirewallDozableRules.keyAt(i)); pw.print(":"); pw.print(mUidFirewallDozableRules.valueAt(i)); if (i < size - 1) pw.print(","); } } pw.println("]"); pw.println("UID firewall powersave chain enabled: " + mFirewallChainStates.get(FIREWALL_CHAIN_POWERSAVE)); synchronized (mUidFirewallPowerSaveRules) { dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_POWERSAVE, mUidFirewallPowerSaveRules); } } synchronized (mIdleTimerLock) { synchronized (mIdleTimerLock) { Loading @@ -2324,6 +2336,20 @@ public class NetworkManagementService extends INetworkManagementService.Stub pw.print("Firewall enabled: "); pw.println(mFirewallEnabled); pw.print("Firewall enabled: "); pw.println(mFirewallEnabled); } } private void dumpUidFirewallRule(PrintWriter pw, String name, SparseIntArray rules) { pw.print("UID firewall"); pw.print(name); pw.print(" rule: ["); final int size = rules.size(); for (int i = 0; i < size; i++) { pw.print(rules.keyAt(i)); pw.print(":"); pw.print(rules.valueAt(i)); if (i < size - 1) pw.print(","); } pw.println("]"); } @Override @Override public void createPhysicalNetwork(int netId, String permission) { public void createPhysicalNetwork(int netId, String permission) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Loading services/core/java/com/android/server/net/NetworkPolicyManagerService.java +60 −31 Original line number Original line Diff line number Diff line Loading @@ -42,6 +42,7 @@ import static android.net.NetworkPolicy.SNOOZE_NEVER; import static android.net.NetworkPolicy.WARNING_DISABLED; import static android.net.NetworkPolicy.WARNING_DISABLED; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; Loading Loading @@ -294,6 +295,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); final SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); final SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); final SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); final SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ /** Set of states for the child firewall chains. True if the chain is active. */ final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -522,9 +524,11 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { new PowerManagerInternal.LowPowerModeListener() { new PowerManagerInternal.LowPowerModeListener() { @Override @Override public void onLowPowerModeChanged(boolean enabled) { public void onLowPowerModeChanged(boolean enabled) { if (LOGD) Slog.d(TAG, "onLowPowerModeChanged(" + enabled + ")"); synchronized (mRulesLock) { synchronized (mRulesLock) { if (mRestrictPower != enabled) { if (mRestrictPower != enabled) { mRestrictPower = enabled; mRestrictPower = enabled; updateRulesForRestrictPowerLocked(); updateRulesForGlobalChangeLocked(true); updateRulesForGlobalChangeLocked(true); } } } } Loading Loading @@ -1175,13 +1179,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { return; return; } } // If we are in restrict power mode, we want to treat all interfaces // as metered, to restrict access to the network by uid. However, we // will not have a bandwidth limit. Also only do this if restrict // background data use is *not* enabled, since that takes precedence // use over those networks can have a cost associated with it). final boolean powerSave = mRestrictPower && !mRestrictBackground; // First, generate identities of all connected networks so we can // First, generate identities of all connected networks so we can // quickly compare them against all defined policies below. // quickly compare them against all defined policies below. final ArrayList<Pair<String, NetworkIdentity>> connIdents = new ArrayList<>(states.length); final ArrayList<Pair<String, NetworkIdentity>> connIdents = new ArrayList<>(states.length); Loading @@ -1193,9 +1190,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final String baseIface = state.linkProperties.getInterfaceName(); final String baseIface = state.linkProperties.getInterfaceName(); if (baseIface != null) { if (baseIface != null) { connIdents.add(Pair.create(baseIface, ident)); connIdents.add(Pair.create(baseIface, ident)); if (powerSave) { connIfaces.add(baseIface); } } } // Stacked interfaces are considered to have same identity as // Stacked interfaces are considered to have same identity as Loading @@ -1205,9 +1199,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final String stackedIface = stackedLink.getInterfaceName(); final String stackedIface = stackedLink.getInterfaceName(); if (stackedIface != null) { if (stackedIface != null) { connIdents.add(Pair.create(stackedIface, ident)); connIdents.add(Pair.create(stackedIface, ident)); if (powerSave) { connIfaces.add(stackedIface); } } } } } } } Loading Loading @@ -1286,9 +1277,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { removeInterfaceQuota(iface); removeInterfaceQuota(iface); setInterfaceQuota(iface, quotaBytes); setInterfaceQuota(iface, quotaBytes); newMeteredIfaces.add(iface); newMeteredIfaces.add(iface); if (powerSave) { connIfaces.remove(iface); } } } } } Loading Loading @@ -2299,10 +2287,15 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { // state changed, push updated rules // state changed, push updated rules mUidState.put(uid, uidState); mUidState.put(uid, uidState); updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); if (mDeviceIdleMode && isProcStateAllowedWhileIdle(oldUidState) if (isProcStateAllowedWhileIdleOrPowerSaveMode(oldUidState) != isProcStateAllowedWhileIdle(uidState)) { != isProcStateAllowedWhileIdleOrPowerSaveMode(uidState) ) { if (mDeviceIdleMode) { updateRuleForDeviceIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); } } if (mRestrictPower) { updateRulesForRestrictPowerLocked(uid); } } } } } } Loading @@ -2317,6 +2310,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { if (mDeviceIdleMode) { if (mDeviceIdleMode) { updateRuleForDeviceIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); } } if (mRestrictPower) { updateRulesForRestrictPowerLocked(uid); } } } } } } } Loading Loading @@ -2354,15 +2350,36 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } static boolean isProcStateAllowedWhileIdle(int procState) { static boolean isProcStateAllowedWhileIdleOrPowerSaveMode(int procState) { return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE; return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE; } } void updateRulesForRestrictPowerLocked() { updateRulesForWhitelistedPowerSaveLocked(mRestrictPower, FIREWALL_CHAIN_POWERSAVE, mUidFirewallPowerSaveRules); } void updateRulesForRestrictPowerLocked(int uid) { updateRulesForWhitelistedPowerSaveLocked(uid, mRestrictPower, FIREWALL_CHAIN_POWERSAVE); } void updateRulesForDeviceIdleLocked() { void updateRulesForDeviceIdleLocked() { if (mDeviceIdleMode) { updateRulesForWhitelistedPowerSaveLocked(mDeviceIdleMode, FIREWALL_CHAIN_DOZABLE, // sync the whitelists before enable dozable chain. We don't care about the rules if mUidFirewallDozableRules); } void updateRuleForDeviceIdleLocked(int uid) { updateRulesForWhitelistedPowerSaveLocked(uid, mDeviceIdleMode, FIREWALL_CHAIN_DOZABLE); } // NOTE: since both fw_dozable and fw_powersave uses the same map (mPowerSaveTempWhitelistAppIds) // for whitelisting, we can reuse their logic in this method. private void updateRulesForWhitelistedPowerSaveLocked(boolean enabled, int chain, SparseIntArray rules) { if (enabled) { // Sync the whitelists before enabling the chain. We don't care about the rules if // we are disabling the chain. // we are disabling the chain. final SparseIntArray uidRules = mUidFirewallDozableRules; final SparseIntArray uidRules = rules; uidRules.clear(); uidRules.clear(); final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { for (int ui = users.size() - 1; ui >= 0; ui--) { Loading @@ -2381,24 +2398,26 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } for (int i = mUidState.size() - 1; i >= 0; i--) { for (int i = mUidState.size() - 1; i >= 0; i--) { if (isProcStateAllowedWhileIdle(mUidState.valueAt(i))) { if (isProcStateAllowedWhileIdleOrPowerSaveMode(mUidState.valueAt(i))) { uidRules.put(mUidState.keyAt(i), FIREWALL_RULE_ALLOW); uidRules.put(mUidState.keyAt(i), FIREWALL_RULE_ALLOW); } } } } setUidFirewallRules(FIREWALL_CHAIN_DOZABLE, uidRules); setUidFirewallRules(chain, uidRules); } } enableFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, mDeviceIdleMode); enableFirewallChainLocked(chain, enabled); } } void updateRuleForDeviceIdleLocked(int uid) { // NOTE: since both fw_dozable and fw_powersave uses the same map (mPowerSaveTempWhitelistAppIds) if (mDeviceIdleMode) { // for whitelisting, we can reuse their logic in this method. private void updateRulesForWhitelistedPowerSaveLocked(int uid, boolean enabled, int chain) { if (enabled) { int appId = UserHandle.getAppId(uid); int appId = UserHandle.getAppId(uid); if (mPowerSaveTempWhitelistAppIds.get(appId) || mPowerSaveWhitelistAppIds.get(appId) if (mPowerSaveTempWhitelistAppIds.get(appId) || mPowerSaveWhitelistAppIds.get(appId) || isProcStateAllowedWhileIdle(mUidState.get(uid))) { || isProcStateAllowedWhileIdleOrPowerSaveMode(mUidState.get(uid))) { setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_ALLOW); setUidFirewallRule(chain, uid, FIREWALL_RULE_ALLOW); } else { } else { setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_DEFAULT); setUidFirewallRule(chain, uid, FIREWALL_RULE_DEFAULT); } } } } Loading Loading @@ -2458,6 +2477,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { updateRulesForDeviceIdleLocked(); updateRulesForDeviceIdleLocked(); updateRulesForAppIdleLocked(); updateRulesForAppIdleLocked(); updateRulesForRestrictPowerLocked(); // update rules for all installed applications // update rules for all installed applications final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); Loading Loading @@ -2491,6 +2511,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { int uid = UserHandle.getUid(user.id, appId); int uid = UserHandle.getUid(user.id, appId); updateRuleForAppIdleLocked(uid); updateRuleForAppIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); updateRulesForRestrictPowerLocked(uid); } } } } } } Loading Loading @@ -2583,6 +2604,12 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { uidRules = RULE_REJECT_ALL; uidRules = RULE_REJECT_ALL; } } // Check powersave state, which is whitelist if (mFirewallChainStates.get(FIREWALL_CHAIN_POWERSAVE) && mUidFirewallPowerSaveRules.get(uid, FIREWALL_RULE_DEFAULT) != FIREWALL_RULE_ALLOW) { uidRules = RULE_REJECT_ALL; } // Check standby state, which is blacklist // Check standby state, which is blacklist if (mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY) if (mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY) && mUidFirewallStandbyRules.get(uid, FIREWALL_RULE_DEFAULT) == FIREWALL_RULE_DENY) { && mUidFirewallStandbyRules.get(uid, FIREWALL_RULE_DEFAULT) == FIREWALL_RULE_DENY) { Loading Loading @@ -2810,6 +2837,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { mUidFirewallDozableRules.put(uid, rule); mUidFirewallDozableRules.put(uid, rule); } else if (chain == FIREWALL_CHAIN_STANDBY) { } else if (chain == FIREWALL_CHAIN_STANDBY) { mUidFirewallStandbyRules.put(uid, rule); mUidFirewallStandbyRules.put(uid, rule); } else if (chain == FIREWALL_CHAIN_POWERSAVE) { mUidFirewallPowerSaveRules.put(uid, rule); } } try { try { Loading Loading
core/java/android/net/NetworkPolicyManager.java +2 −0 Original line number Original line Diff line number Diff line Loading @@ -68,10 +68,12 @@ public class NetworkPolicyManager { public static final int FIREWALL_CHAIN_NONE = 0; public static final int FIREWALL_CHAIN_NONE = 0; public static final int FIREWALL_CHAIN_DOZABLE = 1; public static final int FIREWALL_CHAIN_DOZABLE = 1; public static final int FIREWALL_CHAIN_STANDBY = 2; public static final int FIREWALL_CHAIN_STANDBY = 2; public static final int FIREWALL_CHAIN_POWERSAVE = 3; public static final String FIREWALL_CHAIN_NAME_NONE = "none"; public static final String FIREWALL_CHAIN_NAME_NONE = "none"; public static final String FIREWALL_CHAIN_NAME_DOZABLE = "dozable"; public static final String FIREWALL_CHAIN_NAME_DOZABLE = "dozable"; public static final String FIREWALL_CHAIN_NAME_STANDBY = "standby"; public static final String FIREWALL_CHAIN_NAME_STANDBY = "standby"; public static final String FIREWALL_CHAIN_NAME_POWERSAVE = "powersave"; private static final boolean ALLOW_PLATFORM_APP_POLICY = true; private static final boolean ALLOW_PLATFORM_APP_POLICY = true; Loading
services/core/java/com/android/server/NetworkManagementService.java +54 −28 Original line number Original line Diff line number Diff line Loading @@ -22,8 +22,10 @@ import static android.Manifest.permission.SHUTDOWN; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_TYPE_BLACKLIST; import static android.net.NetworkPolicyManager.FIREWALL_TYPE_BLACKLIST; Loading @@ -43,7 +45,6 @@ import static com.android.server.NetworkManagementService.NetdResponseCode.Tethe import static com.android.server.NetworkManagementService.NetdResponseCode.TetheringStatsListResult; import static com.android.server.NetworkManagementService.NetdResponseCode.TetheringStatsListResult; import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult; import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult; import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED; import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED; import android.annotation.NonNull; import android.annotation.NonNull; import android.app.ActivityManagerNative; import android.app.ActivityManagerNative; import android.content.Context; import android.content.Context; Loading Loading @@ -226,6 +227,12 @@ public class NetworkManagementService extends INetworkManagementService.Stub */ */ @GuardedBy("mQuotaLock") @GuardedBy("mQuotaLock") private SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); private SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); /** * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches * to device on power-save mode. */ @GuardedBy("mQuotaLock") private SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ /** Set of states for the child firewall chains. True if the chain is active. */ @GuardedBy("mQuotaLock") @GuardedBy("mQuotaLock") final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -621,6 +628,20 @@ public class NetworkManagementService extends INetworkManagementService.Stub if (mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)) { if (mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)) { setFirewallChainEnabled(FIREWALL_CHAIN_DOZABLE, true); setFirewallChainEnabled(FIREWALL_CHAIN_DOZABLE, true); } } size = mUidFirewallPowerSaveRules.size(); if (size > 0) { Slog.d(TAG, "Pushing " + size + " active firewall powersave UID rules"); final SparseIntArray uidFirewallRules = mUidFirewallPowerSaveRules; mUidFirewallPowerSaveRules = new SparseIntArray(); for (int i = 0; i < uidFirewallRules.size(); i++) { setFirewallUidRuleInternal(FIREWALL_CHAIN_POWERSAVE, uidFirewallRules.keyAt(i), uidFirewallRules.valueAt(i)); } } if (mFirewallChainStates.get(FIREWALL_CHAIN_POWERSAVE)) { setFirewallChainEnabled(FIREWALL_CHAIN_POWERSAVE, true); } } } } } Loading Loading @@ -2023,6 +2044,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: chainName = FIREWALL_CHAIN_NAME_DOZABLE; chainName = FIREWALL_CHAIN_NAME_DOZABLE; break; break; case FIREWALL_CHAIN_POWERSAVE: chainName = FIREWALL_CHAIN_NAME_POWERSAVE; break; default: default: throw new IllegalArgumentException("Bad child chain: " + chain); throw new IllegalArgumentException("Bad child chain: " + chain); } } Loading @@ -2039,6 +2063,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub return FIREWALL_TYPE_BLACKLIST; return FIREWALL_TYPE_BLACKLIST; case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: return FIREWALL_TYPE_WHITELIST; return FIREWALL_TYPE_WHITELIST; case FIREWALL_CHAIN_POWERSAVE: return FIREWALL_TYPE_WHITELIST; default: default: return isFirewallEnabled() ? FIREWALL_TYPE_WHITELIST : FIREWALL_TYPE_BLACKLIST; return isFirewallEnabled() ? FIREWALL_TYPE_WHITELIST : FIREWALL_TYPE_BLACKLIST; } } Loading Loading @@ -2138,6 +2164,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub return mUidFirewallStandbyRules; return mUidFirewallStandbyRules; case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: return mUidFirewallDozableRules; return mUidFirewallDozableRules; case FIREWALL_CHAIN_POWERSAVE: return mUidFirewallPowerSaveRules; case FIREWALL_CHAIN_NONE: case FIREWALL_CHAIN_NONE: return mUidFirewallRules; return mUidFirewallRules; default: default: Loading @@ -2151,6 +2179,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub return FIREWALL_CHAIN_NAME_STANDBY; return FIREWALL_CHAIN_NAME_STANDBY; case FIREWALL_CHAIN_DOZABLE: case FIREWALL_CHAIN_DOZABLE: return FIREWALL_CHAIN_NAME_DOZABLE; return FIREWALL_CHAIN_NAME_DOZABLE; case FIREWALL_CHAIN_POWERSAVE: return FIREWALL_CHAIN_NAME_POWERSAVE; case FIREWALL_CHAIN_NONE: case FIREWALL_CHAIN_NONE: return FIREWALL_CHAIN_NAME_NONE; return FIREWALL_CHAIN_NAME_NONE; default: default: Loading Loading @@ -2271,43 +2301,25 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } synchronized (mUidFirewallRules) { synchronized (mUidFirewallRules) { pw.print("UID firewall rule: ["); dumpUidFirewallRule(pw, "", mUidFirewallRules); final int size = mUidFirewallRules.size(); for (int i = 0; i < size; i++) { pw.print(mUidFirewallRules.keyAt(i)); pw.print(":"); pw.print(mUidFirewallRules.valueAt(i)); if (i < size - 1) pw.print(","); } pw.println("]"); } } pw.println("UID firewall standby chain enabled: " + pw.println("UID firewall standby chain enabled: " + mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY)); mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY)); synchronized (mUidFirewallStandbyRules) { synchronized (mUidFirewallStandbyRules) { pw.print("UID firewall standby rule: ["); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_STANDBY, mUidFirewallStandbyRules); final int size = mUidFirewallStandbyRules.size(); for (int i = 0; i < size; i++) { pw.print(mUidFirewallStandbyRules.keyAt(i)); pw.print(":"); pw.print(mUidFirewallStandbyRules.valueAt(i)); if (i < size - 1) pw.print(","); } pw.println("]"); } } pw.println("UID firewall dozable chain enabled: " + pw.println("UID firewall dozable chain enabled: " + mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)); mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE)); synchronized (mUidFirewallDozableRules) { synchronized (mUidFirewallDozableRules) { pw.print("UID firewall dozable rule: ["); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_DOZABLE, mUidFirewallDozableRules); final int size = mUidFirewallDozableRules.size(); for (int i = 0; i < size; i++) { pw.print(mUidFirewallDozableRules.keyAt(i)); pw.print(":"); pw.print(mUidFirewallDozableRules.valueAt(i)); if (i < size - 1) pw.print(","); } } pw.println("]"); pw.println("UID firewall powersave chain enabled: " + mFirewallChainStates.get(FIREWALL_CHAIN_POWERSAVE)); synchronized (mUidFirewallPowerSaveRules) { dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_POWERSAVE, mUidFirewallPowerSaveRules); } } synchronized (mIdleTimerLock) { synchronized (mIdleTimerLock) { Loading @@ -2324,6 +2336,20 @@ public class NetworkManagementService extends INetworkManagementService.Stub pw.print("Firewall enabled: "); pw.println(mFirewallEnabled); pw.print("Firewall enabled: "); pw.println(mFirewallEnabled); } } private void dumpUidFirewallRule(PrintWriter pw, String name, SparseIntArray rules) { pw.print("UID firewall"); pw.print(name); pw.print(" rule: ["); final int size = rules.size(); for (int i = 0; i < size; i++) { pw.print(rules.keyAt(i)); pw.print(":"); pw.print(rules.valueAt(i)); if (i < size - 1) pw.print(","); } pw.println("]"); } @Override @Override public void createPhysicalNetwork(int netId, String permission) { public void createPhysicalNetwork(int netId, String permission) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); Loading
services/core/java/com/android/server/net/NetworkPolicyManagerService.java +60 −31 Original line number Original line Diff line number Diff line Loading @@ -42,6 +42,7 @@ import static android.net.NetworkPolicy.SNOOZE_NEVER; import static android.net.NetworkPolicy.WARNING_DISABLED; import static android.net.NetworkPolicy.WARNING_DISABLED; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; Loading Loading @@ -294,6 +295,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); final SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); final SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); final SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); final SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ /** Set of states for the child firewall chains. True if the chain is active. */ final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -522,9 +524,11 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { new PowerManagerInternal.LowPowerModeListener() { new PowerManagerInternal.LowPowerModeListener() { @Override @Override public void onLowPowerModeChanged(boolean enabled) { public void onLowPowerModeChanged(boolean enabled) { if (LOGD) Slog.d(TAG, "onLowPowerModeChanged(" + enabled + ")"); synchronized (mRulesLock) { synchronized (mRulesLock) { if (mRestrictPower != enabled) { if (mRestrictPower != enabled) { mRestrictPower = enabled; mRestrictPower = enabled; updateRulesForRestrictPowerLocked(); updateRulesForGlobalChangeLocked(true); updateRulesForGlobalChangeLocked(true); } } } } Loading Loading @@ -1175,13 +1179,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { return; return; } } // If we are in restrict power mode, we want to treat all interfaces // as metered, to restrict access to the network by uid. However, we // will not have a bandwidth limit. Also only do this if restrict // background data use is *not* enabled, since that takes precedence // use over those networks can have a cost associated with it). final boolean powerSave = mRestrictPower && !mRestrictBackground; // First, generate identities of all connected networks so we can // First, generate identities of all connected networks so we can // quickly compare them against all defined policies below. // quickly compare them against all defined policies below. final ArrayList<Pair<String, NetworkIdentity>> connIdents = new ArrayList<>(states.length); final ArrayList<Pair<String, NetworkIdentity>> connIdents = new ArrayList<>(states.length); Loading @@ -1193,9 +1190,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final String baseIface = state.linkProperties.getInterfaceName(); final String baseIface = state.linkProperties.getInterfaceName(); if (baseIface != null) { if (baseIface != null) { connIdents.add(Pair.create(baseIface, ident)); connIdents.add(Pair.create(baseIface, ident)); if (powerSave) { connIfaces.add(baseIface); } } } // Stacked interfaces are considered to have same identity as // Stacked interfaces are considered to have same identity as Loading @@ -1205,9 +1199,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final String stackedIface = stackedLink.getInterfaceName(); final String stackedIface = stackedLink.getInterfaceName(); if (stackedIface != null) { if (stackedIface != null) { connIdents.add(Pair.create(stackedIface, ident)); connIdents.add(Pair.create(stackedIface, ident)); if (powerSave) { connIfaces.add(stackedIface); } } } } } } } Loading Loading @@ -1286,9 +1277,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { removeInterfaceQuota(iface); removeInterfaceQuota(iface); setInterfaceQuota(iface, quotaBytes); setInterfaceQuota(iface, quotaBytes); newMeteredIfaces.add(iface); newMeteredIfaces.add(iface); if (powerSave) { connIfaces.remove(iface); } } } } } Loading Loading @@ -2299,10 +2287,15 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { // state changed, push updated rules // state changed, push updated rules mUidState.put(uid, uidState); mUidState.put(uid, uidState); updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); if (mDeviceIdleMode && isProcStateAllowedWhileIdle(oldUidState) if (isProcStateAllowedWhileIdleOrPowerSaveMode(oldUidState) != isProcStateAllowedWhileIdle(uidState)) { != isProcStateAllowedWhileIdleOrPowerSaveMode(uidState) ) { if (mDeviceIdleMode) { updateRuleForDeviceIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); } } if (mRestrictPower) { updateRulesForRestrictPowerLocked(uid); } } } } } } Loading @@ -2317,6 +2310,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { if (mDeviceIdleMode) { if (mDeviceIdleMode) { updateRuleForDeviceIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); } } if (mRestrictPower) { updateRulesForRestrictPowerLocked(uid); } } } } } } } Loading Loading @@ -2354,15 +2350,36 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } static boolean isProcStateAllowedWhileIdle(int procState) { static boolean isProcStateAllowedWhileIdleOrPowerSaveMode(int procState) { return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE; return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE; } } void updateRulesForRestrictPowerLocked() { updateRulesForWhitelistedPowerSaveLocked(mRestrictPower, FIREWALL_CHAIN_POWERSAVE, mUidFirewallPowerSaveRules); } void updateRulesForRestrictPowerLocked(int uid) { updateRulesForWhitelistedPowerSaveLocked(uid, mRestrictPower, FIREWALL_CHAIN_POWERSAVE); } void updateRulesForDeviceIdleLocked() { void updateRulesForDeviceIdleLocked() { if (mDeviceIdleMode) { updateRulesForWhitelistedPowerSaveLocked(mDeviceIdleMode, FIREWALL_CHAIN_DOZABLE, // sync the whitelists before enable dozable chain. We don't care about the rules if mUidFirewallDozableRules); } void updateRuleForDeviceIdleLocked(int uid) { updateRulesForWhitelistedPowerSaveLocked(uid, mDeviceIdleMode, FIREWALL_CHAIN_DOZABLE); } // NOTE: since both fw_dozable and fw_powersave uses the same map (mPowerSaveTempWhitelistAppIds) // for whitelisting, we can reuse their logic in this method. private void updateRulesForWhitelistedPowerSaveLocked(boolean enabled, int chain, SparseIntArray rules) { if (enabled) { // Sync the whitelists before enabling the chain. We don't care about the rules if // we are disabling the chain. // we are disabling the chain. final SparseIntArray uidRules = mUidFirewallDozableRules; final SparseIntArray uidRules = rules; uidRules.clear(); uidRules.clear(); final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { for (int ui = users.size() - 1; ui >= 0; ui--) { Loading @@ -2381,24 +2398,26 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } for (int i = mUidState.size() - 1; i >= 0; i--) { for (int i = mUidState.size() - 1; i >= 0; i--) { if (isProcStateAllowedWhileIdle(mUidState.valueAt(i))) { if (isProcStateAllowedWhileIdleOrPowerSaveMode(mUidState.valueAt(i))) { uidRules.put(mUidState.keyAt(i), FIREWALL_RULE_ALLOW); uidRules.put(mUidState.keyAt(i), FIREWALL_RULE_ALLOW); } } } } setUidFirewallRules(FIREWALL_CHAIN_DOZABLE, uidRules); setUidFirewallRules(chain, uidRules); } } enableFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, mDeviceIdleMode); enableFirewallChainLocked(chain, enabled); } } void updateRuleForDeviceIdleLocked(int uid) { // NOTE: since both fw_dozable and fw_powersave uses the same map (mPowerSaveTempWhitelistAppIds) if (mDeviceIdleMode) { // for whitelisting, we can reuse their logic in this method. private void updateRulesForWhitelistedPowerSaveLocked(int uid, boolean enabled, int chain) { if (enabled) { int appId = UserHandle.getAppId(uid); int appId = UserHandle.getAppId(uid); if (mPowerSaveTempWhitelistAppIds.get(appId) || mPowerSaveWhitelistAppIds.get(appId) if (mPowerSaveTempWhitelistAppIds.get(appId) || mPowerSaveWhitelistAppIds.get(appId) || isProcStateAllowedWhileIdle(mUidState.get(uid))) { || isProcStateAllowedWhileIdleOrPowerSaveMode(mUidState.get(uid))) { setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_ALLOW); setUidFirewallRule(chain, uid, FIREWALL_RULE_ALLOW); } else { } else { setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_DEFAULT); setUidFirewallRule(chain, uid, FIREWALL_RULE_DEFAULT); } } } } Loading Loading @@ -2458,6 +2477,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { updateRulesForDeviceIdleLocked(); updateRulesForDeviceIdleLocked(); updateRulesForAppIdleLocked(); updateRulesForAppIdleLocked(); updateRulesForRestrictPowerLocked(); // update rules for all installed applications // update rules for all installed applications final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); Loading Loading @@ -2491,6 +2511,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { int uid = UserHandle.getUid(user.id, appId); int uid = UserHandle.getUid(user.id, appId); updateRuleForAppIdleLocked(uid); updateRuleForAppIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); updateRuleForDeviceIdleLocked(uid); updateRulesForRestrictPowerLocked(uid); } } } } } } Loading Loading @@ -2583,6 +2604,12 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { uidRules = RULE_REJECT_ALL; uidRules = RULE_REJECT_ALL; } } // Check powersave state, which is whitelist if (mFirewallChainStates.get(FIREWALL_CHAIN_POWERSAVE) && mUidFirewallPowerSaveRules.get(uid, FIREWALL_RULE_DEFAULT) != FIREWALL_RULE_ALLOW) { uidRules = RULE_REJECT_ALL; } // Check standby state, which is blacklist // Check standby state, which is blacklist if (mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY) if (mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY) && mUidFirewallStandbyRules.get(uid, FIREWALL_RULE_DEFAULT) == FIREWALL_RULE_DENY) { && mUidFirewallStandbyRules.get(uid, FIREWALL_RULE_DEFAULT) == FIREWALL_RULE_DENY) { Loading Loading @@ -2810,6 +2837,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { mUidFirewallDozableRules.put(uid, rule); mUidFirewallDozableRules.put(uid, rule); } else if (chain == FIREWALL_CHAIN_STANDBY) { } else if (chain == FIREWALL_CHAIN_STANDBY) { mUidFirewallStandbyRules.put(uid, rule); mUidFirewallStandbyRules.put(uid, rule); } else if (chain == FIREWALL_CHAIN_POWERSAVE) { mUidFirewallPowerSaveRules.put(uid, rule); } } try { try { Loading
