Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 64cef56e authored by Tommy Webb's avatar Tommy Webb Committed by Michael Bestas
Browse files

Skip firewall rules for stopped users 

Adding rules to mUidOwnerMap for UIDs in stopped users takes up some
of the limited space available in that map, which can cause it to run
out of room and prevent some apps from accessing the network when an
allowlist is involved, or improperly allow them to access the network
in the case of a denylist. Skip this for users or profiles that are
not even running. Re-calculate all rules when a user or profile starts
or stops.

Test: Run `adb shell dumpsys connectivity trafficcontroller | \
sed -n '/^ *mUidOwnerMap:/,/^$/{/mUidOwnerMap/b;/^$/b;p}' | wc -l`
before and after pausing/unpausing a work profile or switching users.
The number will shrink when pausing a profile or exiting another user.

Issue: calyxos#1249
Change-Id: Icb1509893b93f729e8636ad457284e1a0b91f525
parent b83a568f

services/core/java/com/android/server/net/NetworkPolicyManagerService.java

+12 −4
Original line number Diff line number Diff line
@@ -35,6 +35,8 @@ import static android.content.Intent.ACTION_PACKAGE_ADDED; 
import static android.content.Intent.ACTION_UID_REMOVED;

import static android.content.Intent.ACTION_USER_ADDED;

import static android.content.Intent.ACTION_USER_REMOVED;

import static android.content.Intent.ACTION_USER_STARTING;

import static android.content.Intent.ACTION_USER_STOPPED;

import static android.content.Intent.EXTRA_REPLACING;

import static android.content.Intent.EXTRA_UID;

import static android.content.pm.ApplicationInfo.FLAG_INSTALLED;
@@ -1086,6 +1088,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { 
            final IntentFilter userFilter = new IntentFilter();

            userFilter.addAction(ACTION_USER_ADDED);

            userFilter.addAction(ACTION_USER_REMOVED);

            userFilter.addAction(ACTION_USER_STARTING);

            userFilter.addAction(ACTION_USER_STOPPED);

            mContext.registerReceiver(mUserReceiver, userFilter, null, mHandler);



            // listen for stats updated callbacks for interested network types.
@@ -1347,14 +1351,14 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { 
                                }

                            }

                        }

                    }

                    break;

            }

            // Update global restrict for that user

            synchronized (mNetworkPoliciesSecondLock) {

                updateRulesForGlobalChangeAL(true);

            }

        }

                    break;

            }

        }

    };



    /**
@@ -4977,6 +4981,10 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { 
                final int usersSize = users.size();

                for (int i = 0; i < usersSize; ++i) {

                    final int userId = users.get(i).id;

                    if (!mUserManager.isUserRunningOrStopping(UserHandle.of(userId))) {

                        // Save space in mUidOwnerMap by skipping users that are not running.

                        continue;

                    }

                    final SparseBooleanArray sharedAppIdsHandled = new SparseBooleanArray();

                    packageManagerInternal.forEachInstalledPackage(androidPackage -> {

                        final int appId = androidPackage.getUid();