Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 667910a4 authored by Sam Mortimer's avatar Sam Mortimer
Browse files

fw/b: Add support for per app network isolation 

* Add support for blocking all network access with
  per uid policy (exposed in wifi/data settings).

* When an app is blocked, two things happen:
  ** Add the uid to a new netd firewall chain fw_isolation
     which blocks all network access.
  ** Generate onLost callbacks for ConnectivityManager requests.
     Move the app network requests to a DetachedNetworks map
     and remove them from the normal ConnectivityService
     machinery to ensure no further callbacks are generated.

* When an app is unblocked, perform the reverse of the steps above.
  This includes reattaching the app network requests and triggering
  onAvailable() callbacks (and others) as though the networks have
  just come back up.

* "Isolation" because the terms blocking and blacklisting
  are used all over the place already for dozing, powersave
  and temporary whitelist rules.  So be distinct to try
  to make the code more readable.

Change-Id: Id36308bdb8279879ac456b94704007a392b71b0e
parent 325252f6
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment