Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8c253ade authored by Lorenzo Colitti's avatar Lorenzo Colitti
Browse files

Minor fixes for netd restarts and StrictController. 

1. Ensure we don't change strict mode network policy for a given
   UID from a non-accept policy to another non-accept policy,
   as netd does not support this.
2. Move the "strict enable" and "bandwidth enable" commands
   inside the lock. This improves correctness, and it is safe to
   do now that those commands now only take a few milliseconds,
   instead of several hundred milliseconds.
3. Fix an NPE in connectNativeNetdService which causes the system
   to crash when netd crashes.

Bug: 28362720
Test: bullhead builds, boots
Test: "adb shell killall netd" no longer crashes the system
Change-Id: Icdaa9d1e2288accf35de21df56bc6bd2b0628255
parent d17160ba

services/core/java/com/android/server/NetworkManagementService.java

+64 −53
Original line number Diff line number Diff line
@@ -64,6 +64,7 @@ import android.net.NetworkStats; 
import android.net.NetworkUtils;

import android.net.RouteInfo;

import android.net.UidRange;

import android.net.util.NetdService;

import android.net.wifi.WifiConfiguration;

import android.net.wifi.WifiConfiguration.KeyMgmt;

import android.os.BatteryStats;
@@ -340,7 +341,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub 
        if (DBG) Slog.d(TAG, "Awaiting socket connection");

        connectedSignal.await();

        if (DBG) Slog.d(TAG, "Connected");

        if (DBG) Slog.d(TAG, "Connecting native netd service");

        service.connectNativeNetdService();

        if (DBG) Slog.d(TAG, "Connected");

        return service;

    }
@@ -549,14 +552,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub 
    }



    private void connectNativeNetdService() {

        boolean nativeServiceAvailable = false;

        try {

            mNetdService = INetd.Stub.asInterface(ServiceManager.getService(NETD_SERVICE_NAME));

            nativeServiceAvailable = mNetdService.isAlive();

        } catch (RemoteException e) {}

        if (!nativeServiceAvailable) {

            Slog.wtf(TAG, "Can't connect to NativeNetdService " + NETD_SERVICE_NAME);

        }

        mNetdService = NetdService.get();

    }



    /**
@@ -569,6 +565,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub 


        // only enable bandwidth control when support exists

        final boolean hasKernelSupport = new File("/proc/net/xt_qtaguid/ctrl").exists();



        // push any existing quota or UID rules

        synchronized (mQuotaLock) {



            if (hasKernelSupport) {

                Slog.d(TAG, "enabling bandwidth control");

                try {
@@ -583,13 +583,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub 


            SystemProperties.set(PROP_QTAGUID_ENABLED, mBandwidthControlEnabled ? "1" : "0");



        if (mBandwidthControlEnabled) {

            try {

                getBatteryStats().noteNetworkStatsEnabled();

            } catch (RemoteException e) {

            }

        }



            try {

                mConnector.execute("strict", "enable");

                mStrictEnabled = true;
@@ -597,9 +590,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub 
                Log.wtf(TAG, "Failed strict enable", e);

            }



        // push any existing quota or UID rules

        synchronized (mQuotaLock) {



            setDataSaverModeEnabled(mDataSaverMode);



            int size = mActiveQuotas.size();
@@ -672,6 +662,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub 
                setFirewallChainEnabled(FIREWALL_CHAIN_POWERSAVE, true);

            }

        }



        if (mBandwidthControlEnabled) {

            try {

                getBatteryStats().noteNetworkStatsEnabled();

            } catch (RemoteException e) {

            }

        }



    }



    /**
@@ -1716,25 +1714,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub 
        }

    }



    @Override

    public void setUidCleartextNetworkPolicy(int uid, int policy) {

        if (Binder.getCallingUid() != uid) {

            mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);

        }



        synchronized (mQuotaLock) {

            final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT);

            if (oldPolicy == policy) {

                return;

            }



            if (!mStrictEnabled) {

                // Module isn't enabled yet; stash the requested policy away to

                // apply later once the daemon is connected.

                mUidCleartextPolicy.put(uid, policy);

                return;

            }



    private void applyUidCleartextNetworkPolicy(int uid, int policy) {

        final String policyString;

        switch (policy) {

            case StrictMode.NETWORK_POLICY_ACCEPT:
@@ -1757,6 +1737,37 @@ public class NetworkManagementService extends INetworkManagementService.Stub 
            throw e.rethrowAsParcelableException();

        }

    }



    @Override

    public void setUidCleartextNetworkPolicy(int uid, int policy) {

        if (Binder.getCallingUid() != uid) {

            mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);

        }



        synchronized (mQuotaLock) {

            final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT);

            if (oldPolicy == policy) {

                // This also ensures we won't needlessly apply an ACCEPT policy if we've just

                // enabled strict and the underlying iptables rules are empty.

                return;

            }



            if (!mStrictEnabled) {

                // Module isn't enabled yet; stash the requested policy away to

                // apply later once the daemon is connected.

                mUidCleartextPolicy.put(uid, policy);

                return;

            }



            // netd does not keep state on strict mode policies, and cannot replace a non-accept

            // policy without deleting it first. Rather than add state to netd, just always send

            // it an accept policy when switching between two non-accept policies.

            if (oldPolicy != StrictMode.NETWORK_POLICY_ACCEPT &&

                    policy != StrictMode.NETWORK_POLICY_ACCEPT) {

                applyUidCleartextNetworkPolicy(uid, policy);

            }

        }

        applyUidCleartextNetworkPolicy(uid, policy);

    }



    @Override