Loading core/java/android/net/NetworkPolicyManager.java +2 −0 Original line number Diff line number Diff line Loading @@ -167,6 +167,8 @@ public class NetworkPolicyManager { public static final String FIREWALL_CHAIN_NAME_POWERSAVE = "powersave"; /** @hide */ public static final String FIREWALL_CHAIN_NAME_RESTRICTED = "restricted"; /** @hide */ public static final String FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY = "low_power_standby"; private static final boolean ALLOW_PLATFORM_APP_POLICY = true; Loading services/core/java/com/android/server/NetworkManagementService.java +26 −1 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ import static android.Manifest.permission.NETWORK_SETTINGS; import static android.Manifest.permission.OBSERVE_NETWORK_POLICY; import static android.Manifest.permission.SHUTDOWN; import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY; import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED; import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY; Loading @@ -30,6 +31,7 @@ import static android.net.INetd.FIREWALL_DENYLIST; import static android.net.INetd.FIREWALL_RULE_ALLOW; import static android.net.INetd.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_RESTRICTED; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; Loading Loading @@ -206,6 +208,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub { */ @GuardedBy("mRulesLock") private SparseIntArray mUidFirewallRestrictedRules = new SparseIntArray(); /** * Contains the per-UID firewall rules that are used when Low Power Standby is enabled. */ @GuardedBy("mRulesLock") private SparseIntArray mUidFirewallLowPowerStandbyRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ @GuardedBy("mRulesLock") final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -506,12 +513,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub { syncFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, "dozable "); syncFirewallChainLocked(FIREWALL_CHAIN_POWERSAVE, "powersave "); syncFirewallChainLocked(FIREWALL_CHAIN_RESTRICTED, "restricted "); syncFirewallChainLocked(FIREWALL_CHAIN_LOW_POWER_STANDBY, "low power standby "); final int[] chains = { FIREWALL_CHAIN_STANDBY, FIREWALL_CHAIN_DOZABLE, FIREWALL_CHAIN_POWERSAVE, FIREWALL_CHAIN_RESTRICTED FIREWALL_CHAIN_RESTRICTED, FIREWALL_CHAIN_LOW_POWER_STANDBY }; for (int chain : chains) { Loading Loading @@ -1438,6 +1447,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { return FIREWALL_CHAIN_NAME_POWERSAVE; case FIREWALL_CHAIN_RESTRICTED: return FIREWALL_CHAIN_NAME_RESTRICTED; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; default: throw new IllegalArgumentException("Bad child chain: " + chain); } Loading @@ -1453,6 +1464,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { return FIREWALL_ALLOWLIST; case FIREWALL_CHAIN_RESTRICTED: return FIREWALL_ALLOWLIST; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return FIREWALL_ALLOWLIST; default: return isFirewallEnabled() ? FIREWALL_ALLOWLIST : FIREWALL_DENYLIST; } Loading Loading @@ -1571,6 +1584,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { return mUidFirewallPowerSaveRules; case FIREWALL_CHAIN_RESTRICTED: return mUidFirewallRestrictedRules; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return mUidFirewallLowPowerStandbyRules; case FIREWALL_CHAIN_NONE: return mUidFirewallRules; default: Loading Loading @@ -1626,6 +1641,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub { pw.println(getFirewallChainState(FIREWALL_CHAIN_RESTRICTED)); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_RESTRICTED, mUidFirewallRestrictedRules); pw.print("UID firewall low power standby chain enabled: "); pw.println(getFirewallChainState(FIREWALL_CHAIN_LOW_POWER_STANDBY)); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY, mUidFirewallLowPowerStandbyRules); } pw.print("Firewall enabled: "); pw.println(mFirewallEnabled); Loading Loading @@ -1749,6 +1769,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub { if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of restricted mode"); return true; } if (getFirewallChainState(FIREWALL_CHAIN_LOW_POWER_STANDBY) && mUidFirewallLowPowerStandbyRules.get(uid) != FIREWALL_RULE_ALLOW) { if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of low power standby"); return true; } if (mUidRejectOnMetered.get(uid)) { if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of no metered data" + " in the background"); Loading services/core/java/com/android/server/net/NetworkPolicyLogger.java +8 −4 Original line number Diff line number Diff line Loading @@ -16,14 +16,16 @@ package com.android.server.net; import static android.net.ConnectivityManager.BLOCKED_REASON_NONE; import static android.net.INetd.FIREWALL_CHAIN_DOZABLE; import static android.net.INetd.FIREWALL_CHAIN_POWERSAVE; import static android.net.INetd.FIREWALL_CHAIN_RESTRICTED; import static android.net.INetd.FIREWALL_CHAIN_STANDBY; import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY; import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED; import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY; import static android.net.INetd.FIREWALL_RULE_ALLOW; import static android.net.INetd.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.ALLOWED_REASON_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_RESTRICTED; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; Loading Loading @@ -328,6 +330,8 @@ public class NetworkPolicyLogger { return FIREWALL_CHAIN_NAME_POWERSAVE; case FIREWALL_CHAIN_RESTRICTED: return FIREWALL_CHAIN_NAME_RESTRICTED; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; default: return String.valueOf(chain); } Loading Loading
core/java/android/net/NetworkPolicyManager.java +2 −0 Original line number Diff line number Diff line Loading @@ -167,6 +167,8 @@ public class NetworkPolicyManager { public static final String FIREWALL_CHAIN_NAME_POWERSAVE = "powersave"; /** @hide */ public static final String FIREWALL_CHAIN_NAME_RESTRICTED = "restricted"; /** @hide */ public static final String FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY = "low_power_standby"; private static final boolean ALLOW_PLATFORM_APP_POLICY = true; Loading
services/core/java/com/android/server/NetworkManagementService.java +26 −1 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ import static android.Manifest.permission.NETWORK_SETTINGS; import static android.Manifest.permission.OBSERVE_NETWORK_POLICY; import static android.Manifest.permission.SHUTDOWN; import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY; import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED; import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY; Loading @@ -30,6 +31,7 @@ import static android.net.INetd.FIREWALL_DENYLIST; import static android.net.INetd.FIREWALL_RULE_ALLOW; import static android.net.INetd.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_RESTRICTED; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; Loading Loading @@ -206,6 +208,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub { */ @GuardedBy("mRulesLock") private SparseIntArray mUidFirewallRestrictedRules = new SparseIntArray(); /** * Contains the per-UID firewall rules that are used when Low Power Standby is enabled. */ @GuardedBy("mRulesLock") private SparseIntArray mUidFirewallLowPowerStandbyRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ @GuardedBy("mRulesLock") final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -506,12 +513,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub { syncFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, "dozable "); syncFirewallChainLocked(FIREWALL_CHAIN_POWERSAVE, "powersave "); syncFirewallChainLocked(FIREWALL_CHAIN_RESTRICTED, "restricted "); syncFirewallChainLocked(FIREWALL_CHAIN_LOW_POWER_STANDBY, "low power standby "); final int[] chains = { FIREWALL_CHAIN_STANDBY, FIREWALL_CHAIN_DOZABLE, FIREWALL_CHAIN_POWERSAVE, FIREWALL_CHAIN_RESTRICTED FIREWALL_CHAIN_RESTRICTED, FIREWALL_CHAIN_LOW_POWER_STANDBY }; for (int chain : chains) { Loading Loading @@ -1438,6 +1447,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { return FIREWALL_CHAIN_NAME_POWERSAVE; case FIREWALL_CHAIN_RESTRICTED: return FIREWALL_CHAIN_NAME_RESTRICTED; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; default: throw new IllegalArgumentException("Bad child chain: " + chain); } Loading @@ -1453,6 +1464,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { return FIREWALL_ALLOWLIST; case FIREWALL_CHAIN_RESTRICTED: return FIREWALL_ALLOWLIST; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return FIREWALL_ALLOWLIST; default: return isFirewallEnabled() ? FIREWALL_ALLOWLIST : FIREWALL_DENYLIST; } Loading Loading @@ -1571,6 +1584,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { return mUidFirewallPowerSaveRules; case FIREWALL_CHAIN_RESTRICTED: return mUidFirewallRestrictedRules; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return mUidFirewallLowPowerStandbyRules; case FIREWALL_CHAIN_NONE: return mUidFirewallRules; default: Loading Loading @@ -1626,6 +1641,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub { pw.println(getFirewallChainState(FIREWALL_CHAIN_RESTRICTED)); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_RESTRICTED, mUidFirewallRestrictedRules); pw.print("UID firewall low power standby chain enabled: "); pw.println(getFirewallChainState(FIREWALL_CHAIN_LOW_POWER_STANDBY)); dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY, mUidFirewallLowPowerStandbyRules); } pw.print("Firewall enabled: "); pw.println(mFirewallEnabled); Loading Loading @@ -1749,6 +1769,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub { if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of restricted mode"); return true; } if (getFirewallChainState(FIREWALL_CHAIN_LOW_POWER_STANDBY) && mUidFirewallLowPowerStandbyRules.get(uid) != FIREWALL_RULE_ALLOW) { if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of low power standby"); return true; } if (mUidRejectOnMetered.get(uid)) { if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of no metered data" + " in the background"); Loading
services/core/java/com/android/server/net/NetworkPolicyLogger.java +8 −4 Original line number Diff line number Diff line Loading @@ -16,14 +16,16 @@ package com.android.server.net; import static android.net.ConnectivityManager.BLOCKED_REASON_NONE; import static android.net.INetd.FIREWALL_CHAIN_DOZABLE; import static android.net.INetd.FIREWALL_CHAIN_POWERSAVE; import static android.net.INetd.FIREWALL_CHAIN_RESTRICTED; import static android.net.INetd.FIREWALL_CHAIN_STANDBY; import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY; import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE; import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED; import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY; import static android.net.INetd.FIREWALL_RULE_ALLOW; import static android.net.INetd.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.ALLOWED_REASON_NONE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_RESTRICTED; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; Loading Loading @@ -328,6 +330,8 @@ public class NetworkPolicyLogger { return FIREWALL_CHAIN_NAME_POWERSAVE; case FIREWALL_CHAIN_RESTRICTED: return FIREWALL_CHAIN_NAME_RESTRICTED; case FIREWALL_CHAIN_LOW_POWER_STANDBY: return FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY; default: return String.valueOf(chain); } Loading
