Loading core/java/android/net/NetworkPolicyManager.java +4 −24 Original line number Original line Diff line number Diff line Loading @@ -50,12 +50,13 @@ public class NetworkPolicyManager { public static final int POLICY_ALLOW_BACKGROUND_BATTERY_SAVE = 0x2; public static final int POLICY_ALLOW_BACKGROUND_BATTERY_SAVE = 0x2; /* RULE_* are not masks and they must be exclusive */ /* RULE_* are not masks and they must be exclusive */ public static final int RULE_UNKNOWN = -1; /** All network traffic should be allowed. */ /** All network traffic should be allowed. */ public static final int RULE_ALLOW_ALL = 0x0; public static final int RULE_ALLOW_ALL = 0; /** Reject traffic on metered networks. */ /** Reject traffic on metered networks. */ public static final int RULE_REJECT_METERED = 0x1; public static final int RULE_REJECT_METERED = 1; /** Reject traffic on all networks. */ /** Reject traffic on all networks. */ public static final int RULE_REJECT_ALL = 0x2; public static final int RULE_REJECT_ALL = 2; public static final int FIREWALL_RULE_DEFAULT = 0; public static final int FIREWALL_RULE_DEFAULT = 0; public static final int FIREWALL_RULE_ALLOW = 1; public static final int FIREWALL_RULE_ALLOW = 1; Loading Loading @@ -326,25 +327,4 @@ public class NetworkPolicyManager { // nothing found above; we can apply policy to UID // nothing found above; we can apply policy to UID return true; return true; } } /** {@hide} */ public static void dumpPolicy(PrintWriter fout, int policy) { fout.write("["); if ((policy & POLICY_REJECT_METERED_BACKGROUND) != 0) { fout.write("REJECT_METERED_BACKGROUND"); } fout.write("]"); } /** {@hide} */ public static void dumpRules(PrintWriter fout, int rules) { fout.write("["); if ((rules & RULE_REJECT_METERED) != 0) { fout.write("REJECT_METERED"); } else if ((rules & RULE_REJECT_ALL) != 0) { fout.write("REJECT_ALL"); } fout.write("]"); } } } services/core/java/com/android/server/ConnectivityService.java +6 −6 Original line number Original line Diff line number Diff line Loading @@ -946,14 +946,14 @@ public class ConnectivityService extends IConnectivityManager.Stub uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); } } if ((uidRules & RULE_REJECT_ALL) != 0 if (uidRules == RULE_REJECT_ALL) { || (networkCostly && (uidRules & RULE_REJECT_METERED) != 0)) { return true; return true; } } else if ((uidRules == RULE_REJECT_METERED) && networkCostly) { return true; // no restrictive rules; network is visible } else { return false; return false; } } } /** /** * Return a filtered {@link NetworkInfo}, potentially marked * Return a filtered {@link NetworkInfo}, potentially marked Loading Loading @@ -3724,7 +3724,7 @@ public class ConnectivityService extends IConnectivityManager.Stub synchronized(mRulesLock) { synchronized(mRulesLock) { uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); } } if ((uidRules & (RULE_REJECT_METERED | RULE_REJECT_ALL)) != 0) { if (uidRules != RULE_ALLOW_ALL) { // we could silently fail or we can filter the available nets to only give // we could silently fail or we can filter the available nets to only give // them those they have access to. Chose the more useful // them those they have access to. Chose the more useful networkCapabilities.addCapability(NET_CAPABILITY_NOT_METERED); networkCapabilities.addCapability(NET_CAPABILITY_NOT_METERED); Loading services/core/java/com/android/server/net/NetworkPolicyManagerService.java +62 −36 Original line number Original line Diff line number Diff line Loading @@ -39,17 +39,17 @@ import static android.net.NetworkPolicy.WARNING_DISABLED; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.POLICY_ALLOW_BACKGROUND_BATTERY_SAVE; import static android.net.NetworkPolicyManager.POLICY_ALLOW_BACKGROUND_BATTERY_SAVE; import static android.net.NetworkPolicyManager.POLICY_NONE; import static android.net.NetworkPolicyManager.POLICY_NONE; import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_REJECT_ALL; import static android.net.NetworkPolicyManager.RULE_REJECT_METERED; import static android.net.NetworkPolicyManager.RULE_REJECT_METERED; import static android.net.NetworkPolicyManager.RULE_UNKNOWN; import static android.net.NetworkPolicyManager.computeLastCycleBoundary; import static android.net.NetworkPolicyManager.computeLastCycleBoundary; import static android.net.NetworkPolicyManager.dumpPolicy; import static android.net.NetworkPolicyManager.dumpRules; import static android.net.NetworkTemplate.MATCH_MOBILE_3G_LOWER; import static android.net.NetworkTemplate.MATCH_MOBILE_3G_LOWER; import static android.net.NetworkTemplate.MATCH_MOBILE_4G; import static android.net.NetworkTemplate.MATCH_MOBILE_4G; import static android.net.NetworkTemplate.MATCH_MOBILE_ALL; import static android.net.NetworkTemplate.MATCH_MOBILE_ALL; Loading Loading @@ -108,6 +108,7 @@ import android.net.LinkProperties; import android.net.NetworkIdentity; import android.net.NetworkIdentity; import android.net.NetworkInfo; import android.net.NetworkInfo; import android.net.NetworkPolicy; import android.net.NetworkPolicy; import android.net.NetworkPolicyManager; import android.net.NetworkQuotaInfo; import android.net.NetworkQuotaInfo; import android.net.NetworkState; import android.net.NetworkState; import android.net.NetworkTemplate; import android.net.NetworkTemplate; Loading Loading @@ -138,6 +139,7 @@ import android.text.format.Time; import android.util.ArrayMap; import android.util.ArrayMap; import android.util.ArraySet; import android.util.ArraySet; import android.util.AtomicFile; import android.util.AtomicFile; import android.util.DebugUtils; import android.util.Log; import android.util.Log; import android.util.NtpTrustedTime; import android.util.NtpTrustedTime; import android.util.Pair; import android.util.Pair; Loading @@ -147,8 +149,6 @@ import android.util.SparseIntArray; import android.util.TrustedTime; import android.util.TrustedTime; import android.util.Xml; import android.util.Xml; import com.android.server.DeviceIdleController; import com.android.server.EventLogTags; import libcore.io.IoUtils; import libcore.io.IoUtils; import com.android.internal.R; import com.android.internal.R; Loading @@ -156,6 +156,8 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.ArrayUtils; import com.android.internal.util.ArrayUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.IndentingPrintWriter; import com.android.server.DeviceIdleController; import com.android.server.EventLogTags; import com.android.server.LocalServices; import com.android.server.LocalServices; import com.google.android.collect.Lists; import com.google.android.collect.Lists; Loading Loading @@ -279,6 +281,10 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final SparseIntArray mUidPolicy = new SparseIntArray(); final SparseIntArray mUidPolicy = new SparseIntArray(); /** Currently derived rules for each UID. */ /** Currently derived rules for each UID. */ final SparseIntArray mUidRules = new SparseIntArray(); final SparseIntArray mUidRules = new SparseIntArray(); final SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); final SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ /** Set of states for the child firewall chains. True if the chain is active. */ final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -446,14 +452,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { // read policy from disk // read policy from disk readPolicyLocked(); readPolicyLocked(); if (mRestrictBackground || mRestrictPower || mDeviceIdleMode) { updateRulesForGlobalChangeLocked(false); updateRulesForGlobalChangeLocked(false); updateNotificationsLocked(); updateNotificationsLocked(); } else { // If we are not in any special mode, we just need to make sure the current // app idle state is updated. updateRulesForAppIdleLocked(); } } } updateScreenOn(); updateScreenOn(); Loading Loading @@ -1800,7 +1800,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { if (mDeviceIdleMode != enabled) { if (mDeviceIdleMode != enabled) { mDeviceIdleMode = enabled; mDeviceIdleMode = enabled; if (mSystemReady) { if (mSystemReady) { updateRulesForDeviceIdleLocked(); // Device idle change means we need to rebuild rules for all // known apps, so do a global refresh. updateRulesForGlobalChangeLocked(false); } } if (enabled) { if (enabled) { EventLogTags.writeDeviceIdleOnPhase("net"); EventLogTags.writeDeviceIdleOnPhase("net"); Loading Loading @@ -1938,7 +1940,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { fout.print("UID="); fout.print("UID="); fout.print(uid); fout.print(uid); fout.print(" policy="); fout.print(" policy="); dumpPolicy(fout, policy); fout.print(DebugUtils.flagsToString(NetworkPolicyManager.class, "POLICY_", policy)); fout.println(); fout.println(); } } fout.decreaseIndent(); fout.decreaseIndent(); Loading Loading @@ -1983,18 +1985,14 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { fout.print("UID="); fout.print("UID="); fout.print(uid); fout.print(uid); int state = mUidState.get(uid, ActivityManager.PROCESS_STATE_CACHED_EMPTY); final int state = mUidState.get(uid, ActivityManager.PROCESS_STATE_CACHED_EMPTY); fout.print(" state="); fout.print(" state="); fout.print(state); fout.print(state); fout.print(state <= ActivityManager.PROCESS_STATE_TOP ? " (fg)" : " (bg)"); fout.print(state <= ActivityManager.PROCESS_STATE_TOP ? " (fg)" : " (bg)"); fout.print(" rules="); final int rule = mUidRules.get(uid, RULE_UNKNOWN); final int rulesIndex = mUidRules.indexOfKey(uid); fout.print(" rule="); if (rulesIndex < 0) { fout.print(DebugUtils.valueToString(NetworkPolicyManager.class, "RULE_", rule)); fout.print("UNKNOWN"); } else { dumpRules(fout, mUidRules.valueAt(rulesIndex)); } fout.println(); fout.println(); } } Loading Loading @@ -2029,7 +2027,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); if (mDeviceIdleMode && isProcStateAllowedWhileIdle(oldUidState) if (mDeviceIdleMode && isProcStateAllowedWhileIdle(oldUidState) != isProcStateAllowedWhileIdle(uidState)) { != isProcStateAllowedWhileIdle(uidState)) { updateRulesForDeviceIdleLocked(); updateRuleForDeviceIdleLocked(uid); } } } } } } Loading @@ -2043,7 +2041,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { updateRulesForUidStateChangeLocked(uid, oldUidState, updateRulesForUidStateChangeLocked(uid, oldUidState, ActivityManager.PROCESS_STATE_CACHED_EMPTY); ActivityManager.PROCESS_STATE_CACHED_EMPTY); if (mDeviceIdleMode) { if (mDeviceIdleMode) { updateRulesForDeviceIdleLocked(); updateRuleForDeviceIdleLocked(uid); } } } } } } Loading Loading @@ -2090,7 +2088,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { if (mDeviceIdleMode) { if (mDeviceIdleMode) { // sync the whitelists before enable dozable chain. We don't care about the rules if // sync the whitelists before enable dozable chain. We don't care about the rules if // we are disabling the chain. // we are disabling the chain. SparseIntArray uidRules = new SparseIntArray(); final SparseIntArray uidRules = mUidFirewallDozableRules; uidRules.clear(); final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { for (int ui = users.size() - 1; ui >= 0; ui--) { UserInfo user = users.get(ui); UserInfo user = users.get(ui); Loading @@ -2114,6 +2113,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } setUidFirewallRules(FIREWALL_CHAIN_DOZABLE, uidRules); setUidFirewallRules(FIREWALL_CHAIN_DOZABLE, uidRules); } } enableFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, mDeviceIdleMode); enableFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, mDeviceIdleMode); } } Loading @@ -2127,11 +2127,15 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_DEFAULT); setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_DEFAULT); } } } } updateRulesForUidLocked(uid); } } void updateRulesForAppIdleLocked() { void updateRulesForAppIdleLocked() { final SparseIntArray uidRules = mUidFirewallStandbyRules; uidRules.clear(); // Fully update the app idle firewall chain. // Fully update the app idle firewall chain. SparseIntArray uidRules = new SparseIntArray(); final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { for (int ui = users.size() - 1; ui >= 0; ui--) { UserInfo user = users.get(ui); UserInfo user = users.get(ui); Loading @@ -2142,6 +2146,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } } } setUidFirewallRules(FIREWALL_CHAIN_STANDBY, uidRules); setUidFirewallRules(FIREWALL_CHAIN_STANDBY, uidRules); } } Loading @@ -2154,11 +2159,14 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } else { } else { setUidFirewallRule(FIREWALL_CHAIN_STANDBY, uid, FIREWALL_RULE_DEFAULT); setUidFirewallRule(FIREWALL_CHAIN_STANDBY, uid, FIREWALL_RULE_DEFAULT); } } updateRulesForUidLocked(uid); } } void updateRulesForAppIdleParoleLocked() { void updateRulesForAppIdleParoleLocked() { boolean enableChain = !mUsageStats.isAppIdleParoleOn(); boolean enableChain = !mUsageStats.isAppIdleParoleOn(); enableFirewallChainLocked(FIREWALL_CHAIN_STANDBY, enableChain); enableFirewallChainLocked(FIREWALL_CHAIN_STANDBY, enableChain); updateRulesForUidsLocked(mUidFirewallStandbyRules); } } /** /** Loading Loading @@ -2228,6 +2236,12 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { return true; return true; } } void updateRulesForUidsLocked(SparseIntArray uids) { for (int i = 0; i < uids.size(); i++) { updateRulesForUidLocked(uids.keyAt(i)); } } /** /** * Applies network rules to bandwidth and firewall controllers based on uid policy. * Applies network rules to bandwidth and firewall controllers based on uid policy. * @param uid The uid for which to apply the latest policy * @param uid The uid for which to apply the latest policy Loading @@ -2249,8 +2263,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final int uidPolicy = mUidPolicy.get(uid, POLICY_NONE); final int uidPolicy = mUidPolicy.get(uid, POLICY_NONE); final boolean uidForeground = isUidForegroundLocked(uid); final boolean uidForeground = isUidForegroundLocked(uid); // derive active rules based on policy and active state // Derive active rules based on policy and active state int appId = UserHandle.getAppId(uid); int appId = UserHandle.getAppId(uid); int uidRules = RULE_ALLOW_ALL; int uidRules = RULE_ALLOW_ALL; if (!uidForeground && (uidPolicy & POLICY_REJECT_METERED_BACKGROUND) != 0) { if (!uidForeground && (uidPolicy & POLICY_REJECT_METERED_BACKGROUND) != 0) { Loading @@ -2273,20 +2286,27 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } final int oldRules = mUidRules.get(uid); // Check dozable state, which is whitelist if (mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE) && mUidFirewallDozableRules.get(uid, FIREWALL_RULE_DEFAULT) != FIREWALL_RULE_ALLOW) { uidRules = RULE_REJECT_ALL; } // Check standby state, which is blacklist if (mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY) && mUidFirewallStandbyRules.get(uid, FIREWALL_RULE_DEFAULT) == FIREWALL_RULE_DENY) { uidRules = RULE_REJECT_ALL; } final int oldRules = mUidRules.get(uid); if (uidRules == RULE_ALLOW_ALL) { if (uidRules == RULE_ALLOW_ALL) { mUidRules.delete(uid); mUidRules.delete(uid); } else { } else { mUidRules.put(uid, uidRules); mUidRules.put(uid, uidRules); } } // Update bandwidth rules if necessary final boolean rejectMetered = (uidRules == RULE_REJECT_METERED); final boolean oldRejectMetered = (oldRules & RULE_REJECT_METERED) != 0; final boolean rejectMetered = (uidRules & RULE_REJECT_METERED) != 0; if (oldRejectMetered != rejectMetered) { setUidNetworkRules(uid, rejectMetered); setUidNetworkRules(uid, rejectMetered); } // dispatch changed rule to existing listeners // dispatch changed rule to existing listeners if (oldRules != uidRules) { if (oldRules != uidRules) { Loading Loading @@ -2472,6 +2492,12 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { * Add or remove a uid to the firewall blacklist for all network ifaces. * Add or remove a uid to the firewall blacklist for all network ifaces. */ */ private void setUidFirewallRule(int chain, int uid, int rule) { private void setUidFirewallRule(int chain, int uid, int rule) { if (chain == FIREWALL_CHAIN_DOZABLE) { mUidFirewallDozableRules.put(uid, rule); } else if (chain == FIREWALL_CHAIN_STANDBY) { mUidFirewallStandbyRules.put(uid, rule); } try { try { mNetworkManager.setFirewallUidRule(chain, uid, rule); mNetworkManager.setFirewallUidRule(chain, uid, rule); } catch (IllegalStateException e) { } catch (IllegalStateException e) { Loading Loading
core/java/android/net/NetworkPolicyManager.java +4 −24 Original line number Original line Diff line number Diff line Loading @@ -50,12 +50,13 @@ public class NetworkPolicyManager { public static final int POLICY_ALLOW_BACKGROUND_BATTERY_SAVE = 0x2; public static final int POLICY_ALLOW_BACKGROUND_BATTERY_SAVE = 0x2; /* RULE_* are not masks and they must be exclusive */ /* RULE_* are not masks and they must be exclusive */ public static final int RULE_UNKNOWN = -1; /** All network traffic should be allowed. */ /** All network traffic should be allowed. */ public static final int RULE_ALLOW_ALL = 0x0; public static final int RULE_ALLOW_ALL = 0; /** Reject traffic on metered networks. */ /** Reject traffic on metered networks. */ public static final int RULE_REJECT_METERED = 0x1; public static final int RULE_REJECT_METERED = 1; /** Reject traffic on all networks. */ /** Reject traffic on all networks. */ public static final int RULE_REJECT_ALL = 0x2; public static final int RULE_REJECT_ALL = 2; public static final int FIREWALL_RULE_DEFAULT = 0; public static final int FIREWALL_RULE_DEFAULT = 0; public static final int FIREWALL_RULE_ALLOW = 1; public static final int FIREWALL_RULE_ALLOW = 1; Loading Loading @@ -326,25 +327,4 @@ public class NetworkPolicyManager { // nothing found above; we can apply policy to UID // nothing found above; we can apply policy to UID return true; return true; } } /** {@hide} */ public static void dumpPolicy(PrintWriter fout, int policy) { fout.write("["); if ((policy & POLICY_REJECT_METERED_BACKGROUND) != 0) { fout.write("REJECT_METERED_BACKGROUND"); } fout.write("]"); } /** {@hide} */ public static void dumpRules(PrintWriter fout, int rules) { fout.write("["); if ((rules & RULE_REJECT_METERED) != 0) { fout.write("REJECT_METERED"); } else if ((rules & RULE_REJECT_ALL) != 0) { fout.write("REJECT_ALL"); } fout.write("]"); } } }
services/core/java/com/android/server/ConnectivityService.java +6 −6 Original line number Original line Diff line number Diff line Loading @@ -946,14 +946,14 @@ public class ConnectivityService extends IConnectivityManager.Stub uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); } } if ((uidRules & RULE_REJECT_ALL) != 0 if (uidRules == RULE_REJECT_ALL) { || (networkCostly && (uidRules & RULE_REJECT_METERED) != 0)) { return true; return true; } } else if ((uidRules == RULE_REJECT_METERED) && networkCostly) { return true; // no restrictive rules; network is visible } else { return false; return false; } } } /** /** * Return a filtered {@link NetworkInfo}, potentially marked * Return a filtered {@link NetworkInfo}, potentially marked Loading Loading @@ -3724,7 +3724,7 @@ public class ConnectivityService extends IConnectivityManager.Stub synchronized(mRulesLock) { synchronized(mRulesLock) { uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); uidRules = mUidRules.get(uid, RULE_ALLOW_ALL); } } if ((uidRules & (RULE_REJECT_METERED | RULE_REJECT_ALL)) != 0) { if (uidRules != RULE_ALLOW_ALL) { // we could silently fail or we can filter the available nets to only give // we could silently fail or we can filter the available nets to only give // them those they have access to. Chose the more useful // them those they have access to. Chose the more useful networkCapabilities.addCapability(NET_CAPABILITY_NOT_METERED); networkCapabilities.addCapability(NET_CAPABILITY_NOT_METERED); Loading
services/core/java/com/android/server/net/NetworkPolicyManagerService.java +62 −36 Original line number Original line Diff line number Diff line Loading @@ -39,17 +39,17 @@ import static android.net.NetworkPolicy.WARNING_DISABLED; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.EXTRA_NETWORK_TEMPLATE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DENY; import static android.net.NetworkPolicyManager.POLICY_ALLOW_BACKGROUND_BATTERY_SAVE; import static android.net.NetworkPolicyManager.POLICY_ALLOW_BACKGROUND_BATTERY_SAVE; import static android.net.NetworkPolicyManager.POLICY_NONE; import static android.net.NetworkPolicyManager.POLICY_NONE; import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_REJECT_ALL; import static android.net.NetworkPolicyManager.RULE_REJECT_METERED; import static android.net.NetworkPolicyManager.RULE_REJECT_METERED; import static android.net.NetworkPolicyManager.RULE_UNKNOWN; import static android.net.NetworkPolicyManager.computeLastCycleBoundary; import static android.net.NetworkPolicyManager.computeLastCycleBoundary; import static android.net.NetworkPolicyManager.dumpPolicy; import static android.net.NetworkPolicyManager.dumpRules; import static android.net.NetworkTemplate.MATCH_MOBILE_3G_LOWER; import static android.net.NetworkTemplate.MATCH_MOBILE_3G_LOWER; import static android.net.NetworkTemplate.MATCH_MOBILE_4G; import static android.net.NetworkTemplate.MATCH_MOBILE_4G; import static android.net.NetworkTemplate.MATCH_MOBILE_ALL; import static android.net.NetworkTemplate.MATCH_MOBILE_ALL; Loading Loading @@ -108,6 +108,7 @@ import android.net.LinkProperties; import android.net.NetworkIdentity; import android.net.NetworkIdentity; import android.net.NetworkInfo; import android.net.NetworkInfo; import android.net.NetworkPolicy; import android.net.NetworkPolicy; import android.net.NetworkPolicyManager; import android.net.NetworkQuotaInfo; import android.net.NetworkQuotaInfo; import android.net.NetworkState; import android.net.NetworkState; import android.net.NetworkTemplate; import android.net.NetworkTemplate; Loading Loading @@ -138,6 +139,7 @@ import android.text.format.Time; import android.util.ArrayMap; import android.util.ArrayMap; import android.util.ArraySet; import android.util.ArraySet; import android.util.AtomicFile; import android.util.AtomicFile; import android.util.DebugUtils; import android.util.Log; import android.util.Log; import android.util.NtpTrustedTime; import android.util.NtpTrustedTime; import android.util.Pair; import android.util.Pair; Loading @@ -147,8 +149,6 @@ import android.util.SparseIntArray; import android.util.TrustedTime; import android.util.TrustedTime; import android.util.Xml; import android.util.Xml; import com.android.server.DeviceIdleController; import com.android.server.EventLogTags; import libcore.io.IoUtils; import libcore.io.IoUtils; import com.android.internal.R; import com.android.internal.R; Loading @@ -156,6 +156,8 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.ArrayUtils; import com.android.internal.util.ArrayUtils; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.FastXmlSerializer; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.IndentingPrintWriter; import com.android.server.DeviceIdleController; import com.android.server.EventLogTags; import com.android.server.LocalServices; import com.android.server.LocalServices; import com.google.android.collect.Lists; import com.google.android.collect.Lists; Loading Loading @@ -279,6 +281,10 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final SparseIntArray mUidPolicy = new SparseIntArray(); final SparseIntArray mUidPolicy = new SparseIntArray(); /** Currently derived rules for each UID. */ /** Currently derived rules for each UID. */ final SparseIntArray mUidRules = new SparseIntArray(); final SparseIntArray mUidRules = new SparseIntArray(); final SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); final SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ /** Set of states for the child firewall chains. True if the chain is active. */ final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); Loading Loading @@ -446,14 +452,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { // read policy from disk // read policy from disk readPolicyLocked(); readPolicyLocked(); if (mRestrictBackground || mRestrictPower || mDeviceIdleMode) { updateRulesForGlobalChangeLocked(false); updateRulesForGlobalChangeLocked(false); updateNotificationsLocked(); updateNotificationsLocked(); } else { // If we are not in any special mode, we just need to make sure the current // app idle state is updated. updateRulesForAppIdleLocked(); } } } updateScreenOn(); updateScreenOn(); Loading Loading @@ -1800,7 +1800,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { if (mDeviceIdleMode != enabled) { if (mDeviceIdleMode != enabled) { mDeviceIdleMode = enabled; mDeviceIdleMode = enabled; if (mSystemReady) { if (mSystemReady) { updateRulesForDeviceIdleLocked(); // Device idle change means we need to rebuild rules for all // known apps, so do a global refresh. updateRulesForGlobalChangeLocked(false); } } if (enabled) { if (enabled) { EventLogTags.writeDeviceIdleOnPhase("net"); EventLogTags.writeDeviceIdleOnPhase("net"); Loading Loading @@ -1938,7 +1940,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { fout.print("UID="); fout.print("UID="); fout.print(uid); fout.print(uid); fout.print(" policy="); fout.print(" policy="); dumpPolicy(fout, policy); fout.print(DebugUtils.flagsToString(NetworkPolicyManager.class, "POLICY_", policy)); fout.println(); fout.println(); } } fout.decreaseIndent(); fout.decreaseIndent(); Loading Loading @@ -1983,18 +1985,14 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { fout.print("UID="); fout.print("UID="); fout.print(uid); fout.print(uid); int state = mUidState.get(uid, ActivityManager.PROCESS_STATE_CACHED_EMPTY); final int state = mUidState.get(uid, ActivityManager.PROCESS_STATE_CACHED_EMPTY); fout.print(" state="); fout.print(" state="); fout.print(state); fout.print(state); fout.print(state <= ActivityManager.PROCESS_STATE_TOP ? " (fg)" : " (bg)"); fout.print(state <= ActivityManager.PROCESS_STATE_TOP ? " (fg)" : " (bg)"); fout.print(" rules="); final int rule = mUidRules.get(uid, RULE_UNKNOWN); final int rulesIndex = mUidRules.indexOfKey(uid); fout.print(" rule="); if (rulesIndex < 0) { fout.print(DebugUtils.valueToString(NetworkPolicyManager.class, "RULE_", rule)); fout.print("UNKNOWN"); } else { dumpRules(fout, mUidRules.valueAt(rulesIndex)); } fout.println(); fout.println(); } } Loading Loading @@ -2029,7 +2027,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); updateRulesForUidStateChangeLocked(uid, oldUidState, uidState); if (mDeviceIdleMode && isProcStateAllowedWhileIdle(oldUidState) if (mDeviceIdleMode && isProcStateAllowedWhileIdle(oldUidState) != isProcStateAllowedWhileIdle(uidState)) { != isProcStateAllowedWhileIdle(uidState)) { updateRulesForDeviceIdleLocked(); updateRuleForDeviceIdleLocked(uid); } } } } } } Loading @@ -2043,7 +2041,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { updateRulesForUidStateChangeLocked(uid, oldUidState, updateRulesForUidStateChangeLocked(uid, oldUidState, ActivityManager.PROCESS_STATE_CACHED_EMPTY); ActivityManager.PROCESS_STATE_CACHED_EMPTY); if (mDeviceIdleMode) { if (mDeviceIdleMode) { updateRulesForDeviceIdleLocked(); updateRuleForDeviceIdleLocked(uid); } } } } } } Loading Loading @@ -2090,7 +2088,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { if (mDeviceIdleMode) { if (mDeviceIdleMode) { // sync the whitelists before enable dozable chain. We don't care about the rules if // sync the whitelists before enable dozable chain. We don't care about the rules if // we are disabling the chain. // we are disabling the chain. SparseIntArray uidRules = new SparseIntArray(); final SparseIntArray uidRules = mUidFirewallDozableRules; uidRules.clear(); final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { for (int ui = users.size() - 1; ui >= 0; ui--) { UserInfo user = users.get(ui); UserInfo user = users.get(ui); Loading @@ -2114,6 +2113,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } setUidFirewallRules(FIREWALL_CHAIN_DOZABLE, uidRules); setUidFirewallRules(FIREWALL_CHAIN_DOZABLE, uidRules); } } enableFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, mDeviceIdleMode); enableFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, mDeviceIdleMode); } } Loading @@ -2127,11 +2127,15 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_DEFAULT); setUidFirewallRule(FIREWALL_CHAIN_DOZABLE, uid, FIREWALL_RULE_DEFAULT); } } } } updateRulesForUidLocked(uid); } } void updateRulesForAppIdleLocked() { void updateRulesForAppIdleLocked() { final SparseIntArray uidRules = mUidFirewallStandbyRules; uidRules.clear(); // Fully update the app idle firewall chain. // Fully update the app idle firewall chain. SparseIntArray uidRules = new SparseIntArray(); final List<UserInfo> users = mUserManager.getUsers(); final List<UserInfo> users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { for (int ui = users.size() - 1; ui >= 0; ui--) { UserInfo user = users.get(ui); UserInfo user = users.get(ui); Loading @@ -2142,6 +2146,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } } } setUidFirewallRules(FIREWALL_CHAIN_STANDBY, uidRules); setUidFirewallRules(FIREWALL_CHAIN_STANDBY, uidRules); } } Loading @@ -2154,11 +2159,14 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } else { } else { setUidFirewallRule(FIREWALL_CHAIN_STANDBY, uid, FIREWALL_RULE_DEFAULT); setUidFirewallRule(FIREWALL_CHAIN_STANDBY, uid, FIREWALL_RULE_DEFAULT); } } updateRulesForUidLocked(uid); } } void updateRulesForAppIdleParoleLocked() { void updateRulesForAppIdleParoleLocked() { boolean enableChain = !mUsageStats.isAppIdleParoleOn(); boolean enableChain = !mUsageStats.isAppIdleParoleOn(); enableFirewallChainLocked(FIREWALL_CHAIN_STANDBY, enableChain); enableFirewallChainLocked(FIREWALL_CHAIN_STANDBY, enableChain); updateRulesForUidsLocked(mUidFirewallStandbyRules); } } /** /** Loading Loading @@ -2228,6 +2236,12 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { return true; return true; } } void updateRulesForUidsLocked(SparseIntArray uids) { for (int i = 0; i < uids.size(); i++) { updateRulesForUidLocked(uids.keyAt(i)); } } /** /** * Applies network rules to bandwidth and firewall controllers based on uid policy. * Applies network rules to bandwidth and firewall controllers based on uid policy. * @param uid The uid for which to apply the latest policy * @param uid The uid for which to apply the latest policy Loading @@ -2249,8 +2263,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { final int uidPolicy = mUidPolicy.get(uid, POLICY_NONE); final int uidPolicy = mUidPolicy.get(uid, POLICY_NONE); final boolean uidForeground = isUidForegroundLocked(uid); final boolean uidForeground = isUidForegroundLocked(uid); // derive active rules based on policy and active state // Derive active rules based on policy and active state int appId = UserHandle.getAppId(uid); int appId = UserHandle.getAppId(uid); int uidRules = RULE_ALLOW_ALL; int uidRules = RULE_ALLOW_ALL; if (!uidForeground && (uidPolicy & POLICY_REJECT_METERED_BACKGROUND) != 0) { if (!uidForeground && (uidPolicy & POLICY_REJECT_METERED_BACKGROUND) != 0) { Loading @@ -2273,20 +2286,27 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { } } } } final int oldRules = mUidRules.get(uid); // Check dozable state, which is whitelist if (mFirewallChainStates.get(FIREWALL_CHAIN_DOZABLE) && mUidFirewallDozableRules.get(uid, FIREWALL_RULE_DEFAULT) != FIREWALL_RULE_ALLOW) { uidRules = RULE_REJECT_ALL; } // Check standby state, which is blacklist if (mFirewallChainStates.get(FIREWALL_CHAIN_STANDBY) && mUidFirewallStandbyRules.get(uid, FIREWALL_RULE_DEFAULT) == FIREWALL_RULE_DENY) { uidRules = RULE_REJECT_ALL; } final int oldRules = mUidRules.get(uid); if (uidRules == RULE_ALLOW_ALL) { if (uidRules == RULE_ALLOW_ALL) { mUidRules.delete(uid); mUidRules.delete(uid); } else { } else { mUidRules.put(uid, uidRules); mUidRules.put(uid, uidRules); } } // Update bandwidth rules if necessary final boolean rejectMetered = (uidRules == RULE_REJECT_METERED); final boolean oldRejectMetered = (oldRules & RULE_REJECT_METERED) != 0; final boolean rejectMetered = (uidRules & RULE_REJECT_METERED) != 0; if (oldRejectMetered != rejectMetered) { setUidNetworkRules(uid, rejectMetered); setUidNetworkRules(uid, rejectMetered); } // dispatch changed rule to existing listeners // dispatch changed rule to existing listeners if (oldRules != uidRules) { if (oldRules != uidRules) { Loading Loading @@ -2472,6 +2492,12 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { * Add or remove a uid to the firewall blacklist for all network ifaces. * Add or remove a uid to the firewall blacklist for all network ifaces. */ */ private void setUidFirewallRule(int chain, int uid, int rule) { private void setUidFirewallRule(int chain, int uid, int rule) { if (chain == FIREWALL_CHAIN_DOZABLE) { mUidFirewallDozableRules.put(uid, rule); } else if (chain == FIREWALL_CHAIN_STANDBY) { mUidFirewallStandbyRules.put(uid, rule); } try { try { mNetworkManager.setFirewallUidRule(chain, uid, rule); mNetworkManager.setFirewallUidRule(chain, uid, rule); } catch (IllegalStateException e) { } catch (IllegalStateException e) { Loading
