Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit be7c50e0 authored by Dianne Hackborn's avatar Dianne Hackborn
Browse files

Add network access blocking when in battery save mode. 

The network policy manager now monitors battery save mode and,
when in battery save, uses its facility to block access to metered
networks to block access to all networks.  That is, it tells the
network management service that all networks have an (infinite)
quota, and puts various app uids to be restricted under quota
interfaces as appropriate.

This new network blocking needs a new facility to be able to white
list apps, such as GmsCore.  To do this, I refactored the package
manager's permission configuration stuff into a separate SystemConfig
class that can be used by others, and it now has a new tag to
specify package names that should be white-listed for power save
mode.  These are retrieved by the network policy manager and used
to build a whitelist of uids.

The new general config files can now go in system/etc/config,
though currently everything still remains in the permissions dir.

Still left to be done is changing the semantics of what uids are
allowed in this mode, to include all perceptable uids.  (So that we
can still do things like background music playback.)  This will be
done in a follow-on CL.

Change-Id: I9bb7029f61dae62e6236da5ca60765439f8d76d2
parent 5dfb86bb

core/java/android/net/INetworkPolicyManager.aidl

+4 −0
Original line number Diff line number Diff line
@@ -31,11 +31,15 @@ interface INetworkPolicyManager { 


    /** Control UID policies. */

    void setUidPolicy(int uid, int policy);

    void addUidPolicy(int uid, int policy);

    void removeUidPolicy(int uid, int policy);

    int getUidPolicy(int uid);

    int[] getUidsWithPolicy(int policy);



    boolean isUidForeground(int uid);



    int[] getPowerSaveAppIdWhitelist();



    void registerListener(INetworkPolicyListener listener);

    void unregisterListener(INetworkPolicyListener listener);

core/java/android/net/NetworkPolicyManager.java

+35 −1
Original line number Diff line number Diff line
@@ -45,6 +45,8 @@ public class NetworkPolicyManager { 
    public static final int POLICY_NONE = 0x0;

    /** Reject network usage on metered networks when application in background. */

    public static final int POLICY_REJECT_METERED_BACKGROUND = 0x1;

    /** Allow network use (metered or not) in the background in battery save mode. */

    public static final int POLICY_ALLOW_BACKGROUND_BATTERY_SAVE = 0x2;



    /** All network traffic should be allowed. */

    public static final int RULE_ALLOW_ALL = 0x0;
@@ -76,7 +78,7 @@ public class NetworkPolicyManager { 
     * Set policy flags for specific UID.

     *

     * @param policy {@link #POLICY_NONE} or combination of flags like

     *            {@link #POLICY_REJECT_METERED_BACKGROUND}.

     * {@link #POLICY_REJECT_METERED_BACKGROUND}, {@link #POLICY_ALLOW_BACKGROUND_BATTERY_SAVE}.

     */

    public void setUidPolicy(int uid, int policy) {

        try {
@@ -85,6 +87,30 @@ public class NetworkPolicyManager { 
        }

    }



    /**

     * Add policy flags for specific UID.  The given policy bits will be set for

     * the uid.  Policy flags may be either

     * {@link #POLICY_REJECT_METERED_BACKGROUND} or {@link #POLICY_ALLOW_BACKGROUND_BATTERY_SAVE}.

     */

    public void addUidPolicy(int uid, int policy) {

        try {

            mService.addUidPolicy(uid, policy);

        } catch (RemoteException e) {

        }

    }



    /**

     * Clear/remove policy flags for specific UID.  The given policy bits will be set for

     * the uid.  Policy flags may be either

     * {@link #POLICY_REJECT_METERED_BACKGROUND} or {@link #POLICY_ALLOW_BACKGROUND_BATTERY_SAVE}.

     */

    public void removeUidPolicy(int uid, int policy) {

        try {

            mService.removeUidPolicy(uid, policy);

        } catch (RemoteException e) {

        }

    }



    public int getUidPolicy(int uid) {

        try {

            return mService.getUidPolicy(uid);
@@ -101,6 +127,14 @@ public class NetworkPolicyManager { 
        }

    }



    public int[] getPowerSaveAppIdWhitelist() {

        try {

            return mService.getPowerSaveAppIdWhitelist();

        } catch (RemoteException e) {

            return new int[0];

        }

    }



    public void registerListener(INetworkPolicyListener listener) {

        try {

            mService.registerListener(listener);

data/etc/platform.xml

+4 −0
Original line number Diff line number Diff line
@@ -141,4 +141,8 @@ 
    <library name="javax.obex"

            file="/system/framework/javax.obex.jar"/>



    <!-- These are the standard packages that are white-listed to always have internet

         access while in power save mode, even if they aren't in the foreground. -->

    <allow-in-power-save package="com.android.providers.downloads" />



</permissions>

services/core/java/com/android/server/SystemConfig.java

0 → 100644
+349 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2014 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package com.android.server;



import android.content.pm.FeatureInfo;

import android.os.*;

import android.os.Process;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.Slog;

import android.util.SparseArray;

import android.util.Xml;

import com.android.internal.util.XmlUtils;

import org.xmlpull.v1.XmlPullParser;

import org.xmlpull.v1.XmlPullParserException;



import java.io.File;

import java.io.FileNotFoundException;

import java.io.FileReader;

import java.io.IOException;

import java.util.HashMap;

import java.util.HashSet;



import static com.android.internal.util.ArrayUtils.appendInt;



/**

 * Loads global system configuration info.

 */

public class SystemConfig {

    static final String TAG = "SystemConfig";



    static SystemConfig sInstance;



    // Group-ids that are given to all packages as read from etc/permissions/*.xml.

    int[] mGlobalGids;



    // These are the built-in uid -> permission mappings that were read from the

    // system configuration files.

    final SparseArray<HashSet<String>> mSystemPermissions =

            new SparseArray<HashSet<String>>();



    // These are the built-in shared libraries that were read from the

    // system configuration files.  Keys are the library names; strings are the

    // paths to the libraries.

    final ArrayMap<String, String> mSharedLibraries

            = new ArrayMap<String, String>();



    // These are the features this devices supports that were read from the

    // system configuration files.

    final HashMap<String, FeatureInfo> mAvailableFeatures =

            new HashMap<String, FeatureInfo>();



    public static final class PermissionEntry {

        public final String name;

        public int[] gids;



        PermissionEntry(String _name) {

            name = _name;

        }

    }



    // These are the permission -> gid mappings that were read from the

    // system configuration files.

    final ArrayMap<String, PermissionEntry> mPermissions =

            new ArrayMap<String, PermissionEntry>();



    // These are the packages that are white-listed to be able to run in the

    // background while in power save mode, as read from the configuration files.

    final ArraySet<String> mAllowInPowerSave = new ArraySet<String>();



    public static SystemConfig getInstance() {

        synchronized (SystemConfig.class) {

            if (sInstance == null) {

                sInstance = new SystemConfig();

            }

            return sInstance;

        }

    }



    public int[] getGlobalGids() {

        return mGlobalGids;

    }



    public SparseArray<HashSet<String>> getSystemPermissions() {

        return mSystemPermissions;

    }



    public ArrayMap<String, String> getSharedLibraries() {

        return mSharedLibraries;

    }



    public HashMap<String, FeatureInfo> getAvailableFeatures() {

        return mAvailableFeatures;

    }



    public ArrayMap<String, PermissionEntry> getPermissions() {

        return mPermissions;

    }



    public ArraySet<String> getAllowInPowerSave() {

        return mAllowInPowerSave;

    }



    SystemConfig() {

        // Read configuration from system

        readPermissions(Environment.buildPath(

                Environment.getRootDirectory(), "etc", "sysconfig"), false);

        // Read configuration from the old permissions dir

        readPermissions(Environment.buildPath(

                Environment.getRootDirectory(), "etc", "permissions"), false);

        // Only read features from OEM config

        readPermissions(Environment.buildPath(

                Environment.getOemDirectory(), "etc", "sysconfig"), true);

        readPermissions(Environment.buildPath(

                Environment.getOemDirectory(), "etc", "permissions"), true);

    }



    void readPermissions(File libraryDir, boolean onlyFeatures) {

        // Read permissions from given directory.

        if (!libraryDir.exists() || !libraryDir.isDirectory()) {

            if (!onlyFeatures) {

                Slog.w(TAG, "No directory " + libraryDir + ", skipping");

            }

            return;

        }

        if (!libraryDir.canRead()) {

            Slog.w(TAG, "Directory " + libraryDir + " cannot be read");

            return;

        }



        // Iterate over the files in the directory and scan .xml files

        for (File f : libraryDir.listFiles()) {

            // We'll read platform.xml last

            if (f.getPath().endsWith("etc/permissions/platform.xml")) {

                continue;

            }



            if (!f.getPath().endsWith(".xml")) {

                Slog.i(TAG, "Non-xml file " + f + " in " + libraryDir + " directory, ignoring");

                continue;

            }

            if (!f.canRead()) {

                Slog.w(TAG, "Permissions library file " + f + " cannot be read");

                continue;

            }



            readPermissionsFromXml(f, onlyFeatures);

        }



        // Read permissions from .../etc/permissions/platform.xml last so it will take precedence

        final File permFile = new File(Environment.getRootDirectory(),

                "etc/permissions/platform.xml");

        readPermissionsFromXml(permFile, onlyFeatures);

    }



    private void readPermissionsFromXml(File permFile, boolean onlyFeatures) {

        FileReader permReader = null;

        try {

            permReader = new FileReader(permFile);

        } catch (FileNotFoundException e) {

            Slog.w(TAG, "Couldn't find or open permissions file " + permFile);

            return;

        }



        try {

            XmlPullParser parser = Xml.newPullParser();

            parser.setInput(permReader);



            int type;

            while ((type=parser.next()) != parser.START_TAG

                       && type != parser.END_DOCUMENT) {

                ;

            }



            if (type != parser.START_TAG) {

                throw new XmlPullParserException("No start tag found");

            }



            if (!parser.getName().equals("permissions") && !parser.getName().equals("config")) {

                throw new XmlPullParserException("Unexpected start tag: found " + parser.getName() +

                        ", expected 'permissions' or 'config'");

            }



            while (true) {

                XmlUtils.nextElement(parser);

                if (parser.getEventType() == XmlPullParser.END_DOCUMENT) {

                    break;

                }



                String name = parser.getName();

                if ("group".equals(name) && !onlyFeatures) {

                    String gidStr = parser.getAttributeValue(null, "gid");

                    if (gidStr != null) {

                        int gid = android.os.Process.getGidForName(gidStr);

                        mGlobalGids = appendInt(mGlobalGids, gid);

                    } else {

                        Slog.w(TAG, "<group> without gid at "

                                + parser.getPositionDescription());

                    }



                    XmlUtils.skipCurrentTag(parser);

                    continue;

                } else if ("permission".equals(name) && !onlyFeatures) {

                    String perm = parser.getAttributeValue(null, "name");

                    if (perm == null) {

                        Slog.w(TAG, "<permission> without name at "

                                + parser.getPositionDescription());

                        XmlUtils.skipCurrentTag(parser);

                        continue;

                    }

                    perm = perm.intern();

                    readPermission(parser, perm);



                } else if ("assign-permission".equals(name) && !onlyFeatures) {

                    String perm = parser.getAttributeValue(null, "name");

                    if (perm == null) {

                        Slog.w(TAG, "<assign-permission> without name at "

                                + parser.getPositionDescription());

                        XmlUtils.skipCurrentTag(parser);

                        continue;

                    }

                    String uidStr = parser.getAttributeValue(null, "uid");

                    if (uidStr == null) {

                        Slog.w(TAG, "<assign-permission> without uid at "

                                + parser.getPositionDescription());

                        XmlUtils.skipCurrentTag(parser);

                        continue;

                    }

                    int uid = Process.getUidForName(uidStr);

                    if (uid < 0) {

                        Slog.w(TAG, "<assign-permission> with unknown uid \""

                                + uidStr + "\" at "

                                + parser.getPositionDescription());

                        XmlUtils.skipCurrentTag(parser);

                        continue;

                    }

                    perm = perm.intern();

                    HashSet<String> perms = mSystemPermissions.get(uid);

                    if (perms == null) {

                        perms = new HashSet<String>();

                        mSystemPermissions.put(uid, perms);

                    }

                    perms.add(perm);

                    XmlUtils.skipCurrentTag(parser);



                } else if ("library".equals(name) && !onlyFeatures) {

                    String lname = parser.getAttributeValue(null, "name");

                    String lfile = parser.getAttributeValue(null, "file");

                    if (lname == null) {

                        Slog.w(TAG, "<library> without name at "

                                + parser.getPositionDescription());

                    } else if (lfile == null) {

                        Slog.w(TAG, "<library> without file at "

                                + parser.getPositionDescription());

                    } else {

                        //Log.i(TAG, "Got library " + lname + " in " + lfile);

                        mSharedLibraries.put(lname, lfile);

                    }

                    XmlUtils.skipCurrentTag(parser);

                    continue;



                } else if ("feature".equals(name)) {

                    String fname = parser.getAttributeValue(null, "name");

                    if (fname == null) {

                        Slog.w(TAG, "<feature> without name at "

                                + parser.getPositionDescription());

                    } else {

                        //Log.i(TAG, "Got feature " + fname);

                        FeatureInfo fi = new FeatureInfo();

                        fi.name = fname;

                        mAvailableFeatures.put(fname, fi);

                    }

                    XmlUtils.skipCurrentTag(parser);

                    continue;



                } else if ("allow-in-power-save".equals(name)) {

                    String pkgname = parser.getAttributeValue(null, "package");

                    if (pkgname == null) {

                        Slog.w(TAG, "<allow-in-power-save> without package at "

                                + parser.getPositionDescription());

                    } else {

                        mAllowInPowerSave.add(pkgname);

                    }

                    XmlUtils.skipCurrentTag(parser);

                    continue;



                } else {

                    XmlUtils.skipCurrentTag(parser);

                    continue;

                }



            }

            permReader.close();

        } catch (XmlPullParserException e) {

            Slog.w(TAG, "Got execption parsing permissions.", e);

        } catch (IOException e) {

            Slog.w(TAG, "Got execption parsing permissions.", e);

        }

    }



    void readPermission(XmlPullParser parser, String name)

            throws IOException, XmlPullParserException {



        name = name.intern();



        PermissionEntry perm = mPermissions.get(name);

        if (perm == null) {

            perm = new PermissionEntry(name);

            mPermissions.put(name, perm);

        }

        int outerDepth = parser.getDepth();

        int type;

        while ((type=parser.next()) != XmlPullParser.END_DOCUMENT

               && (type != XmlPullParser.END_TAG

                       || parser.getDepth() > outerDepth)) {

            if (type == XmlPullParser.END_TAG

                    || type == XmlPullParser.TEXT) {

                continue;

            }



            String tagName = parser.getName();

            if ("group".equals(tagName)) {

                String gidStr = parser.getAttributeValue(null, "gid");

                if (gidStr != null) {

                    int gid = Process.getGidForName(gidStr);

                    perm.gids = appendInt(perm.gids, gid);

                } else {

                    Slog.w(TAG, "<group> without gid at "

                            + parser.getPositionDescription());

                }

            }

            XmlUtils.skipCurrentTag(parser);

        }

    }

}

services/core/java/com/android/server/am/ActivityManagerService.java

+0 −8
Original line number Diff line number Diff line
@@ -36,9 +36,6 @@ import android.app.IActivityContainerCallback; 
import android.app.IAppTask;

import android.app.admin.DevicePolicyManager;

import android.appwidget.AppWidgetManager;

import android.content.DialogInterface.OnClickListener;

import android.content.res.Resources;

import android.graphics.BitmapFactory;

import android.graphics.Rect;

import android.os.BatteryStats;

import android.os.PersistableBundle;
@@ -174,12 +171,8 @@ import android.os.SystemProperties; 
import android.os.UpdateLock;

import android.os.UserHandle;

import android.provider.Settings;

import android.text.Spannable;

import android.text.SpannableString;

import android.text.format.DateUtils;

import android.text.format.Time;

import android.text.style.DynamicDrawableSpan;

import android.text.style.ImageSpan;

import android.util.AtomicFile;

import android.util.EventLog;

import android.util.Log;
@@ -193,7 +186,6 @@ import android.view.Gravity; 
import android.view.LayoutInflater;

import android.view.View;

import android.view.WindowManager;

import android.widget.TextView;















import java.io.BufferedInputStream;















import java.io.BufferedOutputStream;