Merge "Cleaning up flag NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE" into main am: 7a43fd10c6 (c18aeb88) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/net/NetworkPolicyManagerService.java

+86 −121

Original line number	Diff line number	Diff line
		@@ -512,12 +512,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		// Denotes the status of restrict background read from disk.
		private boolean mLoadedRestrictBackground;

		/**
		* Whether or not network for apps in proc-states greater than
		* {@link NetworkPolicyManager#BACKGROUND_THRESHOLD_STATE} is always blocked.
		*/
		private boolean mBackgroundNetworkRestricted;

		/**
		* Whether or not metered firewall chains should be used for uid policy controlling access to
		* metered networks.
		@@ -1117,14 +1111,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		writePolicyAL();
		}

		// The flag is boot-stable.
		mBackgroundNetworkRestricted = Flags.networkBlockedForTopSleepingAndAbove();
		if (mBackgroundNetworkRestricted) {
		// Firewall rules and UidBlockedState will get updated in
		// updateRulesForGlobalChangeAL below.
		enableFirewallChainUL(FIREWALL_CHAIN_BACKGROUND, true);
		}

		setRestrictBackgroundUL(mLoadedRestrictBackground, "init_service");
		updateRulesForGlobalChangeAL(false);
		updateNotificationsNL();
		@@ -1135,11 +1122,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		final int changes = ActivityManager.UID_OBSERVER_PROCSTATE
		\| ActivityManager.UID_OBSERVER_GONE
		\| ActivityManager.UID_OBSERVER_CAPABILITY;

		final int cutpoint = mBackgroundNetworkRestricted ? PROCESS_STATE_UNKNOWN
		: NetworkPolicyManager.FOREGROUND_THRESHOLD_STATE;
		mActivityManagerInternal.registerNetworkPolicyUidObserver(mUidObserver, changes,
		cutpoint, "android");
		PROCESS_STATE_UNKNOWN, "android");
		mNetworkManager.registerObserver(mAlertObserver);
		} catch (RemoteException e) {
		// ignored; both services live in system_server
		@@ -1280,7 +1264,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		// different chains may change.
		return true;
		}
		if (mBackgroundNetworkRestricted) {
		if ((previousProcState >= BACKGROUND_THRESHOLD_STATE)
		!= (newProcState >= BACKGROUND_THRESHOLD_STATE)) {
		// Proc-state change crossed BACKGROUND_THRESHOLD_STATE: The network rules will
		@@ -1295,7 +1278,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		// transition delay is reduced, so we may have to update the rules sooner.
		return true;
		}
		}
		final int networkCapabilities = PROCESS_CAPABILITY_POWER_RESTRICTED_NETWORK
		\| PROCESS_CAPABILITY_USER_RESTRICTED_NETWORK;
		if ((previousInfo.capability & networkCapabilities)
		@@ -1367,9 +1349,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		// on background handler thread, and POWER_SAVE_WHITELIST_CHANGED is protected
		synchronized (mUidRulesFirstLock) {
		updatePowerSaveAllowlistUL();
		if (mBackgroundNetworkRestricted) {
		updateRulesForBackgroundChainUL();
		}
		updateRulesForRestrictPowerUL();
		updateRulesForAppIdleUL();
		}
		@@ -4100,8 +4080,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {

		fout.println();
		fout.println("Flags:");
		fout.println(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE + ": "
		+ mBackgroundNetworkRestricted);
		fout.println(Flags.FLAG_USE_METERED_FIREWALL_CHAINS + ": "
		+ mUseMeteredFirewallChains);
		fout.println(Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN + ": "
		@@ -4251,7 +4229,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		fout.decreaseIndent();
		}

		if (mBackgroundNetworkRestricted) {
		fout.println();
		if (mUseDifferentDelaysForBackgroundChain) {
		fout.print("Background restrictions short delay: ");
		@@ -4279,7 +4256,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		fout.decreaseIndent();
		}
		fout.println();
		}

		final SparseBooleanArray knownUids = new SparseBooleanArray();
		collectKeys(mUidState, knownUids);
		@@ -4465,7 +4441,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		}
		updatePowerRestrictionRules = true;
		}
		if (mBackgroundNetworkRestricted) {
		final boolean wasAllowed = isProcStateAllowedNetworkWhileBackground(
		oldUidState);
		final boolean isAllowed = isProcStateAllowedNetworkWhileBackground(newUidState);
		@@ -4510,7 +4485,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		mNextProcessBackgroundUidsTime = completionTimeMs;
		}
		}
		}
		if (mLowPowerStandbyActive) {
		boolean allowedInLpsChanged =
		isProcStateAllowedWhileInLowPowerStandby(oldUidState)
		@@ -4545,12 +4519,10 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		if (mRestrictPower) {
		updateRuleForRestrictPowerUL(uid);
		}
		if (mBackgroundNetworkRestricted) {
		// Uid is no longer running, there is no point in any grace period of network
		// access during transitions to lower importance proc-states.
		mBackgroundTransitioningUids.delete(uid);
		updateRuleForBackgroundUL(uid);
		}
		updateRulesForPowerRestrictionsUL(uid);
		if (mLowPowerStandbyActive) {
		updateRuleForLowPowerStandbyUL(uid);
		@@ -5021,9 +4993,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		"updateRulesForGlobalChangeAL: " + (restrictedNetworksChanged ? "R" : "-"));
		}
		try {
		if (mBackgroundNetworkRestricted) {
		updateRulesForBackgroundChainUL();
		}
		updateRulesForAppIdleUL();
		updateRulesForRestrictPowerUL();
		updateRulesForRestrictBackgroundUL();
		@@ -5183,9 +5153,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		updateRuleForAppIdleUL(uid, PROCESS_STATE_UNKNOWN);
		updateRuleForDeviceIdleUL(uid);
		updateRuleForRestrictPowerUL(uid);
		if (mBackgroundNetworkRestricted) {
		updateRuleForBackgroundUL(uid);
		}
		// Update internal rules.
		updateRulesForPowerRestrictionsUL(uid);
		}
		@@ -5358,9 +5326,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		updateRuleForDeviceIdleUL(uid);
		updateRuleForAppIdleUL(uid, PROCESS_STATE_UNKNOWN);
		updateRuleForRestrictPowerUL(uid);
		if (mBackgroundNetworkRestricted) {
		updateRuleForBackgroundUL(uid);
		}

		// If the uid has the necessary permissions, then it should be added to the restricted mode
		// firewall allowlist.
		@@ -5611,7 +5577,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		newBlockedReasons \|= (mLowPowerStandbyActive ? BLOCKED_REASON_LOW_POWER_STANDBY : 0);
		newBlockedReasons \|= (isUidIdle ? BLOCKED_REASON_APP_STANDBY : 0);
		newBlockedReasons \|= (uidBlockedState.blockedReasons & BLOCKED_REASON_RESTRICTED_MODE);
		newBlockedReasons \|= mBackgroundNetworkRestricted ? BLOCKED_REASON_APP_BACKGROUND : 0;
		newBlockedReasons \|= BLOCKED_REASON_APP_BACKGROUND;

		newAllowedReasons \|= (isSystem(uid) ? ALLOWED_REASON_SYSTEM : 0);
		newAllowedReasons \|= (isForeground ? ALLOWED_REASON_FOREGROUND : 0);
		@@ -5624,8 +5590,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
		& ALLOWED_REASON_RESTRICTED_MODE_PERMISSIONS);
		newAllowedReasons \|= (isAllowlistedFromLowPowerStandbyUL(uid))
		? ALLOWED_REASON_LOW_POWER_STANDBY_ALLOWLIST : 0;
		newAllowedReasons \|= (mBackgroundNetworkRestricted
		&& isUidExemptFromBackgroundRestrictions(uid))
		newAllowedReasons \|= isUidExemptFromBackgroundRestrictions(uid)
		? ALLOWED_REASON_NOT_IN_BACKGROUND : 0;

		uidBlockedState.blockedReasons = (uidBlockedState.blockedReasons

services/core/java/com/android/server/net/flags.aconfig

+0 −7

Original line number	Diff line number	Diff line
		package: "com.android.server.net"
		container: "system"

		flag {
		name: "network_blocked_for_top_sleeping_and_above"
		namespace: "backstage_power"
		description: "Block network access for apps in a low importance background state"
		bug: "304347838"
		}

		flag {
		name: "use_metered_firewall_chains"
		namespace: "backstage_power"

services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java

+1 −12

Original line number	Diff line number	Diff line
		@@ -2158,13 +2158,11 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		public void testBackgroundChainEnabled() throws Exception {
		verify(mNetworkManager).setFirewallChainEnabled(FIREWALL_CHAIN_BACKGROUND, true);
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		@RequiresFlagsDisabled(Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN)
		public void testBackgroundChainOnProcStateChangeSameDelay() throws Exception {
		// initialization calls setFirewallChainEnabled, so we want to reset the invocations.
		@@ -2194,10 +2192,7 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled({
		Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE,
		Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN
		})
		@RequiresFlagsEnabled(Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN)
		public void testBackgroundChainOnProcStateChangeDifferentDelays() throws Exception {
		// The app will be blocked when there is no prior proc-state.
		assertTrue(mService.isUidNetworkingBlocked(UID_A, false));
		@@ -2247,7 +2242,6 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		public void testBackgroundChainOnAllowlistChange() throws Exception {
		// initialization calls setFirewallChainEnabled, so we want to reset the invocations.
		clearInvocations(mNetworkManager);
		@@ -2285,7 +2279,6 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		public void testBackgroundChainOnTempAllowlistChange() throws Exception {
		// initialization calls setFirewallChainEnabled, so we want to reset the invocations.
		clearInvocations(mNetworkManager);
		@@ -2387,7 +2380,6 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		public void testUidObserverFiltersProcStateChanges() throws Exception {
		int testProcStateSeq = 0;
		try (SyncBarrier b = new SyncBarrier(mService.mUidEventHandler)) {
		@@ -2450,7 +2442,6 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		public void testUidObserverFiltersStaleChanges() throws Exception {
		final int testProcStateSeq = 51;
		try (SyncBarrier b = new SyncBarrier(mService.mUidEventHandler)) {
		@@ -2470,7 +2461,6 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		public void testUidObserverFiltersCapabilityChanges() throws Exception {
		int testProcStateSeq = 0;
		try (SyncBarrier b = new SyncBarrier(mService.mUidEventHandler)) {
		@@ -2559,7 +2549,6 @@ public class NetworkPolicyManagerServiceTest {
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
		public void testObsoleteHandleUidChanged() throws Exception {
		callAndWaitOnUidGone(UID_A);
		assertTrue(mService.isUidNetworkingBlocked(UID_A, false));