Loading core/java/android/net/NetworkPolicyManager.java +2 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,8 @@ public class NetworkPolicyManager { public static final int POLICY_ALLOW_METERED_BACKGROUND = 0x4; /** Reject application network traffic on cellular network */ public static final int POLICY_REJECT_ON_DATA = 0x10000; /** Reject application network traffic on virtual private network */ public static final int POLICY_REJECT_ON_VPN = 0x20000; /** Reject application network traffic on wifi network */ public static final int POLICY_REJECT_ON_WLAN = 0x8000; Loading core/java/android/os/INetworkManagementService.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -452,8 +452,9 @@ interface INetworkManagementService boolean isNetworkRestricted(int uid); /** * Restrict UID from accessing data/wifi * Restrict UID from accessing mobile data/vpn/wifi */ void restrictAppOnData(int uid, boolean restrict); void restrictAppOnVpn(int uid, boolean restrict); void restrictAppOnWlan(int uid, boolean restrict); } services/core/java/com/android/server/NetworkManagementService.java +77 −6 Original line number Diff line number Diff line Loading @@ -67,6 +67,7 @@ import android.net.IpPrefix; import android.net.LinkAddress; import android.net.LinkProperties; import android.net.Network; import android.net.NetworkCapabilities; import android.net.NetworkPolicyManager; import android.net.NetworkStats; import android.net.NetworkUtils; Loading Loading @@ -241,8 +242,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub private INetd mNetdService; private String mDataInterfaceName; private String mVpnInterfaceName; private String mWlanInterfaceName; private BroadcastReceiver mPendingDataRestrictReceiver; private BroadcastReceiver mPendingVpnRestrictReceiver; private IBatteryStats mBatteryStats; Loading Loading @@ -280,6 +283,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub /** Set of UIDs blacklisted on cellular networks. */ @GuardedBy("mQuotaLock") final SparseBooleanArray mDataBlacklist = new SparseBooleanArray(); /** Set of UIDs blacklisted on virtual private networks. */ @GuardedBy("mQuotaLock") final SparseBooleanArray mVpnBlacklist = new SparseBooleanArray(); /** Set of UIDs blacklisted on WiFi networks. */ @GuardedBy("mQuotaLock") final SparseBooleanArray mWlanBlacklist = new SparseBooleanArray(); Loading Loading @@ -341,6 +347,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub new RemoteCallbackList<>(); private boolean mNetworkActive; private SparseBooleanArray mPendingRestrictOnData = new SparseBooleanArray(); private SparseBooleanArray mPendingRestrictOnVpn = new SparseBooleanArray(); /** * Constructs a new NetworkManagementService instance Loading Loading @@ -430,9 +437,19 @@ public class NetworkManagementService extends INetworkManagementService.Stub processPendingDataRestrictRequests(); } }; // Note: processPendingVpnRestrictRequests() will unregister // mPendingVpnRestrictReceiver once it has been able to determine // the vpn network interface name. mPendingVpnRestrictReceiver = new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent) { processPendingVpnRestrictRequests(); } }; final IntentFilter filter = new IntentFilter(); filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION); mContext.registerReceiver(mPendingDataRestrictReceiver, filter); mContext.registerReceiver(mPendingVpnRestrictReceiver, filter); } private IBatteryStats getBatteryStats() { Loading Loading @@ -1854,8 +1871,37 @@ public class NetworkManagementService extends INetworkManagementService.Stub try { final String action = restrict ? "add" : "remove"; mConnector.execute("bandwidth", action + "restrictappsondata", mDataInterfaceName, uid); mConnector.execute("bandwidth", action + "restrictappsondata", mDataInterfaceName, uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } } @Override public void restrictAppOnVpn(int uid, boolean restrict) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); // silently discard when control disabled if (!mBandwidthControlEnabled) return; initVpnInterface(); if (TextUtils.isEmpty(mVpnInterfaceName)) { // We don't have an interface name since vpn is not active // yet, so queue up the request for when it comes up alive mPendingRestrictOnVpn.put(uid, restrict); return; } synchronized (mQuotaLock) { boolean oldValue = mVpnBlacklist.get(uid, false); if (oldValue == restrict) { return; } mVpnBlacklist.put(uid, restrict); } try { final String action = restrict ? "add" : "remove"; mConnector.execute("bandwidth", action + "restrictappsonvpn", mVpnInterfaceName, uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } Loading Loading @@ -1895,12 +1941,27 @@ public class NetworkManagementService extends INetworkManagementService.Stub } int count = mPendingRestrictOnData.size(); for (int i = 0; i < count; i++) { restrictAppOnData(mPendingRestrictOnData.keyAt(i), mPendingRestrictOnData.valueAt(i)); restrictAppOnData(mPendingRestrictOnData.keyAt(i), mPendingRestrictOnData.valueAt(i)); } mPendingRestrictOnData.clear(); } private void processPendingVpnRestrictRequests() { initVpnInterface(); if (TextUtils.isEmpty(mVpnInterfaceName)) { return; } if (mPendingVpnRestrictReceiver != null) { mContext.unregisterReceiver(mPendingVpnRestrictReceiver); mPendingVpnRestrictReceiver = null; } int count = mPendingRestrictOnVpn.size(); for (int i = 0; i < count; i++) { restrictAppOnVpn(mPendingRestrictOnVpn.keyAt(i), mPendingRestrictOnVpn.valueAt(i)); } mPendingRestrictOnVpn.clear(); } @Override public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges) throws ServiceSpecificException { Loading Loading @@ -2856,14 +2917,24 @@ public class NetworkManagementService extends INetworkManagementService.Stub if (!TextUtils.isEmpty(mDataInterfaceName)) { return; } ConnectivityManager cm = (ConnectivityManager) mContext.getSystemService( Context.CONNECTIVITY_SERVICE); ConnectivityManager cm = mContext.getSystemService(ConnectivityManager.class); LinkProperties linkProperties = cm.getLinkProperties(ConnectivityManager.TYPE_MOBILE); if (linkProperties != null) { mDataInterfaceName = linkProperties.getInterfaceName(); } } private void initVpnInterface() { if (!TextUtils.isEmpty(mVpnInterfaceName)) { return; } ConnectivityManager cm = mContext.getSystemService(ConnectivityManager.class); LinkProperties linkProperties = cm.getLinkProperties(ConnectivityManager.TYPE_VPN); if (linkProperties != null) { mVpnInterfaceName = linkProperties.getInterfaceName(); } } @VisibleForTesting class LocalService extends NetworkManagementInternal { @Override Loading services/core/java/com/android/server/net/NetworkPolicyManagerService.java +2 −0 Original line number Diff line number Diff line Loading @@ -57,6 +57,7 @@ import static android.net.NetworkPolicyManager.POLICY_ALLOW_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.POLICY_NONE; import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.POLICY_REJECT_ON_DATA; import static android.net.NetworkPolicyManager.POLICY_REJECT_ON_VPN; import static android.net.NetworkPolicyManager.POLICY_REJECT_ON_WLAN; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_ALLOW_METERED; Loading Loading @@ -3995,6 +3996,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { try { mNetworkManager.restrictAppOnData(uid, (uidPolicy & POLICY_REJECT_ON_DATA) != 0); mNetworkManager.restrictAppOnVpn(uid, (uidPolicy & POLICY_REJECT_ON_VPN) != 0); mNetworkManager.restrictAppOnWlan(uid, (uidPolicy & POLICY_REJECT_ON_WLAN) != 0); } catch (RemoteException e) { // ignored; service lives in system_server Loading Loading
core/java/android/net/NetworkPolicyManager.java +2 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,8 @@ public class NetworkPolicyManager { public static final int POLICY_ALLOW_METERED_BACKGROUND = 0x4; /** Reject application network traffic on cellular network */ public static final int POLICY_REJECT_ON_DATA = 0x10000; /** Reject application network traffic on virtual private network */ public static final int POLICY_REJECT_ON_VPN = 0x20000; /** Reject application network traffic on wifi network */ public static final int POLICY_REJECT_ON_WLAN = 0x8000; Loading
core/java/android/os/INetworkManagementService.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -452,8 +452,9 @@ interface INetworkManagementService boolean isNetworkRestricted(int uid); /** * Restrict UID from accessing data/wifi * Restrict UID from accessing mobile data/vpn/wifi */ void restrictAppOnData(int uid, boolean restrict); void restrictAppOnVpn(int uid, boolean restrict); void restrictAppOnWlan(int uid, boolean restrict); }
services/core/java/com/android/server/NetworkManagementService.java +77 −6 Original line number Diff line number Diff line Loading @@ -67,6 +67,7 @@ import android.net.IpPrefix; import android.net.LinkAddress; import android.net.LinkProperties; import android.net.Network; import android.net.NetworkCapabilities; import android.net.NetworkPolicyManager; import android.net.NetworkStats; import android.net.NetworkUtils; Loading Loading @@ -241,8 +242,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub private INetd mNetdService; private String mDataInterfaceName; private String mVpnInterfaceName; private String mWlanInterfaceName; private BroadcastReceiver mPendingDataRestrictReceiver; private BroadcastReceiver mPendingVpnRestrictReceiver; private IBatteryStats mBatteryStats; Loading Loading @@ -280,6 +283,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub /** Set of UIDs blacklisted on cellular networks. */ @GuardedBy("mQuotaLock") final SparseBooleanArray mDataBlacklist = new SparseBooleanArray(); /** Set of UIDs blacklisted on virtual private networks. */ @GuardedBy("mQuotaLock") final SparseBooleanArray mVpnBlacklist = new SparseBooleanArray(); /** Set of UIDs blacklisted on WiFi networks. */ @GuardedBy("mQuotaLock") final SparseBooleanArray mWlanBlacklist = new SparseBooleanArray(); Loading Loading @@ -341,6 +347,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub new RemoteCallbackList<>(); private boolean mNetworkActive; private SparseBooleanArray mPendingRestrictOnData = new SparseBooleanArray(); private SparseBooleanArray mPendingRestrictOnVpn = new SparseBooleanArray(); /** * Constructs a new NetworkManagementService instance Loading Loading @@ -430,9 +437,19 @@ public class NetworkManagementService extends INetworkManagementService.Stub processPendingDataRestrictRequests(); } }; // Note: processPendingVpnRestrictRequests() will unregister // mPendingVpnRestrictReceiver once it has been able to determine // the vpn network interface name. mPendingVpnRestrictReceiver = new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent) { processPendingVpnRestrictRequests(); } }; final IntentFilter filter = new IntentFilter(); filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION); mContext.registerReceiver(mPendingDataRestrictReceiver, filter); mContext.registerReceiver(mPendingVpnRestrictReceiver, filter); } private IBatteryStats getBatteryStats() { Loading Loading @@ -1854,8 +1871,37 @@ public class NetworkManagementService extends INetworkManagementService.Stub try { final String action = restrict ? "add" : "remove"; mConnector.execute("bandwidth", action + "restrictappsondata", mDataInterfaceName, uid); mConnector.execute("bandwidth", action + "restrictappsondata", mDataInterfaceName, uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } } @Override public void restrictAppOnVpn(int uid, boolean restrict) { mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG); // silently discard when control disabled if (!mBandwidthControlEnabled) return; initVpnInterface(); if (TextUtils.isEmpty(mVpnInterfaceName)) { // We don't have an interface name since vpn is not active // yet, so queue up the request for when it comes up alive mPendingRestrictOnVpn.put(uid, restrict); return; } synchronized (mQuotaLock) { boolean oldValue = mVpnBlacklist.get(uid, false); if (oldValue == restrict) { return; } mVpnBlacklist.put(uid, restrict); } try { final String action = restrict ? "add" : "remove"; mConnector.execute("bandwidth", action + "restrictappsonvpn", mVpnInterfaceName, uid); } catch (NativeDaemonConnectorException e) { throw e.rethrowAsParcelableException(); } Loading Loading @@ -1895,12 +1941,27 @@ public class NetworkManagementService extends INetworkManagementService.Stub } int count = mPendingRestrictOnData.size(); for (int i = 0; i < count; i++) { restrictAppOnData(mPendingRestrictOnData.keyAt(i), mPendingRestrictOnData.valueAt(i)); restrictAppOnData(mPendingRestrictOnData.keyAt(i), mPendingRestrictOnData.valueAt(i)); } mPendingRestrictOnData.clear(); } private void processPendingVpnRestrictRequests() { initVpnInterface(); if (TextUtils.isEmpty(mVpnInterfaceName)) { return; } if (mPendingVpnRestrictReceiver != null) { mContext.unregisterReceiver(mPendingVpnRestrictReceiver); mPendingVpnRestrictReceiver = null; } int count = mPendingRestrictOnVpn.size(); for (int i = 0; i < count; i++) { restrictAppOnVpn(mPendingRestrictOnVpn.keyAt(i), mPendingRestrictOnVpn.valueAt(i)); } mPendingRestrictOnVpn.clear(); } @Override public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges) throws ServiceSpecificException { Loading Loading @@ -2856,14 +2917,24 @@ public class NetworkManagementService extends INetworkManagementService.Stub if (!TextUtils.isEmpty(mDataInterfaceName)) { return; } ConnectivityManager cm = (ConnectivityManager) mContext.getSystemService( Context.CONNECTIVITY_SERVICE); ConnectivityManager cm = mContext.getSystemService(ConnectivityManager.class); LinkProperties linkProperties = cm.getLinkProperties(ConnectivityManager.TYPE_MOBILE); if (linkProperties != null) { mDataInterfaceName = linkProperties.getInterfaceName(); } } private void initVpnInterface() { if (!TextUtils.isEmpty(mVpnInterfaceName)) { return; } ConnectivityManager cm = mContext.getSystemService(ConnectivityManager.class); LinkProperties linkProperties = cm.getLinkProperties(ConnectivityManager.TYPE_VPN); if (linkProperties != null) { mVpnInterfaceName = linkProperties.getInterfaceName(); } } @VisibleForTesting class LocalService extends NetworkManagementInternal { @Override Loading
services/core/java/com/android/server/net/NetworkPolicyManagerService.java +2 −0 Original line number Diff line number Diff line Loading @@ -57,6 +57,7 @@ import static android.net.NetworkPolicyManager.POLICY_ALLOW_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.POLICY_NONE; import static android.net.NetworkPolicyManager.POLICY_REJECT_METERED_BACKGROUND; import static android.net.NetworkPolicyManager.POLICY_REJECT_ON_DATA; import static android.net.NetworkPolicyManager.POLICY_REJECT_ON_VPN; import static android.net.NetworkPolicyManager.POLICY_REJECT_ON_WLAN; import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL; import static android.net.NetworkPolicyManager.RULE_ALLOW_METERED; Loading Loading @@ -3995,6 +3996,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { try { mNetworkManager.restrictAppOnData(uid, (uidPolicy & POLICY_REJECT_ON_DATA) != 0); mNetworkManager.restrictAppOnVpn(uid, (uidPolicy & POLICY_REJECT_ON_VPN) != 0); mNetworkManager.restrictAppOnWlan(uid, (uidPolicy & POLICY_REJECT_ON_WLAN) != 0); } catch (RemoteException e) { // ignored; service lives in system_server Loading
