Merge "Restricting network for low-priority proc-states" into main am: aa68cf5bbd (f651e2f0) · Commits · e / os / android_frameworks_base

core/java/android/net/NetworkPolicyManager.java

+31 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		package android.net;

		import static android.app.ActivityManager.PROCESS_CAPABILITY_POWER_RESTRICTED_NETWORK;
		import static android.app.ActivityManager.PROCESS_STATE_UNKNOWN;
		import static android.app.ActivityManager.procStateToString;
		import static android.content.pm.PackageManager.GET_SIGNATURES;
		@@ -170,6 +171,8 @@ public class NetworkPolicyManager {
		public static final String FIREWALL_CHAIN_NAME_RESTRICTED = "restricted";
		/** @hide */
		public static final String FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY = "low_power_standby";
		/** @hide */
		public static final String FIREWALL_CHAIN_NAME_BACKGROUND = "background";

		private static final boolean ALLOW_PLATFORM_APP_POLICY = true;

		@@ -180,6 +183,9 @@ public class NetworkPolicyManager {
		/** @hide */
		public static final int TOP_THRESHOLD_STATE = ActivityManager.PROCESS_STATE_BOUND_TOP;

		/** @hide */
		public static final int BACKGROUND_THRESHOLD_STATE = ActivityManager.PROCESS_STATE_TOP_SLEEPING;

		/**
		* {@link Intent} extra that indicates which {@link NetworkTemplate} rule it
		* applies to.
		@@ -264,6 +270,16 @@ public class NetworkPolicyManager {
		* @hide
		*/
		public static final int ALLOWED_REASON_LOW_POWER_STANDBY_ALLOWLIST = 1 << 6;

		/**
		* Flag to indicate that the app is exempt from always-on background network restrictions.
		* Note that this is explicitly different to the flag NOT_FOREGROUND which is used to grant
		* shared exception to apps from power restrictions like doze, battery saver and app-standby.
		*
		* @hide
		*/
		public static final int ALLOWED_REASON_NOT_IN_BACKGROUND = 1 << 7;

		/**
		* Flag to indicate that app is exempt from certain metered network restrictions because user
		* explicitly exempted it.
		@@ -821,6 +837,21 @@ public class NetworkPolicyManager {
		return uidState.procState <= TOP_THRESHOLD_STATE;
		}

		/**
		* This is currently only used as an implementation detail for
		* {@link com.android.server.net.NetworkPolicyManagerService}.
		* Only put here to be together with other isProcStateAllowed* methods.
		*
		* @hide
		*/
		public static boolean isProcStateAllowedNetworkWhileBackground(@Nullable UidState uidState) {
		if (uidState == null) {
		return false;
		}
		return uidState.procState < BACKGROUND_THRESHOLD_STATE
		\|\| (uidState.capability & PROCESS_CAPABILITY_POWER_RESTRICTED_NETWORK) != 0;
		}

		/**
		* Returns true if {@param procState} is considered foreground and as such will be allowed
		* to access network when the device is in data saver mode. Otherwise, false.

services/core/Android.bp

+1 −0

Original line number	Diff line number	Diff line
		@@ -190,6 +190,7 @@ java_library_static {
		"com.android.sysprop.watchdog",
		"ImmutabilityAnnotation",
		"securebox",
		"net_flags_lib",
		],
		javac_shard_size: 50,
		javacflags: [

services/core/java/com/android/server/net/Android.bp

0 → 100644

+10 −0

Original line number	Diff line number	Diff line
		aconfig_declarations {
		name: "net_flags",
		package: "com.android.server.net",
		srcs: ["*.aconfig"],
		}

		java_aconfig_library {
		name: "net_flags_lib",
		aconfig_declarations: "net_flags",
		}

services/core/java/com/android/server/net/NetworkManagementService.java

+27 −1

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		package com.android.server.net;

		import static android.Manifest.permission.CONNECTIVITY_INTERNAL;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_BACKGROUND;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
		@@ -27,6 +28,7 @@ import static android.net.INetd.FIREWALL_CHAIN_NONE;
		import static android.net.INetd.FIREWALL_DENYLIST;
		import static android.net.INetd.FIREWALL_RULE_ALLOW;
		import static android.net.INetd.FIREWALL_RULE_DENY;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_BACKGROUND;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE;
		@@ -187,6 +189,13 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
		*/
		@GuardedBy("mRulesLock")
		private final SparseIntArray mUidFirewallLowPowerStandbyRules = new SparseIntArray();

		/**
		* Contains the per-UID firewall rules that are used when Background chain is enabled.
		*/
		@GuardedBy("mRulesLock")
		private final SparseIntArray mUidFirewallBackgroundRules = new SparseIntArray();

		/** Set of states for the child firewall chains. True if the chain is active. */
		@GuardedBy("mRulesLock")
		final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray();
		@@ -449,13 +458,15 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
		syncFirewallChainLocked(FIREWALL_CHAIN_POWERSAVE, "powersave ");
		syncFirewallChainLocked(FIREWALL_CHAIN_RESTRICTED, "restricted ");
		syncFirewallChainLocked(FIREWALL_CHAIN_LOW_POWER_STANDBY, "low power standby ");
		syncFirewallChainLocked(FIREWALL_CHAIN_BACKGROUND, FIREWALL_CHAIN_NAME_BACKGROUND);

		final int[] chains = {
		FIREWALL_CHAIN_STANDBY,
		FIREWALL_CHAIN_DOZABLE,
		FIREWALL_CHAIN_POWERSAVE,
		FIREWALL_CHAIN_RESTRICTED,
		FIREWALL_CHAIN_LOW_POWER_STANDBY
		FIREWALL_CHAIN_LOW_POWER_STANDBY,
		FIREWALL_CHAIN_BACKGROUND,
		};

		for (int chain : chains) {
		@@ -1206,6 +1217,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
		return FIREWALL_CHAIN_NAME_RESTRICTED;
		case FIREWALL_CHAIN_LOW_POWER_STANDBY:
		return FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY;
		case FIREWALL_CHAIN_BACKGROUND:
		return FIREWALL_CHAIN_NAME_BACKGROUND;
		default:
		throw new IllegalArgumentException("Bad child chain: " + chain);
		}
		@@ -1223,6 +1236,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
		return FIREWALL_ALLOWLIST;
		case FIREWALL_CHAIN_LOW_POWER_STANDBY:
		return FIREWALL_ALLOWLIST;
		case FIREWALL_CHAIN_BACKGROUND:
		return FIREWALL_ALLOWLIST;
		default:
		return isFirewallEnabled() ? FIREWALL_ALLOWLIST : FIREWALL_DENYLIST;
		}
		@@ -1343,6 +1358,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
		return mUidFirewallRestrictedRules;
		case FIREWALL_CHAIN_LOW_POWER_STANDBY:
		return mUidFirewallLowPowerStandbyRules;
		case FIREWALL_CHAIN_BACKGROUND:
		return mUidFirewallBackgroundRules;
		case FIREWALL_CHAIN_NONE:
		return mUidFirewallRules;
		default:
		@@ -1395,6 +1412,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
		pw.println(getFirewallChainState(FIREWALL_CHAIN_LOW_POWER_STANDBY));
		dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY,
		mUidFirewallLowPowerStandbyRules);

		pw.print("UID firewall background chain enabled: ");
		pw.println(getFirewallChainState(FIREWALL_CHAIN_BACKGROUND));
		dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_BACKGROUND, mUidFirewallBackgroundRules);
		}

		pw.print("Firewall enabled: "); pw.println(mFirewallEnabled);
		@@ -1494,6 +1515,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
		if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of low power standby");
		return true;
		}
		if (getFirewallChainState(FIREWALL_CHAIN_BACKGROUND)
		&& mUidFirewallBackgroundRules.get(uid) != FIREWALL_RULE_ALLOW) {
		if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because it is in background");
		return true;
		}
		if (mUidRejectOnMetered.get(uid)) {
		if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of no metered data"
		+ " in the background");

services/core/java/com/android/server/net/NetworkPolicyLogger.java

+4 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@
		package com.android.server.net;

		import static android.net.ConnectivityManager.BLOCKED_REASON_NONE;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_BACKGROUND;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY;
		import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
		@@ -24,6 +25,7 @@ import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
		import static android.net.INetd.FIREWALL_RULE_ALLOW;
		import static android.net.INetd.FIREWALL_RULE_DENY;
		import static android.net.NetworkPolicyManager.ALLOWED_REASON_NONE;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_BACKGROUND;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY;
		import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE;
		@@ -389,6 +391,8 @@ public class NetworkPolicyLogger {
		return FIREWALL_CHAIN_NAME_RESTRICTED;
		case FIREWALL_CHAIN_LOW_POWER_STANDBY:
		return FIREWALL_CHAIN_NAME_LOW_POWER_STANDBY;
		case FIREWALL_CHAIN_BACKGROUND:
		return FIREWALL_CHAIN_NAME_BACKGROUND;
		default:
		return String.valueOf(chain);
		}