Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2011 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.net; |
| 18 | |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 19 | import static android.content.pm.PackageManager.GET_SIGNATURES; |
Jeff Sharkey | cd2ca40 | 2011-06-10 15:14:07 -0700 | [diff] [blame] | 20 | |
Jeff Sharkey | d86b8fe | 2017-06-02 17:36:26 -0600 | [diff] [blame] | 21 | import android.annotation.SystemService; |
Sudheer Shanka | e359c3d | 2017-02-22 18:41:29 -0800 | [diff] [blame] | 22 | import android.app.ActivityManager; |
Jeff Sharkey | eedcb95 | 2011-05-17 14:55:15 -0700 | [diff] [blame] | 23 | import android.content.Context; |
Jeff Sharkey | 14711eb | 2011-06-15 10:29:17 -0700 | [diff] [blame] | 24 | import android.content.Intent; |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 25 | import android.content.pm.PackageManager; |
| 26 | import android.content.pm.PackageManager.NameNotFoundException; |
| 27 | import android.content.pm.Signature; |
Jeff Sharkey | 43d2a17 | 2017-07-12 10:50:42 -0600 | [diff] [blame] | 28 | import android.net.wifi.WifiConfiguration; |
| 29 | import android.net.wifi.WifiInfo; |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 30 | import android.os.RemoteException; |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 31 | import android.os.UserHandle; |
Jeff Sharkey | 53313d7 | 2017-07-13 16:47:32 -0600 | [diff] [blame^] | 32 | import android.telephony.SubscriptionPlan; |
Felipe Leme | 46c4fc3 | 2016-05-04 09:21:43 -0700 | [diff] [blame] | 33 | import android.util.DebugUtils; |
Jeff Sharkey | 53313d7 | 2017-07-13 16:47:32 -0600 | [diff] [blame^] | 34 | import android.util.Pair; |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 35 | |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 36 | import com.google.android.collect.Sets; |
| 37 | |
Jeff Sharkey | 53313d7 | 2017-07-13 16:47:32 -0600 | [diff] [blame^] | 38 | import java.time.ZonedDateTime; |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 39 | import java.util.HashSet; |
Jeff Sharkey | 53313d7 | 2017-07-13 16:47:32 -0600 | [diff] [blame^] | 40 | import java.util.Iterator; |
Jeff Sharkey | 1b86127 | 2011-05-22 00:34:52 -0700 | [diff] [blame] | 41 | |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 42 | /** |
| 43 | * Manager for creating and modifying network policy rules. |
| 44 | * |
| 45 | * {@hide} |
| 46 | */ |
Jeff Sharkey | d86b8fe | 2017-06-02 17:36:26 -0600 | [diff] [blame] | 47 | @SystemService(Context.NETWORK_POLICY_SERVICE) |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 48 | public class NetworkPolicyManager { |
| 49 | |
Felipe Leme | 46b451f | 2016-08-19 08:46:17 -0700 | [diff] [blame] | 50 | /* POLICY_* are masks and can be ORed, although currently they are not.*/ |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 51 | /** No specific network policy, use system default. */ |
| 52 | public static final int POLICY_NONE = 0x0; |
Jeff Sharkey | fdfef57 | 2011-06-16 15:07:48 -0700 | [diff] [blame] | 53 | /** Reject network usage on metered networks when application in background. */ |
| 54 | public static final int POLICY_REJECT_METERED_BACKGROUND = 0x1; |
Felipe Leme | 46b451f | 2016-08-19 08:46:17 -0700 | [diff] [blame] | 55 | /** Allow metered network use in the background even when in data usage save mode. */ |
| 56 | public static final int POLICY_ALLOW_METERED_BACKGROUND = 0x4; |
Jeff Sharkey | c006f1a | 2011-05-19 17:12:49 -0700 | [diff] [blame] | 57 | |
Felipe Leme | 46c4fc3 | 2016-05-04 09:21:43 -0700 | [diff] [blame] | 58 | /* |
| 59 | * Rules defining whether an uid has access to a network given its type (metered / non-metered). |
| 60 | * |
| 61 | * These rules are bits and can be used in bitmask operations; in particular: |
| 62 | * - rule & RULE_MASK_METERED: returns the metered-networks status. |
| 63 | * - rule & RULE_MASK_ALL: returns the all-networks status. |
| 64 | * |
| 65 | * The RULE_xxx_ALL rules applies to all networks (metered or non-metered), but on |
| 66 | * metered networks, the RULE_xxx_METERED rules should be checked first. For example, |
| 67 | * if the device is on Battery Saver Mode and Data Saver Mode simulatenously, and a uid |
| 68 | * is whitelisted for the former but not the latter, its status would be |
| 69 | * RULE_REJECT_METERED | RULE_ALLOW_ALL, meaning it could have access to non-metered |
| 70 | * networks but not to metered networks. |
| 71 | * |
| 72 | * See network-policy-restrictions.md for more info. |
| 73 | */ |
| 74 | /** No specific rule was set */ |
| 75 | public static final int RULE_NONE = 0; |
Felipe Leme | 70c57c2 | 2016-03-29 10:45:13 -0700 | [diff] [blame] | 76 | /** Allow traffic on metered networks. */ |
Felipe Leme | 46c4fc3 | 2016-05-04 09:21:43 -0700 | [diff] [blame] | 77 | public static final int RULE_ALLOW_METERED = 1 << 0; |
Felipe Leme | 70c57c2 | 2016-03-29 10:45:13 -0700 | [diff] [blame] | 78 | /** Temporarily allow traffic on metered networks because app is on foreground. */ |
Felipe Leme | 46c4fc3 | 2016-05-04 09:21:43 -0700 | [diff] [blame] | 79 | public static final int RULE_TEMPORARY_ALLOW_METERED = 1 << 1; |
| 80 | /** Reject traffic on metered networks. */ |
| 81 | public static final int RULE_REJECT_METERED = 1 << 2; |
| 82 | /** Network traffic should be allowed on all networks (metered or non-metered), although |
| 83 | * metered-network restrictions could still apply. */ |
| 84 | public static final int RULE_ALLOW_ALL = 1 << 5; |
| 85 | /** Reject traffic on all networks. */ |
| 86 | public static final int RULE_REJECT_ALL = 1 << 6; |
| 87 | /** Mask used to get the {@code RULE_xxx_METERED} rules */ |
| 88 | public static final int MASK_METERED_NETWORKS = 0b00001111; |
| 89 | /** Mask used to get the {@code RULE_xxx_ALL} rules */ |
| 90 | public static final int MASK_ALL_NETWORKS = 0b11110000; |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 91 | |
| 92 | public static final int FIREWALL_RULE_DEFAULT = 0; |
| 93 | public static final int FIREWALL_RULE_ALLOW = 1; |
| 94 | public static final int FIREWALL_RULE_DENY = 2; |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 95 | |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 96 | public static final int FIREWALL_TYPE_WHITELIST = 0; |
| 97 | public static final int FIREWALL_TYPE_BLACKLIST = 1; |
| 98 | |
| 99 | public static final int FIREWALL_CHAIN_NONE = 0; |
| 100 | public static final int FIREWALL_CHAIN_DOZABLE = 1; |
| 101 | public static final int FIREWALL_CHAIN_STANDBY = 2; |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 102 | public static final int FIREWALL_CHAIN_POWERSAVE = 3; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 103 | |
| 104 | public static final String FIREWALL_CHAIN_NAME_NONE = "none"; |
| 105 | public static final String FIREWALL_CHAIN_NAME_DOZABLE = "dozable"; |
| 106 | public static final String FIREWALL_CHAIN_NAME_STANDBY = "standby"; |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 107 | public static final String FIREWALL_CHAIN_NAME_POWERSAVE = "powersave"; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 108 | |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 109 | private static final boolean ALLOW_PLATFORM_APP_POLICY = true; |
| 110 | |
Jeff Sharkey | 14711eb | 2011-06-15 10:29:17 -0700 | [diff] [blame] | 111 | /** |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 112 | * {@link Intent} extra that indicates which {@link NetworkTemplate} rule it |
| 113 | * applies to. |
Jeff Sharkey | 14711eb | 2011-06-15 10:29:17 -0700 | [diff] [blame] | 114 | */ |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 115 | public static final String EXTRA_NETWORK_TEMPLATE = "android.net.NETWORK_TEMPLATE"; |
Jeff Sharkey | 14711eb | 2011-06-15 10:29:17 -0700 | [diff] [blame] | 116 | |
Svet Ganov | 16a1689 | 2015-04-16 10:32:04 -0700 | [diff] [blame] | 117 | private final Context mContext; |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 118 | private INetworkPolicyManager mService; |
| 119 | |
Svet Ganov | 16a1689 | 2015-04-16 10:32:04 -0700 | [diff] [blame] | 120 | public NetworkPolicyManager(Context context, INetworkPolicyManager service) { |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 121 | if (service == null) { |
| 122 | throw new IllegalArgumentException("missing INetworkPolicyManager"); |
| 123 | } |
Svet Ganov | 16a1689 | 2015-04-16 10:32:04 -0700 | [diff] [blame] | 124 | mContext = context; |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 125 | mService = service; |
| 126 | } |
| 127 | |
Jeff Sharkey | 8fc27e8 | 2012-04-04 20:40:58 -0700 | [diff] [blame] | 128 | public static NetworkPolicyManager from(Context context) { |
Jeff Sharkey | eedcb95 | 2011-05-17 14:55:15 -0700 | [diff] [blame] | 129 | return (NetworkPolicyManager) context.getSystemService(Context.NETWORK_POLICY_SERVICE); |
| 130 | } |
| 131 | |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 132 | /** |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 133 | * Set policy flags for specific UID. |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 134 | * |
Felipe Leme | 8546a44 | 2016-08-23 09:38:20 -0700 | [diff] [blame] | 135 | * @param policy should be {@link #POLICY_NONE} or any combination of {@code POLICY_} flags, |
| 136 | * although it is not validated. |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 137 | */ |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 138 | public void setUidPolicy(int uid, int policy) { |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 139 | try { |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 140 | mService.setUidPolicy(uid, policy); |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 141 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 142 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 143 | } |
| 144 | } |
| 145 | |
Dianne Hackborn | be7c50e | 2014-06-30 14:43:28 -0700 | [diff] [blame] | 146 | /** |
Felipe Leme | 8546a44 | 2016-08-23 09:38:20 -0700 | [diff] [blame] | 147 | * Add policy flags for specific UID. |
| 148 | * |
| 149 | * <p>The given policy bits will be set for the uid. |
| 150 | * |
| 151 | * @param policy should be {@link #POLICY_NONE} or any combination of {@code POLICY_} flags, |
| 152 | * although it is not validated. |
Dianne Hackborn | be7c50e | 2014-06-30 14:43:28 -0700 | [diff] [blame] | 153 | */ |
| 154 | public void addUidPolicy(int uid, int policy) { |
| 155 | try { |
| 156 | mService.addUidPolicy(uid, policy); |
| 157 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 158 | throw e.rethrowFromSystemServer(); |
Dianne Hackborn | be7c50e | 2014-06-30 14:43:28 -0700 | [diff] [blame] | 159 | } |
| 160 | } |
| 161 | |
| 162 | /** |
Felipe Leme | 8546a44 | 2016-08-23 09:38:20 -0700 | [diff] [blame] | 163 | * Clear/remove policy flags for specific UID. |
| 164 | * |
| 165 | * <p>The given policy bits will be set for the uid. |
| 166 | * |
| 167 | * @param policy should be {@link #POLICY_NONE} or any combination of {@code POLICY_} flags, |
| 168 | * although it is not validated. |
Dianne Hackborn | be7c50e | 2014-06-30 14:43:28 -0700 | [diff] [blame] | 169 | */ |
| 170 | public void removeUidPolicy(int uid, int policy) { |
| 171 | try { |
| 172 | mService.removeUidPolicy(uid, policy); |
| 173 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 174 | throw e.rethrowFromSystemServer(); |
Dianne Hackborn | be7c50e | 2014-06-30 14:43:28 -0700 | [diff] [blame] | 175 | } |
| 176 | } |
| 177 | |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 178 | public int getUidPolicy(int uid) { |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 179 | try { |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 180 | return mService.getUidPolicy(uid); |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 181 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 182 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 183 | } |
| 184 | } |
Jeff Sharkey | cd2ca40 | 2011-06-10 15:14:07 -0700 | [diff] [blame] | 185 | |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 186 | public int[] getUidsWithPolicy(int policy) { |
Jeff Sharkey | 854b2b1 | 2012-04-13 16:03:40 -0700 | [diff] [blame] | 187 | try { |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 188 | return mService.getUidsWithPolicy(policy); |
Jeff Sharkey | 854b2b1 | 2012-04-13 16:03:40 -0700 | [diff] [blame] | 189 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 190 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | 854b2b1 | 2012-04-13 16:03:40 -0700 | [diff] [blame] | 191 | } |
| 192 | } |
| 193 | |
Jeff Sharkey | 1a30395 | 2011-06-16 13:04:20 -0700 | [diff] [blame] | 194 | public void registerListener(INetworkPolicyListener listener) { |
| 195 | try { |
| 196 | mService.registerListener(listener); |
| 197 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 198 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | 1a30395 | 2011-06-16 13:04:20 -0700 | [diff] [blame] | 199 | } |
| 200 | } |
| 201 | |
| 202 | public void unregisterListener(INetworkPolicyListener listener) { |
| 203 | try { |
| 204 | mService.unregisterListener(listener); |
| 205 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 206 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | 1a30395 | 2011-06-16 13:04:20 -0700 | [diff] [blame] | 207 | } |
| 208 | } |
| 209 | |
Jeff Sharkey | 8fc27e8 | 2012-04-04 20:40:58 -0700 | [diff] [blame] | 210 | public void setNetworkPolicies(NetworkPolicy[] policies) { |
| 211 | try { |
| 212 | mService.setNetworkPolicies(policies); |
| 213 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 214 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | 8fc27e8 | 2012-04-04 20:40:58 -0700 | [diff] [blame] | 215 | } |
| 216 | } |
| 217 | |
| 218 | public NetworkPolicy[] getNetworkPolicies() { |
| 219 | try { |
Svet Ganov | 16a1689 | 2015-04-16 10:32:04 -0700 | [diff] [blame] | 220 | return mService.getNetworkPolicies(mContext.getOpPackageName()); |
Jeff Sharkey | 8fc27e8 | 2012-04-04 20:40:58 -0700 | [diff] [blame] | 221 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 222 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | 8fc27e8 | 2012-04-04 20:40:58 -0700 | [diff] [blame] | 223 | } |
| 224 | } |
| 225 | |
| 226 | public void setRestrictBackground(boolean restrictBackground) { |
| 227 | try { |
| 228 | mService.setRestrictBackground(restrictBackground); |
| 229 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 230 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | 8fc27e8 | 2012-04-04 20:40:58 -0700 | [diff] [blame] | 231 | } |
| 232 | } |
| 233 | |
| 234 | public boolean getRestrictBackground() { |
| 235 | try { |
| 236 | return mService.getRestrictBackground(); |
| 237 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 238 | throw e.rethrowFromSystemServer(); |
Jeff Sharkey | 8fc27e8 | 2012-04-04 20:40:58 -0700 | [diff] [blame] | 239 | } |
| 240 | } |
| 241 | |
Jeff Sharkey | cd2ca40 | 2011-06-10 15:14:07 -0700 | [diff] [blame] | 242 | /** |
Stuart Scott | 984dc85 | 2015-03-30 13:17:11 -0700 | [diff] [blame] | 243 | * Resets network policy settings back to factory defaults. |
| 244 | * |
| 245 | * @hide |
| 246 | */ |
| 247 | public void factoryReset(String subscriber) { |
Stuart Scott | f1fb397 | 2015-04-02 18:00:02 -0700 | [diff] [blame] | 248 | try { |
| 249 | mService.factoryReset(subscriber); |
| 250 | } catch (RemoteException e) { |
Jeff Sharkey | f888056 | 2016-02-26 13:03:01 -0700 | [diff] [blame] | 251 | throw e.rethrowFromSystemServer(); |
Stuart Scott | 984dc85 | 2015-03-30 13:17:11 -0700 | [diff] [blame] | 252 | } |
| 253 | } |
| 254 | |
Jeff Sharkey | cd2ca40 | 2011-06-10 15:14:07 -0700 | [diff] [blame] | 255 | /** {@hide} */ |
Jeff Sharkey | 53313d7 | 2017-07-13 16:47:32 -0600 | [diff] [blame^] | 256 | public static Iterator<Pair<ZonedDateTime, ZonedDateTime>> cycleIterator(NetworkPolicy policy) { |
| 257 | return SubscriptionPlan.convert(policy).cycleIterator(); |
Jeff Sharkey | cd2ca40 | 2011-06-10 15:14:07 -0700 | [diff] [blame] | 258 | } |
| 259 | |
Jeff Sharkey | 497e443 | 2011-06-14 17:27:29 -0700 | [diff] [blame] | 260 | /** |
| 261 | * Check if given UID can have a {@link #setUidPolicy(int, int)} defined, |
| 262 | * usually to protect critical system services. |
| 263 | */ |
Jeff Sharkey | 8a8b581 | 2012-03-21 18:13:36 -0700 | [diff] [blame] | 264 | @Deprecated |
Jeff Sharkey | 497e443 | 2011-06-14 17:27:29 -0700 | [diff] [blame] | 265 | public static boolean isUidValidForPolicy(Context context, int uid) { |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 266 | // first, quick-reject non-applications |
Jeff Sharkey | d0c6ccb | 2012-09-14 16:26:37 -0700 | [diff] [blame] | 267 | if (!UserHandle.isApp(uid)) { |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 268 | return false; |
| 269 | } |
| 270 | |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 271 | if (!ALLOW_PLATFORM_APP_POLICY) { |
| 272 | final PackageManager pm = context.getPackageManager(); |
| 273 | final HashSet<Signature> systemSignature; |
| 274 | try { |
| 275 | systemSignature = Sets.newHashSet( |
| 276 | pm.getPackageInfo("android", GET_SIGNATURES).signatures); |
| 277 | } catch (NameNotFoundException e) { |
| 278 | throw new RuntimeException("problem finding system signature", e); |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 279 | } |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 280 | |
| 281 | try { |
| 282 | // reject apps signed with platform cert |
| 283 | for (String packageName : pm.getPackagesForUid(uid)) { |
| 284 | final HashSet<Signature> packageSignature = Sets.newHashSet( |
| 285 | pm.getPackageInfo(packageName, GET_SIGNATURES).signatures); |
| 286 | if (packageSignature.containsAll(systemSignature)) { |
| 287 | return false; |
| 288 | } |
| 289 | } |
| 290 | } catch (NameNotFoundException e) { |
| 291 | } |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 292 | } |
| 293 | |
| 294 | // nothing found above; we can apply policy to UID |
| 295 | return true; |
Jeff Sharkey | 497e443 | 2011-06-14 17:27:29 -0700 | [diff] [blame] | 296 | } |
Felipe Leme | 46c4fc3 | 2016-05-04 09:21:43 -0700 | [diff] [blame] | 297 | |
Felipe Leme | b146f76 | 2016-08-19 09:52:16 -0700 | [diff] [blame] | 298 | /** |
Felipe Leme | 46c4fc3 | 2016-05-04 09:21:43 -0700 | [diff] [blame] | 299 | * @hide |
| 300 | */ |
| 301 | public static String uidRulesToString(int uidRules) { |
| 302 | final StringBuilder string = new StringBuilder().append(uidRules).append(" ("); |
| 303 | if (uidRules == RULE_NONE) { |
| 304 | string.append("NONE"); |
| 305 | } else { |
| 306 | string.append(DebugUtils.flagsToString(NetworkPolicyManager.class, "RULE_", uidRules)); |
| 307 | } |
| 308 | string.append(")"); |
| 309 | return string.toString(); |
| 310 | } |
Felipe Leme | b146f76 | 2016-08-19 09:52:16 -0700 | [diff] [blame] | 311 | |
| 312 | /** |
| 313 | * @hide |
| 314 | */ |
| 315 | public static String uidPoliciesToString(int uidPolicies) { |
| 316 | final StringBuilder string = new StringBuilder().append(uidPolicies).append(" ("); |
| 317 | if (uidPolicies == POLICY_NONE) { |
| 318 | string.append("NONE"); |
| 319 | } else { |
| 320 | string.append(DebugUtils.flagsToString(NetworkPolicyManager.class, |
| 321 | "POLICY_", uidPolicies)); |
| 322 | } |
| 323 | string.append(")"); |
| 324 | return string.toString(); |
| 325 | } |
Sudheer Shanka | e359c3d | 2017-02-22 18:41:29 -0800 | [diff] [blame] | 326 | |
| 327 | /** |
| 328 | * Returns true if {@param procState} is considered foreground and as such will be allowed |
| 329 | * to access network when the device is idle or in battery saver mode. Otherwise, false. |
| 330 | */ |
| 331 | public static boolean isProcStateAllowedWhileIdleOrPowerSaveMode(int procState) { |
| 332 | return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE; |
| 333 | } |
| 334 | |
| 335 | /** |
| 336 | * Returns true if {@param procState} is considered foreground and as such will be allowed |
| 337 | * to access network when the device is in data saver mode. Otherwise, false. |
| 338 | */ |
| 339 | public static boolean isProcStateAllowedWhileOnRestrictBackground(int procState) { |
| 340 | return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE; |
| 341 | } |
Jeff Sharkey | 43d2a17 | 2017-07-12 10:50:42 -0600 | [diff] [blame] | 342 | |
| 343 | public static String resolveNetworkId(WifiConfiguration config) { |
| 344 | return WifiInfo.removeDoubleQuotes(config.isPasspoint() |
| 345 | ? config.providerFriendlyName : config.SSID); |
| 346 | } |
| 347 | |
| 348 | public static String resolveNetworkId(String ssid) { |
| 349 | return WifiInfo.removeDoubleQuotes(ssid); |
| 350 | } |
Jeff Sharkey | d5cdd59 | 2011-05-03 20:27:17 -0700 | [diff] [blame] | 351 | } |