Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 53313d7e8153982f842910118371e1dc061248cd / . / core / java / android / net / NetworkPolicyManager.java
blob: 3fe9b0d745388992e68ea633061c2611f66ad480 [file] [log] [blame]
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]1/*
2 * Copyright (C) 2011 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net;
18
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]19import static android.content.pm.PackageManager.GET_SIGNATURES;
Jeff Sharkeycd2ca402011-06-10 15:14:07 -0700[diff] [blame]20
Jeff Sharkeyd86b8fe2017-06-02 17:36:26 -0600[diff] [blame]21import android.annotation.SystemService;
Sudheer Shankae359c3d2017-02-22 18:41:29 -0800[diff] [blame]22import android.app.ActivityManager;
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]23import android.content.Context;
Jeff Sharkey14711eb2011-06-15 10:29:17 -0700[diff] [blame]24import android.content.Intent;
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]25import android.content.pm.PackageManager;
26import android.content.pm.PackageManager.NameNotFoundException;
27import android.content.pm.Signature;
Jeff Sharkey43d2a172017-07-12 10:50:42 -0600[diff] [blame]28import android.net.wifi.WifiConfiguration;
29import android.net.wifi.WifiInfo;
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]30import android.os.RemoteException;
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]31import android.os.UserHandle;
Jeff Sharkey53313d72017-07-13 16:47:32 -0600[diff] [blame^]32import android.telephony.SubscriptionPlan;
Felipe Leme46c4fc32016-05-04 09:21:43 -0700[diff] [blame]33import android.util.DebugUtils;
Jeff Sharkey53313d72017-07-13 16:47:32 -0600[diff] [blame^]34import android.util.Pair;
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]35
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]36import com.google.android.collect.Sets;
37
Jeff Sharkey53313d72017-07-13 16:47:32 -0600[diff] [blame^]38import java.time.ZonedDateTime;
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]39import java.util.HashSet;
Jeff Sharkey53313d72017-07-13 16:47:32 -0600[diff] [blame^]40import java.util.Iterator;
Jeff Sharkey1b861272011-05-22 00:34:52 -0700[diff] [blame]41
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]42/**
43 * Manager for creating and modifying network policy rules.
44 *
45 * {@hide}
46 */
Jeff Sharkeyd86b8fe2017-06-02 17:36:26 -0600[diff] [blame]47@SystemService(Context.NETWORK_POLICY_SERVICE)
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]48public class NetworkPolicyManager {
49
Felipe Leme46b451f2016-08-19 08:46:17 -0700[diff] [blame]50 /* POLICY_* are masks and can be ORed, although currently they are not.*/
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]51 /** No specific network policy, use system default. */
52 public static final int POLICY_NONE = 0x0;
Jeff Sharkeyfdfef572011-06-16 15:07:48 -0700[diff] [blame]53 /** Reject network usage on metered networks when application in background. */
54 public static final int POLICY_REJECT_METERED_BACKGROUND = 0x1;
Felipe Leme46b451f2016-08-19 08:46:17 -0700[diff] [blame]55 /** Allow metered network use in the background even when in data usage save mode. */
56 public static final int POLICY_ALLOW_METERED_BACKGROUND = 0x4;
Jeff Sharkeyc006f1a2011-05-19 17:12:49 -0700[diff] [blame]57
Felipe Leme46c4fc32016-05-04 09:21:43 -0700[diff] [blame]58 /*
59 * Rules defining whether an uid has access to a network given its type (metered / non-metered).
60 *
61 * These rules are bits and can be used in bitmask operations; in particular:
62 * - rule & RULE_MASK_METERED: returns the metered-networks status.
63 * - rule & RULE_MASK_ALL: returns the all-networks status.
64 *
65 * The RULE_xxx_ALL rules applies to all networks (metered or non-metered), but on
66 * metered networks, the RULE_xxx_METERED rules should be checked first. For example,
67 * if the device is on Battery Saver Mode and Data Saver Mode simulatenously, and a uid
68 * is whitelisted for the former but not the latter, its status would be
69 * RULE_REJECT_METERED | RULE_ALLOW_ALL, meaning it could have access to non-metered
70 * networks but not to metered networks.
71 *
72 * See network-policy-restrictions.md for more info.
73 */
74 /** No specific rule was set */
75 public static final int RULE_NONE = 0;
Felipe Leme70c57c22016-03-29 10:45:13 -0700[diff] [blame]76 /** Allow traffic on metered networks. */
Felipe Leme46c4fc32016-05-04 09:21:43 -0700[diff] [blame]77 public static final int RULE_ALLOW_METERED = 1 << 0;
Felipe Leme70c57c22016-03-29 10:45:13 -0700[diff] [blame]78 /** Temporarily allow traffic on metered networks because app is on foreground. */
Felipe Leme46c4fc32016-05-04 09:21:43 -0700[diff] [blame]79 public static final int RULE_TEMPORARY_ALLOW_METERED = 1 << 1;
80 /** Reject traffic on metered networks. */
81 public static final int RULE_REJECT_METERED = 1 << 2;
82 /** Network traffic should be allowed on all networks (metered or non-metered), although
83 * metered-network restrictions could still apply. */
84 public static final int RULE_ALLOW_ALL = 1 << 5;
85 /** Reject traffic on all networks. */
86 public static final int RULE_REJECT_ALL = 1 << 6;
87 /** Mask used to get the {@code RULE_xxx_METERED} rules */
88 public static final int MASK_METERED_NETWORKS = 0b00001111;
89 /** Mask used to get the {@code RULE_xxx_ALL} rules */
90 public static final int MASK_ALL_NETWORKS = 0b11110000;
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]91
92 public static final int FIREWALL_RULE_DEFAULT = 0;
93 public static final int FIREWALL_RULE_ALLOW = 1;
94 public static final int FIREWALL_RULE_DENY = 2;
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]95
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]96 public static final int FIREWALL_TYPE_WHITELIST = 0;
97 public static final int FIREWALL_TYPE_BLACKLIST = 1;
98
99 public static final int FIREWALL_CHAIN_NONE = 0;
100 public static final int FIREWALL_CHAIN_DOZABLE = 1;
101 public static final int FIREWALL_CHAIN_STANDBY = 2;
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]102 public static final int FIREWALL_CHAIN_POWERSAVE = 3;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]103
104 public static final String FIREWALL_CHAIN_NAME_NONE = "none";
105 public static final String FIREWALL_CHAIN_NAME_DOZABLE = "dozable";
106 public static final String FIREWALL_CHAIN_NAME_STANDBY = "standby";
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]107 public static final String FIREWALL_CHAIN_NAME_POWERSAVE = "powersave";
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]108
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]109 private static final boolean ALLOW_PLATFORM_APP_POLICY = true;
110
Jeff Sharkey14711eb2011-06-15 10:29:17 -0700[diff] [blame]111 /**
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]112 * {@link Intent} extra that indicates which {@link NetworkTemplate} rule it
113 * applies to.
Jeff Sharkey14711eb2011-06-15 10:29:17 -0700[diff] [blame]114 */
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]115 public static final String EXTRA_NETWORK_TEMPLATE = "android.net.NETWORK_TEMPLATE";
Jeff Sharkey14711eb2011-06-15 10:29:17 -0700[diff] [blame]116
Svet Ganov16a16892015-04-16 10:32:04 -0700[diff] [blame]117 private final Context mContext;
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]118 private INetworkPolicyManager mService;
119
Svet Ganov16a16892015-04-16 10:32:04 -0700[diff] [blame]120 public NetworkPolicyManager(Context context, INetworkPolicyManager service) {
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]121 if (service == null) {
122 throw new IllegalArgumentException("missing INetworkPolicyManager");
123 }
Svet Ganov16a16892015-04-16 10:32:04 -0700[diff] [blame]124 mContext = context;
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]125 mService = service;
126 }
127
Jeff Sharkey8fc27e82012-04-04 20:40:58 -0700[diff] [blame]128 public static NetworkPolicyManager from(Context context) {
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]129 return (NetworkPolicyManager) context.getSystemService(Context.NETWORK_POLICY_SERVICE);
130 }
131
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]132 /**
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]133 * Set policy flags for specific UID.
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]134 *
Felipe Leme8546a442016-08-23 09:38:20 -0700[diff] [blame]135 * @param policy should be {@link #POLICY_NONE} or any combination of {@code POLICY_} flags,
136 * although it is not validated.
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]137 */
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]138 public void setUidPolicy(int uid, int policy) {
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]139 try {
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]140 mService.setUidPolicy(uid, policy);
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]141 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]142 throw e.rethrowFromSystemServer();
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]143 }
144 }
145
Dianne Hackbornbe7c50e2014-06-30 14:43:28 -0700[diff] [blame]146 /**
Felipe Leme8546a442016-08-23 09:38:20 -0700[diff] [blame]147 * Add policy flags for specific UID.
148 *
149 * <p>The given policy bits will be set for the uid.
150 *
151 * @param policy should be {@link #POLICY_NONE} or any combination of {@code POLICY_} flags,
152 * although it is not validated.
Dianne Hackbornbe7c50e2014-06-30 14:43:28 -0700[diff] [blame]153 */
154 public void addUidPolicy(int uid, int policy) {
155 try {
156 mService.addUidPolicy(uid, policy);
157 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]158 throw e.rethrowFromSystemServer();
Dianne Hackbornbe7c50e2014-06-30 14:43:28 -0700[diff] [blame]159 }
160 }
161
162 /**
Felipe Leme8546a442016-08-23 09:38:20 -0700[diff] [blame]163 * Clear/remove policy flags for specific UID.
164 *
165 * <p>The given policy bits will be set for the uid.
166 *
167 * @param policy should be {@link #POLICY_NONE} or any combination of {@code POLICY_} flags,
168 * although it is not validated.
Dianne Hackbornbe7c50e2014-06-30 14:43:28 -0700[diff] [blame]169 */
170 public void removeUidPolicy(int uid, int policy) {
171 try {
172 mService.removeUidPolicy(uid, policy);
173 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]174 throw e.rethrowFromSystemServer();
Dianne Hackbornbe7c50e2014-06-30 14:43:28 -0700[diff] [blame]175 }
176 }
177
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]178 public int getUidPolicy(int uid) {
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]179 try {
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]180 return mService.getUidPolicy(uid);
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]181 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]182 throw e.rethrowFromSystemServer();
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]183 }
184 }
Jeff Sharkeycd2ca402011-06-10 15:14:07 -0700[diff] [blame]185
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]186 public int[] getUidsWithPolicy(int policy) {
Jeff Sharkey854b2b12012-04-13 16:03:40 -0700[diff] [blame]187 try {
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]188 return mService.getUidsWithPolicy(policy);
Jeff Sharkey854b2b12012-04-13 16:03:40 -0700[diff] [blame]189 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]190 throw e.rethrowFromSystemServer();
Jeff Sharkey854b2b12012-04-13 16:03:40 -0700[diff] [blame]191 }
192 }
193
Jeff Sharkey1a303952011-06-16 13:04:20 -0700[diff] [blame]194 public void registerListener(INetworkPolicyListener listener) {
195 try {
196 mService.registerListener(listener);
197 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]198 throw e.rethrowFromSystemServer();
Jeff Sharkey1a303952011-06-16 13:04:20 -0700[diff] [blame]199 }
200 }
201
202 public void unregisterListener(INetworkPolicyListener listener) {
203 try {
204 mService.unregisterListener(listener);
205 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]206 throw e.rethrowFromSystemServer();
Jeff Sharkey1a303952011-06-16 13:04:20 -0700[diff] [blame]207 }
208 }
209
Jeff Sharkey8fc27e82012-04-04 20:40:58 -0700[diff] [blame]210 public void setNetworkPolicies(NetworkPolicy[] policies) {
211 try {
212 mService.setNetworkPolicies(policies);
213 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]214 throw e.rethrowFromSystemServer();
Jeff Sharkey8fc27e82012-04-04 20:40:58 -0700[diff] [blame]215 }
216 }
217
218 public NetworkPolicy[] getNetworkPolicies() {
219 try {
Svet Ganov16a16892015-04-16 10:32:04 -0700[diff] [blame]220 return mService.getNetworkPolicies(mContext.getOpPackageName());
Jeff Sharkey8fc27e82012-04-04 20:40:58 -0700[diff] [blame]221 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]222 throw e.rethrowFromSystemServer();
Jeff Sharkey8fc27e82012-04-04 20:40:58 -0700[diff] [blame]223 }
224 }
225
226 public void setRestrictBackground(boolean restrictBackground) {
227 try {
228 mService.setRestrictBackground(restrictBackground);
229 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]230 throw e.rethrowFromSystemServer();
Jeff Sharkey8fc27e82012-04-04 20:40:58 -0700[diff] [blame]231 }
232 }
233
234 public boolean getRestrictBackground() {
235 try {
236 return mService.getRestrictBackground();
237 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]238 throw e.rethrowFromSystemServer();
Jeff Sharkey8fc27e82012-04-04 20:40:58 -0700[diff] [blame]239 }
240 }
241
Jeff Sharkeycd2ca402011-06-10 15:14:07 -0700[diff] [blame]242 /**
Stuart Scott984dc852015-03-30 13:17:11 -0700[diff] [blame]243 * Resets network policy settings back to factory defaults.
244 *
245 * @hide
246 */
247 public void factoryReset(String subscriber) {
Stuart Scottf1fb3972015-04-02 18:00:02 -0700[diff] [blame]248 try {
249 mService.factoryReset(subscriber);
250 } catch (RemoteException e) {
Jeff Sharkeyf8880562016-02-26 13:03:01 -0700[diff] [blame]251 throw e.rethrowFromSystemServer();
Stuart Scott984dc852015-03-30 13:17:11 -0700[diff] [blame]252 }
253 }
254
Jeff Sharkeycd2ca402011-06-10 15:14:07 -0700[diff] [blame]255 /** {@hide} */
Jeff Sharkey53313d72017-07-13 16:47:32 -0600[diff] [blame^]256 public static Iterator<Pair<ZonedDateTime, ZonedDateTime>> cycleIterator(NetworkPolicy policy) {
257 return SubscriptionPlan.convert(policy).cycleIterator();
Jeff Sharkeycd2ca402011-06-10 15:14:07 -0700[diff] [blame]258 }
259
Jeff Sharkey497e4432011-06-14 17:27:29 -0700[diff] [blame]260 /**
261 * Check if given UID can have a {@link #setUidPolicy(int, int)} defined,
262 * usually to protect critical system services.
263 */
Jeff Sharkey8a8b5812012-03-21 18:13:36 -0700[diff] [blame]264 @Deprecated
Jeff Sharkey497e4432011-06-14 17:27:29 -0700[diff] [blame]265 public static boolean isUidValidForPolicy(Context context, int uid) {
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]266 // first, quick-reject non-applications
Jeff Sharkeyd0c6ccb2012-09-14 16:26:37 -0700[diff] [blame]267 if (!UserHandle.isApp(uid)) {
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]268 return false;
269 }
270
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]271 if (!ALLOW_PLATFORM_APP_POLICY) {
272 final PackageManager pm = context.getPackageManager();
273 final HashSet<Signature> systemSignature;
274 try {
275 systemSignature = Sets.newHashSet(
276 pm.getPackageInfo("android", GET_SIGNATURES).signatures);
277 } catch (NameNotFoundException e) {
278 throw new RuntimeException("problem finding system signature", e);
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]279 }
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]280
281 try {
282 // reject apps signed with platform cert
283 for (String packageName : pm.getPackagesForUid(uid)) {
284 final HashSet<Signature> packageSignature = Sets.newHashSet(
285 pm.getPackageInfo(packageName, GET_SIGNATURES).signatures);
286 if (packageSignature.containsAll(systemSignature)) {
287 return false;
288 }
289 }
290 } catch (NameNotFoundException e) {
291 }
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]292 }
293
294 // nothing found above; we can apply policy to UID
295 return true;
Jeff Sharkey497e4432011-06-14 17:27:29 -0700[diff] [blame]296 }
Felipe Leme46c4fc32016-05-04 09:21:43 -0700[diff] [blame]297
Felipe Lemeb146f762016-08-19 09:52:16 -0700[diff] [blame]298 /**
Felipe Leme46c4fc32016-05-04 09:21:43 -0700[diff] [blame]299 * @hide
300 */
301 public static String uidRulesToString(int uidRules) {
302 final StringBuilder string = new StringBuilder().append(uidRules).append(" (");
303 if (uidRules == RULE_NONE) {
304 string.append("NONE");
305 } else {
306 string.append(DebugUtils.flagsToString(NetworkPolicyManager.class, "RULE_", uidRules));
307 }
308 string.append(")");
309 return string.toString();
310 }
Felipe Lemeb146f762016-08-19 09:52:16 -0700[diff] [blame]311
312 /**
313 * @hide
314 */
315 public static String uidPoliciesToString(int uidPolicies) {
316 final StringBuilder string = new StringBuilder().append(uidPolicies).append(" (");
317 if (uidPolicies == POLICY_NONE) {
318 string.append("NONE");
319 } else {
320 string.append(DebugUtils.flagsToString(NetworkPolicyManager.class,
321 "POLICY_", uidPolicies));
322 }
323 string.append(")");
324 return string.toString();
325 }
Sudheer Shankae359c3d2017-02-22 18:41:29 -0800[diff] [blame]326
327 /**
328 * Returns true if {@param procState} is considered foreground and as such will be allowed
329 * to access network when the device is idle or in battery saver mode. Otherwise, false.
330 */
331 public static boolean isProcStateAllowedWhileIdleOrPowerSaveMode(int procState) {
332 return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE;
333 }
334
335 /**
336 * Returns true if {@param procState} is considered foreground and as such will be allowed
337 * to access network when the device is in data saver mode. Otherwise, false.
338 */
339 public static boolean isProcStateAllowedWhileOnRestrictBackground(int procState) {
340 return procState <= ActivityManager.PROCESS_STATE_FOREGROUND_SERVICE;
341 }
Jeff Sharkey43d2a172017-07-12 10:50:42 -0600[diff] [blame]342
343 public static String resolveNetworkId(WifiConfiguration config) {
344 return WifiInfo.removeDoubleQuotes(config.isPasspoint()
345 ? config.providerFriendlyName : config.SSID);
346 }
347
348 public static String resolveNetworkId(String ssid) {
349 return WifiInfo.removeDoubleQuotes(ssid);
350 }
Jeff Sharkeyd5cdd592011-05-03 20:27:17 -0700[diff] [blame]351}