San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2007 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server; |
| 18 | |
paulhu | 79ebe4f | 2019-12-06 16:45:38 +0800 | [diff] [blame] | 19 | import static android.Manifest.permission.CONNECTIVITY_INTERNAL; |
Sehee Park | a9139bc | 2017-12-22 13:54:05 +0900 | [diff] [blame] | 20 | import static android.Manifest.permission.NETWORK_SETTINGS; |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 21 | import static android.Manifest.permission.OBSERVE_NETWORK_POLICY; |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 22 | import static android.Manifest.permission.SHUTDOWN; |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 23 | import static android.net.INetd.FIREWALL_BLACKLIST; |
| 24 | import static android.net.INetd.FIREWALL_CHAIN_DOZABLE; |
| 25 | import static android.net.INetd.FIREWALL_CHAIN_NONE; |
| 26 | import static android.net.INetd.FIREWALL_CHAIN_POWERSAVE; |
| 27 | import static android.net.INetd.FIREWALL_CHAIN_STANDBY; |
| 28 | import static android.net.INetd.FIREWALL_RULE_ALLOW; |
| 29 | import static android.net.INetd.FIREWALL_RULE_DENY; |
| 30 | import static android.net.INetd.FIREWALL_WHITELIST; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 31 | import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE; |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 32 | import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 33 | import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 34 | import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; |
Jeff Sharkey | b5d55e3 | 2011-08-10 17:53:27 -0700 | [diff] [blame] | 35 | import static android.net.NetworkStats.SET_DEFAULT; |
Lorenzo Colitti | f1912ca | 2017-08-17 19:23:08 +0900 | [diff] [blame] | 36 | import static android.net.NetworkStats.STATS_PER_UID; |
Jeff Sharkey | 1b5a2a9 | 2011-06-18 18:34:16 -0700 | [diff] [blame] | 37 | import static android.net.NetworkStats.TAG_NONE; |
Jeff Sharkey | ae2c181 | 2011-10-04 13:11:40 -0700 | [diff] [blame] | 38 | import static android.net.TrafficStats.UID_TETHERING; |
Lorenzo Colitti | 9307ca2 | 2019-01-12 01:54:23 +0900 | [diff] [blame] | 39 | |
Jeff Sharkey | a63ba59 | 2011-07-19 23:47:12 -0700 | [diff] [blame] | 40 | import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED; |
Erik Kline | b2cfdfb | 2017-01-18 20:54:14 +0900 | [diff] [blame] | 41 | |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 42 | import android.annotation.NonNull; |
Sudheer Shanka | dc589ac | 2016-11-10 15:30:17 -0800 | [diff] [blame] | 43 | import android.app.ActivityManager; |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 44 | import android.content.Context; |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 45 | import android.net.ConnectivityManager; |
Lorenzo Colitti | 58967ba | 2016-02-02 17:21:21 +0900 | [diff] [blame] | 46 | import android.net.INetd; |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 47 | import android.net.INetdUnsolicitedEventListener; |
San Mehat | 4d02d00 | 2010-01-22 16:07:46 -0800 | [diff] [blame] | 48 | import android.net.INetworkManagementEventObserver; |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 49 | import android.net.ITetheringStatsProvider; |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 50 | import android.net.InetAddresses; |
Jeff Sharkey | eedcb95 | 2011-05-17 14:55:15 -0700 | [diff] [blame] | 51 | import android.net.InterfaceConfiguration; |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 52 | import android.net.InterfaceConfigurationParcel; |
Lorenzo Colitti | c18cbfd | 2014-06-13 21:21:03 +0900 | [diff] [blame] | 53 | import android.net.IpPrefix; |
Robert Greenwalt | ed12640 | 2011-01-28 15:34:55 -0800 | [diff] [blame] | 54 | import android.net.LinkAddress; |
Lorenzo Colitti | b57edc5 | 2014-08-22 17:10:50 -0700 | [diff] [blame] | 55 | import android.net.Network; |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 56 | import android.net.NetworkPolicyManager; |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 57 | import android.net.NetworkStack; |
Jeff Sharkey | eedcb95 | 2011-05-17 14:55:15 -0700 | [diff] [blame] | 58 | import android.net.NetworkStats; |
Robert Greenwalt | ed12640 | 2011-01-28 15:34:55 -0800 | [diff] [blame] | 59 | import android.net.NetworkUtils; |
Robert Greenwalt | 59b1a4e | 2011-05-10 15:05:02 -0700 | [diff] [blame] | 60 | import android.net.RouteInfo; |
Lorenzo Colitti | 9307ca2 | 2019-01-12 01:54:23 +0900 | [diff] [blame] | 61 | import android.net.TetherStatsParcel; |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 62 | import android.net.UidRange; |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 63 | import android.net.UidRangeParcel; |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 64 | import android.net.shared.NetdUtils; |
| 65 | import android.net.shared.RouteUtils; |
| 66 | import android.net.shared.RouteUtils.ModifyOperation; |
Remi NGUYEN VAN | 231b52b | 2019-01-29 15:38:52 +0900 | [diff] [blame] | 67 | import android.net.util.NetdService; |
Dianne Hackborn | 91268cf | 2013-06-13 19:06:50 -0700 | [diff] [blame] | 68 | import android.os.BatteryStats; |
Jeff Sharkey | f56e243 | 2012-09-06 17:54:29 -0700 | [diff] [blame] | 69 | import android.os.Binder; |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 70 | import android.os.Handler; |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 71 | import android.os.IBinder; |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 72 | import android.os.INetworkActivityListener; |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 73 | import android.os.INetworkManagementService; |
Jeff Sharkey | f56e243 | 2012-09-06 17:54:29 -0700 | [diff] [blame] | 74 | import android.os.Process; |
Jeff Sharkey | 3df273e | 2011-12-15 15:47:12 -0800 | [diff] [blame] | 75 | import android.os.RemoteCallbackList; |
| 76 | import android.os.RemoteException; |
Jeff Sharkey | 7a1c3fc | 2013-06-04 12:29:00 -0700 | [diff] [blame] | 77 | import android.os.ServiceManager; |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 78 | import android.os.ServiceSpecificException; |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 79 | import android.os.StrictMode; |
Jeff Sharkey | 9a13f36 | 2011-04-26 16:25:36 -0700 | [diff] [blame] | 80 | import android.os.SystemClock; |
Marco Nelissen | 62dbb22 | 2010-02-18 10:56:30 -0800 | [diff] [blame] | 81 | import android.os.SystemProperties; |
Felipe Leme | 29e72ea | 2016-09-08 13:26:55 -0700 | [diff] [blame] | 82 | import android.os.Trace; |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 83 | import android.telephony.DataConnectionRealTimeInfo; |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 84 | import android.text.TextUtils; |
Irfan Sheriff | 9ab518ad | 2010-03-12 15:48:17 -0800 | [diff] [blame] | 85 | import android.util.Log; |
Joe Onorato | 8a9b220 | 2010-02-26 18:56:32 -0800 | [diff] [blame] | 86 | import android.util.Slog; |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 87 | import android.util.SparseBooleanArray; |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 88 | import android.util.SparseIntArray; |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 89 | |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 90 | import com.android.internal.annotations.GuardedBy; |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 91 | import com.android.internal.annotations.VisibleForTesting; |
Jeff Sharkey | 7a1c3fc | 2013-06-04 12:29:00 -0700 | [diff] [blame] | 92 | import com.android.internal.app.IBatteryStats; |
Jeff Sharkey | fe9a53b | 2017-03-31 14:08:23 -0600 | [diff] [blame] | 93 | import com.android.internal.util.DumpUtils; |
Muhammad Qureshi | 93891dd | 2020-01-28 10:08:24 -0800 | [diff] [blame] | 94 | import com.android.internal.util.FrameworkStatsLog; |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 95 | import com.android.internal.util.HexDump; |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 96 | import com.android.internal.util.Preconditions; |
Lorenzo Colitti | 9307ca2 | 2019-01-12 01:54:23 +0900 | [diff] [blame] | 97 | |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 98 | import com.google.android.collect.Maps; |
Jeff Sharkey | 4414cea | 2011-06-24 17:05:24 -0700 | [diff] [blame] | 99 | |
Robert Greenwalt | 59b1a4e | 2011-05-10 15:05:02 -0700 | [diff] [blame] | 100 | import java.io.BufferedReader; |
| 101 | import java.io.DataInputStream; |
Jeff Sharkey | 47eb102 | 2011-08-25 17:48:52 -0700 | [diff] [blame] | 102 | import java.io.FileDescriptor; |
Jeff Sharkey | 9a13f36 | 2011-04-26 16:25:36 -0700 | [diff] [blame] | 103 | import java.io.FileInputStream; |
Jeff Sharkey | 9a13f36 | 2011-04-26 16:25:36 -0700 | [diff] [blame] | 104 | import java.io.IOException; |
Jeff Sharkey | 9a13f36 | 2011-04-26 16:25:36 -0700 | [diff] [blame] | 105 | import java.io.InputStreamReader; |
Jeff Sharkey | 47eb102 | 2011-08-25 17:48:52 -0700 | [diff] [blame] | 106 | import java.io.PrintWriter; |
Jeff Sharkey | eedcb95 | 2011-05-17 14:55:15 -0700 | [diff] [blame] | 107 | import java.net.InetAddress; |
Robert Greenwalt | 3b28e9a | 2011-11-02 14:37:19 -0700 | [diff] [blame] | 108 | import java.net.InterfaceAddress; |
Jeff Sharkey | eedcb95 | 2011-05-17 14:55:15 -0700 | [diff] [blame] | 109 | import java.util.ArrayList; |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 110 | import java.util.Arrays; |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 111 | import java.util.HashMap; |
jiaguo | 1da35f7 | 2014-01-09 16:39:59 +0800 | [diff] [blame] | 112 | import java.util.List; |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 113 | import java.util.Map; |
Daulet Zhanguzin | ea1a7ca | 2020-01-03 09:46:50 +0000 | [diff] [blame] | 114 | import java.util.Objects; |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 115 | |
| 116 | /** |
| 117 | * @hide |
| 118 | */ |
Luke Huang | 909b31a | 2019-03-16 21:21:16 +0800 | [diff] [blame] | 119 | public class NetworkManagementService extends INetworkManagementService.Stub { |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 120 | |
| 121 | /** |
| 122 | * Helper class that encapsulates NetworkManagementService dependencies and makes them |
| 123 | * easier to mock in unit tests. |
| 124 | */ |
| 125 | static class SystemServices { |
| 126 | public IBinder getService(String name) { |
| 127 | return ServiceManager.getService(name); |
| 128 | } |
| 129 | public void registerLocalService(NetworkManagementInternal nmi) { |
| 130 | LocalServices.addService(NetworkManagementInternal.class, nmi); |
| 131 | } |
| 132 | public INetd getNetd() { |
| 133 | return NetdService.get(); |
| 134 | } |
| 135 | } |
| 136 | |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 137 | private static final String TAG = "NetworkManagement"; |
| 138 | private static final boolean DBG = Log.isLoggable(TAG, Log.DEBUG); |
Kenny Root | 305bcbf | 2010-09-03 07:56:38 -0700 | [diff] [blame] | 139 | |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 140 | private static final int MAX_UID_RANGES_PER_COMMAND = 10; |
| 141 | |
Jeff Sharkey | 8e9992a | 2011-08-23 18:37:23 -0700 | [diff] [blame] | 142 | /** |
| 143 | * Name representing {@link #setGlobalAlert(long)} limit when delivered to |
| 144 | * {@link INetworkManagementEventObserver#limitReached(String, String)}. |
| 145 | */ |
| 146 | public static final String LIMIT_GLOBAL_ALERT = "globalAlert"; |
| 147 | |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 148 | static final int DAEMON_MSG_MOBILE_CONN_REAL_TIME_INFO = 1; |
| 149 | |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 150 | static final boolean MODIFY_OPERATION_ADD = true; |
| 151 | static final boolean MODIFY_OPERATION_REMOVE = false; |
| 152 | |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 153 | /** |
| 154 | * Binder context for this service |
| 155 | */ |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 156 | private final Context mContext; |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 157 | |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 158 | private final Handler mDaemonHandler; |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 159 | |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 160 | private final SystemServices mServices; |
| 161 | |
Lorenzo Colitti | 58967ba | 2016-02-02 17:21:21 +0900 | [diff] [blame] | 162 | private INetd mNetdService; |
| 163 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 164 | private final NetdUnsolicitedEventListener mNetdUnsolicitedEventListener; |
Luke Huang | d290dd5 | 2018-09-04 17:08:18 +0800 | [diff] [blame] | 165 | |
Dianne Hackborn | e13c4c0 | 2014-02-11 17:18:35 -0800 | [diff] [blame] | 166 | private IBatteryStats mBatteryStats; |
| 167 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 168 | private final RemoteCallbackList<INetworkManagementEventObserver> mObservers = |
| 169 | new RemoteCallbackList<>(); |
| 170 | |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 171 | @GuardedBy("mTetheringStatsProviders") |
| 172 | private final HashMap<ITetheringStatsProvider, String> |
| 173 | mTetheringStatsProviders = Maps.newHashMap(); |
| 174 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 175 | /** |
| 176 | * If both locks need to be held, then they should be obtained in the order: |
| 177 | * first {@link #mQuotaLock} and then {@link #mRulesLock}. |
| 178 | */ |
Andrew Scull | 45f533c | 2017-05-19 15:37:20 +0100 | [diff] [blame] | 179 | private final Object mQuotaLock = new Object(); |
Andrew Scull | 519291f | 2017-05-23 13:11:03 +0100 | [diff] [blame] | 180 | private final Object mRulesLock = new Object(); |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 181 | |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 182 | /** Set of interfaces with active quotas. */ |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 183 | @GuardedBy("mQuotaLock") |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 184 | private HashMap<String, Long> mActiveQuotas = Maps.newHashMap(); |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 185 | /** Set of interfaces with active alerts. */ |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 186 | @GuardedBy("mQuotaLock") |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 187 | private HashMap<String, Long> mActiveAlerts = Maps.newHashMap(); |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 188 | /** Set of UIDs blacklisted on metered networks. */ |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 189 | @GuardedBy("mRulesLock") |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 190 | private SparseBooleanArray mUidRejectOnMetered = new SparseBooleanArray(); |
| 191 | /** Set of UIDs whitelisted on metered networks. */ |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 192 | @GuardedBy("mRulesLock") |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 193 | private SparseBooleanArray mUidAllowOnMetered = new SparseBooleanArray(); |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 194 | /** Set of UIDs with cleartext penalties. */ |
| 195 | @GuardedBy("mQuotaLock") |
| 196 | private SparseIntArray mUidCleartextPolicy = new SparseIntArray(); |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 197 | /** Set of UIDs that are to be blocked/allowed by firewall controller. */ |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 198 | @GuardedBy("mRulesLock") |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 199 | private SparseIntArray mUidFirewallRules = new SparseIntArray(); |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 200 | /** |
| 201 | * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches |
| 202 | * to application idles. |
| 203 | */ |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 204 | @GuardedBy("mRulesLock") |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 205 | private SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); |
| 206 | /** |
| 207 | * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches |
| 208 | * to device idles. |
| 209 | */ |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 210 | @GuardedBy("mRulesLock") |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 211 | private SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 212 | /** |
| 213 | * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches |
| 214 | * to device on power-save mode. |
| 215 | */ |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 216 | @GuardedBy("mRulesLock") |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 217 | private SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray(); |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 218 | /** Set of states for the child firewall chains. True if the chain is active. */ |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 219 | @GuardedBy("mRulesLock") |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 220 | final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 221 | |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 222 | @GuardedBy("mQuotaLock") |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 223 | private volatile boolean mDataSaverMode; |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 224 | |
Andrew Scull | 45f533c | 2017-05-19 15:37:20 +0100 | [diff] [blame] | 225 | private final Object mIdleTimerLock = new Object(); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 226 | /** Set of interfaces with active idle timers. */ |
| 227 | private static class IdleTimerParams { |
| 228 | public final int timeout; |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 229 | public final int type; |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 230 | public int networkCount; |
| 231 | |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 232 | IdleTimerParams(int timeout, int type) { |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 233 | this.timeout = timeout; |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 234 | this.type = type; |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 235 | this.networkCount = 1; |
| 236 | } |
| 237 | } |
| 238 | private HashMap<String, IdleTimerParams> mActiveIdleTimers = Maps.newHashMap(); |
| 239 | |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 240 | private volatile boolean mFirewallEnabled; |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 241 | private volatile boolean mStrictEnabled; |
Jeff Sharkey | 350083e | 2011-06-29 10:45:16 -0700 | [diff] [blame] | 242 | |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 243 | private boolean mMobileActivityFromRadio = false; |
| 244 | private int mLastPowerStateFromRadio = DataConnectionRealTimeInfo.DC_POWER_STATE_LOW; |
Adam Lesinski | e08af19 | 2015-03-25 16:42:59 -0700 | [diff] [blame] | 245 | private int mLastPowerStateFromWifi = DataConnectionRealTimeInfo.DC_POWER_STATE_LOW; |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 246 | |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 247 | private final RemoteCallbackList<INetworkActivityListener> mNetworkActivityListeners = |
Christopher Wiley | 212b95f | 2016-08-02 11:38:57 -0700 | [diff] [blame] | 248 | new RemoteCallbackList<>(); |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 249 | private boolean mNetworkActive; |
| 250 | |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 251 | /** |
| 252 | * Constructs a new NetworkManagementService instance |
| 253 | * |
| 254 | * @param context Binder context for this service |
| 255 | */ |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 256 | private NetworkManagementService( |
Luke Huang | 909b31a | 2019-03-16 21:21:16 +0800 | [diff] [blame] | 257 | Context context, SystemServices services) { |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 258 | mContext = context; |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 259 | mServices = services; |
San Mehat | 4d02d00 | 2010-01-22 16:07:46 -0800 | [diff] [blame] | 260 | |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 261 | mDaemonHandler = new Handler(FgThread.get().getLooper()); |
Wink Saville | 67e0789 | 2014-06-18 16:43:14 -0700 | [diff] [blame] | 262 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 263 | mNetdUnsolicitedEventListener = new NetdUnsolicitedEventListener(); |
| 264 | |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 265 | mServices.registerLocalService(new LocalService()); |
Lorenzo Colitti | 8228eb3 | 2017-07-19 06:17:33 +0900 | [diff] [blame] | 266 | |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 267 | synchronized (mTetheringStatsProviders) { |
| 268 | mTetheringStatsProviders.put(new NetdTetheringStatsProvider(), "netd"); |
| 269 | } |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 270 | } |
| 271 | |
| 272 | @VisibleForTesting |
| 273 | NetworkManagementService() { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 274 | mContext = null; |
| 275 | mDaemonHandler = null; |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 276 | mServices = null; |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 277 | mNetdUnsolicitedEventListener = null; |
Robert Greenwalt | e5c3afb | 2010-09-22 14:32:35 -0700 | [diff] [blame] | 278 | } |
| 279 | |
Luke Huang | 909b31a | 2019-03-16 21:21:16 +0800 | [diff] [blame] | 280 | static NetworkManagementService create(Context context, SystemServices services) |
Felipe Leme | 03e689d | 2016-03-02 16:17:38 -0800 | [diff] [blame] | 281 | throws InterruptedException { |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 282 | final NetworkManagementService service = |
Luke Huang | 909b31a | 2019-03-16 21:21:16 +0800 | [diff] [blame] | 283 | new NetworkManagementService(context, services); |
Robert Greenwalt | e5c3afb | 2010-09-22 14:32:35 -0700 | [diff] [blame] | 284 | if (DBG) Slog.d(TAG, "Creating NetworkManagementService"); |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 285 | if (DBG) Slog.d(TAG, "Connecting native netd service"); |
bohu | 07cc3bb | 2016-05-03 15:58:01 -0700 | [diff] [blame] | 286 | service.connectNativeNetdService(); |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 287 | if (DBG) Slog.d(TAG, "Connected"); |
Robert Greenwalt | e5c3afb | 2010-09-22 14:32:35 -0700 | [diff] [blame] | 288 | return service; |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 289 | } |
| 290 | |
Lorenzo Colitti | 7421a01 | 2013-08-20 22:51:24 +0900 | [diff] [blame] | 291 | public static NetworkManagementService create(Context context) throws InterruptedException { |
Luke Huang | 909b31a | 2019-03-16 21:21:16 +0800 | [diff] [blame] | 292 | return create(context, new SystemServices()); |
Lorenzo Colitti | 7421a01 | 2013-08-20 22:51:24 +0900 | [diff] [blame] | 293 | } |
| 294 | |
Jeff Sharkey | 350083e | 2011-06-29 10:45:16 -0700 | [diff] [blame] | 295 | public void systemReady() { |
Felipe Leme | 03e689d | 2016-03-02 16:17:38 -0800 | [diff] [blame] | 296 | if (DBG) { |
| 297 | final long start = System.currentTimeMillis(); |
| 298 | prepareNativeDaemon(); |
| 299 | final long delta = System.currentTimeMillis() - start; |
| 300 | Slog.d(TAG, "Prepared in " + delta + "ms"); |
| 301 | return; |
| 302 | } else { |
| 303 | prepareNativeDaemon(); |
| 304 | } |
Jeff Sharkey | 350083e | 2011-06-29 10:45:16 -0700 | [diff] [blame] | 305 | } |
| 306 | |
Dianne Hackborn | e13c4c0 | 2014-02-11 17:18:35 -0800 | [diff] [blame] | 307 | private IBatteryStats getBatteryStats() { |
| 308 | synchronized (this) { |
| 309 | if (mBatteryStats != null) { |
| 310 | return mBatteryStats; |
| 311 | } |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 312 | mBatteryStats = |
| 313 | IBatteryStats.Stub.asInterface(mServices.getService(BatteryStats.SERVICE_NAME)); |
Dianne Hackborn | e13c4c0 | 2014-02-11 17:18:35 -0800 | [diff] [blame] | 314 | return mBatteryStats; |
| 315 | } |
| 316 | } |
| 317 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 318 | @Override |
Jeff Sharkey | 3df273e | 2011-12-15 15:47:12 -0800 | [diff] [blame] | 319 | public void registerObserver(INetworkManagementEventObserver observer) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 320 | NetworkStack.checkNetworkStackPermission(mContext); |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 321 | mObservers.register(observer); |
San Mehat | 4d02d00 | 2010-01-22 16:07:46 -0800 | [diff] [blame] | 322 | } |
| 323 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 324 | @Override |
Jeff Sharkey | 3df273e | 2011-12-15 15:47:12 -0800 | [diff] [blame] | 325 | public void unregisterObserver(INetworkManagementEventObserver observer) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 326 | NetworkStack.checkNetworkStackPermission(mContext); |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 327 | mObservers.unregister(observer); |
San Mehat | 4d02d00 | 2010-01-22 16:07:46 -0800 | [diff] [blame] | 328 | } |
| 329 | |
Erik Kline | b2cfdfb | 2017-01-18 20:54:14 +0900 | [diff] [blame] | 330 | @FunctionalInterface |
| 331 | private interface NetworkManagementEventCallback { |
| 332 | public void sendCallback(INetworkManagementEventObserver o) throws RemoteException; |
| 333 | } |
| 334 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 335 | private void invokeForAllObservers(NetworkManagementEventCallback eventCallback) { |
| 336 | final int length = mObservers.beginBroadcast(); |
| 337 | try { |
| 338 | for (int i = 0; i < length; i++) { |
| 339 | try { |
| 340 | eventCallback.sendCallback(mObservers.getBroadcastItem(i)); |
| 341 | } catch (RemoteException | RuntimeException e) { |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 342 | } |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 343 | } |
| 344 | } finally { |
| 345 | mObservers.finishBroadcast(); |
| 346 | } |
| 347 | } |
| 348 | |
| 349 | /** |
| 350 | * Notify our observers of an interface status change |
| 351 | */ |
| 352 | private void notifyInterfaceStatusChanged(String iface, boolean up) { |
| 353 | invokeForAllObservers(o -> o.interfaceStatusChanged(iface, up)); |
| 354 | } |
| 355 | |
| 356 | /** |
| 357 | * Notify our observers of an interface link state change |
| 358 | * (typically, an Ethernet cable has been plugged-in or unplugged). |
| 359 | */ |
| 360 | private void notifyInterfaceLinkStateChanged(String iface, boolean up) { |
| 361 | invokeForAllObservers(o -> o.interfaceLinkStateChanged(iface, up)); |
| 362 | } |
| 363 | |
| 364 | /** |
| 365 | * Notify our observers of an interface addition. |
| 366 | */ |
| 367 | private void notifyInterfaceAdded(String iface) { |
| 368 | invokeForAllObservers(o -> o.interfaceAdded(iface)); |
| 369 | } |
| 370 | |
| 371 | /** |
| 372 | * Notify our observers of an interface removal. |
| 373 | */ |
| 374 | private void notifyInterfaceRemoved(String iface) { |
| 375 | // netd already clears out quota and alerts for removed ifaces; update |
| 376 | // our sanity-checking state. |
| 377 | mActiveAlerts.remove(iface); |
| 378 | mActiveQuotas.remove(iface); |
| 379 | invokeForAllObservers(o -> o.interfaceRemoved(iface)); |
| 380 | } |
| 381 | |
| 382 | /** |
| 383 | * Notify our observers of a limit reached. |
| 384 | */ |
| 385 | private void notifyLimitReached(String limitName, String iface) { |
| 386 | invokeForAllObservers(o -> o.limitReached(limitName, iface)); |
| 387 | } |
| 388 | |
| 389 | /** |
| 390 | * Notify our observers of a change in the data activity state of the interface |
| 391 | */ |
| 392 | private void notifyInterfaceClassActivity(int type, boolean isActive, long tsNanos, |
| 393 | int uid, boolean fromRadio) { |
| 394 | final boolean isMobile = ConnectivityManager.isNetworkTypeMobile(type); |
| 395 | int powerState = isActive |
| 396 | ? DataConnectionRealTimeInfo.DC_POWER_STATE_HIGH |
| 397 | : DataConnectionRealTimeInfo.DC_POWER_STATE_LOW; |
| 398 | if (isMobile) { |
| 399 | if (!fromRadio) { |
| 400 | if (mMobileActivityFromRadio) { |
| 401 | // If this call is not coming from a report from the radio itself, but we |
| 402 | // have previously received reports from the radio, then we will take the |
| 403 | // power state to just be whatever the radio last reported. |
| 404 | powerState = mLastPowerStateFromRadio; |
| 405 | } |
| 406 | } else { |
| 407 | mMobileActivityFromRadio = true; |
| 408 | } |
| 409 | if (mLastPowerStateFromRadio != powerState) { |
| 410 | mLastPowerStateFromRadio = powerState; |
| 411 | try { |
| 412 | getBatteryStats().noteMobileRadioPowerState(powerState, tsNanos, uid); |
| 413 | } catch (RemoteException e) { |
Robert Greenwalt | 2c9f547 | 2014-04-21 14:50:28 -0700 | [diff] [blame] | 414 | } |
Muhammad Qureshi | 93891dd | 2020-01-28 10:08:24 -0800 | [diff] [blame] | 415 | FrameworkStatsLog.write_non_chained( |
| 416 | FrameworkStatsLog.MOBILE_RADIO_POWER_STATE_CHANGED, uid, null, powerState); |
Haoyu Bai | db3c867 | 2012-06-20 14:29:57 -0700 | [diff] [blame] | 417 | } |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 418 | } |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 419 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 420 | if (ConnectivityManager.isNetworkTypeWifi(type)) { |
| 421 | if (mLastPowerStateFromWifi != powerState) { |
| 422 | mLastPowerStateFromWifi = powerState; |
| 423 | try { |
| 424 | getBatteryStats().noteWifiRadioPowerState(powerState, tsNanos, uid); |
| 425 | } catch (RemoteException e) { |
Adam Lesinski | e08af19 | 2015-03-25 16:42:59 -0700 | [diff] [blame] | 426 | } |
Muhammad Qureshi | 93891dd | 2020-01-28 10:08:24 -0800 | [diff] [blame] | 427 | FrameworkStatsLog.write_non_chained( |
| 428 | FrameworkStatsLog.WIFI_RADIO_POWER_STATE_CHANGED, uid, null, powerState); |
Adam Lesinski | e08af19 | 2015-03-25 16:42:59 -0700 | [diff] [blame] | 429 | } |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 430 | } |
Lorenzo Colitti | d8bc829 | 2019-01-24 13:28:50 +0900 | [diff] [blame] | 431 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 432 | if (!isMobile || fromRadio || !mMobileActivityFromRadio) { |
| 433 | // Report the change in data activity. We don't do this if this is a change |
| 434 | // on the mobile network, that is not coming from the radio itself, and we |
| 435 | // have previously seen change reports from the radio. In that case only |
| 436 | // the radio is the authority for the current state. |
| 437 | final boolean active = isActive; |
| 438 | invokeForAllObservers(o -> o.interfaceClassDataActivityChanged( |
| 439 | Integer.toString(type), active, tsNanos)); |
Lorenzo Colitti | d8bc829 | 2019-01-24 13:28:50 +0900 | [diff] [blame] | 440 | } |
| 441 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 442 | boolean report = false; |
| 443 | synchronized (mIdleTimerLock) { |
| 444 | if (mActiveIdleTimers.isEmpty()) { |
| 445 | // If there are no idle timers, we are not monitoring activity, so we |
| 446 | // are always considered active. |
| 447 | isActive = true; |
| 448 | } |
| 449 | if (mNetworkActive != isActive) { |
| 450 | mNetworkActive = isActive; |
| 451 | report = isActive; |
| 452 | } |
| 453 | } |
| 454 | if (report) { |
| 455 | reportNetworkActive(); |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 456 | } |
Haoyu Bai | db3c867 | 2012-06-20 14:29:57 -0700 | [diff] [blame] | 457 | } |
| 458 | |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 459 | @Override |
| 460 | public void registerTetheringStatsProvider(ITetheringStatsProvider provider, String name) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 461 | NetworkStack.checkNetworkStackPermission(mContext); |
Daulet Zhanguzin | ea1a7ca | 2020-01-03 09:46:50 +0000 | [diff] [blame] | 462 | Objects.requireNonNull(provider); |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 463 | synchronized(mTetheringStatsProviders) { |
| 464 | mTetheringStatsProviders.put(provider, name); |
| 465 | } |
| 466 | } |
| 467 | |
| 468 | @Override |
| 469 | public void unregisterTetheringStatsProvider(ITetheringStatsProvider provider) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 470 | NetworkStack.checkNetworkStackPermission(mContext); |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 471 | synchronized(mTetheringStatsProviders) { |
| 472 | mTetheringStatsProviders.remove(provider); |
| 473 | } |
| 474 | } |
| 475 | |
Lorenzo Colitti | 9f0baa9 | 2017-08-15 19:25:51 +0900 | [diff] [blame] | 476 | @Override |
| 477 | public void tetherLimitReached(ITetheringStatsProvider provider) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 478 | NetworkStack.checkNetworkStackPermission(mContext); |
Lorenzo Colitti | 9f0baa9 | 2017-08-15 19:25:51 +0900 | [diff] [blame] | 479 | synchronized(mTetheringStatsProviders) { |
| 480 | if (!mTetheringStatsProviders.containsKey(provider)) { |
| 481 | return; |
| 482 | } |
| 483 | // No current code examines the interface parameter in a global alert. Just pass null. |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 484 | mDaemonHandler.post(() -> notifyLimitReached(LIMIT_GLOBAL_ALERT, null)); |
Lorenzo Colitti | 9f0baa9 | 2017-08-15 19:25:51 +0900 | [diff] [blame] | 485 | } |
| 486 | } |
| 487 | |
Lorenzo Colitti | 9eb844e | 2016-03-23 23:22:49 +0900 | [diff] [blame] | 488 | // Sync the state of the given chain with the native daemon. |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 489 | private void syncFirewallChainLocked(int chain, String name) { |
| 490 | SparseIntArray rules; |
| 491 | synchronized (mRulesLock) { |
| 492 | final SparseIntArray uidFirewallRules = getUidFirewallRulesLR(chain); |
Lorenzo Colitti | 9eb844e | 2016-03-23 23:22:49 +0900 | [diff] [blame] | 493 | // Make a copy of the current rules, and then clear them. This is because |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 494 | // setFirewallUidRuleInternal only pushes down rules to the native daemon if they |
| 495 | // are different from the current rules stored in the mUidFirewall*Rules array for |
| 496 | // the specified chain. If we don't clear the rules, setFirewallUidRuleInternal |
| 497 | // will do nothing. |
| 498 | rules = uidFirewallRules.clone(); |
Lorenzo Colitti | 9eb844e | 2016-03-23 23:22:49 +0900 | [diff] [blame] | 499 | uidFirewallRules.clear(); |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 500 | } |
| 501 | if (rules.size() > 0) { |
Lorenzo Colitti | 9eb844e | 2016-03-23 23:22:49 +0900 | [diff] [blame] | 502 | // Now push the rules. setFirewallUidRuleInternal will push each of these down to the |
| 503 | // native daemon, and also add them to the mUidFirewall*Rules array for the specified |
| 504 | // chain. |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 505 | if (DBG) Slog.d(TAG, "Pushing " + rules.size() + " active firewall " |
| 506 | + name + "UID rules"); |
Lorenzo Colitti | 9eb844e | 2016-03-23 23:22:49 +0900 | [diff] [blame] | 507 | for (int i = 0; i < rules.size(); i++) { |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 508 | setFirewallUidRuleLocked(chain, rules.keyAt(i), rules.valueAt(i)); |
Lorenzo Colitti | 9eb844e | 2016-03-23 23:22:49 +0900 | [diff] [blame] | 509 | } |
| 510 | } |
| 511 | } |
| 512 | |
bohu | 07cc3bb | 2016-05-03 15:58:01 -0700 | [diff] [blame] | 513 | private void connectNativeNetdService() { |
Lorenzo Colitti | a086800 | 2017-07-11 02:29:28 +0900 | [diff] [blame] | 514 | mNetdService = mServices.getNetd(); |
Luke Huang | d290dd5 | 2018-09-04 17:08:18 +0800 | [diff] [blame] | 515 | try { |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 516 | mNetdService.registerUnsolicitedEventListener(mNetdUnsolicitedEventListener); |
| 517 | if (DBG) Slog.d(TAG, "Register unsolicited event listener"); |
Luke Huang | d290dd5 | 2018-09-04 17:08:18 +0800 | [diff] [blame] | 518 | } catch (RemoteException | ServiceSpecificException e) { |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 519 | Slog.e(TAG, "Failed to set Netd unsolicited event listener " + e); |
Luke Huang | d290dd5 | 2018-09-04 17:08:18 +0800 | [diff] [blame] | 520 | } |
bohu | 07cc3bb | 2016-05-03 15:58:01 -0700 | [diff] [blame] | 521 | } |
| 522 | |
| 523 | /** |
| 524 | * Prepare native daemon once connected, enabling modules and pushing any |
| 525 | * existing in-memory rules. |
| 526 | */ |
| 527 | private void prepareNativeDaemon() { |
Lorenzo Colitti | 58967ba | 2016-02-02 17:21:21 +0900 | [diff] [blame] | 528 | |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 529 | // push any existing quota or UID rules |
| 530 | synchronized (mQuotaLock) { |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 531 | |
Luke Huang | 56a03a0 | 2018-09-07 12:02:16 +0800 | [diff] [blame] | 532 | // Netd unconditionally enable bandwidth control |
| 533 | SystemProperties.set(PROP_QTAGUID_ENABLED, "1"); |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 534 | |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 535 | mStrictEnabled = true; |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 536 | |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 537 | setDataSaverModeEnabled(mDataSaverMode); |
| 538 | |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 539 | int size = mActiveQuotas.size(); |
| 540 | if (size > 0) { |
Felipe Leme | 03e689d | 2016-03-02 16:17:38 -0800 | [diff] [blame] | 541 | if (DBG) Slog.d(TAG, "Pushing " + size + " active quota rules"); |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 542 | final HashMap<String, Long> activeQuotas = mActiveQuotas; |
| 543 | mActiveQuotas = Maps.newHashMap(); |
| 544 | for (Map.Entry<String, Long> entry : activeQuotas.entrySet()) { |
| 545 | setInterfaceQuota(entry.getKey(), entry.getValue()); |
| 546 | } |
| 547 | } |
| 548 | |
| 549 | size = mActiveAlerts.size(); |
| 550 | if (size > 0) { |
Felipe Leme | 03e689d | 2016-03-02 16:17:38 -0800 | [diff] [blame] | 551 | if (DBG) Slog.d(TAG, "Pushing " + size + " active alert rules"); |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 552 | final HashMap<String, Long> activeAlerts = mActiveAlerts; |
| 553 | mActiveAlerts = Maps.newHashMap(); |
| 554 | for (Map.Entry<String, Long> entry : activeAlerts.entrySet()) { |
| 555 | setInterfaceAlert(entry.getKey(), entry.getValue()); |
| 556 | } |
| 557 | } |
| 558 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 559 | SparseBooleanArray uidRejectOnQuota = null; |
| 560 | SparseBooleanArray uidAcceptOnQuota = null; |
| 561 | synchronized (mRulesLock) { |
| 562 | size = mUidRejectOnMetered.size(); |
| 563 | if (size > 0) { |
| 564 | if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered blacklist rules"); |
| 565 | uidRejectOnQuota = mUidRejectOnMetered; |
| 566 | mUidRejectOnMetered = new SparseBooleanArray(); |
| 567 | } |
| 568 | |
| 569 | size = mUidAllowOnMetered.size(); |
| 570 | if (size > 0) { |
| 571 | if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered whitelist rules"); |
| 572 | uidAcceptOnQuota = mUidAllowOnMetered; |
| 573 | mUidAllowOnMetered = new SparseBooleanArray(); |
| 574 | } |
| 575 | } |
| 576 | if (uidRejectOnQuota != null) { |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 577 | for (int i = 0; i < uidRejectOnQuota.size(); i++) { |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 578 | setUidMeteredNetworkBlacklist(uidRejectOnQuota.keyAt(i), |
| 579 | uidRejectOnQuota.valueAt(i)); |
| 580 | } |
| 581 | } |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 582 | if (uidAcceptOnQuota != null) { |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 583 | for (int i = 0; i < uidAcceptOnQuota.size(); i++) { |
| 584 | setUidMeteredNetworkWhitelist(uidAcceptOnQuota.keyAt(i), |
| 585 | uidAcceptOnQuota.valueAt(i)); |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 586 | } |
| 587 | } |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 588 | |
| 589 | size = mUidCleartextPolicy.size(); |
| 590 | if (size > 0) { |
Felipe Leme | 03e689d | 2016-03-02 16:17:38 -0800 | [diff] [blame] | 591 | if (DBG) Slog.d(TAG, "Pushing " + size + " active UID cleartext policies"); |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 592 | final SparseIntArray local = mUidCleartextPolicy; |
| 593 | mUidCleartextPolicy = new SparseIntArray(); |
| 594 | for (int i = 0; i < local.size(); i++) { |
| 595 | setUidCleartextNetworkPolicy(local.keyAt(i), local.valueAt(i)); |
| 596 | } |
| 597 | } |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 598 | |
Robin Lee | c3736bc | 2017-03-10 16:19:54 +0000 | [diff] [blame] | 599 | setFirewallEnabled(mFirewallEnabled); |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 600 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 601 | syncFirewallChainLocked(FIREWALL_CHAIN_NONE, ""); |
| 602 | syncFirewallChainLocked(FIREWALL_CHAIN_STANDBY, "standby "); |
| 603 | syncFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, "dozable "); |
| 604 | syncFirewallChainLocked(FIREWALL_CHAIN_POWERSAVE, "powersave "); |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 605 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 606 | final int[] chains = |
| 607 | {FIREWALL_CHAIN_STANDBY, FIREWALL_CHAIN_DOZABLE, FIREWALL_CHAIN_POWERSAVE}; |
| 608 | for (int chain : chains) { |
| 609 | if (getFirewallChainState(chain)) { |
| 610 | setFirewallChainEnabled(chain, true); |
| 611 | } |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 612 | } |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 613 | } |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 614 | |
Luke Huang | 56a03a0 | 2018-09-07 12:02:16 +0800 | [diff] [blame] | 615 | |
| 616 | try { |
| 617 | getBatteryStats().noteNetworkStatsEnabled(); |
| 618 | } catch (RemoteException e) { |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 619 | } |
| 620 | |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 621 | } |
San Mehat | 4d02d00 | 2010-01-22 16:07:46 -0800 | [diff] [blame] | 622 | |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 623 | /** |
| 624 | * Notify our observers of a new or updated interface address. |
| 625 | */ |
| 626 | private void notifyAddressUpdated(String iface, LinkAddress address) { |
| 627 | invokeForAllObservers(o -> o.addressUpdated(iface, address)); |
| 628 | } |
| 629 | |
| 630 | /** |
| 631 | * Notify our observers of a deleted interface address. |
| 632 | */ |
| 633 | private void notifyAddressRemoved(String iface, LinkAddress address) { |
| 634 | invokeForAllObservers(o -> o.addressRemoved(iface, address)); |
| 635 | } |
| 636 | |
| 637 | /** |
| 638 | * Notify our observers of DNS server information received. |
| 639 | */ |
| 640 | private void notifyInterfaceDnsServerInfo(String iface, long lifetime, String[] addresses) { |
| 641 | invokeForAllObservers(o -> o.interfaceDnsServerInfo(iface, lifetime, addresses)); |
| 642 | } |
| 643 | |
| 644 | /** |
| 645 | * Notify our observers of a route change. |
| 646 | */ |
| 647 | private void notifyRouteChange(boolean updated, RouteInfo route) { |
| 648 | if (updated) { |
| 649 | invokeForAllObservers(o -> o.routeUpdated(route)); |
| 650 | } else { |
| 651 | invokeForAllObservers(o -> o.routeRemoved(route)); |
| 652 | } |
| 653 | } |
| 654 | |
| 655 | private class NetdUnsolicitedEventListener extends INetdUnsolicitedEventListener.Stub { |
| 656 | @Override |
| 657 | public void onInterfaceClassActivityChanged(boolean isActive, |
| 658 | int label, long timestamp, int uid) throws RemoteException { |
| 659 | final long timestampNanos; |
| 660 | if (timestamp <= 0) { |
| 661 | timestampNanos = SystemClock.elapsedRealtimeNanos(); |
| 662 | } else { |
| 663 | timestampNanos = timestamp; |
| 664 | } |
| 665 | mDaemonHandler.post(() -> |
| 666 | notifyInterfaceClassActivity(label, isActive, timestampNanos, uid, false)); |
| 667 | } |
| 668 | |
| 669 | @Override |
| 670 | public void onQuotaLimitReached(String alertName, String ifName) |
| 671 | throws RemoteException { |
| 672 | mDaemonHandler.post(() -> notifyLimitReached(alertName, ifName)); |
| 673 | } |
| 674 | |
| 675 | @Override |
| 676 | public void onInterfaceDnsServerInfo(String ifName, |
| 677 | long lifetime, String[] servers) throws RemoteException { |
| 678 | mDaemonHandler.post(() -> notifyInterfaceDnsServerInfo(ifName, lifetime, servers)); |
| 679 | } |
| 680 | |
| 681 | @Override |
| 682 | public void onInterfaceAddressUpdated(String addr, |
| 683 | String ifName, int flags, int scope) throws RemoteException { |
| 684 | final LinkAddress address = new LinkAddress(addr, flags, scope); |
| 685 | mDaemonHandler.post(() -> notifyAddressUpdated(ifName, address)); |
| 686 | } |
| 687 | |
| 688 | @Override |
| 689 | public void onInterfaceAddressRemoved(String addr, |
| 690 | String ifName, int flags, int scope) throws RemoteException { |
| 691 | final LinkAddress address = new LinkAddress(addr, flags, scope); |
| 692 | mDaemonHandler.post(() -> notifyAddressRemoved(ifName, address)); |
| 693 | } |
| 694 | |
| 695 | @Override |
| 696 | public void onInterfaceAdded(String ifName) throws RemoteException { |
| 697 | mDaemonHandler.post(() -> notifyInterfaceAdded(ifName)); |
| 698 | } |
| 699 | |
| 700 | @Override |
| 701 | public void onInterfaceRemoved(String ifName) throws RemoteException { |
| 702 | mDaemonHandler.post(() -> notifyInterfaceRemoved(ifName)); |
| 703 | } |
| 704 | |
| 705 | @Override |
| 706 | public void onInterfaceChanged(String ifName, boolean up) |
| 707 | throws RemoteException { |
| 708 | mDaemonHandler.post(() -> notifyInterfaceStatusChanged(ifName, up)); |
| 709 | } |
| 710 | |
| 711 | @Override |
| 712 | public void onInterfaceLinkStateChanged(String ifName, boolean up) |
| 713 | throws RemoteException { |
| 714 | mDaemonHandler.post(() -> notifyInterfaceLinkStateChanged(ifName, up)); |
| 715 | } |
| 716 | |
| 717 | @Override |
| 718 | public void onRouteChanged(boolean updated, |
| 719 | String route, String gateway, String ifName) throws RemoteException { |
| 720 | final RouteInfo processRoute = new RouteInfo(new IpPrefix(route), |
| 721 | ("".equals(gateway)) ? null : InetAddresses.parseNumericAddress(gateway), |
| 722 | ifName); |
| 723 | mDaemonHandler.post(() -> notifyRouteChange(updated, processRoute)); |
| 724 | } |
| 725 | |
| 726 | @Override |
| 727 | public void onStrictCleartextDetected(int uid, String hex) throws RemoteException { |
| 728 | // Don't need to post to mDaemonHandler because the only thing |
| 729 | // that notifyCleartextNetwork does is post to a handler |
| 730 | ActivityManager.getService().notifyCleartextNetwork(uid, |
| 731 | HexDump.hexStringToByteArray(hex)); |
| 732 | } |
Remi NGUYEN VAN | eec0ed4 | 2019-04-09 14:01:51 +0900 | [diff] [blame] | 733 | |
| 734 | @Override |
| 735 | public int getInterfaceVersion() { |
| 736 | return INetdUnsolicitedEventListener.VERSION; |
| 737 | } |
Paul Trautrim | af2e082 | 2020-01-23 14:55:57 +0900 | [diff] [blame] | 738 | |
| 739 | @Override |
| 740 | public String getInterfaceHash() { |
| 741 | return INetdUnsolicitedEventListener.HASH; |
| 742 | } |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 743 | } |
| 744 | |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 745 | // |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 746 | // INetworkManagementService members |
| 747 | // |
Erik Kline | 4e37b70 | 2016-07-05 11:34:21 +0900 | [diff] [blame] | 748 | @Override |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 749 | public String[] listInterfaces() { |
paulhu | 79ebe4f | 2019-12-06 16:45:38 +0800 | [diff] [blame] | 750 | // TODO: Remove CONNECTIVITY_INTERNAL after bluetooth tethering has no longer called these |
| 751 | // APIs. |
| 752 | NetworkStack.checkNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 753 | try { |
Luke Huang | 1b4f92f | 2018-12-12 15:59:31 +0800 | [diff] [blame] | 754 | return mNetdService.interfaceGetList(); |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 755 | } catch (RemoteException | ServiceSpecificException e) { |
| 756 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 757 | } |
San Mehat | ed4fc8a | 2010-01-22 12:28:36 -0800 | [diff] [blame] | 758 | } |
| 759 | |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 760 | /** |
| 761 | * Convert InterfaceConfiguration to InterfaceConfigurationParcel with given ifname. |
| 762 | */ |
| 763 | private static InterfaceConfigurationParcel toStableParcel(InterfaceConfiguration cfg, |
| 764 | String iface) { |
| 765 | InterfaceConfigurationParcel cfgParcel = new InterfaceConfigurationParcel(); |
| 766 | cfgParcel.ifName = iface; |
| 767 | String hwAddr = cfg.getHardwareAddress(); |
| 768 | if (!TextUtils.isEmpty(hwAddr)) { |
| 769 | cfgParcel.hwAddr = hwAddr; |
| 770 | } else { |
| 771 | cfgParcel.hwAddr = ""; |
| 772 | } |
| 773 | cfgParcel.ipv4Addr = cfg.getLinkAddress().getAddress().getHostAddress(); |
| 774 | cfgParcel.prefixLength = cfg.getLinkAddress().getPrefixLength(); |
| 775 | ArrayList<String> flags = new ArrayList<>(); |
| 776 | for (String flag : cfg.getFlags()) { |
| 777 | flags.add(flag); |
| 778 | } |
| 779 | cfgParcel.flags = flags.toArray(new String[0]); |
| 780 | |
| 781 | return cfgParcel; |
| 782 | } |
| 783 | |
| 784 | /** |
| 785 | * Construct InterfaceConfiguration from InterfaceConfigurationParcel. |
| 786 | */ |
| 787 | public static InterfaceConfiguration fromStableParcel(InterfaceConfigurationParcel p) { |
| 788 | InterfaceConfiguration cfg = new InterfaceConfiguration(); |
| 789 | cfg.setHardwareAddress(p.hwAddr); |
| 790 | |
| 791 | final InetAddress addr = NetworkUtils.numericToInetAddress(p.ipv4Addr); |
| 792 | cfg.setLinkAddress(new LinkAddress(addr, p.prefixLength)); |
| 793 | for (String flag : p.flags) { |
| 794 | cfg.setFlag(flag); |
| 795 | } |
| 796 | |
| 797 | return cfg; |
| 798 | } |
| 799 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 800 | @Override |
| 801 | public InterfaceConfiguration getInterfaceConfig(String iface) { |
paulhu | 79ebe4f | 2019-12-06 16:45:38 +0800 | [diff] [blame] | 802 | // TODO: Remove CONNECTIVITY_INTERNAL after bluetooth tethering has no longer called these |
| 803 | // APIs. |
| 804 | NetworkStack.checkNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 805 | final InterfaceConfigurationParcel result; |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 806 | try { |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 807 | result = mNetdService.interfaceGetCfg(iface); |
| 808 | } catch (RemoteException | ServiceSpecificException e) { |
| 809 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 810 | } |
San Mehat | ed4fc8a | 2010-01-22 12:28:36 -0800 | [diff] [blame] | 811 | |
San Mehat | ed4fc8a | 2010-01-22 12:28:36 -0800 | [diff] [blame] | 812 | try { |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 813 | final InterfaceConfiguration cfg = fromStableParcel(result); |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 814 | return cfg; |
| 815 | } catch (IllegalArgumentException iae) { |
| 816 | throw new IllegalStateException("Invalid InterfaceConfigurationParcel", iae); |
San Mehat | ed4fc8a | 2010-01-22 12:28:36 -0800 | [diff] [blame] | 817 | } |
San Mehat | ed4fc8a | 2010-01-22 12:28:36 -0800 | [diff] [blame] | 818 | } |
| 819 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 820 | @Override |
| 821 | public void setInterfaceConfig(String iface, InterfaceConfiguration cfg) { |
paulhu | 79ebe4f | 2019-12-06 16:45:38 +0800 | [diff] [blame] | 822 | // TODO: Remove CONNECTIVITY_INTERNAL after bluetooth tethering has no longer called these |
| 823 | // APIs. |
| 824 | NetworkStack.checkNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); |
Jeff Sharkey | ddba106 | 2011-11-29 18:37:04 -0800 | [diff] [blame] | 825 | LinkAddress linkAddr = cfg.getLinkAddress(); |
Robert Greenwalt | 2d2afd1 | 2011-02-01 15:30:46 -0800 | [diff] [blame] | 826 | if (linkAddr == null || linkAddr.getAddress() == null) { |
| 827 | throw new IllegalStateException("Null LinkAddress given"); |
Robert Greenwalt | ed12640 | 2011-01-28 15:34:55 -0800 | [diff] [blame] | 828 | } |
Jeff Sharkey | ba2896e | 2011-11-30 18:13:54 -0800 | [diff] [blame] | 829 | |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 830 | final InterfaceConfigurationParcel cfgParcel = toStableParcel(cfg, iface); |
Jeff Sharkey | ba2896e | 2011-11-30 18:13:54 -0800 | [diff] [blame] | 831 | |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 832 | try { |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 833 | mNetdService.interfaceSetCfg(cfgParcel); |
| 834 | } catch (RemoteException | ServiceSpecificException e) { |
| 835 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 836 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 837 | } |
| 838 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 839 | @Override |
| 840 | public void setInterfaceDown(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 841 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | 31c6e48 | 2011-11-18 17:09:01 -0800 | [diff] [blame] | 842 | final InterfaceConfiguration ifcg = getInterfaceConfig(iface); |
Jeff Sharkey | ddba106 | 2011-11-29 18:37:04 -0800 | [diff] [blame] | 843 | ifcg.setInterfaceDown(); |
Jeff Sharkey | 31c6e48 | 2011-11-18 17:09:01 -0800 | [diff] [blame] | 844 | setInterfaceConfig(iface, ifcg); |
Irfan Sheriff | 7244c97 | 2011-08-05 20:40:45 -0700 | [diff] [blame] | 845 | } |
| 846 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 847 | @Override |
| 848 | public void setInterfaceUp(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 849 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | 31c6e48 | 2011-11-18 17:09:01 -0800 | [diff] [blame] | 850 | final InterfaceConfiguration ifcg = getInterfaceConfig(iface); |
Jeff Sharkey | ddba106 | 2011-11-29 18:37:04 -0800 | [diff] [blame] | 851 | ifcg.setInterfaceUp(); |
Jeff Sharkey | 31c6e48 | 2011-11-18 17:09:01 -0800 | [diff] [blame] | 852 | setInterfaceConfig(iface, ifcg); |
Irfan Sheriff | 7244c97 | 2011-08-05 20:40:45 -0700 | [diff] [blame] | 853 | } |
| 854 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 855 | @Override |
| 856 | public void setInterfaceIpv6PrivacyExtensions(String iface, boolean enable) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 857 | NetworkStack.checkNetworkStackPermission(mContext); |
Irfan Sheriff | 7329361 | 2011-09-14 12:31:56 -0700 | [diff] [blame] | 858 | try { |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 859 | mNetdService.interfaceSetIPv6PrivacyExtensions(iface, enable); |
| 860 | } catch (RemoteException | ServiceSpecificException e) { |
| 861 | throw new IllegalStateException(e); |
Irfan Sheriff | 7329361 | 2011-09-14 12:31:56 -0700 | [diff] [blame] | 862 | } |
| 863 | } |
| 864 | |
Irfan Sheriff | f560061 | 2011-06-16 10:26:28 -0700 | [diff] [blame] | 865 | /* TODO: This is right now a IPv4 only function. Works for wifi which loses its |
| 866 | IPv6 addresses on interface down, but we need to do full clean up here */ |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 867 | @Override |
| 868 | public void clearInterfaceAddresses(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 869 | NetworkStack.checkNetworkStackPermission(mContext); |
Irfan Sheriff | f560061 | 2011-06-16 10:26:28 -0700 | [diff] [blame] | 870 | try { |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 871 | mNetdService.interfaceClearAddrs(iface); |
| 872 | } catch (RemoteException | ServiceSpecificException e) { |
| 873 | throw new IllegalStateException(e); |
Irfan Sheriff | f560061 | 2011-06-16 10:26:28 -0700 | [diff] [blame] | 874 | } |
| 875 | } |
| 876 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 877 | @Override |
| 878 | public void enableIpv6(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 879 | NetworkStack.checkNetworkStackPermission(mContext); |
repo sync | 7960d9f | 2011-09-29 12:40:02 -0700 | [diff] [blame] | 880 | try { |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 881 | mNetdService.interfaceSetEnableIPv6(iface, true); |
| 882 | } catch (RemoteException | ServiceSpecificException e) { |
| 883 | throw new IllegalStateException(e); |
repo sync | 7960d9f | 2011-09-29 12:40:02 -0700 | [diff] [blame] | 884 | } |
| 885 | } |
| 886 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 887 | @Override |
Joel Scherpelz | 2db1074 | 2017-06-07 15:38:38 +0900 | [diff] [blame] | 888 | public void setIPv6AddrGenMode(String iface, int mode) throws ServiceSpecificException { |
| 889 | try { |
| 890 | mNetdService.setIPv6AddrGenMode(iface, mode); |
| 891 | } catch (RemoteException e) { |
| 892 | throw e.rethrowAsRuntimeException(); |
| 893 | } |
| 894 | } |
| 895 | |
| 896 | @Override |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 897 | public void disableIpv6(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 898 | NetworkStack.checkNetworkStackPermission(mContext); |
repo sync | 7960d9f | 2011-09-29 12:40:02 -0700 | [diff] [blame] | 899 | try { |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 900 | mNetdService.interfaceSetEnableIPv6(iface, false); |
| 901 | } catch (RemoteException | ServiceSpecificException e) { |
| 902 | throw new IllegalStateException(e); |
repo sync | 7960d9f | 2011-09-29 12:40:02 -0700 | [diff] [blame] | 903 | } |
| 904 | } |
| 905 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 906 | @Override |
Sreeram Ramachandran | b2829fa | 2014-04-15 19:07:12 -0700 | [diff] [blame] | 907 | public void addRoute(int netId, RouteInfo route) { |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 908 | NetworkStack.checkNetworkStackPermission(mContext); |
| 909 | RouteUtils.modifyRoute(mNetdService, ModifyOperation.ADD, netId, route); |
Robert Greenwalt | 59b1a4e | 2011-05-10 15:05:02 -0700 | [diff] [blame] | 910 | } |
| 911 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 912 | @Override |
Sreeram Ramachandran | b2829fa | 2014-04-15 19:07:12 -0700 | [diff] [blame] | 913 | public void removeRoute(int netId, RouteInfo route) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 914 | NetworkStack.checkNetworkStackPermission(mContext); |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 915 | RouteUtils.modifyRoute(mNetdService, ModifyOperation.REMOVE, netId, route); |
Robert Greenwalt | 59b1a4e | 2011-05-10 15:05:02 -0700 | [diff] [blame] | 916 | } |
| 917 | |
| 918 | private ArrayList<String> readRouteList(String filename) { |
| 919 | FileInputStream fstream = null; |
Christopher Wiley | 212b95f | 2016-08-02 11:38:57 -0700 | [diff] [blame] | 920 | ArrayList<String> list = new ArrayList<>(); |
Robert Greenwalt | 59b1a4e | 2011-05-10 15:05:02 -0700 | [diff] [blame] | 921 | |
| 922 | try { |
| 923 | fstream = new FileInputStream(filename); |
| 924 | DataInputStream in = new DataInputStream(fstream); |
| 925 | BufferedReader br = new BufferedReader(new InputStreamReader(in)); |
| 926 | String s; |
| 927 | |
| 928 | // throw away the title line |
| 929 | |
| 930 | while (((s = br.readLine()) != null) && (s.length() != 0)) { |
| 931 | list.add(s); |
| 932 | } |
| 933 | } catch (IOException ex) { |
| 934 | // return current list, possibly empty |
| 935 | } finally { |
| 936 | if (fstream != null) { |
| 937 | try { |
| 938 | fstream.close(); |
| 939 | } catch (IOException ex) {} |
| 940 | } |
| 941 | } |
| 942 | |
| 943 | return list; |
| 944 | } |
| 945 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 946 | @Override |
sy.yun | 9d9b74a | 2013-09-02 05:24:09 +0900 | [diff] [blame] | 947 | public void setMtu(String iface, int mtu) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 948 | NetworkStack.checkNetworkStackPermission(mContext); |
sy.yun | 9d9b74a | 2013-09-02 05:24:09 +0900 | [diff] [blame] | 949 | |
sy.yun | 9d9b74a | 2013-09-02 05:24:09 +0900 | [diff] [blame] | 950 | try { |
Luke Huang | 14f7544 | 2018-08-15 19:22:54 +0800 | [diff] [blame] | 951 | mNetdService.interfaceSetMtu(iface, mtu); |
| 952 | } catch (RemoteException | ServiceSpecificException e) { |
| 953 | throw new IllegalStateException(e); |
sy.yun | 9d9b74a | 2013-09-02 05:24:09 +0900 | [diff] [blame] | 954 | } |
| 955 | } |
| 956 | |
| 957 | @Override |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 958 | public void shutdown() { |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 959 | // TODO: remove from aidl if nobody calls externally |
| 960 | mContext.enforceCallingOrSelfPermission(SHUTDOWN, TAG); |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 961 | |
Felipe Leme | 03e689d | 2016-03-02 16:17:38 -0800 | [diff] [blame] | 962 | Slog.i(TAG, "Shutting down"); |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 963 | } |
| 964 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 965 | @Override |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 966 | public boolean getIpForwardingEnabled() throws IllegalStateException{ |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 967 | NetworkStack.checkNetworkStackPermission(mContext); |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 968 | |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 969 | try { |
Luke Huang | 4db488b | 2018-08-16 15:37:31 +0800 | [diff] [blame] | 970 | final boolean isEnabled = mNetdService.ipfwdEnabled(); |
| 971 | return isEnabled; |
| 972 | } catch (RemoteException | ServiceSpecificException e) { |
| 973 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 974 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 975 | } |
| 976 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 977 | @Override |
| 978 | public void setIpForwardingEnabled(boolean enable) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 979 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | 31c6e48 | 2011-11-18 17:09:01 -0800 | [diff] [blame] | 980 | try { |
Luke Huang | 4db488b | 2018-08-16 15:37:31 +0800 | [diff] [blame] | 981 | if (enable) { |
| 982 | mNetdService.ipfwdEnableForwarding("tethering"); |
| 983 | } else { |
| 984 | mNetdService.ipfwdDisableForwarding("tethering"); |
| 985 | } |
| 986 | } catch (RemoteException | ServiceSpecificException e) { |
| 987 | throw new IllegalStateException(e); |
Jeff Sharkey | 31c6e48 | 2011-11-18 17:09:01 -0800 | [diff] [blame] | 988 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 989 | } |
| 990 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 991 | @Override |
| 992 | public void startTethering(String[] dhcpRange) { |
Luke Huang | b0d5246 | 2019-03-21 14:43:08 +0800 | [diff] [blame] | 993 | startTetheringWithConfiguration(true, dhcpRange); |
| 994 | } |
| 995 | |
| 996 | @Override |
| 997 | public void startTetheringWithConfiguration(boolean usingLegacyDnsProxy, String[] dhcpRange) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 998 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 999 | try { |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 1000 | NetdUtils.tetherStart(mNetdService, usingLegacyDnsProxy, dhcpRange); |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1001 | } catch (RemoteException | ServiceSpecificException e) { |
| 1002 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1003 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1004 | } |
| 1005 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1006 | @Override |
| 1007 | public void stopTethering() { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1008 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1009 | try { |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1010 | mNetdService.tetherStop(); |
| 1011 | } catch (RemoteException | ServiceSpecificException e) { |
| 1012 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1013 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1014 | } |
| 1015 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1016 | @Override |
| 1017 | public boolean isTetheringStarted() { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1018 | NetworkStack.checkNetworkStackPermission(mContext); |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1019 | |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1020 | try { |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1021 | final boolean isEnabled = mNetdService.tetherIsEnabled(); |
| 1022 | return isEnabled; |
| 1023 | } catch (RemoteException | ServiceSpecificException e) { |
| 1024 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1025 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1026 | } |
Matthew Xie | fe19f12 | 2012-07-12 16:03:32 -0700 | [diff] [blame] | 1027 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1028 | @Override |
| 1029 | public void tetherInterface(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1030 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1031 | try { |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 1032 | final LinkAddress addr = getInterfaceConfig(iface).getLinkAddress(); |
| 1033 | final IpPrefix dest = new IpPrefix(addr.getAddress(), addr.getPrefixLength()); |
| 1034 | NetdUtils.tetherInterface(mNetdService, iface, dest); |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1035 | } catch (RemoteException | ServiceSpecificException e) { |
| 1036 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1037 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1038 | } |
| 1039 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1040 | @Override |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1041 | public void untetherInterface(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1042 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1043 | try { |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 1044 | NetdUtils.untetherInterface(mNetdService, iface); |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1045 | } catch (RemoteException | ServiceSpecificException e) { |
| 1046 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1047 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1048 | } |
| 1049 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1050 | @Override |
| 1051 | public String[] listTetheredInterfaces() { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1052 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1053 | try { |
Luke Huang | 1b4f92f | 2018-12-12 15:59:31 +0800 | [diff] [blame] | 1054 | return mNetdService.tetherInterfaceList(); |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1055 | } catch (RemoteException | ServiceSpecificException e) { |
| 1056 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1057 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1058 | } |
| 1059 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1060 | @Override |
Lorenzo Colitti | b57edc5 | 2014-08-22 17:10:50 -0700 | [diff] [blame] | 1061 | public void setDnsForwarders(Network network, String[] dns) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1062 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | ba2896e | 2011-11-30 18:13:54 -0800 | [diff] [blame] | 1063 | |
Lorenzo Colitti | b57edc5 | 2014-08-22 17:10:50 -0700 | [diff] [blame] | 1064 | int netId = (network != null) ? network.netId : ConnectivityManager.NETID_UNSET; |
Jeff Sharkey | ba2896e | 2011-11-30 18:13:54 -0800 | [diff] [blame] | 1065 | |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1066 | try { |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1067 | mNetdService.tetherDnsSet(netId, dns); |
| 1068 | } catch (RemoteException | ServiceSpecificException e) { |
| 1069 | throw new IllegalStateException(e); |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1070 | } |
| 1071 | } |
| 1072 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1073 | @Override |
| 1074 | public String[] getDnsForwarders() { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1075 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1076 | try { |
Luke Huang | 1b4f92f | 2018-12-12 15:59:31 +0800 | [diff] [blame] | 1077 | return mNetdService.tetherDnsList(); |
Luke Huang | 4a32bf4 | 2018-08-21 19:09:45 +0800 | [diff] [blame] | 1078 | } catch (RemoteException | ServiceSpecificException e) { |
| 1079 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1080 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1081 | } |
| 1082 | |
jiaguo | 1da35f7 | 2014-01-09 16:39:59 +0800 | [diff] [blame] | 1083 | private List<InterfaceAddress> excludeLinkLocal(List<InterfaceAddress> addresses) { |
Christopher Wiley | 212b95f | 2016-08-02 11:38:57 -0700 | [diff] [blame] | 1084 | ArrayList<InterfaceAddress> filtered = new ArrayList<>(addresses.size()); |
jiaguo | 1da35f7 | 2014-01-09 16:39:59 +0800 | [diff] [blame] | 1085 | for (InterfaceAddress ia : addresses) { |
| 1086 | if (!ia.getAddress().isLinkLocalAddress()) |
| 1087 | filtered.add(ia); |
| 1088 | } |
| 1089 | return filtered; |
| 1090 | } |
| 1091 | |
Lorenzo Colitti | 35e36db | 2015-02-26 01:25:36 +0900 | [diff] [blame] | 1092 | private void modifyInterfaceForward(boolean add, String fromIface, String toIface) { |
Lorenzo Colitti | 35e36db | 2015-02-26 01:25:36 +0900 | [diff] [blame] | 1093 | try { |
Luke Huang | 4db488b | 2018-08-16 15:37:31 +0800 | [diff] [blame] | 1094 | if (add) { |
| 1095 | mNetdService.ipfwdAddInterfaceForward(fromIface, toIface); |
| 1096 | } else { |
| 1097 | mNetdService.ipfwdRemoveInterfaceForward(fromIface, toIface); |
| 1098 | } |
| 1099 | } catch (RemoteException | ServiceSpecificException e) { |
| 1100 | throw new IllegalStateException(e); |
Lorenzo Colitti | 35e36db | 2015-02-26 01:25:36 +0900 | [diff] [blame] | 1101 | } |
| 1102 | } |
| 1103 | |
| 1104 | @Override |
| 1105 | public void startInterfaceForwarding(String fromIface, String toIface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1106 | NetworkStack.checkNetworkStackPermission(mContext); |
Lorenzo Colitti | 35e36db | 2015-02-26 01:25:36 +0900 | [diff] [blame] | 1107 | modifyInterfaceForward(true, fromIface, toIface); |
| 1108 | } |
| 1109 | |
| 1110 | @Override |
| 1111 | public void stopInterfaceForwarding(String fromIface, String toIface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1112 | NetworkStack.checkNetworkStackPermission(mContext); |
Lorenzo Colitti | 35e36db | 2015-02-26 01:25:36 +0900 | [diff] [blame] | 1113 | modifyInterfaceForward(false, fromIface, toIface); |
| 1114 | } |
| 1115 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1116 | @Override |
| 1117 | public void enableNat(String internalInterface, String externalInterface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1118 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1119 | try { |
Luke Huang | a31e073 | 2018-10-22 13:23:10 +0900 | [diff] [blame] | 1120 | mNetdService.tetherAddForward(internalInterface, externalInterface); |
| 1121 | } catch (RemoteException | ServiceSpecificException e) { |
Jeff Sharkey | ba2896e | 2011-11-30 18:13:54 -0800 | [diff] [blame] | 1122 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1123 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1124 | } |
| 1125 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1126 | @Override |
| 1127 | public void disableNat(String internalInterface, String externalInterface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1128 | NetworkStack.checkNetworkStackPermission(mContext); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1129 | try { |
Luke Huang | a31e073 | 2018-10-22 13:23:10 +0900 | [diff] [blame] | 1130 | mNetdService.tetherRemoveForward(internalInterface, externalInterface); |
| 1131 | } catch (RemoteException | ServiceSpecificException e) { |
Jeff Sharkey | ba2896e | 2011-11-30 18:13:54 -0800 | [diff] [blame] | 1132 | throw new IllegalStateException(e); |
Kenny Root | a80ce06 | 2010-06-01 13:23:53 -0700 | [diff] [blame] | 1133 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 1134 | } |
San Mehat | 72759df | 2010-01-19 13:50:37 -0800 | [diff] [blame] | 1135 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1136 | @Override |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1137 | public void addIdleTimer(String iface, int timeout, final int type) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1138 | NetworkStack.checkNetworkStackPermission(mContext); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 1139 | |
| 1140 | if (DBG) Slog.d(TAG, "Adding idletimer"); |
| 1141 | |
| 1142 | synchronized (mIdleTimerLock) { |
| 1143 | IdleTimerParams params = mActiveIdleTimers.get(iface); |
| 1144 | if (params != null) { |
| 1145 | // the interface already has idletimer, update network count |
| 1146 | params.networkCount++; |
| 1147 | return; |
| 1148 | } |
| 1149 | |
| 1150 | try { |
Luke Huang | a62d049 | 2018-07-27 20:08:21 +0800 | [diff] [blame] | 1151 | mNetdService.idletimerAddInterface(iface, timeout, Integer.toString(type)); |
| 1152 | } catch (RemoteException | ServiceSpecificException e) { |
| 1153 | throw new IllegalStateException(e); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 1154 | } |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1155 | mActiveIdleTimers.put(iface, new IdleTimerParams(timeout, type)); |
| 1156 | |
Dianne Hackborn | e13c4c0 | 2014-02-11 17:18:35 -0800 | [diff] [blame] | 1157 | // Networks start up. |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1158 | if (ConnectivityManager.isNetworkTypeMobile(type)) { |
| 1159 | mNetworkActive = false; |
| 1160 | } |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 1161 | mDaemonHandler.post(() -> notifyInterfaceClassActivity(type, true, |
| 1162 | SystemClock.elapsedRealtimeNanos(), -1, false)); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 1163 | } |
| 1164 | } |
| 1165 | |
| 1166 | @Override |
| 1167 | public void removeIdleTimer(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1168 | NetworkStack.checkNetworkStackPermission(mContext); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 1169 | |
| 1170 | if (DBG) Slog.d(TAG, "Removing idletimer"); |
| 1171 | |
| 1172 | synchronized (mIdleTimerLock) { |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1173 | final IdleTimerParams params = mActiveIdleTimers.get(iface); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 1174 | if (params == null || --(params.networkCount) > 0) { |
| 1175 | return; |
| 1176 | } |
| 1177 | |
| 1178 | try { |
Luke Huang | a62d049 | 2018-07-27 20:08:21 +0800 | [diff] [blame] | 1179 | mNetdService.idletimerRemoveInterface(iface, |
| 1180 | params.timeout, Integer.toString(params.type)); |
| 1181 | } catch (RemoteException | ServiceSpecificException e) { |
| 1182 | throw new IllegalStateException(e); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 1183 | } |
| 1184 | mActiveIdleTimers.remove(iface); |
Remi NGUYEN VAN | 9ebc3fc | 2019-01-29 19:12:13 +0900 | [diff] [blame] | 1185 | mDaemonHandler.post(() -> notifyInterfaceClassActivity(params.type, false, |
| 1186 | SystemClock.elapsedRealtimeNanos(), -1, false)); |
Haoyu Bai | 0412423 | 2012-06-28 15:26:19 -0700 | [diff] [blame] | 1187 | } |
| 1188 | } |
| 1189 | |
| 1190 | @Override |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1191 | public void setInterfaceQuota(String iface, long quotaBytes) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1192 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1193 | |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1194 | synchronized (mQuotaLock) { |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1195 | if (mActiveQuotas.containsKey(iface)) { |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1196 | throw new IllegalStateException("iface " + iface + " already has quota"); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1197 | } |
| 1198 | |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1199 | try { |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1200 | // TODO: support quota shared across interfaces |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1201 | mNetdService.bandwidthSetInterfaceQuota(iface, quotaBytes); |
| 1202 | |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1203 | mActiveQuotas.put(iface, quotaBytes); |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1204 | } catch (RemoteException | ServiceSpecificException e) { |
| 1205 | throw new IllegalStateException(e); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1206 | } |
Lorenzo Colitti | 50b60fc | 2017-08-11 13:47:49 +0900 | [diff] [blame] | 1207 | |
| 1208 | synchronized (mTetheringStatsProviders) { |
| 1209 | for (ITetheringStatsProvider provider : mTetheringStatsProviders.keySet()) { |
| 1210 | try { |
| 1211 | provider.setInterfaceQuota(iface, quotaBytes); |
| 1212 | } catch (RemoteException e) { |
| 1213 | Log.e(TAG, "Problem setting tethering data limit on provider " + |
| 1214 | mTetheringStatsProviders.get(provider) + ": " + e); |
| 1215 | } |
| 1216 | } |
| 1217 | } |
Ashish Sharma | 50fd36d | 2011-06-15 19:34:53 -0700 | [diff] [blame] | 1218 | } |
| 1219 | } |
| 1220 | |
| 1221 | @Override |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1222 | public void removeInterfaceQuota(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1223 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1224 | |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1225 | synchronized (mQuotaLock) { |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1226 | if (!mActiveQuotas.containsKey(iface)) { |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1227 | // TODO: eventually consider throwing |
| 1228 | return; |
| 1229 | } |
| 1230 | |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1231 | mActiveQuotas.remove(iface); |
| 1232 | mActiveAlerts.remove(iface); |
Jeff Sharkey | 38ddeaa | 2011-11-08 13:04:22 -0800 | [diff] [blame] | 1233 | |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1234 | try { |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1235 | // TODO: support quota shared across interfaces |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1236 | mNetdService.bandwidthRemoveInterfaceQuota(iface); |
| 1237 | } catch (RemoteException | ServiceSpecificException e) { |
| 1238 | throw new IllegalStateException(e); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1239 | } |
Lorenzo Colitti | 50b60fc | 2017-08-11 13:47:49 +0900 | [diff] [blame] | 1240 | |
| 1241 | synchronized (mTetheringStatsProviders) { |
| 1242 | for (ITetheringStatsProvider provider : mTetheringStatsProviders.keySet()) { |
| 1243 | try { |
| 1244 | provider.setInterfaceQuota(iface, ITetheringStatsProvider.QUOTA_UNLIMITED); |
| 1245 | } catch (RemoteException e) { |
| 1246 | Log.e(TAG, "Problem removing tethering data limit on provider " + |
| 1247 | mTetheringStatsProviders.get(provider) + ": " + e); |
| 1248 | } |
| 1249 | } |
| 1250 | } |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1251 | } |
| 1252 | } |
| 1253 | |
| 1254 | @Override |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1255 | public void setInterfaceAlert(String iface, long alertBytes) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1256 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1257 | |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1258 | // quick sanity check |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1259 | if (!mActiveQuotas.containsKey(iface)) { |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1260 | throw new IllegalStateException("setting alert requires existing quota on iface"); |
| 1261 | } |
| 1262 | |
| 1263 | synchronized (mQuotaLock) { |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1264 | if (mActiveAlerts.containsKey(iface)) { |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1265 | throw new IllegalStateException("iface " + iface + " already has alert"); |
| 1266 | } |
| 1267 | |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1268 | try { |
| 1269 | // TODO: support alert shared across interfaces |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1270 | mNetdService.bandwidthSetInterfaceAlert(iface, alertBytes); |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1271 | mActiveAlerts.put(iface, alertBytes); |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1272 | } catch (RemoteException | ServiceSpecificException e) { |
| 1273 | throw new IllegalStateException(e); |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1274 | } |
| 1275 | } |
| 1276 | } |
| 1277 | |
| 1278 | @Override |
| 1279 | public void removeInterfaceAlert(String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1280 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1281 | |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1282 | synchronized (mQuotaLock) { |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1283 | if (!mActiveAlerts.containsKey(iface)) { |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1284 | // TODO: eventually consider throwing |
| 1285 | return; |
| 1286 | } |
| 1287 | |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1288 | try { |
| 1289 | // TODO: support alert shared across interfaces |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1290 | mNetdService.bandwidthRemoveInterfaceAlert(iface); |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1291 | mActiveAlerts.remove(iface); |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1292 | } catch (RemoteException | ServiceSpecificException e) { |
| 1293 | throw new IllegalStateException(e); |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1294 | } |
| 1295 | } |
| 1296 | } |
| 1297 | |
| 1298 | @Override |
| 1299 | public void setGlobalAlert(long alertBytes) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1300 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1301 | |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1302 | try { |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1303 | mNetdService.bandwidthSetGlobalAlert(alertBytes); |
| 1304 | } catch (RemoteException | ServiceSpecificException e) { |
| 1305 | throw new IllegalStateException(e); |
Jeff Sharkey | 41ff7ec | 2011-07-25 15:21:22 -0700 | [diff] [blame] | 1306 | } |
| 1307 | } |
| 1308 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1309 | private void setUidOnMeteredNetworkList(int uid, boolean blacklist, boolean enable) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1310 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1311 | |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1312 | synchronized (mQuotaLock) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1313 | boolean oldEnable; |
| 1314 | SparseBooleanArray quotaList; |
| 1315 | synchronized (mRulesLock) { |
| 1316 | quotaList = blacklist ? mUidRejectOnMetered : mUidAllowOnMetered; |
| 1317 | oldEnable = quotaList.get(uid, false); |
| 1318 | } |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1319 | if (oldEnable == enable) { |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1320 | // TODO: eventually consider throwing |
| 1321 | return; |
| 1322 | } |
| 1323 | |
Felipe Leme | 29e72ea | 2016-09-08 13:26:55 -0700 | [diff] [blame] | 1324 | Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "inetd bandwidth"); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1325 | try { |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1326 | if (blacklist) { |
| 1327 | if (enable) { |
| 1328 | mNetdService.bandwidthAddNaughtyApp(uid); |
| 1329 | } else { |
| 1330 | mNetdService.bandwidthRemoveNaughtyApp(uid); |
| 1331 | } |
| 1332 | } else { |
| 1333 | if (enable) { |
| 1334 | mNetdService.bandwidthAddNiceApp(uid); |
| 1335 | } else { |
| 1336 | mNetdService.bandwidthRemoveNiceApp(uid); |
| 1337 | } |
| 1338 | } |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1339 | synchronized (mRulesLock) { |
| 1340 | if (enable) { |
| 1341 | quotaList.put(uid, true); |
| 1342 | } else { |
| 1343 | quotaList.delete(uid); |
| 1344 | } |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1345 | } |
Luke Huang | c7bea866 | 2018-08-07 16:04:26 +0800 | [diff] [blame] | 1346 | } catch (RemoteException | ServiceSpecificException e) { |
| 1347 | throw new IllegalStateException(e); |
Felipe Leme | 29e72ea | 2016-09-08 13:26:55 -0700 | [diff] [blame] | 1348 | } finally { |
| 1349 | Trace.traceEnd(Trace.TRACE_TAG_NETWORK); |
Jeff Sharkey | b3f19ca | 2011-06-29 23:54:13 -0700 | [diff] [blame] | 1350 | } |
Ashish Sharma | 50fd36d | 2011-06-15 19:34:53 -0700 | [diff] [blame] | 1351 | } |
| 1352 | } |
| 1353 | |
Jeff Sharkey | 63d27a9 | 2011-08-03 17:04:22 -0700 | [diff] [blame] | 1354 | @Override |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1355 | public void setUidMeteredNetworkBlacklist(int uid, boolean enable) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1356 | setUidOnMeteredNetworkList(uid, true, enable); |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1357 | } |
| 1358 | |
| 1359 | @Override |
| 1360 | public void setUidMeteredNetworkWhitelist(int uid, boolean enable) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1361 | setUidOnMeteredNetworkList(uid, false, enable); |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1362 | } |
| 1363 | |
| 1364 | @Override |
| 1365 | public boolean setDataSaverModeEnabled(boolean enable) { |
Sehee Park | a9139bc | 2017-12-22 13:54:05 +0900 | [diff] [blame] | 1366 | mContext.enforceCallingOrSelfPermission(NETWORK_SETTINGS, TAG); |
| 1367 | |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1368 | if (DBG) Log.d(TAG, "setDataSaverMode: " + enable); |
| 1369 | synchronized (mQuotaLock) { |
| 1370 | if (mDataSaverMode == enable) { |
| 1371 | Log.w(TAG, "setDataSaverMode(): already " + mDataSaverMode); |
| 1372 | return true; |
| 1373 | } |
Felipe Leme | 29e72ea | 2016-09-08 13:26:55 -0700 | [diff] [blame] | 1374 | Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "bandwidthEnableDataSaver"); |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1375 | try { |
| 1376 | final boolean changed = mNetdService.bandwidthEnableDataSaver(enable); |
| 1377 | if (changed) { |
| 1378 | mDataSaverMode = enable; |
| 1379 | } else { |
| 1380 | Log.w(TAG, "setDataSaverMode(" + enable + "): netd command silently failed"); |
| 1381 | } |
| 1382 | return changed; |
| 1383 | } catch (RemoteException e) { |
| 1384 | Log.w(TAG, "setDataSaverMode(" + enable + "): netd command failed", e); |
| 1385 | return false; |
Felipe Leme | 29e72ea | 2016-09-08 13:26:55 -0700 | [diff] [blame] | 1386 | } finally { |
| 1387 | Trace.traceEnd(Trace.TRACE_TAG_NETWORK); |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1388 | } |
| 1389 | } |
| 1390 | } |
| 1391 | |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1392 | private static UidRangeParcel makeUidRangeParcel(int start, int stop) { |
| 1393 | UidRangeParcel range = new UidRangeParcel(); |
| 1394 | range.start = start; |
| 1395 | range.stop = stop; |
| 1396 | return range; |
| 1397 | } |
| 1398 | |
| 1399 | private static UidRangeParcel[] toStableParcels(UidRange[] ranges) { |
| 1400 | UidRangeParcel[] stableRanges = new UidRangeParcel[ranges.length]; |
| 1401 | for (int i = 0; i < ranges.length; i++) { |
| 1402 | stableRanges[i] = makeUidRangeParcel(ranges[i].start, ranges[i].stop); |
| 1403 | } |
| 1404 | return stableRanges; |
| 1405 | } |
| 1406 | |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1407 | @Override |
Robin Lee | 17e6183 | 2016-05-09 13:46:28 +0100 | [diff] [blame] | 1408 | public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges) |
| 1409 | throws ServiceSpecificException { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1410 | NetworkStack.checkNetworkStackPermission(mContext); |
Robin Lee | 17e6183 | 2016-05-09 13:46:28 +0100 | [diff] [blame] | 1411 | try { |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1412 | mNetdService.networkRejectNonSecureVpn(add, toStableParcels(uidRanges)); |
Robin Lee | 17e6183 | 2016-05-09 13:46:28 +0100 | [diff] [blame] | 1413 | } catch (ServiceSpecificException e) { |
| 1414 | Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")" |
| 1415 | + ": netd command failed", e); |
| 1416 | throw e; |
| 1417 | } catch (RemoteException e) { |
| 1418 | Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")" |
| 1419 | + ": netd command failed", e); |
| 1420 | throw e.rethrowAsRuntimeException(); |
| 1421 | } |
| 1422 | } |
| 1423 | |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1424 | private void applyUidCleartextNetworkPolicy(int uid, int policy) { |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 1425 | final int policyValue; |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1426 | switch (policy) { |
| 1427 | case StrictMode.NETWORK_POLICY_ACCEPT: |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 1428 | policyValue = INetd.PENALTY_POLICY_ACCEPT; |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1429 | break; |
| 1430 | case StrictMode.NETWORK_POLICY_LOG: |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 1431 | policyValue = INetd.PENALTY_POLICY_LOG; |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1432 | break; |
| 1433 | case StrictMode.NETWORK_POLICY_REJECT: |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 1434 | policyValue = INetd.PENALTY_POLICY_REJECT; |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1435 | break; |
| 1436 | default: |
| 1437 | throw new IllegalArgumentException("Unknown policy " + policy); |
| 1438 | } |
| 1439 | |
| 1440 | try { |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 1441 | mNetdService.strictUidCleartextPenalty(uid, policyValue); |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1442 | mUidCleartextPolicy.put(uid, policy); |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 1443 | } catch (RemoteException | ServiceSpecificException e) { |
| 1444 | throw new IllegalStateException(e); |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1445 | } |
| 1446 | } |
| 1447 | |
Robin Lee | 17e6183 | 2016-05-09 13:46:28 +0100 | [diff] [blame] | 1448 | @Override |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 1449 | public void setUidCleartextNetworkPolicy(int uid, int policy) { |
| 1450 | if (Binder.getCallingUid() != uid) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1451 | NetworkStack.checkNetworkStackPermission(mContext); |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 1452 | } |
| 1453 | |
| 1454 | synchronized (mQuotaLock) { |
| 1455 | final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT); |
| 1456 | if (oldPolicy == policy) { |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1457 | // This also ensures we won't needlessly apply an ACCEPT policy if we've just |
| 1458 | // enabled strict and the underlying iptables rules are empty. |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 1459 | return; |
| 1460 | } |
| 1461 | |
Luke Huang | 473eb87 | 2018-07-26 17:33:14 +0800 | [diff] [blame] | 1462 | // TODO: remove this code after removing prepareNativeDaemon() |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 1463 | if (!mStrictEnabled) { |
| 1464 | // Module isn't enabled yet; stash the requested policy away to |
| 1465 | // apply later once the daemon is connected. |
| 1466 | mUidCleartextPolicy.put(uid, policy); |
| 1467 | return; |
| 1468 | } |
| 1469 | |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1470 | // netd does not keep state on strict mode policies, and cannot replace a non-accept |
| 1471 | // policy without deleting it first. Rather than add state to netd, just always send |
| 1472 | // it an accept policy when switching between two non-accept policies. |
Lorenzo Colitti | 26364f1 | 2017-08-20 11:54:57 +0900 | [diff] [blame] | 1473 | // TODO: consider keeping state in netd so we can simplify this code. |
Lorenzo Colitti | 8c253ad | 2017-07-19 00:23:44 +0900 | [diff] [blame] | 1474 | if (oldPolicy != StrictMode.NETWORK_POLICY_ACCEPT && |
| 1475 | policy != StrictMode.NETWORK_POLICY_ACCEPT) { |
Lorenzo Colitti | 26364f1 | 2017-08-20 11:54:57 +0900 | [diff] [blame] | 1476 | applyUidCleartextNetworkPolicy(uid, StrictMode.NETWORK_POLICY_ACCEPT); |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 1477 | } |
Lorenzo Colitti | 26364f1 | 2017-08-20 11:54:57 +0900 | [diff] [blame] | 1478 | |
| 1479 | applyUidCleartextNetworkPolicy(uid, policy); |
Jeff Sharkey | 605eb79 | 2014-11-04 13:34:06 -0800 | [diff] [blame] | 1480 | } |
| 1481 | } |
| 1482 | |
| 1483 | @Override |
Jeff Sharkey | 63d27a9 | 2011-08-03 17:04:22 -0700 | [diff] [blame] | 1484 | public boolean isBandwidthControlEnabled() { |
Luke Huang | 56a03a0 | 2018-09-07 12:02:16 +0800 | [diff] [blame] | 1485 | return true; |
Jeff Sharkey | 63d27a9 | 2011-08-03 17:04:22 -0700 | [diff] [blame] | 1486 | } |
| 1487 | |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 1488 | private class NetdTetheringStatsProvider extends ITetheringStatsProvider.Stub { |
| 1489 | @Override |
Lorenzo Colitti | f1912ca | 2017-08-17 19:23:08 +0900 | [diff] [blame] | 1490 | public NetworkStats getTetherStats(int how) { |
| 1491 | // We only need to return per-UID stats. Per-device stats are already counted by |
| 1492 | // interface counters. |
| 1493 | if (how != STATS_PER_UID) { |
| 1494 | return new NetworkStats(SystemClock.elapsedRealtime(), 0); |
| 1495 | } |
| 1496 | |
Luke Huang | 13b79e8 | 2018-09-26 14:53:42 +0800 | [diff] [blame] | 1497 | final TetherStatsParcel[] tetherStatsVec; |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 1498 | try { |
Luke Huang | 13b79e8 | 2018-09-26 14:53:42 +0800 | [diff] [blame] | 1499 | tetherStatsVec = mNetdService.tetherGetStats(); |
Lorenzo Colitti | 563dc45 | 2017-09-01 17:12:34 +0900 | [diff] [blame] | 1500 | } catch (RemoteException | ServiceSpecificException e) { |
| 1501 | throw new IllegalStateException("problem parsing tethering stats: ", e); |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 1502 | } |
Jeff Sharkey | e4984be | 2013-09-10 21:03:27 -0700 | [diff] [blame] | 1503 | |
Lorenzo Colitti | 563dc45 | 2017-09-01 17:12:34 +0900 | [diff] [blame] | 1504 | final NetworkStats stats = new NetworkStats(SystemClock.elapsedRealtime(), |
Luke Huang | 13b79e8 | 2018-09-26 14:53:42 +0800 | [diff] [blame] | 1505 | tetherStatsVec.length); |
Lorenzo Colitti | 563dc45 | 2017-09-01 17:12:34 +0900 | [diff] [blame] | 1506 | final NetworkStats.Entry entry = new NetworkStats.Entry(); |
| 1507 | |
Luke Huang | 13b79e8 | 2018-09-26 14:53:42 +0800 | [diff] [blame] | 1508 | for (TetherStatsParcel tetherStats : tetherStatsVec) { |
Jeff Sharkey | e4984be | 2013-09-10 21:03:27 -0700 | [diff] [blame] | 1509 | try { |
Luke Huang | 13b79e8 | 2018-09-26 14:53:42 +0800 | [diff] [blame] | 1510 | entry.iface = tetherStats.iface; |
Jeff Sharkey | e4984be | 2013-09-10 21:03:27 -0700 | [diff] [blame] | 1511 | entry.uid = UID_TETHERING; |
| 1512 | entry.set = SET_DEFAULT; |
| 1513 | entry.tag = TAG_NONE; |
Luke Huang | 13b79e8 | 2018-09-26 14:53:42 +0800 | [diff] [blame] | 1514 | entry.rxBytes = tetherStats.rxBytes; |
| 1515 | entry.rxPackets = tetherStats.rxPackets; |
| 1516 | entry.txBytes = tetherStats.txBytes; |
| 1517 | entry.txPackets = tetherStats.txPackets; |
Jeff Sharkey | e4984be | 2013-09-10 21:03:27 -0700 | [diff] [blame] | 1518 | stats.combineValues(entry); |
Lorenzo Colitti | 563dc45 | 2017-09-01 17:12:34 +0900 | [diff] [blame] | 1519 | } catch (ArrayIndexOutOfBoundsException e) { |
Luke Huang | 13b79e8 | 2018-09-26 14:53:42 +0800 | [diff] [blame] | 1520 | throw new IllegalStateException("invalid tethering stats " + e); |
Jeff Sharkey | e4984be | 2013-09-10 21:03:27 -0700 | [diff] [blame] | 1521 | } |
| 1522 | } |
Lorenzo Colitti | 563dc45 | 2017-09-01 17:12:34 +0900 | [diff] [blame] | 1523 | |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 1524 | return stats; |
| 1525 | } |
Lorenzo Colitti | 50b60fc | 2017-08-11 13:47:49 +0900 | [diff] [blame] | 1526 | |
| 1527 | @Override |
| 1528 | public void setInterfaceQuota(String iface, long quotaBytes) { |
| 1529 | // Do nothing. netd is already informed of quota changes in setInterfaceQuota. |
| 1530 | } |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 1531 | } |
| 1532 | |
| 1533 | @Override |
Lorenzo Colitti | f1912ca | 2017-08-17 19:23:08 +0900 | [diff] [blame] | 1534 | public NetworkStats getNetworkStatsTethering(int how) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1535 | NetworkStack.checkNetworkStackPermission(mContext); |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 1536 | |
| 1537 | final NetworkStats stats = new NetworkStats(SystemClock.elapsedRealtime(), 1); |
| 1538 | synchronized (mTetheringStatsProviders) { |
| 1539 | for (ITetheringStatsProvider provider: mTetheringStatsProviders.keySet()) { |
| 1540 | try { |
Lorenzo Colitti | f1912ca | 2017-08-17 19:23:08 +0900 | [diff] [blame] | 1541 | stats.combineAllValues(provider.getTetherStats(how)); |
Lorenzo Colitti | 07f1304 | 2017-07-10 19:06:57 +0900 | [diff] [blame] | 1542 | } catch (RemoteException e) { |
| 1543 | Log.e(TAG, "Problem reading tethering stats from " + |
| 1544 | mTetheringStatsProviders.get(provider) + ": " + e); |
| 1545 | } |
| 1546 | } |
Jeff Sharkey | cdd02c5d | 2011-09-16 01:52:49 -0700 | [diff] [blame] | 1547 | } |
Jeff Sharkey | e4984be | 2013-09-10 21:03:27 -0700 | [diff] [blame] | 1548 | return stats; |
Jeff Sharkey | cdd02c5d | 2011-09-16 01:52:49 -0700 | [diff] [blame] | 1549 | } |
| 1550 | |
Jeff Sharkey | af75c33 | 2011-11-18 12:41:12 -0800 | [diff] [blame] | 1551 | @Override |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 1552 | public void addVpnUidRanges(int netId, UidRange[] ranges) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1553 | NetworkStack.checkNetworkStackPermission(mContext); |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 1554 | |
| 1555 | try { |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1556 | mNetdService.networkAddUidRanges(netId, toStableParcels(ranges)); |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 1557 | } catch (RemoteException | ServiceSpecificException e) { |
| 1558 | throw new IllegalStateException(e); |
Chad Brubaker | 3277620a | 2013-06-12 13:37:30 -0700 | [diff] [blame] | 1559 | } |
| 1560 | } |
| 1561 | |
| 1562 | @Override |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 1563 | public void removeVpnUidRanges(int netId, UidRange[] ranges) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1564 | NetworkStack.checkNetworkStackPermission(mContext); |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 1565 | try { |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1566 | mNetdService.networkRemoveUidRanges(netId, toStableParcels(ranges)); |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 1567 | } catch (RemoteException | ServiceSpecificException e) { |
| 1568 | throw new IllegalStateException(e); |
Chad Brubaker | cca54c4 | 2013-06-27 17:41:38 -0700 | [diff] [blame] | 1569 | } |
| 1570 | } |
| 1571 | |
| 1572 | @Override |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1573 | public void setFirewallEnabled(boolean enabled) { |
Jeff Sharkey | f56e243 | 2012-09-06 17:54:29 -0700 | [diff] [blame] | 1574 | enforceSystemUid(); |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1575 | try { |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1576 | mNetdService.firewallSetFirewallType( |
| 1577 | enabled ? INetd.FIREWALL_WHITELIST : INetd.FIREWALL_BLACKLIST); |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1578 | mFirewallEnabled = enabled; |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1579 | } catch (RemoteException | ServiceSpecificException e) { |
| 1580 | throw new IllegalStateException(e); |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1581 | } |
| 1582 | } |
| 1583 | |
| 1584 | @Override |
| 1585 | public boolean isFirewallEnabled() { |
Jeff Sharkey | f56e243 | 2012-09-06 17:54:29 -0700 | [diff] [blame] | 1586 | enforceSystemUid(); |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1587 | return mFirewallEnabled; |
| 1588 | } |
| 1589 | |
| 1590 | @Override |
Jeff Sharkey | 2c09298 | 2012-08-24 11:44:40 -0700 | [diff] [blame] | 1591 | public void setFirewallInterfaceRule(String iface, boolean allow) { |
Jeff Sharkey | f56e243 | 2012-09-06 17:54:29 -0700 | [diff] [blame] | 1592 | enforceSystemUid(); |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1593 | Preconditions.checkState(mFirewallEnabled); |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1594 | try { |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1595 | mNetdService.firewallSetInterfaceRule(iface, |
| 1596 | allow ? INetd.FIREWALL_RULE_ALLOW : INetd.FIREWALL_RULE_DENY); |
| 1597 | } catch (RemoteException | ServiceSpecificException e) { |
| 1598 | throw new IllegalStateException(e); |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1599 | } |
| 1600 | } |
| 1601 | |
Lorenzo Colitti | 3fef723 | 2016-04-29 18:00:03 +0900 | [diff] [blame] | 1602 | private void closeSocketsForFirewallChainLocked(int chain, String chainName) { |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1603 | // UID ranges to close sockets on. |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1604 | UidRangeParcel[] ranges; |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1605 | // UID ranges whose sockets we won't touch. |
| 1606 | int[] exemptUids; |
| 1607 | |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1608 | int numUids = 0; |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1609 | if (DBG) Slog.d(TAG, "Closing sockets after enabling chain " + chainName); |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1610 | if (getFirewallType(chain) == FIREWALL_WHITELIST) { |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1611 | // Close all sockets on all non-system UIDs... |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1612 | ranges = new UidRangeParcel[] { |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1613 | // TODO: is there a better way of finding all existing users? If so, we could |
| 1614 | // specify their ranges here. |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1615 | makeUidRangeParcel(Process.FIRST_APPLICATION_UID, Integer.MAX_VALUE), |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1616 | }; |
| 1617 | // ... except for the UIDs that have allow rules. |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1618 | synchronized (mRulesLock) { |
| 1619 | final SparseIntArray rules = getUidFirewallRulesLR(chain); |
| 1620 | exemptUids = new int[rules.size()]; |
| 1621 | for (int i = 0; i < exemptUids.length; i++) { |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1622 | if (rules.valueAt(i) == FIREWALL_RULE_ALLOW) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1623 | exemptUids[numUids] = rules.keyAt(i); |
| 1624 | numUids++; |
| 1625 | } |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1626 | } |
| 1627 | } |
| 1628 | // Normally, whitelist chains only contain deny rules, so numUids == exemptUids.length. |
| 1629 | // But the code does not guarantee this in any way, and at least in one case - if we add |
| 1630 | // a UID rule to the firewall, and then disable the firewall - the chains can contain |
| 1631 | // the wrong type of rule. In this case, don't close connections that we shouldn't. |
| 1632 | // |
| 1633 | // TODO: tighten up this code by ensuring we never set the wrong type of rule, and |
| 1634 | // fix setFirewallEnabled to grab mQuotaLock and clear rules. |
| 1635 | if (numUids != exemptUids.length) { |
| 1636 | exemptUids = Arrays.copyOf(exemptUids, numUids); |
| 1637 | } |
| 1638 | } else { |
| 1639 | // Close sockets for every UID that has a deny rule... |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1640 | synchronized (mRulesLock) { |
| 1641 | final SparseIntArray rules = getUidFirewallRulesLR(chain); |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1642 | ranges = new UidRangeParcel[rules.size()]; |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1643 | for (int i = 0; i < ranges.length; i++) { |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1644 | if (rules.valueAt(i) == FIREWALL_RULE_DENY) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1645 | int uid = rules.keyAt(i); |
Lorenzo Colitti | cc7f1db | 2019-03-18 23:50:34 +0900 | [diff] [blame] | 1646 | ranges[numUids] = makeUidRangeParcel(uid, uid); |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1647 | numUids++; |
| 1648 | } |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1649 | } |
| 1650 | } |
| 1651 | // As above; usually numUids == ranges.length, but not always. |
| 1652 | if (numUids != ranges.length) { |
| 1653 | ranges = Arrays.copyOf(ranges, numUids); |
| 1654 | } |
| 1655 | // ... with no exceptions. |
| 1656 | exemptUids = new int[0]; |
| 1657 | } |
| 1658 | |
| 1659 | try { |
| 1660 | mNetdService.socketDestroy(ranges, exemptUids); |
| 1661 | } catch(RemoteException | ServiceSpecificException e) { |
| 1662 | Slog.e(TAG, "Error closing sockets after enabling chain " + chainName + ": " + e); |
| 1663 | } |
| 1664 | } |
| 1665 | |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1666 | @Override |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1667 | public void setFirewallChainEnabled(int chain, boolean enable) { |
Jeff Sharkey | f56e243 | 2012-09-06 17:54:29 -0700 | [diff] [blame] | 1668 | enforceSystemUid(); |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1669 | synchronized (mQuotaLock) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1670 | synchronized (mRulesLock) { |
| 1671 | if (getFirewallChainState(chain) == enable) { |
| 1672 | // All is the same, nothing to do. This relies on the fact that netd has child |
| 1673 | // chains default detached. |
| 1674 | return; |
| 1675 | } |
| 1676 | setFirewallChainState(chain, enable); |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1677 | } |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1678 | |
Luke Huang | 615e102 | 2018-10-25 11:54:05 +0900 | [diff] [blame] | 1679 | final String chainName = getFirewallChainName(chain); |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1680 | if (chain == FIREWALL_CHAIN_NONE) { |
Luke Huang | 615e102 | 2018-10-25 11:54:05 +0900 | [diff] [blame] | 1681 | throw new IllegalArgumentException("Bad child chain: " + chainName); |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1682 | } |
| 1683 | |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1684 | try { |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1685 | mNetdService.firewallEnableChildChain(chain, enable); |
| 1686 | } catch (RemoteException | ServiceSpecificException e) { |
| 1687 | throw new IllegalStateException(e); |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1688 | } |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1689 | |
| 1690 | // Close any sockets that were opened by the affected UIDs. This has to be done after |
| 1691 | // disabling network connectivity, in case they react to the socket close by reopening |
| 1692 | // the connection and race with the iptables commands that enable the firewall. All |
| 1693 | // whitelist and blacklist chains allow RSTs through. |
| 1694 | if (enable) { |
Luke Huang | 615e102 | 2018-10-25 11:54:05 +0900 | [diff] [blame] | 1695 | closeSocketsForFirewallChainLocked(chain, chainName); |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1696 | } |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 1697 | } |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1698 | } |
| 1699 | |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1700 | private String getFirewallChainName(int chain) { |
| 1701 | switch (chain) { |
| 1702 | case FIREWALL_CHAIN_STANDBY: |
| 1703 | return FIREWALL_CHAIN_NAME_STANDBY; |
| 1704 | case FIREWALL_CHAIN_DOZABLE: |
| 1705 | return FIREWALL_CHAIN_NAME_DOZABLE; |
| 1706 | case FIREWALL_CHAIN_POWERSAVE: |
| 1707 | return FIREWALL_CHAIN_NAME_POWERSAVE; |
| 1708 | default: |
| 1709 | throw new IllegalArgumentException("Bad child chain: " + chain); |
| 1710 | } |
| 1711 | } |
| 1712 | |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1713 | private int getFirewallType(int chain) { |
| 1714 | switch (chain) { |
| 1715 | case FIREWALL_CHAIN_STANDBY: |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1716 | return FIREWALL_BLACKLIST; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1717 | case FIREWALL_CHAIN_DOZABLE: |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1718 | return FIREWALL_WHITELIST; |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1719 | case FIREWALL_CHAIN_POWERSAVE: |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1720 | return FIREWALL_WHITELIST; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1721 | default: |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1722 | return isFirewallEnabled() ? FIREWALL_WHITELIST : FIREWALL_BLACKLIST; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1723 | } |
| 1724 | } |
| 1725 | |
| 1726 | @Override |
| 1727 | public void setFirewallUidRules(int chain, int[] uids, int[] rules) { |
| 1728 | enforceSystemUid(); |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1729 | synchronized (mQuotaLock) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1730 | synchronized (mRulesLock) { |
| 1731 | SparseIntArray uidFirewallRules = getUidFirewallRulesLR(chain); |
| 1732 | SparseIntArray newRules = new SparseIntArray(); |
| 1733 | // apply new set of rules |
| 1734 | for (int index = uids.length - 1; index >= 0; --index) { |
| 1735 | int uid = uids[index]; |
| 1736 | int rule = rules[index]; |
| 1737 | updateFirewallUidRuleLocked(chain, uid, rule); |
| 1738 | newRules.put(uid, rule); |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1739 | } |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1740 | // collect the rules to remove. |
| 1741 | SparseIntArray rulesToRemove = new SparseIntArray(); |
| 1742 | for (int index = uidFirewallRules.size() - 1; index >= 0; --index) { |
| 1743 | int uid = uidFirewallRules.keyAt(index); |
| 1744 | if (newRules.indexOfKey(uid) < 0) { |
| 1745 | rulesToRemove.put(uid, FIREWALL_RULE_DEFAULT); |
| 1746 | } |
| 1747 | } |
| 1748 | // remove dead rules |
| 1749 | for (int index = rulesToRemove.size() - 1; index >= 0; --index) { |
| 1750 | int uid = rulesToRemove.keyAt(index); |
| 1751 | updateFirewallUidRuleLocked(chain, uid, FIREWALL_RULE_DEFAULT); |
| 1752 | } |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1753 | } |
| 1754 | try { |
| 1755 | switch (chain) { |
| 1756 | case FIREWALL_CHAIN_DOZABLE: |
| 1757 | mNetdService.firewallReplaceUidChain("fw_dozable", true, uids); |
| 1758 | break; |
| 1759 | case FIREWALL_CHAIN_STANDBY: |
| 1760 | mNetdService.firewallReplaceUidChain("fw_standby", false, uids); |
| 1761 | break; |
| 1762 | case FIREWALL_CHAIN_POWERSAVE: |
| 1763 | mNetdService.firewallReplaceUidChain("fw_powersave", true, uids); |
| 1764 | break; |
| 1765 | case FIREWALL_CHAIN_NONE: |
| 1766 | default: |
| 1767 | Slog.d(TAG, "setFirewallUidRules() called on invalid chain: " + chain); |
| 1768 | } |
| 1769 | } catch (RemoteException e) { |
| 1770 | Slog.w(TAG, "Error flushing firewall chain " + chain, e); |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1771 | } |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1772 | } |
| 1773 | } |
| 1774 | |
| 1775 | @Override |
| 1776 | public void setFirewallUidRule(int chain, int uid, int rule) { |
| 1777 | enforceSystemUid(); |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1778 | synchronized (mQuotaLock) { |
| 1779 | setFirewallUidRuleLocked(chain, uid, rule); |
| 1780 | } |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1781 | } |
| 1782 | |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1783 | private void setFirewallUidRuleLocked(int chain, int uid, int rule) { |
| 1784 | if (updateFirewallUidRuleLocked(chain, uid, rule)) { |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1785 | final int ruleType = getFirewallRuleType(chain, rule); |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 1786 | try { |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1787 | mNetdService.firewallSetUidRule(chain, uid, ruleType); |
| 1788 | } catch (RemoteException | ServiceSpecificException e) { |
| 1789 | throw new IllegalStateException(e); |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 1790 | } |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1791 | } |
| 1792 | } |
| 1793 | |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1794 | // TODO: now that netd supports batching, NMS should not keep these data structures anymore... |
| 1795 | private boolean updateFirewallUidRuleLocked(int chain, int uid, int rule) { |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1796 | synchronized (mRulesLock) { |
| 1797 | SparseIntArray uidFirewallRules = getUidFirewallRulesLR(chain); |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1798 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1799 | final int oldUidFirewallRule = uidFirewallRules.get(uid, FIREWALL_RULE_DEFAULT); |
| 1800 | if (DBG) { |
| 1801 | Slog.d(TAG, "oldRule = " + oldUidFirewallRule |
| 1802 | + ", newRule=" + rule + " for uid=" + uid + " on chain " + chain); |
| 1803 | } |
| 1804 | if (oldUidFirewallRule == rule) { |
| 1805 | if (DBG) Slog.d(TAG, "!!!!! Skipping change"); |
| 1806 | // TODO: eventually consider throwing |
| 1807 | return false; |
| 1808 | } |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1809 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1810 | String ruleName = getFirewallRuleName(chain, rule); |
| 1811 | String oldRuleName = getFirewallRuleName(chain, oldUidFirewallRule); |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1812 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1813 | if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) { |
| 1814 | uidFirewallRules.delete(uid); |
| 1815 | } else { |
| 1816 | uidFirewallRules.put(uid, rule); |
| 1817 | } |
| 1818 | return !ruleName.equals(oldRuleName); |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1819 | } |
Felipe Leme | a701cad | 2016-05-12 09:58:14 -0700 | [diff] [blame] | 1820 | } |
| 1821 | |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1822 | private @NonNull String getFirewallRuleName(int chain, int rule) { |
| 1823 | String ruleName; |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1824 | if (getFirewallType(chain) == FIREWALL_WHITELIST) { |
| 1825 | if (rule == FIREWALL_RULE_ALLOW) { |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1826 | ruleName = "allow"; |
| 1827 | } else { |
| 1828 | ruleName = "deny"; |
| 1829 | } |
| 1830 | } else { // Blacklist mode |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1831 | if (rule == FIREWALL_RULE_DENY) { |
Xiaohui Chen | 8dca36d | 2015-06-19 12:44:59 -0700 | [diff] [blame] | 1832 | ruleName = "deny"; |
| 1833 | } else { |
| 1834 | ruleName = "allow"; |
| 1835 | } |
| 1836 | } |
| 1837 | return ruleName; |
| 1838 | } |
| 1839 | |
Andreas Gampe | aae5aa3 | 2018-07-20 12:55:38 -0700 | [diff] [blame] | 1840 | @GuardedBy("mRulesLock") |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1841 | private @NonNull SparseIntArray getUidFirewallRulesLR(int chain) { |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1842 | switch (chain) { |
| 1843 | case FIREWALL_CHAIN_STANDBY: |
| 1844 | return mUidFirewallStandbyRules; |
| 1845 | case FIREWALL_CHAIN_DOZABLE: |
| 1846 | return mUidFirewallDozableRules; |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1847 | case FIREWALL_CHAIN_POWERSAVE: |
| 1848 | return mUidFirewallPowerSaveRules; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1849 | case FIREWALL_CHAIN_NONE: |
| 1850 | return mUidFirewallRules; |
| 1851 | default: |
| 1852 | throw new IllegalArgumentException("Unknown chain:" + chain); |
| 1853 | } |
| 1854 | } |
| 1855 | |
Luke Huang | a241db9 | 2018-07-31 20:15:24 +0800 | [diff] [blame] | 1856 | private int getFirewallRuleType(int chain, int rule) { |
Luke Huang | 615e102 | 2018-10-25 11:54:05 +0900 | [diff] [blame] | 1857 | if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) { |
Remi NGUYEN VAN | f9a8c2e | 2019-02-13 18:28:35 +0900 | [diff] [blame] | 1858 | return getFirewallType(chain) == FIREWALL_WHITELIST |
Luke Huang | 615e102 | 2018-10-25 11:54:05 +0900 | [diff] [blame] | 1859 | ? INetd.FIREWALL_RULE_DENY : INetd.FIREWALL_RULE_ALLOW; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1860 | } |
Luke Huang | 615e102 | 2018-10-25 11:54:05 +0900 | [diff] [blame] | 1861 | return rule; |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1862 | } |
| 1863 | |
Jeff Sharkey | f56e243 | 2012-09-06 17:54:29 -0700 | [diff] [blame] | 1864 | private static void enforceSystemUid() { |
| 1865 | final int uid = Binder.getCallingUid(); |
| 1866 | if (uid != Process.SYSTEM_UID) { |
| 1867 | throw new SecurityException("Only available to AID_SYSTEM"); |
| 1868 | } |
| 1869 | } |
| 1870 | |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1871 | @Override |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1872 | public void registerNetworkActivityListener(INetworkActivityListener listener) { |
| 1873 | mNetworkActivityListeners.register(listener); |
| 1874 | } |
| 1875 | |
| 1876 | @Override |
| 1877 | public void unregisterNetworkActivityListener(INetworkActivityListener listener) { |
| 1878 | mNetworkActivityListeners.unregister(listener); |
| 1879 | } |
| 1880 | |
| 1881 | @Override |
| 1882 | public boolean isNetworkActive() { |
| 1883 | synchronized (mNetworkActivityListeners) { |
| 1884 | return mNetworkActive || mActiveIdleTimers.isEmpty(); |
| 1885 | } |
| 1886 | } |
| 1887 | |
| 1888 | private void reportNetworkActive() { |
| 1889 | final int length = mNetworkActivityListeners.beginBroadcast(); |
Robert Greenwalt | 2c9f547 | 2014-04-21 14:50:28 -0700 | [diff] [blame] | 1890 | try { |
| 1891 | for (int i = 0; i < length; i++) { |
| 1892 | try { |
| 1893 | mNetworkActivityListeners.getBroadcastItem(i).onNetworkActive(); |
Felipe Leme | 03e689d | 2016-03-02 16:17:38 -0800 | [diff] [blame] | 1894 | } catch (RemoteException | RuntimeException e) { |
Robert Greenwalt | 2c9f547 | 2014-04-21 14:50:28 -0700 | [diff] [blame] | 1895 | } |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1896 | } |
Robert Greenwalt | 2c9f547 | 2014-04-21 14:50:28 -0700 | [diff] [blame] | 1897 | } finally { |
| 1898 | mNetworkActivityListeners.finishBroadcast(); |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1899 | } |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1900 | } |
| 1901 | |
Jeff Sharkey | 47eb102 | 2011-08-25 17:48:52 -0700 | [diff] [blame] | 1902 | @Override |
| 1903 | protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { |
Jeff Sharkey | fe9a53b | 2017-03-31 14:08:23 -0600 | [diff] [blame] | 1904 | if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return; |
Jeff Sharkey | 47eb102 | 2011-08-25 17:48:52 -0700 | [diff] [blame] | 1905 | |
Dianne Hackborn | 2ffa11e | 2014-04-21 15:56:18 -0700 | [diff] [blame] | 1906 | pw.print("mMobileActivityFromRadio="); pw.print(mMobileActivityFromRadio); |
| 1907 | pw.print(" mLastPowerStateFromRadio="); pw.println(mLastPowerStateFromRadio); |
| 1908 | pw.print("mNetworkActive="); pw.println(mNetworkActive); |
Jeff Sharkey | 47eb102 | 2011-08-25 17:48:52 -0700 | [diff] [blame] | 1909 | |
| 1910 | synchronized (mQuotaLock) { |
Jeff Sharkey | b24a785 | 2012-05-01 15:19:37 -0700 | [diff] [blame] | 1911 | pw.print("Active quota ifaces: "); pw.println(mActiveQuotas.toString()); |
| 1912 | pw.print("Active alert ifaces: "); pw.println(mActiveAlerts.toString()); |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1913 | pw.print("Data saver mode: "); pw.println(mDataSaverMode); |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1914 | synchronized (mRulesLock) { |
| 1915 | dumpUidRuleOnQuotaLocked(pw, "blacklist", mUidRejectOnMetered); |
| 1916 | dumpUidRuleOnQuotaLocked(pw, "whitelist", mUidAllowOnMetered); |
| 1917 | } |
Jeff Sharkey | 47eb102 | 2011-08-25 17:48:52 -0700 | [diff] [blame] | 1918 | } |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1919 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1920 | synchronized (mRulesLock) { |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1921 | dumpUidFirewallRule(pw, "", mUidFirewallRules); |
Amith Yamasani | 15e47235 | 2015-04-24 19:06:07 -0700 | [diff] [blame] | 1922 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1923 | pw.print("UID firewall standby chain enabled: "); pw.println( |
| 1924 | getFirewallChainState(FIREWALL_CHAIN_STANDBY)); |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1925 | dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_STANDBY, mUidFirewallStandbyRules); |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1926 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1927 | pw.print("UID firewall dozable chain enabled: "); pw.println( |
| 1928 | getFirewallChainState(FIREWALL_CHAIN_DOZABLE)); |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1929 | dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_DOZABLE, mUidFirewallDozableRules); |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1930 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 1931 | pw.println("UID firewall powersave chain enabled: " + |
| 1932 | getFirewallChainState(FIREWALL_CHAIN_POWERSAVE)); |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1933 | dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_POWERSAVE, mUidFirewallPowerSaveRules); |
Xiaohui Chen | b41c9f7 | 2015-06-17 15:55:37 -0700 | [diff] [blame] | 1934 | } |
| 1935 | |
Dianne Hackborn | 77b987f | 2014-02-26 16:20:52 -0800 | [diff] [blame] | 1936 | synchronized (mIdleTimerLock) { |
| 1937 | pw.println("Idle timers:"); |
| 1938 | for (HashMap.Entry<String, IdleTimerParams> ent : mActiveIdleTimers.entrySet()) { |
| 1939 | pw.print(" "); pw.print(ent.getKey()); pw.println(":"); |
| 1940 | IdleTimerParams params = ent.getValue(); |
| 1941 | pw.print(" timeout="); pw.print(params.timeout); |
| 1942 | pw.print(" type="); pw.print(params.type); |
| 1943 | pw.print(" networkCount="); pw.println(params.networkCount); |
| 1944 | } |
| 1945 | } |
| 1946 | |
Jeff Sharkey | c268f0b | 2012-08-24 10:25:31 -0700 | [diff] [blame] | 1947 | pw.print("Firewall enabled: "); pw.println(mFirewallEnabled); |
Felipe Leme | 65be302 | 2016-03-22 14:53:13 -0700 | [diff] [blame] | 1948 | pw.print("Netd service status: " ); |
| 1949 | if (mNetdService == null) { |
| 1950 | pw.println("disconnected"); |
| 1951 | } else { |
| 1952 | try { |
| 1953 | final boolean alive = mNetdService.isAlive(); |
| 1954 | pw.println(alive ? "alive": "dead"); |
| 1955 | } catch (RemoteException e) { |
| 1956 | pw.println("unreachable"); |
| 1957 | } |
| 1958 | } |
| 1959 | } |
| 1960 | |
| 1961 | private void dumpUidRuleOnQuotaLocked(PrintWriter pw, String name, SparseBooleanArray list) { |
| 1962 | pw.print("UID bandwith control "); |
| 1963 | pw.print(name); |
| 1964 | pw.print(" rule: ["); |
| 1965 | final int size = list.size(); |
| 1966 | for (int i = 0; i < size; i++) { |
| 1967 | pw.print(list.keyAt(i)); |
| 1968 | if (i < size - 1) pw.print(","); |
| 1969 | } |
| 1970 | pw.println("]"); |
Jeff Sharkey | 47eb102 | 2011-08-25 17:48:52 -0700 | [diff] [blame] | 1971 | } |
Robert Greenwalt | 9ba9c58 | 2014-03-19 17:56:12 -0700 | [diff] [blame] | 1972 | |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1973 | private void dumpUidFirewallRule(PrintWriter pw, String name, SparseIntArray rules) { |
Lorenzo Colitti | 4cb4240 | 2016-04-24 12:52:00 +0900 | [diff] [blame] | 1974 | pw.print("UID firewall "); |
Felipe Leme | 011b98f | 2016-02-10 17:28:31 -0800 | [diff] [blame] | 1975 | pw.print(name); |
| 1976 | pw.print(" rule: ["); |
| 1977 | final int size = rules.size(); |
| 1978 | for (int i = 0; i < size; i++) { |
| 1979 | pw.print(rules.keyAt(i)); |
| 1980 | pw.print(":"); |
| 1981 | pw.print(rules.valueAt(i)); |
| 1982 | if (i < size - 1) pw.print(","); |
| 1983 | } |
| 1984 | pw.println("]"); |
| 1985 | } |
| 1986 | |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 1987 | @Override |
Paul Jensen | 992f252 | 2014-04-28 10:33:11 -0400 | [diff] [blame] | 1988 | public void addInterfaceToNetwork(String iface, int netId) { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 1989 | modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, netId, iface); |
Paul Jensen | 992f252 | 2014-04-28 10:33:11 -0400 | [diff] [blame] | 1990 | } |
| 1991 | |
| 1992 | @Override |
| 1993 | public void removeInterfaceFromNetwork(String iface, int netId) { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 1994 | modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, netId, iface); |
Sreeram Ramachandran | a77760d | 2014-07-17 17:09:07 -0700 | [diff] [blame] | 1995 | } |
Paul Jensen | 992f252 | 2014-04-28 10:33:11 -0400 | [diff] [blame] | 1996 | |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 1997 | private void modifyInterfaceInNetwork(boolean add, int netId, String iface) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 1998 | NetworkStack.checkNetworkStackPermission(mContext); |
Paul Jensen | 992f252 | 2014-04-28 10:33:11 -0400 | [diff] [blame] | 1999 | try { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2000 | if (add) { |
| 2001 | mNetdService.networkAddInterface(netId, iface); |
| 2002 | } else { |
| 2003 | mNetdService.networkRemoveInterface(netId, iface); |
| 2004 | } |
| 2005 | } catch (RemoteException | ServiceSpecificException e) { |
| 2006 | throw new IllegalStateException(e); |
Paul Jensen | 992f252 | 2014-04-28 10:33:11 -0400 | [diff] [blame] | 2007 | } |
| 2008 | } |
| 2009 | |
| 2010 | @Override |
Robert Greenwalt | 913c895 | 2014-04-07 17:36:35 -0700 | [diff] [blame] | 2011 | public void addLegacyRouteForNetId(int netId, RouteInfo routeInfo, int uid) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 2012 | NetworkStack.checkNetworkStackPermission(mContext); |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2013 | |
Sreeram Ramachandran | cc91c7b | 2014-06-03 18:41:43 -0700 | [diff] [blame] | 2014 | final LinkAddress la = routeInfo.getDestinationLinkAddress(); |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2015 | final String ifName = routeInfo.getInterface(); |
| 2016 | final String dst = la.toString(); |
| 2017 | final String nextHop; |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2018 | |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2019 | if (routeInfo.hasGateway()) { |
| 2020 | nextHop = routeInfo.getGateway().getHostAddress(); |
| 2021 | } else { |
| 2022 | nextHop = ""; |
| 2023 | } |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2024 | try { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2025 | mNetdService.networkAddLegacyRoute(netId, ifName, dst, nextHop, uid); |
| 2026 | } catch (RemoteException | ServiceSpecificException e) { |
| 2027 | throw new IllegalStateException(e); |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2028 | } |
| 2029 | } |
| 2030 | |
| 2031 | @Override |
Sreeram Ramachandran | f047f2a | 2014-04-15 16:04:26 -0700 | [diff] [blame] | 2032 | public void setDefaultNetId(int netId) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 2033 | NetworkStack.checkNetworkStackPermission(mContext); |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2034 | |
| 2035 | try { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2036 | mNetdService.networkSetDefault(netId); |
| 2037 | } catch (RemoteException | ServiceSpecificException e) { |
| 2038 | throw new IllegalStateException(e); |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2039 | } |
| 2040 | } |
| 2041 | |
| 2042 | @Override |
| 2043 | public void clearDefaultNetId() { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 2044 | NetworkStack.checkNetworkStackPermission(mContext); |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2045 | |
| 2046 | try { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2047 | mNetdService.networkClearDefault(); |
| 2048 | } catch (RemoteException | ServiceSpecificException e) { |
| 2049 | throw new IllegalStateException(e); |
Robert Greenwalt | 568891d | 2014-04-04 13:38:00 -0700 | [diff] [blame] | 2050 | } |
| 2051 | } |
| 2052 | |
| 2053 | @Override |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2054 | public void setNetworkPermission(int netId, int permission) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 2055 | NetworkStack.checkNetworkStackPermission(mContext); |
Paul Jensen | 487ffe7 | 2015-07-24 15:57:11 -0400 | [diff] [blame] | 2056 | |
| 2057 | try { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2058 | mNetdService.networkSetPermissionForNetwork(netId, permission); |
| 2059 | } catch (RemoteException | ServiceSpecificException e) { |
| 2060 | throw new IllegalStateException(e); |
Paul Jensen | 487ffe7 | 2015-07-24 15:57:11 -0400 | [diff] [blame] | 2061 | } |
| 2062 | } |
| 2063 | |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 2064 | @Override |
| 2065 | public void allowProtect(int uid) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 2066 | NetworkStack.checkNetworkStackPermission(mContext); |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 2067 | |
| 2068 | try { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2069 | mNetdService.networkSetProtectAllow(uid); |
| 2070 | } catch (RemoteException | ServiceSpecificException e) { |
| 2071 | throw new IllegalStateException(e); |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 2072 | } |
| 2073 | } |
| 2074 | |
| 2075 | @Override |
| 2076 | public void denyProtect(int uid) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 2077 | NetworkStack.checkNetworkStackPermission(mContext); |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 2078 | |
| 2079 | try { |
Luke Huang | 8a462ec | 2018-08-24 20:33:16 +0800 | [diff] [blame] | 2080 | mNetdService.networkSetProtectDeny(uid); |
| 2081 | } catch (RemoteException | ServiceSpecificException e) { |
| 2082 | throw new IllegalStateException(e); |
Paul Jensen | 6bc2c2c | 2014-05-07 15:27:40 -0400 | [diff] [blame] | 2083 | } |
| 2084 | } |
| 2085 | |
Sreeram Ramachandran | a77760d | 2014-07-17 17:09:07 -0700 | [diff] [blame] | 2086 | @Override |
| 2087 | public void addInterfaceToLocalNetwork(String iface, List<RouteInfo> routes) { |
Luke Huang | 706d7ab | 2018-10-16 15:42:15 +0800 | [diff] [blame] | 2088 | modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, INetd.LOCAL_NET_ID, iface); |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 2089 | // modifyInterfaceInNetwork already check calling permission. |
| 2090 | RouteUtils.addRoutesToLocalNetwork(mNetdService, iface, routes); |
Sreeram Ramachandran | a77760d | 2014-07-17 17:09:07 -0700 | [diff] [blame] | 2091 | } |
| 2092 | |
| 2093 | @Override |
| 2094 | public void removeInterfaceFromLocalNetwork(String iface) { |
Luke Huang | 706d7ab | 2018-10-16 15:42:15 +0800 | [diff] [blame] | 2095 | modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, INetd.LOCAL_NET_ID, iface); |
Sreeram Ramachandran | a77760d | 2014-07-17 17:09:07 -0700 | [diff] [blame] | 2096 | } |
Erik Kline | 6599ee8 | 2016-07-17 21:28:39 +0900 | [diff] [blame] | 2097 | |
| 2098 | @Override |
| 2099 | public int removeRoutesFromLocalNetwork(List<RouteInfo> routes) { |
markchien | a9d9ef8 | 2020-01-07 14:43:17 +0800 | [diff] [blame] | 2100 | NetworkStack.checkNetworkStackPermission(mContext); |
| 2101 | return RouteUtils.removeRoutesFromLocalNetwork(mNetdService, routes); |
Erik Kline | 6599ee8 | 2016-07-17 21:28:39 +0900 | [diff] [blame] | 2102 | } |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 2103 | |
Sudheer Shanka | b8f2316 | 2017-08-04 13:30:10 -0700 | [diff] [blame] | 2104 | @Override |
| 2105 | public boolean isNetworkRestricted(int uid) { |
paulhu | 59148b7 | 2019-08-12 16:25:11 +0800 | [diff] [blame] | 2106 | mContext.enforceCallingOrSelfPermission(OBSERVE_NETWORK_POLICY, TAG); |
Sudheer Shanka | b8f2316 | 2017-08-04 13:30:10 -0700 | [diff] [blame] | 2107 | return isNetworkRestrictedInternal(uid); |
| 2108 | } |
| 2109 | |
| 2110 | private boolean isNetworkRestrictedInternal(int uid) { |
| 2111 | synchronized (mRulesLock) { |
| 2112 | if (getFirewallChainState(FIREWALL_CHAIN_STANDBY) |
| 2113 | && mUidFirewallStandbyRules.get(uid) == FIREWALL_RULE_DENY) { |
| 2114 | if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of app standby mode"); |
| 2115 | return true; |
| 2116 | } |
| 2117 | if (getFirewallChainState(FIREWALL_CHAIN_DOZABLE) |
| 2118 | && mUidFirewallDozableRules.get(uid) != FIREWALL_RULE_ALLOW) { |
| 2119 | if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of device idle mode"); |
| 2120 | return true; |
| 2121 | } |
| 2122 | if (getFirewallChainState(FIREWALL_CHAIN_POWERSAVE) |
| 2123 | && mUidFirewallPowerSaveRules.get(uid) != FIREWALL_RULE_ALLOW) { |
| 2124 | if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of power saver mode"); |
| 2125 | return true; |
| 2126 | } |
| 2127 | if (mUidRejectOnMetered.get(uid)) { |
| 2128 | if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of no metered data" |
| 2129 | + " in the background"); |
| 2130 | return true; |
| 2131 | } |
| 2132 | if (mDataSaverMode && !mUidAllowOnMetered.get(uid)) { |
| 2133 | if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of data saver mode"); |
| 2134 | return true; |
| 2135 | } |
| 2136 | return false; |
| 2137 | } |
| 2138 | } |
| 2139 | |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 2140 | private void setFirewallChainState(int chain, boolean state) { |
| 2141 | synchronized (mRulesLock) { |
| 2142 | mFirewallChainStates.put(chain, state); |
| 2143 | } |
| 2144 | } |
| 2145 | |
| 2146 | private boolean getFirewallChainState(int chain) { |
| 2147 | synchronized (mRulesLock) { |
| 2148 | return mFirewallChainStates.get(chain); |
| 2149 | } |
| 2150 | } |
| 2151 | |
| 2152 | @VisibleForTesting |
| 2153 | class LocalService extends NetworkManagementInternal { |
| 2154 | @Override |
| 2155 | public boolean isNetworkRestrictedForUid(int uid) { |
Sudheer Shanka | b8f2316 | 2017-08-04 13:30:10 -0700 | [diff] [blame] | 2156 | return isNetworkRestrictedInternal(uid); |
Sudheer Shanka | 62f5c17 | 2017-03-17 16:25:55 -0700 | [diff] [blame] | 2157 | } |
| 2158 | } |
| 2159 | |
| 2160 | @VisibleForTesting |
| 2161 | Injector getInjector() { |
| 2162 | return new Injector(); |
| 2163 | } |
| 2164 | |
| 2165 | @VisibleForTesting |
| 2166 | class Injector { |
| 2167 | void setDataSaverMode(boolean dataSaverMode) { |
| 2168 | mDataSaverMode = dataSaverMode; |
| 2169 | } |
| 2170 | |
| 2171 | void setFirewallChainState(int chain, boolean state) { |
| 2172 | NetworkManagementService.this.setFirewallChainState(chain, state); |
| 2173 | } |
| 2174 | |
| 2175 | void setFirewallRule(int chain, int uid, int rule) { |
| 2176 | synchronized (mRulesLock) { |
| 2177 | getUidFirewallRulesLR(chain).put(uid, rule); |
| 2178 | } |
| 2179 | } |
| 2180 | |
| 2181 | void setUidOnMeteredNetworkList(boolean blacklist, int uid, boolean enable) { |
| 2182 | synchronized (mRulesLock) { |
| 2183 | if (blacklist) { |
| 2184 | mUidRejectOnMetered.put(uid, enable); |
| 2185 | } else { |
| 2186 | mUidAllowOnMetered.put(uid, enable); |
| 2187 | } |
| 2188 | } |
| 2189 | } |
| 2190 | |
| 2191 | void reset() { |
| 2192 | synchronized (mRulesLock) { |
| 2193 | setDataSaverMode(false); |
| 2194 | final int[] chains = { |
| 2195 | FIREWALL_CHAIN_DOZABLE, |
| 2196 | FIREWALL_CHAIN_STANDBY, |
| 2197 | FIREWALL_CHAIN_POWERSAVE |
| 2198 | }; |
| 2199 | for (int chain : chains) { |
| 2200 | setFirewallChainState(chain, false); |
| 2201 | getUidFirewallRulesLR(chain).clear(); |
| 2202 | } |
| 2203 | mUidAllowOnMetered.clear(); |
| 2204 | mUidRejectOnMetered.clear(); |
| 2205 | } |
| 2206 | } |
| 2207 | } |
San Mehat | 873f214 | 2010-01-14 10:25:07 -0800 | [diff] [blame] | 2208 | } |