Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / d8bc829a85c9c9bb390e18b59ef1455b6d0b94ec / . / services / core / java / com / android / server / NetworkManagementService.java
blob: 2f66fd7dc7c7151b8a74568b4ddb0d78952c7f12 [file] [log] [blame]
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1/*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server;
18
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]19import static android.Manifest.permission.CONNECTIVITY_INTERNAL;
Sehee Parka9139bc2017-12-22 13:54:05 +0900[diff] [blame]20import static android.Manifest.permission.NETWORK_SETTINGS;
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]21import static android.Manifest.permission.NETWORK_STACK;
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]22import static android.Manifest.permission.SHUTDOWN;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]23import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_DOZABLE;
24import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_DOZABLE;
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]25import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_POWERSAVE;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]26import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY;
27import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NONE;
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]28import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_POWERSAVE;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]29import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_STANDBY;
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]30import static android.net.NetworkPolicyManager.FIREWALL_RULE_ALLOW;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]31import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT;
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]32import static android.net.NetworkPolicyManager.FIREWALL_RULE_DENY;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]33import static android.net.NetworkPolicyManager.FIREWALL_TYPE_BLACKLIST;
34import static android.net.NetworkPolicyManager.FIREWALL_TYPE_WHITELIST;
Jeff Sharkeyb5d55e32011-08-10 17:53:27 -0700[diff] [blame]35import static android.net.NetworkStats.SET_DEFAULT;
Lorenzo Colittif1912ca2017-08-17 19:23:08 +0900[diff] [blame]36import static android.net.NetworkStats.STATS_PER_UID;
Dianne Hackbornd0c5b9a2014-02-21 16:19:05 -0800[diff] [blame]37import static android.net.NetworkStats.TAG_ALL;
Jeff Sharkey1b5a2a92011-06-18 18:34:16 -0700[diff] [blame]38import static android.net.NetworkStats.TAG_NONE;
39import static android.net.NetworkStats.UID_ALL;
Jeff Sharkeyae2c1812011-10-04 13:11:40 -0700[diff] [blame]40import static android.net.TrafficStats.UID_TETHERING;
Lorenzo Colitti9307ca22019-01-12 01:54:23 +0900[diff] [blame]41
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]42import static com.android.server.NetworkManagementService.NetdResponseCode.TtyListResult;
Jeff Sharkeya63ba592011-07-19 23:47:12 -0700[diff] [blame]43import static com.android.server.NetworkManagementSocketTagger.PROP_QTAGUID_ENABLED;
Erik Klineb2cfdfb2017-01-18 20:54:14 +0900[diff] [blame]44
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]45import android.annotation.NonNull;
Sudheer Shankadc589ac2016-11-10 15:30:17 -0800[diff] [blame]46import android.app.ActivityManager;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]47import android.content.Context;
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]48import android.net.ConnectivityManager;
Lorenzo Colitti58967ba2016-02-02 17:21:21 +0900[diff] [blame]49import android.net.INetd;
San Mehat4d02d002010-01-22 16:07:46 -0800[diff] [blame]50import android.net.INetworkManagementEventObserver;
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]51import android.net.ITetheringStatsProvider;
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]52import android.net.InterfaceConfiguration;
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]53import android.net.InterfaceConfigurationParcel;
Lorenzo Colittic18cbfd2014-06-13 21:21:03 +0900[diff] [blame]54import android.net.IpPrefix;
Robert Greenwalted126402011-01-28 15:34:55 -0800[diff] [blame]55import android.net.LinkAddress;
Lorenzo Colittib57edc52014-08-22 17:10:50 -0700[diff] [blame]56import android.net.Network;
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]57import android.net.NetworkPolicyManager;
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]58import android.net.NetworkStats;
Robert Greenwalted126402011-01-28 15:34:55 -0800[diff] [blame]59import android.net.NetworkUtils;
Robert Greenwalt59b1a4e2011-05-10 15:05:02 -0700[diff] [blame]60import android.net.RouteInfo;
Lorenzo Colitti9307ca22019-01-12 01:54:23 +0900[diff] [blame]61import android.net.TetherStatsParcel;
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]62import android.net.UidRange;
Remi NGUYEN VAN3c600a12019-01-10 19:12:46 +0900[diff] [blame]63import android.net.shared.NetdService;
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]64import android.net.shared.NetworkObserverRegistry;
Dianne Hackborn91268cf2013-06-13 19:06:50 -0700[diff] [blame]65import android.os.BatteryStats;
Jeff Sharkeyf56e2432012-09-06 17:54:29 -0700[diff] [blame]66import android.os.Binder;
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]67import android.os.Handler;
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]68import android.os.IBinder;
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]69import android.os.INetworkActivityListener;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]70import android.os.INetworkManagementService;
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]71import android.os.PowerManager;
Jeff Sharkeyf56e2432012-09-06 17:54:29 -0700[diff] [blame]72import android.os.Process;
Jeff Sharkey3df273e2011-12-15 15:47:12 -0800[diff] [blame]73import android.os.RemoteCallbackList;
74import android.os.RemoteException;
Jeff Sharkey7a1c3fc2013-06-04 12:29:00 -0700[diff] [blame]75import android.os.ServiceManager;
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]76import android.os.ServiceSpecificException;
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]77import android.os.StrictMode;
Jeff Sharkey9a13f362011-04-26 16:25:36 -0700[diff] [blame]78import android.os.SystemClock;
Marco Nelissen62dbb222010-02-18 10:56:30 -0800[diff] [blame]79import android.os.SystemProperties;
Felipe Leme29e72ea2016-09-08 13:26:55 -0700[diff] [blame]80import android.os.Trace;
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]81import android.telephony.DataConnectionRealTimeInfo;
Irfan Sheriff9ab518ad2010-03-12 15:48:17 -0800[diff] [blame]82import android.util.Log;
Joe Onorato8a9b2202010-02-26 18:56:32 -0800[diff] [blame]83import android.util.Slog;
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]84import android.util.SparseBooleanArray;
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]85import android.util.SparseIntArray;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]86
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]87import com.android.internal.annotations.GuardedBy;
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]88import com.android.internal.annotations.VisibleForTesting;
Jeff Sharkey7a1c3fc2013-06-04 12:29:00 -0700[diff] [blame]89import com.android.internal.app.IBatteryStats;
Jeff Sharkey1059c3c2011-10-04 16:54:49 -0700[diff] [blame]90import com.android.internal.net.NetworkStatsFactory;
Jeff Sharkeyfe9a53b2017-03-31 14:08:23 -0600[diff] [blame]91import com.android.internal.util.DumpUtils;
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]92import com.android.internal.util.HexDump;
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]93import com.android.internal.util.Preconditions;
Lorenzo Colitti9307ca22019-01-12 01:54:23 +0900[diff] [blame]94
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]95import com.google.android.collect.Maps;
Jeff Sharkey4414cea2011-06-24 17:05:24 -0700[diff] [blame]96
Robert Greenwalt59b1a4e2011-05-10 15:05:02 -0700[diff] [blame]97import java.io.BufferedReader;
98import java.io.DataInputStream;
Jeff Sharkey47eb1022011-08-25 17:48:52 -0700[diff] [blame]99import java.io.FileDescriptor;
Jeff Sharkey9a13f362011-04-26 16:25:36 -0700[diff] [blame]100import java.io.FileInputStream;
Jeff Sharkey9a13f362011-04-26 16:25:36 -0700[diff] [blame]101import java.io.IOException;
Jeff Sharkey9a13f362011-04-26 16:25:36 -0700[diff] [blame]102import java.io.InputStreamReader;
Jeff Sharkey47eb1022011-08-25 17:48:52 -0700[diff] [blame]103import java.io.PrintWriter;
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]104import java.net.InetAddress;
Robert Greenwalt3b28e9a2011-11-02 14:37:19 -0700[diff] [blame]105import java.net.InterfaceAddress;
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]106import java.util.ArrayList;
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]107import java.util.Arrays;
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]108import java.util.HashMap;
jiaguo1da35f72014-01-09 16:39:59 +0800[diff] [blame]109import java.util.List;
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]110import java.util.Map;
Robert Greenwalte5c3afb2010-09-22 14:32:35 -0700[diff] [blame]111import java.util.concurrent.CountDownLatch;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]112
113/**
114 * @hide
115 */
Jeff Sharkey8e9992a2011-08-23 18:37:23 -0700[diff] [blame]116public class NetworkManagementService extends INetworkManagementService.Stub
117 implements Watchdog.Monitor {
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]118
119 /**
120 * Helper class that encapsulates NetworkManagementService dependencies and makes them
121 * easier to mock in unit tests.
122 */
123 static class SystemServices {
124 public IBinder getService(String name) {
125 return ServiceManager.getService(name);
126 }
127 public void registerLocalService(NetworkManagementInternal nmi) {
128 LocalServices.addService(NetworkManagementInternal.class, nmi);
129 }
130 public INetd getNetd() {
131 return NetdService.get();
132 }
133 }
134
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]135 private static final String TAG = "NetworkManagement";
136 private static final boolean DBG = Log.isLoggable(TAG, Log.DEBUG);
Kenny Root305bcbf2010-09-03 07:56:38 -0700[diff] [blame]137 private static final String NETD_TAG = "NetdConnector";
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]138 static final String NETD_SERVICE_NAME = "netd";
Kenny Root305bcbf2010-09-03 07:56:38 -0700[diff] [blame]139
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]140 private static final int MAX_UID_RANGES_PER_COMMAND = 10;
141
Jeff Sharkey8e9992a2011-08-23 18:37:23 -0700[diff] [blame]142 /**
143 * Name representing {@link #setGlobalAlert(long)} limit when delivered to
144 * {@link INetworkManagementEventObserver#limitReached(String, String)}.
145 */
146 public static final String LIMIT_GLOBAL_ALERT = "globalAlert";
147
Andrew Scull45f533c2017-05-19 15:37:20 +0100[diff] [blame]148 static class NetdResponseCode {
Sreeram Ramachandran03666c72014-07-19 23:21:46 -0700[diff] [blame]149 /* Keep in sync with system/netd/server/ResponseCode.h */
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]150 public static final int InterfaceListResult = 110;
151 public static final int TetherInterfaceListResult = 111;
152 public static final int TetherDnsFwdTgtListResult = 112;
San Mehat72759df2010-01-19 13:50:37 -0800[diff] [blame]153 public static final int TtyListResult = 113;
Jeff Sharkeye4984be2013-09-10 21:03:27 -0700[diff] [blame]154 public static final int TetheringStatsListResult = 114;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]155
156 public static final int TetherStatusResult = 210;
157 public static final int IpFwdStatusResult = 211;
San Mehated4fc8a2010-01-22 12:28:36 -0800[diff] [blame]158 public static final int InterfaceGetCfgResult = 213;
Robert Greenwalte3253922010-02-18 09:23:25 -0800[diff] [blame]159 public static final int SoftapStatusResult = 214;
San Mehat91cac642010-03-31 14:31:36 -0700[diff] [blame]160 public static final int InterfaceRxCounterResult = 216;
161 public static final int InterfaceTxCounterResult = 217;
Jeff Sharkeycdd02c5d2011-09-16 01:52:49 -0700[diff] [blame]162 public static final int QuotaCounterResult = 220;
163 public static final int TetheringStatsResult = 221;
Selim Gurun84c00c62012-02-27 15:42:38 -0800[diff] [blame]164 public static final int DnsProxyQueryResult = 222;
Lorenzo Colitti79751842013-02-28 16:16:03 +0900[diff] [blame]165 public static final int ClatdStatusResult = 223;
Robert Greenwalte3253922010-02-18 09:23:25 -0800[diff] [blame]166
167 public static final int InterfaceChange = 600;
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]168 public static final int BandwidthControl = 601;
Haoyu Bai6b7358d2012-07-17 16:36:50 -0700[diff] [blame]169 public static final int InterfaceClassActivity = 613;
Lorenzo Colitti5c7daac2013-08-05 10:39:37 +0900[diff] [blame]170 public static final int InterfaceAddressChange = 614;
Lorenzo Colitti5ae4a532013-10-31 11:59:46 +0900[diff] [blame]171 public static final int InterfaceDnsServerInfo = 615;
Lorenzo Colittic18cbfd2014-06-13 21:21:03 +0900[diff] [blame]172 public static final int RouteChange = 616;
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]173 public static final int StrictCleartext = 617;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]174 }
175
Rebecca Silbersteine2ec94f2016-03-24 13:29:00 -0700[diff] [blame]176 /**
177 * String indicating a softap command.
178 */
179 static final String SOFT_AP_COMMAND = "softap";
180
181 /**
182 * String passed back to netd connector indicating softap command success.
183 */
184 static final String SOFT_AP_COMMAND_SUCCESS = "Ok";
185
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]186 static final int DAEMON_MSG_MOBILE_CONN_REAL_TIME_INFO = 1;
187
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]188 static final boolean MODIFY_OPERATION_ADD = true;
189 static final boolean MODIFY_OPERATION_REMOVE = false;
190
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]191 /**
192 * Binder context for this service
193 */
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]194 private final Context mContext;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]195
196 /**
197 * connector object for communicating with netd
198 */
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]199 private final NativeDaemonConnector mConnector;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]200
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]201 private final Handler mFgHandler;
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]202 private final Handler mDaemonHandler;
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]203
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]204 private final SystemServices mServices;
205
Lorenzo Colitti58967ba2016-02-02 17:21:21 +0900[diff] [blame]206 private INetd mNetdService;
207
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]208 private NMSNetworkObserverRegistry mNetworkObserverRegistry;
Luke Huangd290dd52018-09-04 17:08:18 +0800[diff] [blame]209
Dianne Hackborne13c4c02014-02-11 17:18:35 -0800[diff] [blame]210 private IBatteryStats mBatteryStats;
211
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]212 private final Thread mThread;
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]213 private CountDownLatch mConnectedSignal = new CountDownLatch(1);
Robert Greenwalte5c3afb2010-09-22 14:32:35 -0700[diff] [blame]214
Jeff Sharkey1059c3c2011-10-04 16:54:49 -0700[diff] [blame]215 private final NetworkStatsFactory mStatsFactory = new NetworkStatsFactory();
216
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]217 @GuardedBy("mTetheringStatsProviders")
218 private final HashMap<ITetheringStatsProvider, String>
219 mTetheringStatsProviders = Maps.newHashMap();
220
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]221 /**
222 * If both locks need to be held, then they should be obtained in the order:
223 * first {@link #mQuotaLock} and then {@link #mRulesLock}.
224 */
Andrew Scull45f533c2017-05-19 15:37:20 +0100[diff] [blame]225 private final Object mQuotaLock = new Object();
Andrew Scull519291f2017-05-23 13:11:03 +0100[diff] [blame]226 private final Object mRulesLock = new Object();
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]227
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]228 /** Set of interfaces with active quotas. */
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]229 @GuardedBy("mQuotaLock")
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]230 private HashMap<String, Long> mActiveQuotas = Maps.newHashMap();
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]231 /** Set of interfaces with active alerts. */
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]232 @GuardedBy("mQuotaLock")
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]233 private HashMap<String, Long> mActiveAlerts = Maps.newHashMap();
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]234 /** Set of UIDs blacklisted on metered networks. */
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]235 @GuardedBy("mRulesLock")
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]236 private SparseBooleanArray mUidRejectOnMetered = new SparseBooleanArray();
237 /** Set of UIDs whitelisted on metered networks. */
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]238 @GuardedBy("mRulesLock")
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]239 private SparseBooleanArray mUidAllowOnMetered = new SparseBooleanArray();
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]240 /** Set of UIDs with cleartext penalties. */
241 @GuardedBy("mQuotaLock")
242 private SparseIntArray mUidCleartextPolicy = new SparseIntArray();
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]243 /** Set of UIDs that are to be blocked/allowed by firewall controller. */
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]244 @GuardedBy("mRulesLock")
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]245 private SparseIntArray mUidFirewallRules = new SparseIntArray();
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]246 /**
247 * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches
248 * to application idles.
249 */
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]250 @GuardedBy("mRulesLock")
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]251 private SparseIntArray mUidFirewallStandbyRules = new SparseIntArray();
252 /**
253 * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches
254 * to device idles.
255 */
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]256 @GuardedBy("mRulesLock")
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]257 private SparseIntArray mUidFirewallDozableRules = new SparseIntArray();
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]258 /**
259 * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches
260 * to device on power-save mode.
261 */
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]262 @GuardedBy("mRulesLock")
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]263 private SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray();
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]264 /** Set of states for the child firewall chains. True if the chain is active. */
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]265 @GuardedBy("mRulesLock")
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]266 final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray();
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]267
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]268 @GuardedBy("mQuotaLock")
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]269 private volatile boolean mDataSaverMode;
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]270
Andrew Scull45f533c2017-05-19 15:37:20 +0100[diff] [blame]271 private final Object mIdleTimerLock = new Object();
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]272 /** Set of interfaces with active idle timers. */
273 private static class IdleTimerParams {
274 public final int timeout;
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]275 public final int type;
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]276 public int networkCount;
277
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]278 IdleTimerParams(int timeout, int type) {
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]279 this.timeout = timeout;
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]280 this.type = type;
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]281 this.networkCount = 1;
282 }
283 }
284 private HashMap<String, IdleTimerParams> mActiveIdleTimers = Maps.newHashMap();
285
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]286 private volatile boolean mFirewallEnabled;
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]287 private volatile boolean mStrictEnabled;
Jeff Sharkey350083e2011-06-29 10:45:16 -0700[diff] [blame]288
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]289 private boolean mMobileActivityFromRadio = false;
290 private int mLastPowerStateFromRadio = DataConnectionRealTimeInfo.DC_POWER_STATE_LOW;
Adam Lesinskie08af192015-03-25 16:42:59 -0700[diff] [blame]291 private int mLastPowerStateFromWifi = DataConnectionRealTimeInfo.DC_POWER_STATE_LOW;
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]292
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]293 private final RemoteCallbackList<INetworkActivityListener> mNetworkActivityListeners =
Christopher Wiley212b95f2016-08-02 11:38:57 -0700[diff] [blame]294 new RemoteCallbackList<>();
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]295 private boolean mNetworkActive;
296
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]297 /**
298 * Constructs a new NetworkManagementService instance
299 *
300 * @param context Binder context for this service
301 */
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]302 private NetworkManagementService(
303 Context context, String socket, SystemServices services) {
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]304 mContext = context;
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]305 mServices = services;
San Mehat4d02d002010-01-22 16:07:46 -0800[diff] [blame]306
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]307 // make sure this is on the same looper as our NativeDaemonConnector for sync purposes
308 mFgHandler = new Handler(FgThread.get().getLooper());
309
Dianne Hackborn4590e522014-03-24 13:36:46 -0700[diff] [blame]310 // Don't need this wake lock, since we now have a time stamp for when
311 // the network actually went inactive. (It might be nice to still do this,
312 // but I don't want to do it through the power manager because that pollutes the
313 // battery stats history with pointless noise.)
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]314 //PowerManager pm = (PowerManager)context.getSystemService(Context.POWER_SERVICE);
Dianne Hackborn4590e522014-03-24 13:36:46 -0700[diff] [blame]315 PowerManager.WakeLock wl = null; //pm.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK, NETD_TAG);
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]316
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]317 mConnector = new NativeDaemonConnector(
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]318 new NetdCallbackReceiver(), socket, 10, NETD_TAG, 160, wl,
319 FgThread.get().getLooper());
Robert Greenwalte5c3afb2010-09-22 14:32:35 -0700[diff] [blame]320 mThread = new Thread(mConnector, NETD_TAG);
Jeff Sharkeyfa23c5a2011-08-09 21:44:24 -0700[diff] [blame]321
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]322 mDaemonHandler = new Handler(FgThread.get().getLooper());
Wink Saville67e07892014-06-18 16:43:14 -0700[diff] [blame]323
Jeff Sharkeyfa23c5a2011-08-09 21:44:24 -0700[diff] [blame]324 // Add ourself to the Watchdog monitors.
325 Watchdog.getInstance().addMonitor(this);
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]326
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]327 mServices.registerLocalService(new LocalService());
Lorenzo Colitti8228eb32017-07-19 06:17:33 +0900[diff] [blame]328
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]329 synchronized (mTetheringStatsProviders) {
330 mTetheringStatsProviders.put(new NetdTetheringStatsProvider(), "netd");
331 }
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]332 }
333
334 @VisibleForTesting
335 NetworkManagementService() {
336 mConnector = null;
337 mContext = null;
338 mDaemonHandler = null;
339 mFgHandler = null;
340 mThread = null;
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]341 mServices = null;
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]342 mNetworkObserverRegistry = null;
Robert Greenwalte5c3afb2010-09-22 14:32:35 -0700[diff] [blame]343 }
344
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]345 static NetworkManagementService create(Context context, String socket, SystemServices services)
Felipe Leme03e689d2016-03-02 16:17:38 -0800[diff] [blame]346 throws InterruptedException {
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]347 final NetworkManagementService service =
348 new NetworkManagementService(context, socket, services);
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]349 final CountDownLatch connectedSignal = service.mConnectedSignal;
Robert Greenwalte5c3afb2010-09-22 14:32:35 -0700[diff] [blame]350 if (DBG) Slog.d(TAG, "Creating NetworkManagementService");
351 service.mThread.start();
352 if (DBG) Slog.d(TAG, "Awaiting socket connection");
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]353 connectedSignal.await();
Robert Greenwalte5c3afb2010-09-22 14:32:35 -0700[diff] [blame]354 if (DBG) Slog.d(TAG, "Connected");
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]355 if (DBG) Slog.d(TAG, "Connecting native netd service");
bohu07cc3bb2016-05-03 15:58:01 -0700[diff] [blame]356 service.connectNativeNetdService();
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]357 if (DBG) Slog.d(TAG, "Connected");
Robert Greenwalte5c3afb2010-09-22 14:32:35 -0700[diff] [blame]358 return service;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]359 }
360
Lorenzo Colitti7421a012013-08-20 22:51:24 +0900[diff] [blame]361 public static NetworkManagementService create(Context context) throws InterruptedException {
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]362 return create(context, NETD_SERVICE_NAME, new SystemServices());
Lorenzo Colitti7421a012013-08-20 22:51:24 +0900[diff] [blame]363 }
364
Jeff Sharkey350083e2011-06-29 10:45:16 -0700[diff] [blame]365 public void systemReady() {
Felipe Leme03e689d2016-03-02 16:17:38 -0800[diff] [blame]366 if (DBG) {
367 final long start = System.currentTimeMillis();
368 prepareNativeDaemon();
369 final long delta = System.currentTimeMillis() - start;
370 Slog.d(TAG, "Prepared in " + delta + "ms");
371 return;
372 } else {
373 prepareNativeDaemon();
374 }
Jeff Sharkey350083e2011-06-29 10:45:16 -0700[diff] [blame]375 }
376
Dianne Hackborne13c4c02014-02-11 17:18:35 -0800[diff] [blame]377 private IBatteryStats getBatteryStats() {
378 synchronized (this) {
379 if (mBatteryStats != null) {
380 return mBatteryStats;
381 }
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]382 mBatteryStats =
383 IBatteryStats.Stub.asInterface(mServices.getService(BatteryStats.SERVICE_NAME));
Dianne Hackborne13c4c02014-02-11 17:18:35 -0800[diff] [blame]384 return mBatteryStats;
385 }
386 }
387
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]388 @Override
Jeff Sharkey3df273e2011-12-15 15:47:12 -0800[diff] [blame]389 public void registerObserver(INetworkManagementEventObserver observer) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]390 mNetworkObserverRegistry.registerObserver(observer);
San Mehat4d02d002010-01-22 16:07:46 -0800[diff] [blame]391 }
392
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]393 @Override
Jeff Sharkey3df273e2011-12-15 15:47:12 -0800[diff] [blame]394 public void unregisterObserver(INetworkManagementEventObserver observer) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]395 mNetworkObserverRegistry.unregisterObserver(observer);
San Mehat4d02d002010-01-22 16:07:46 -0800[diff] [blame]396 }
397
Erik Klineb2cfdfb2017-01-18 20:54:14 +0900[diff] [blame]398 @FunctionalInterface
399 private interface NetworkManagementEventCallback {
400 public void sendCallback(INetworkManagementEventObserver o) throws RemoteException;
401 }
402
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]403 private class NMSNetworkObserverRegistry extends NetworkObserverRegistry {
404 NMSNetworkObserverRegistry(Context context, Handler handler, INetd netd)
405 throws RemoteException {
406 super(context, handler, netd);
407 }
408
409 /**
410 * Notify our observers of a change in the data activity state of the interface
411 */
412 @Override
413 public void notifyInterfaceClassActivity(int type, boolean isActive, long tsNanos,
414 int uid, boolean fromRadio) {
415 final boolean isMobile = ConnectivityManager.isNetworkTypeMobile(type);
416 int powerState = isActive
417 ? DataConnectionRealTimeInfo.DC_POWER_STATE_HIGH
418 : DataConnectionRealTimeInfo.DC_POWER_STATE_LOW;
419
420 if (isMobile) {
421 if (!fromRadio) {
422 if (mMobileActivityFromRadio) {
423 // If this call is not coming from a report from the radio itself, but we
424 // have previously received reports from the radio, then we will take the
425 // power state to just be whatever the radio last reported.
426 powerState = mLastPowerStateFromRadio;
427 }
428 } else {
429 mMobileActivityFromRadio = true;
430 }
431 if (mLastPowerStateFromRadio != powerState) {
432 mLastPowerStateFromRadio = powerState;
433 try {
434 getBatteryStats().noteMobileRadioPowerState(powerState, tsNanos, uid);
435 } catch (RemoteException e) {
436 }
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]437 }
Mike J. Chen6143f5f2011-06-23 15:17:51 -0700[diff] [blame]438 }
Mike J. Chen6143f5f2011-06-23 15:17:51 -0700[diff] [blame]439
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]440 if (ConnectivityManager.isNetworkTypeWifi(type)) {
441 if (mLastPowerStateFromWifi != powerState) {
442 mLastPowerStateFromWifi = powerState;
443 try {
444 getBatteryStats().noteWifiRadioPowerState(powerState, tsNanos, uid);
445 } catch (RemoteException e) {
446 }
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]447 }
Haoyu Baidb3c8672012-06-20 14:29:57 -0700[diff] [blame]448 }
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]449
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]450 if (!isMobile || fromRadio || !mMobileActivityFromRadio) {
451 // Report the change in data activity. We don't do this if this is a change
452 // on the mobile network, that is not coming from the radio itself, and we
453 // have previously seen change reports from the radio. In that case only
454 // the radio is the authority for the current state.
455 final boolean active = isActive;
456 super.notifyInterfaceClassActivity(type, isActive, tsNanos, uid, fromRadio);
457 }
458
459 boolean report = false;
460 synchronized (mIdleTimerLock) {
461 if (mActiveIdleTimers.isEmpty()) {
462 // If there are no idle timers, we are not monitoring activity, so we
463 // are always considered active.
464 isActive = true;
465 }
466 if (mNetworkActive != isActive) {
467 mNetworkActive = isActive;
468 report = isActive;
Adam Lesinskie08af192015-03-25 16:42:59 -0700[diff] [blame]469 }
470 }
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]471 if (report) {
472 reportNetworkActive();
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]473 }
474 }
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]475
476 /**
477 * Notify our observers of an interface removal.
478 */
479 @Override
480 public void notifyInterfaceRemoved(String iface) {
481 // netd already clears out quota and alerts for removed ifaces; update
482 // our sanity-checking state.
483 mActiveAlerts.remove(iface);
484 mActiveQuotas.remove(iface);
485 super.notifyInterfaceRemoved(iface);
486 }
487
488 @Override
489 public void onStrictCleartextDetected(int uid, String hex) throws RemoteException {
490 // Don't need to post to mDaemonHandler because the only thing
491 // that notifyCleartextNetwork does is post to a handler
492 ActivityManager.getService().notifyCleartextNetwork(uid,
493 HexDump.hexStringToByteArray(hex));
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]494 }
Haoyu Baidb3c8672012-06-20 14:29:57 -0700[diff] [blame]495 }
496
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]497 @Override
498 public void registerTetheringStatsProvider(ITetheringStatsProvider provider, String name) {
499 mContext.enforceCallingOrSelfPermission(NETWORK_STACK, TAG);
500 Preconditions.checkNotNull(provider);
501 synchronized(mTetheringStatsProviders) {
502 mTetheringStatsProviders.put(provider, name);
503 }
504 }
505
506 @Override
507 public void unregisterTetheringStatsProvider(ITetheringStatsProvider provider) {
508 mContext.enforceCallingOrSelfPermission(NETWORK_STACK, TAG);
509 synchronized(mTetheringStatsProviders) {
510 mTetheringStatsProviders.remove(provider);
511 }
512 }
513
Lorenzo Colitti9f0baa92017-08-15 19:25:51 +0900[diff] [blame]514 @Override
515 public void tetherLimitReached(ITetheringStatsProvider provider) {
516 mContext.enforceCallingOrSelfPermission(NETWORK_STACK, TAG);
517 synchronized(mTetheringStatsProviders) {
518 if (!mTetheringStatsProviders.containsKey(provider)) {
519 return;
520 }
521 // No current code examines the interface parameter in a global alert. Just pass null.
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]522 mDaemonHandler.post(() -> mNetworkObserverRegistry.notifyLimitReached(
523 LIMIT_GLOBAL_ALERT, null));
Lorenzo Colitti9f0baa92017-08-15 19:25:51 +0900[diff] [blame]524 }
525 }
526
Lorenzo Colitti9eb844e2016-03-23 23:22:49 +0900[diff] [blame]527 // Sync the state of the given chain with the native daemon.
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]528 private void syncFirewallChainLocked(int chain, String name) {
529 SparseIntArray rules;
530 synchronized (mRulesLock) {
531 final SparseIntArray uidFirewallRules = getUidFirewallRulesLR(chain);
Lorenzo Colitti9eb844e2016-03-23 23:22:49 +0900[diff] [blame]532 // Make a copy of the current rules, and then clear them. This is because
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]533 // setFirewallUidRuleInternal only pushes down rules to the native daemon if they
534 // are different from the current rules stored in the mUidFirewall*Rules array for
535 // the specified chain. If we don't clear the rules, setFirewallUidRuleInternal
536 // will do nothing.
537 rules = uidFirewallRules.clone();
Lorenzo Colitti9eb844e2016-03-23 23:22:49 +0900[diff] [blame]538 uidFirewallRules.clear();
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]539 }
540 if (rules.size() > 0) {
Lorenzo Colitti9eb844e2016-03-23 23:22:49 +0900[diff] [blame]541 // Now push the rules. setFirewallUidRuleInternal will push each of these down to the
542 // native daemon, and also add them to the mUidFirewall*Rules array for the specified
543 // chain.
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]544 if (DBG) Slog.d(TAG, "Pushing " + rules.size() + " active firewall "
545 + name + "UID rules");
Lorenzo Colitti9eb844e2016-03-23 23:22:49 +0900[diff] [blame]546 for (int i = 0; i < rules.size(); i++) {
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]547 setFirewallUidRuleLocked(chain, rules.keyAt(i), rules.valueAt(i));
Lorenzo Colitti9eb844e2016-03-23 23:22:49 +0900[diff] [blame]548 }
549 }
550 }
551
bohu07cc3bb2016-05-03 15:58:01 -0700[diff] [blame]552 private void connectNativeNetdService() {
Lorenzo Colittia0868002017-07-11 02:29:28 +0900[diff] [blame]553 mNetdService = mServices.getNetd();
Luke Huangd290dd52018-09-04 17:08:18 +0800[diff] [blame]554 try {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]555 mNetworkObserverRegistry = new NMSNetworkObserverRegistry(
556 mContext, mDaemonHandler, mNetdService);
557 if (DBG) Slog.d(TAG, "Registered NetworkObserverRegistry");
Luke Huangd290dd52018-09-04 17:08:18 +0800[diff] [blame]558 } catch (RemoteException | ServiceSpecificException e) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]559 Slog.wtf(TAG, "Failed to register NetworkObserverRegistry: " + e);
Luke Huangd290dd52018-09-04 17:08:18 +0800[diff] [blame]560 }
bohu07cc3bb2016-05-03 15:58:01 -0700[diff] [blame]561 }
562
563 /**
564 * Prepare native daemon once connected, enabling modules and pushing any
565 * existing in-memory rules.
566 */
567 private void prepareNativeDaemon() {
Lorenzo Colitti58967ba2016-02-02 17:21:21 +0900[diff] [blame]568
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]569 // push any existing quota or UID rules
570 synchronized (mQuotaLock) {
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]571
Luke Huang56a03a02018-09-07 12:02:16 +0800[diff] [blame]572 // Netd unconditionally enable bandwidth control
573 SystemProperties.set(PROP_QTAGUID_ENABLED, "1");
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]574
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]575 mStrictEnabled = true;
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]576
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]577 setDataSaverModeEnabled(mDataSaverMode);
578
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]579 int size = mActiveQuotas.size();
580 if (size > 0) {
Felipe Leme03e689d2016-03-02 16:17:38 -0800[diff] [blame]581 if (DBG) Slog.d(TAG, "Pushing " + size + " active quota rules");
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]582 final HashMap<String, Long> activeQuotas = mActiveQuotas;
583 mActiveQuotas = Maps.newHashMap();
584 for (Map.Entry<String, Long> entry : activeQuotas.entrySet()) {
585 setInterfaceQuota(entry.getKey(), entry.getValue());
586 }
587 }
588
589 size = mActiveAlerts.size();
590 if (size > 0) {
Felipe Leme03e689d2016-03-02 16:17:38 -0800[diff] [blame]591 if (DBG) Slog.d(TAG, "Pushing " + size + " active alert rules");
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]592 final HashMap<String, Long> activeAlerts = mActiveAlerts;
593 mActiveAlerts = Maps.newHashMap();
594 for (Map.Entry<String, Long> entry : activeAlerts.entrySet()) {
595 setInterfaceAlert(entry.getKey(), entry.getValue());
596 }
597 }
598
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]599 SparseBooleanArray uidRejectOnQuota = null;
600 SparseBooleanArray uidAcceptOnQuota = null;
601 synchronized (mRulesLock) {
602 size = mUidRejectOnMetered.size();
603 if (size > 0) {
604 if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered blacklist rules");
605 uidRejectOnQuota = mUidRejectOnMetered;
606 mUidRejectOnMetered = new SparseBooleanArray();
607 }
608
609 size = mUidAllowOnMetered.size();
610 if (size > 0) {
611 if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered whitelist rules");
612 uidAcceptOnQuota = mUidAllowOnMetered;
613 mUidAllowOnMetered = new SparseBooleanArray();
614 }
615 }
616 if (uidRejectOnQuota != null) {
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]617 for (int i = 0; i < uidRejectOnQuota.size(); i++) {
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]618 setUidMeteredNetworkBlacklist(uidRejectOnQuota.keyAt(i),
619 uidRejectOnQuota.valueAt(i));
620 }
621 }
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]622 if (uidAcceptOnQuota != null) {
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]623 for (int i = 0; i < uidAcceptOnQuota.size(); i++) {
624 setUidMeteredNetworkWhitelist(uidAcceptOnQuota.keyAt(i),
625 uidAcceptOnQuota.valueAt(i));
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]626 }
627 }
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]628
629 size = mUidCleartextPolicy.size();
630 if (size > 0) {
Felipe Leme03e689d2016-03-02 16:17:38 -0800[diff] [blame]631 if (DBG) Slog.d(TAG, "Pushing " + size + " active UID cleartext policies");
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]632 final SparseIntArray local = mUidCleartextPolicy;
633 mUidCleartextPolicy = new SparseIntArray();
634 for (int i = 0; i < local.size(); i++) {
635 setUidCleartextNetworkPolicy(local.keyAt(i), local.valueAt(i));
636 }
637 }
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]638
Robin Leec3736bc2017-03-10 16:19:54 +0000[diff] [blame]639 setFirewallEnabled(mFirewallEnabled);
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]640
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]641 syncFirewallChainLocked(FIREWALL_CHAIN_NONE, "");
642 syncFirewallChainLocked(FIREWALL_CHAIN_STANDBY, "standby ");
643 syncFirewallChainLocked(FIREWALL_CHAIN_DOZABLE, "dozable ");
644 syncFirewallChainLocked(FIREWALL_CHAIN_POWERSAVE, "powersave ");
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]645
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]646 final int[] chains =
647 {FIREWALL_CHAIN_STANDBY, FIREWALL_CHAIN_DOZABLE, FIREWALL_CHAIN_POWERSAVE};
648 for (int chain : chains) {
649 if (getFirewallChainState(chain)) {
650 setFirewallChainEnabled(chain, true);
651 }
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]652 }
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]653 }
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]654
Luke Huang56a03a02018-09-07 12:02:16 +0800[diff] [blame]655
656 try {
657 getBatteryStats().noteNetworkStatsEnabled();
658 } catch (RemoteException e) {
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]659 }
660
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]661 }
San Mehat4d02d002010-01-22 16:07:46 -0800[diff] [blame]662
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]663 //
664 // Netd Callback handling
665 //
666
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]667 private class NetdCallbackReceiver implements INativeDaemonConnectorCallbacks {
668 @Override
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]669 public void onDaemonConnected() {
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]670 Slog.i(TAG, "onDaemonConnected()");
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]671 // event is dispatched from internal NDC thread, so we prepare the
672 // daemon back on main thread.
673 if (mConnectedSignal != null) {
bohu07cc3bb2016-05-03 15:58:01 -0700[diff] [blame]674 // The system is booting and we're connecting to netd for the first time.
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]675 mConnectedSignal.countDown();
676 mConnectedSignal = null;
677 } else {
bohu07cc3bb2016-05-03 15:58:01 -0700[diff] [blame]678 // We're reconnecting to netd after the socket connection
679 // was interrupted (e.g., if it crashed).
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]680 mFgHandler.post(new Runnable() {
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]681 @Override
682 public void run() {
bohu07cc3bb2016-05-03 15:58:01 -0700[diff] [blame]683 connectNativeNetdService();
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]684 prepareNativeDaemon();
685 }
686 });
687 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]688 }
Jeff Sharkeyfa23c5a2011-08-09 21:44:24 -0700[diff] [blame]689
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]690 @Override
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]691 public boolean onCheckHoldWakeLock(int code) {
692 return code == NetdResponseCode.InterfaceClassActivity;
693 }
694
695 @Override
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]696 public boolean onEvent(int code, String raw, String[] cooked) {
Lorenzo Colittia9626c12013-11-04 17:44:09 +0900[diff] [blame]697 String errorMessage = String.format("Invalid event from daemon (%s)", raw);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]698 switch (code) {
699 case NetdResponseCode.InterfaceChange:
700 /*
701 * a network interface change occured
702 * Format: "NNN Iface added <name>"
703 * "NNN Iface removed <name>"
704 * "NNN Iface changed <name> <up/down>"
705 * "NNN Iface linkstatus <name> <up/down>"
706 */
707 if (cooked.length < 4 || !cooked[1].equals("Iface")) {
Lorenzo Colittia9626c12013-11-04 17:44:09 +0900[diff] [blame]708 throw new IllegalStateException(errorMessage);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]709 }
710 if (cooked[2].equals("added")) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]711 mNetworkObserverRegistry.notifyInterfaceAdded(cooked[3]);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]712 return true;
713 } else if (cooked[2].equals("removed")) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]714 mNetworkObserverRegistry.notifyInterfaceRemoved(cooked[3]);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]715 return true;
716 } else if (cooked[2].equals("changed") && cooked.length == 5) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]717 mNetworkObserverRegistry.notifyInterfaceStatusChanged(
718 cooked[3], cooked[4].equals("up"));
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]719 return true;
720 } else if (cooked[2].equals("linkstate") && cooked.length == 5) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]721 mNetworkObserverRegistry.notifyInterfaceLinkStateChanged(
722 cooked[3], cooked[4].equals("up"));
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]723 return true;
724 }
Lorenzo Colittia9626c12013-11-04 17:44:09 +0900[diff] [blame]725 throw new IllegalStateException(errorMessage);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]726 // break;
727 case NetdResponseCode.BandwidthControl:
728 /*
729 * Bandwidth control needs some attention
730 * Format: "NNN limit alert <alertName> <ifaceName>"
731 */
732 if (cooked.length < 5 || !cooked[1].equals("limit")) {
Lorenzo Colittia9626c12013-11-04 17:44:09 +0900[diff] [blame]733 throw new IllegalStateException(errorMessage);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]734 }
735 if (cooked[2].equals("alert")) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]736 mNetworkObserverRegistry.notifyLimitReached(cooked[3], cooked[4]);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]737 return true;
738 }
Lorenzo Colittia9626c12013-11-04 17:44:09 +0900[diff] [blame]739 throw new IllegalStateException(errorMessage);
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]740 // break;
Haoyu Baidb3c8672012-06-20 14:29:57 -0700[diff] [blame]741 case NetdResponseCode.InterfaceClassActivity:
742 /*
743 * An network interface class state changed (active/idle)
744 * Format: "NNN IfaceClass <active/idle> <label>"
745 */
746 if (cooked.length < 4 || !cooked[1].equals("IfaceClass")) {
Lorenzo Colittia9626c12013-11-04 17:44:09 +0900[diff] [blame]747 throw new IllegalStateException(errorMessage);
Haoyu Baidb3c8672012-06-20 14:29:57 -0700[diff] [blame]748 }
Ashish Sharma0535a9f2014-03-12 18:42:23 -0700[diff] [blame]749 long timestampNanos = 0;
Ruchi Kandoifa97fcf2016-05-13 15:10:39 -0700[diff] [blame]750 int processUid = -1;
751 if (cooked.length >= 5) {
Ashish Sharma0535a9f2014-03-12 18:42:23 -0700[diff] [blame]752 try {
753 timestampNanos = Long.parseLong(cooked[4]);
Ruchi Kandoifa97fcf2016-05-13 15:10:39 -0700[diff] [blame]754 if (cooked.length == 6) {
755 processUid = Integer.parseInt(cooked[5]);
756 }
Ashish Sharma0535a9f2014-03-12 18:42:23 -0700[diff] [blame]757 } catch(NumberFormatException ne) {}
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]758 } else {
759 timestampNanos = SystemClock.elapsedRealtimeNanos();
Ashish Sharma0535a9f2014-03-12 18:42:23 -0700[diff] [blame]760 }
Haoyu Baidb3c8672012-06-20 14:29:57 -0700[diff] [blame]761 boolean isActive = cooked[2].equals("active");
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]762 mNetworkObserverRegistry.notifyInterfaceClassActivity(
763 Integer.parseInt(cooked[3]), isActive,
764 timestampNanos, processUid, false);
Haoyu Baidb3c8672012-06-20 14:29:57 -0700[diff] [blame]765 return true;
766 // break;
Lorenzo Colitti5c7daac2013-08-05 10:39:37 +0900[diff] [blame]767 case NetdResponseCode.InterfaceAddressChange:
768 /*
769 * A network address change occurred
770 * Format: "NNN Address updated <addr> <iface> <flags> <scope>"
771 * "NNN Address removed <addr> <iface> <flags> <scope>"
772 */
Lorenzo Colittia9626c12013-11-04 17:44:09 +0900[diff] [blame]773 if (cooked.length < 7 || !cooked[1].equals("Address")) {
774 throw new IllegalStateException(errorMessage);
Lorenzo Colitti5c7daac2013-08-05 10:39:37 +0900[diff] [blame]775 }
776
Lorenzo Colitti64483942013-11-15 18:43:52 +0900[diff] [blame]777 String iface = cooked[4];
Lorenzo Colitti5ad421a2013-11-17 15:05:02 +0900[diff] [blame]778 LinkAddress address;
Lorenzo Colitti5c7daac2013-08-05 10:39:37 +0900[diff] [blame]779 try {
Lorenzo Colitti64483942013-11-15 18:43:52 +0900[diff] [blame]780 int flags = Integer.parseInt(cooked[5]);
781 int scope = Integer.parseInt(cooked[6]);
782 address = new LinkAddress(cooked[3], flags, scope);
Lorenzo Colitti5ad421a2013-11-17 15:05:02 +0900[diff] [blame]783 } catch(NumberFormatException e) { // Non-numeric lifetime or scope.
784 throw new IllegalStateException(errorMessage, e);
Lorenzo Colitti64483942013-11-15 18:43:52 +0900[diff] [blame]785 } catch(IllegalArgumentException e) { // Malformed/invalid IP address.
Lorenzo Colitti5ad421a2013-11-17 15:05:02 +0900[diff] [blame]786 throw new IllegalStateException(errorMessage, e);
Lorenzo Colitti5c7daac2013-08-05 10:39:37 +0900[diff] [blame]787 }
788
789 if (cooked[2].equals("updated")) {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]790 mNetworkObserverRegistry.notifyAddressUpdated(iface, address);
Lorenzo Colitti5c7daac2013-08-05 10:39:37 +0900[diff] [blame]791 } else {
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]792 mNetworkObserverRegistry.notifyAddressRemoved(iface, address);
Lorenzo Colitti5c7daac2013-08-05 10:39:37 +0900[diff] [blame]793 }
794 return true;
795 // break;
Lorenzo Colitti5ae4a532013-10-31 11:59:46 +0900[diff] [blame]796 case NetdResponseCode.InterfaceDnsServerInfo:
797 /*
798 * Information about available DNS servers has been received.
799 * Format: "NNN DnsInfo servers <interface> <lifetime> <servers>"
800 */
801 long lifetime; // Actually a 32-bit unsigned integer.
802
803 if (cooked.length == 6 &&
804 cooked[1].equals("DnsInfo") &&
805 cooked[2].equals("servers")) {
806 try {
807 lifetime = Long.parseLong(cooked[4]);
808 } catch (NumberFormatException e) {
809 throw new IllegalStateException(errorMessage);
810 }
811 String[] servers = cooked[5].split(",");
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]812 mNetworkObserverRegistry.notifyInterfaceDnsServerInfo(
813 cooked[3], lifetime, servers);
Lorenzo Colitti5ae4a532013-10-31 11:59:46 +0900[diff] [blame]814 }
815 return true;
816 // break;
Lorenzo Colittic18cbfd2014-06-13 21:21:03 +0900[diff] [blame]817 case NetdResponseCode.RouteChange:
818 /*
819 * A route has been updated or removed.
820 * Format: "NNN Route <updated|removed> <dst> [via <gateway] [dev <iface>]"
821 */
822 if (!cooked[1].equals("Route") || cooked.length < 6) {
823 throw new IllegalStateException(errorMessage);
824 }
825
826 String via = null;
827 String dev = null;
828 boolean valid = true;
829 for (int i = 4; (i + 1) < cooked.length && valid; i += 2) {
830 if (cooked[i].equals("dev")) {
831 if (dev == null) {
832 dev = cooked[i+1];
833 } else {
834 valid = false; // Duplicate interface.
835 }
836 } else if (cooked[i].equals("via")) {
837 if (via == null) {
838 via = cooked[i+1];
839 } else {
840 valid = false; // Duplicate gateway.
841 }
842 } else {
843 valid = false; // Unknown syntax.
844 }
845 }
846 if (valid) {
847 try {
848 // InetAddress.parseNumericAddress(null) inexplicably returns ::1.
849 InetAddress gateway = null;
850 if (via != null) gateway = InetAddress.parseNumericAddress(via);
851 RouteInfo route = new RouteInfo(new IpPrefix(cooked[3]), gateway, dev);
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]852 mNetworkObserverRegistry.notifyRouteChange(
853 cooked[2].equals("updated"), route);
Lorenzo Colittic18cbfd2014-06-13 21:21:03 +0900[diff] [blame]854 return true;
855 } catch (IllegalArgumentException e) {}
856 }
857 throw new IllegalStateException(errorMessage);
858 // break;
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]859 case NetdResponseCode.StrictCleartext:
860 final int uid = Integer.parseInt(cooked[1]);
861 final byte[] firstPacket = HexDump.hexStringToByteArray(cooked[2]);
862 try {
Sudheer Shankadc589ac2016-11-10 15:30:17 -0800[diff] [blame]863 ActivityManager.getService().notifyCleartextNetwork(uid, firstPacket);
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]864 } catch (RemoteException ignored) {
865 }
866 break;
JP Abgrall12b933d2011-07-14 18:09:22 -0700[diff] [blame]867 default: break;
Robert Greenwalte3253922010-02-18 09:23:25 -0800[diff] [blame]868 }
869 return false;
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]870 }
871 }
872
San Mehated4fc8a2010-01-22 12:28:36 -0800[diff] [blame]873
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]874 //
875 // INetworkManagementService members
876 //
Erik Kline4e37b702016-07-05 11:34:21 +0900[diff] [blame]877 @Override
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]878 public String[] listInterfaces() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]879 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]880 try {
Luke Huang1b4f92f2018-12-12 15:59:31 +0800[diff] [blame]881 return mNetdService.interfaceGetList();
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]882 } catch (RemoteException | ServiceSpecificException e) {
883 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]884 }
San Mehated4fc8a2010-01-22 12:28:36 -0800[diff] [blame]885 }
886
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]887 @Override
888 public InterfaceConfiguration getInterfaceConfig(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]889 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]890 final InterfaceConfigurationParcel result;
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]891 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]892 result = mNetdService.interfaceGetCfg(iface);
893 } catch (RemoteException | ServiceSpecificException e) {
894 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]895 }
San Mehated4fc8a2010-01-22 12:28:36 -0800[diff] [blame]896
San Mehated4fc8a2010-01-22 12:28:36 -0800[diff] [blame]897 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]898 final InterfaceConfiguration cfg = InterfaceConfiguration.fromParcel(result);
899 return cfg;
900 } catch (IllegalArgumentException iae) {
901 throw new IllegalStateException("Invalid InterfaceConfigurationParcel", iae);
San Mehated4fc8a2010-01-22 12:28:36 -0800[diff] [blame]902 }
San Mehated4fc8a2010-01-22 12:28:36 -0800[diff] [blame]903 }
904
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]905 @Override
906 public void setInterfaceConfig(String iface, InterfaceConfiguration cfg) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]907 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkeyddba1062011-11-29 18:37:04 -0800[diff] [blame]908 LinkAddress linkAddr = cfg.getLinkAddress();
Robert Greenwalt2d2afd12011-02-01 15:30:46 -0800[diff] [blame]909 if (linkAddr == null || linkAddr.getAddress() == null) {
910 throw new IllegalStateException("Null LinkAddress given");
Robert Greenwalted126402011-01-28 15:34:55 -0800[diff] [blame]911 }
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]912
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]913 final InterfaceConfigurationParcel cfgParcel = cfg.toParcel(iface);
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]914
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]915 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]916 mNetdService.interfaceSetCfg(cfgParcel);
917 } catch (RemoteException | ServiceSpecificException e) {
918 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]919 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]920 }
921
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]922 @Override
923 public void setInterfaceDown(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]924 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey31c6e482011-11-18 17:09:01 -0800[diff] [blame]925 final InterfaceConfiguration ifcg = getInterfaceConfig(iface);
Jeff Sharkeyddba1062011-11-29 18:37:04 -0800[diff] [blame]926 ifcg.setInterfaceDown();
Jeff Sharkey31c6e482011-11-18 17:09:01 -0800[diff] [blame]927 setInterfaceConfig(iface, ifcg);
Irfan Sheriff7244c972011-08-05 20:40:45 -0700[diff] [blame]928 }
929
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]930 @Override
931 public void setInterfaceUp(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]932 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey31c6e482011-11-18 17:09:01 -0800[diff] [blame]933 final InterfaceConfiguration ifcg = getInterfaceConfig(iface);
Jeff Sharkeyddba1062011-11-29 18:37:04 -0800[diff] [blame]934 ifcg.setInterfaceUp();
Jeff Sharkey31c6e482011-11-18 17:09:01 -0800[diff] [blame]935 setInterfaceConfig(iface, ifcg);
Irfan Sheriff7244c972011-08-05 20:40:45 -0700[diff] [blame]936 }
937
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]938 @Override
939 public void setInterfaceIpv6PrivacyExtensions(String iface, boolean enable) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]940 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Irfan Sheriff73293612011-09-14 12:31:56 -0700[diff] [blame]941 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]942 mNetdService.interfaceSetIPv6PrivacyExtensions(iface, enable);
943 } catch (RemoteException | ServiceSpecificException e) {
944 throw new IllegalStateException(e);
Irfan Sheriff73293612011-09-14 12:31:56 -0700[diff] [blame]945 }
946 }
947
Irfan Sherifff5600612011-06-16 10:26:28 -0700[diff] [blame]948 /* TODO: This is right now a IPv4 only function. Works for wifi which loses its
949 IPv6 addresses on interface down, but we need to do full clean up here */
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]950 @Override
951 public void clearInterfaceAddresses(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]952 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Irfan Sherifff5600612011-06-16 10:26:28 -0700[diff] [blame]953 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]954 mNetdService.interfaceClearAddrs(iface);
955 } catch (RemoteException | ServiceSpecificException e) {
956 throw new IllegalStateException(e);
Irfan Sherifff5600612011-06-16 10:26:28 -0700[diff] [blame]957 }
958 }
959
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]960 @Override
961 public void enableIpv6(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]962 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
repo sync7960d9f2011-09-29 12:40:02 -0700[diff] [blame]963 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]964 mNetdService.interfaceSetEnableIPv6(iface, true);
965 } catch (RemoteException | ServiceSpecificException e) {
966 throw new IllegalStateException(e);
repo sync7960d9f2011-09-29 12:40:02 -0700[diff] [blame]967 }
968 }
969
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]970 @Override
Joel Scherpelz2db10742017-06-07 15:38:38 +0900[diff] [blame]971 public void setIPv6AddrGenMode(String iface, int mode) throws ServiceSpecificException {
972 try {
973 mNetdService.setIPv6AddrGenMode(iface, mode);
974 } catch (RemoteException e) {
975 throw e.rethrowAsRuntimeException();
976 }
977 }
978
979 @Override
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]980 public void disableIpv6(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]981 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
repo sync7960d9f2011-09-29 12:40:02 -0700[diff] [blame]982 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]983 mNetdService.interfaceSetEnableIPv6(iface, false);
984 } catch (RemoteException | ServiceSpecificException e) {
985 throw new IllegalStateException(e);
repo sync7960d9f2011-09-29 12:40:02 -0700[diff] [blame]986 }
987 }
988
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]989 @Override
Sreeram Ramachandranb2829fa2014-04-15 19:07:12 -0700[diff] [blame]990 public void addRoute(int netId, RouteInfo route) {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]991 modifyRoute(MODIFY_OPERATION_ADD, netId, route);
Robert Greenwalt59b1a4e2011-05-10 15:05:02 -0700[diff] [blame]992 }
993
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]994 @Override
Sreeram Ramachandranb2829fa2014-04-15 19:07:12 -0700[diff] [blame]995 public void removeRoute(int netId, RouteInfo route) {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]996 modifyRoute(MODIFY_OPERATION_REMOVE, netId, route);
Robert Greenwalt59b1a4e2011-05-10 15:05:02 -0700[diff] [blame]997 }
998
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]999 private void modifyRoute(boolean add, int netId, RouteInfo route) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1000 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Robert Greenwalt3b28e9a2011-11-02 14:37:19 -0700[diff] [blame]1001
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]1002 final String ifName = route.getInterface();
1003 final String dst = route.getDestination().toString();
1004 final String nextHop;
Lorenzo Colitti4b0f8e62014-09-19 01:49:05 +0900[diff] [blame]1005
1006 switch (route.getType()) {
1007 case RouteInfo.RTN_UNICAST:
1008 if (route.hasGateway()) {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]1009 nextHop = route.getGateway().getHostAddress();
1010 } else {
1011 nextHop = INetd.NEXTHOP_NONE;
Lorenzo Colitti4b0f8e62014-09-19 01:49:05 +0900[diff] [blame]1012 }
1013 break;
1014 case RouteInfo.RTN_UNREACHABLE:
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]1015 nextHop = INetd.NEXTHOP_UNREACHABLE;
Lorenzo Colitti4b0f8e62014-09-19 01:49:05 +0900[diff] [blame]1016 break;
1017 case RouteInfo.RTN_THROW:
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]1018 nextHop = INetd.NEXTHOP_THROW;
1019 break;
1020 default:
1021 nextHop = INetd.NEXTHOP_NONE;
Lorenzo Colitti4b0f8e62014-09-19 01:49:05 +0900[diff] [blame]1022 break;
Sreeram Ramachandran1fbcb272014-05-22 16:30:48 -0700[diff] [blame]1023 }
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1024 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]1025 if (add) {
1026 mNetdService.networkAddRoute(netId, ifName, dst, nextHop);
1027 } else {
1028 mNetdService.networkRemoveRoute(netId, ifName, dst, nextHop);
1029 }
1030 } catch (RemoteException | ServiceSpecificException e) {
1031 throw new IllegalStateException(e);
Robert Greenwalt59b1a4e2011-05-10 15:05:02 -0700[diff] [blame]1032 }
1033 }
1034
1035 private ArrayList<String> readRouteList(String filename) {
1036 FileInputStream fstream = null;
Christopher Wiley212b95f2016-08-02 11:38:57 -0700[diff] [blame]1037 ArrayList<String> list = new ArrayList<>();
Robert Greenwalt59b1a4e2011-05-10 15:05:02 -0700[diff] [blame]1038
1039 try {
1040 fstream = new FileInputStream(filename);
1041 DataInputStream in = new DataInputStream(fstream);
1042 BufferedReader br = new BufferedReader(new InputStreamReader(in));
1043 String s;
1044
1045 // throw away the title line
1046
1047 while (((s = br.readLine()) != null) && (s.length() != 0)) {
1048 list.add(s);
1049 }
1050 } catch (IOException ex) {
1051 // return current list, possibly empty
1052 } finally {
1053 if (fstream != null) {
1054 try {
1055 fstream.close();
1056 } catch (IOException ex) {}
1057 }
1058 }
1059
1060 return list;
1061 }
1062
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1063 @Override
sy.yun9d9b74a2013-09-02 05:24:09 +0900[diff] [blame]1064 public void setMtu(String iface, int mtu) {
1065 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1066
sy.yun9d9b74a2013-09-02 05:24:09 +0900[diff] [blame]1067 try {
Luke Huang14f75442018-08-15 19:22:54 +0800[diff] [blame]1068 mNetdService.interfaceSetMtu(iface, mtu);
1069 } catch (RemoteException | ServiceSpecificException e) {
1070 throw new IllegalStateException(e);
sy.yun9d9b74a2013-09-02 05:24:09 +0900[diff] [blame]1071 }
1072 }
1073
1074 @Override
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1075 public void shutdown() {
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1076 // TODO: remove from aidl if nobody calls externally
1077 mContext.enforceCallingOrSelfPermission(SHUTDOWN, TAG);
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1078
Felipe Leme03e689d2016-03-02 16:17:38 -0800[diff] [blame]1079 Slog.i(TAG, "Shutting down");
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1080 }
1081
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1082 @Override
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1083 public boolean getIpForwardingEnabled() throws IllegalStateException{
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1084 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1085
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1086 try {
Luke Huang4db488b2018-08-16 15:37:31 +0800[diff] [blame]1087 final boolean isEnabled = mNetdService.ipfwdEnabled();
1088 return isEnabled;
1089 } catch (RemoteException | ServiceSpecificException e) {
1090 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1091 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1092 }
1093
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1094 @Override
1095 public void setIpForwardingEnabled(boolean enable) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1096 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey31c6e482011-11-18 17:09:01 -0800[diff] [blame]1097 try {
Luke Huang4db488b2018-08-16 15:37:31 +0800[diff] [blame]1098 if (enable) {
1099 mNetdService.ipfwdEnableForwarding("tethering");
1100 } else {
1101 mNetdService.ipfwdDisableForwarding("tethering");
1102 }
1103 } catch (RemoteException | ServiceSpecificException e) {
1104 throw new IllegalStateException(e);
Jeff Sharkey31c6e482011-11-18 17:09:01 -0800[diff] [blame]1105 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1106 }
1107
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1108 @Override
1109 public void startTethering(String[] dhcpRange) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1110 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Robert Greenwaltbfb7bfa2010-03-24 16:03:21 -0700[diff] [blame]1111 // an odd number of addrs will fail
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1112
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1113 try {
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1114 mNetdService.tetherStart(dhcpRange);
1115 } catch (RemoteException | ServiceSpecificException e) {
1116 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1117 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1118 }
1119
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1120 @Override
1121 public void stopTethering() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1122 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1123 try {
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1124 mNetdService.tetherStop();
1125 } catch (RemoteException | ServiceSpecificException e) {
1126 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1127 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1128 }
1129
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1130 @Override
1131 public boolean isTetheringStarted() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1132 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1133
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1134 try {
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1135 final boolean isEnabled = mNetdService.tetherIsEnabled();
1136 return isEnabled;
1137 } catch (RemoteException | ServiceSpecificException e) {
1138 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1139 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1140 }
Matthew Xiefe19f122012-07-12 16:03:32 -0700[diff] [blame]1141
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1142 @Override
1143 public void tetherInterface(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1144 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1145 try {
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1146 mNetdService.tetherInterfaceAdd(iface);
1147 } catch (RemoteException | ServiceSpecificException e) {
1148 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1149 }
Christopher Wiley212b95f2016-08-02 11:38:57 -0700[diff] [blame]1150 List<RouteInfo> routes = new ArrayList<>();
Sreeram Ramachandrana77760d2014-07-17 17:09:07 -0700[diff] [blame]1151 // The RouteInfo constructor truncates the LinkAddress to a network prefix, thus making it
1152 // suitable to use as a route destination.
1153 routes.add(new RouteInfo(getInterfaceConfig(iface).getLinkAddress(), null, iface));
1154 addInterfaceToLocalNetwork(iface, routes);
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1155 }
1156
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1157 @Override
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1158 public void untetherInterface(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1159 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1160 try {
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1161 mNetdService.tetherInterfaceRemove(iface);
1162 } catch (RemoteException | ServiceSpecificException e) {
1163 throw new IllegalStateException(e);
Erik Kline1f4278a2016-08-16 16:46:33 +0900[diff] [blame]1164 } finally {
1165 removeInterfaceFromLocalNetwork(iface);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1166 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1167 }
1168
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1169 @Override
1170 public String[] listTetheredInterfaces() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1171 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1172 try {
Luke Huang1b4f92f2018-12-12 15:59:31 +0800[diff] [blame]1173 return mNetdService.tetherInterfaceList();
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1174 } catch (RemoteException | ServiceSpecificException e) {
1175 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1176 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1177 }
1178
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1179 @Override
Lorenzo Colittib57edc52014-08-22 17:10:50 -0700[diff] [blame]1180 public void setDnsForwarders(Network network, String[] dns) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1181 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1182
Lorenzo Colittib57edc52014-08-22 17:10:50 -0700[diff] [blame]1183 int netId = (network != null) ? network.netId : ConnectivityManager.NETID_UNSET;
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1184
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1185 try {
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1186 mNetdService.tetherDnsSet(netId, dns);
1187 } catch (RemoteException | ServiceSpecificException e) {
1188 throw new IllegalStateException(e);
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1189 }
1190 }
1191
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1192 @Override
1193 public String[] getDnsForwarders() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1194 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1195 try {
Luke Huang1b4f92f2018-12-12 15:59:31 +0800[diff] [blame]1196 return mNetdService.tetherDnsList();
Luke Huang4a32bf42018-08-21 19:09:45 +0800[diff] [blame]1197 } catch (RemoteException | ServiceSpecificException e) {
1198 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1199 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1200 }
1201
jiaguo1da35f72014-01-09 16:39:59 +0800[diff] [blame]1202 private List<InterfaceAddress> excludeLinkLocal(List<InterfaceAddress> addresses) {
Christopher Wiley212b95f2016-08-02 11:38:57 -0700[diff] [blame]1203 ArrayList<InterfaceAddress> filtered = new ArrayList<>(addresses.size());
jiaguo1da35f72014-01-09 16:39:59 +0800[diff] [blame]1204 for (InterfaceAddress ia : addresses) {
1205 if (!ia.getAddress().isLinkLocalAddress())
1206 filtered.add(ia);
1207 }
1208 return filtered;
1209 }
1210
Lorenzo Colitti35e36db2015-02-26 01:25:36 +0900[diff] [blame]1211 private void modifyInterfaceForward(boolean add, String fromIface, String toIface) {
Lorenzo Colitti35e36db2015-02-26 01:25:36 +0900[diff] [blame]1212 try {
Luke Huang4db488b2018-08-16 15:37:31 +0800[diff] [blame]1213 if (add) {
1214 mNetdService.ipfwdAddInterfaceForward(fromIface, toIface);
1215 } else {
1216 mNetdService.ipfwdRemoveInterfaceForward(fromIface, toIface);
1217 }
1218 } catch (RemoteException | ServiceSpecificException e) {
1219 throw new IllegalStateException(e);
Lorenzo Colitti35e36db2015-02-26 01:25:36 +0900[diff] [blame]1220 }
1221 }
1222
1223 @Override
1224 public void startInterfaceForwarding(String fromIface, String toIface) {
1225 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1226 modifyInterfaceForward(true, fromIface, toIface);
1227 }
1228
1229 @Override
1230 public void stopInterfaceForwarding(String fromIface, String toIface) {
1231 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1232 modifyInterfaceForward(false, fromIface, toIface);
1233 }
1234
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1235 @Override
1236 public void enableNat(String internalInterface, String externalInterface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1237 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1238 try {
Luke Huanga31e0732018-10-22 13:23:10 +0900[diff] [blame]1239 mNetdService.tetherAddForward(internalInterface, externalInterface);
1240 } catch (RemoteException | ServiceSpecificException e) {
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1241 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1242 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1243 }
1244
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1245 @Override
1246 public void disableNat(String internalInterface, String externalInterface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1247 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1248 try {
Luke Huanga31e0732018-10-22 13:23:10 +0900[diff] [blame]1249 mNetdService.tetherRemoveForward(internalInterface, externalInterface);
1250 } catch (RemoteException | ServiceSpecificException e) {
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1251 throw new IllegalStateException(e);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1252 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]1253 }
San Mehat72759df2010-01-19 13:50:37 -0800[diff] [blame]1254
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1255 @Override
1256 public String[] listTtys() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1257 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1258 try {
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1259 return NativeDaemonEvent.filterMessageList(
1260 mConnector.executeForList("list_ttys"), TtyListResult);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1261 } catch (NativeDaemonConnectorException e) {
Jeff Sharkey276642b2011-12-01 11:24:24 -0800[diff] [blame]1262 throw e.rethrowAsParcelableException();
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1263 }
San Mehat72759df2010-01-19 13:50:37 -0800[diff] [blame]1264 }
1265
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1266 @Override
1267 public void attachPppd(
1268 String tty, String localAddr, String remoteAddr, String dns1Addr, String dns2Addr) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1269 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
San Mehat72759df2010-01-19 13:50:37 -0800[diff] [blame]1270 try {
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1271 mConnector.execute("pppd", "attach", tty,
Robert Greenwalte5903732011-02-22 16:00:42 -0800[diff] [blame]1272 NetworkUtils.numericToInetAddress(localAddr).getHostAddress(),
1273 NetworkUtils.numericToInetAddress(remoteAddr).getHostAddress(),
1274 NetworkUtils.numericToInetAddress(dns1Addr).getHostAddress(),
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1275 NetworkUtils.numericToInetAddress(dns2Addr).getHostAddress());
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1276 } catch (NativeDaemonConnectorException e) {
Jeff Sharkey276642b2011-12-01 11:24:24 -0800[diff] [blame]1277 throw e.rethrowAsParcelableException();
San Mehat72759df2010-01-19 13:50:37 -0800[diff] [blame]1278 }
1279 }
1280
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1281 @Override
1282 public void detachPppd(String tty) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1283 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1284 try {
Jeff Sharkeyba2896e2011-11-30 18:13:54 -0800[diff] [blame]1285 mConnector.execute("pppd", "detach", tty);
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1286 } catch (NativeDaemonConnectorException e) {
Jeff Sharkey276642b2011-12-01 11:24:24 -0800[diff] [blame]1287 throw e.rethrowAsParcelableException();
Kenny Roota80ce062010-06-01 13:23:53 -0700[diff] [blame]1288 }
San Mehat72759df2010-01-19 13:50:37 -0800[diff] [blame]1289 }
Robert Greenwaltce1200d2010-02-18 11:25:54 -0800[diff] [blame]1290
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1291 @Override
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]1292 public void addIdleTimer(String iface, int timeout, final int type) {
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]1293 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1294
1295 if (DBG) Slog.d(TAG, "Adding idletimer");
1296
1297 synchronized (mIdleTimerLock) {
1298 IdleTimerParams params = mActiveIdleTimers.get(iface);
1299 if (params != null) {
1300 // the interface already has idletimer, update network count
1301 params.networkCount++;
1302 return;
1303 }
1304
1305 try {
Luke Huanga62d0492018-07-27 20:08:21 +0800[diff] [blame]1306 mNetdService.idletimerAddInterface(iface, timeout, Integer.toString(type));
1307 } catch (RemoteException | ServiceSpecificException e) {
1308 throw new IllegalStateException(e);
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]1309 }
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]1310 mActiveIdleTimers.put(iface, new IdleTimerParams(timeout, type));
1311
Dianne Hackborne13c4c02014-02-11 17:18:35 -0800[diff] [blame]1312 // Networks start up.
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]1313 if (ConnectivityManager.isNetworkTypeMobile(type)) {
1314 mNetworkActive = false;
1315 }
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]1316 mDaemonHandler.post(() -> mNetworkObserverRegistry.notifyInterfaceClassActivity(
1317 type, true /* isActive */, SystemClock.elapsedRealtimeNanos(), -1, false));
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]1318 }
1319 }
1320
1321 @Override
1322 public void removeIdleTimer(String iface) {
1323 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1324
1325 if (DBG) Slog.d(TAG, "Removing idletimer");
1326
1327 synchronized (mIdleTimerLock) {
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]1328 final IdleTimerParams params = mActiveIdleTimers.get(iface);
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]1329 if (params == null || --(params.networkCount) > 0) {
1330 return;
1331 }
1332
1333 try {
Luke Huanga62d0492018-07-27 20:08:21 +0800[diff] [blame]1334 mNetdService.idletimerRemoveInterface(iface,
1335 params.timeout, Integer.toString(params.type));
1336 } catch (RemoteException | ServiceSpecificException e) {
1337 throw new IllegalStateException(e);
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]1338 }
1339 mActiveIdleTimers.remove(iface);
Lorenzo Colittid8bc8292019-01-24 13:28:50 +0900[diff] [blame^]1340 mDaemonHandler.post(() -> mNetworkObserverRegistry.notifyInterfaceClassActivity(
1341 params.type, false /* isActive */, SystemClock.elapsedRealtimeNanos(), -1,
1342 false));
Haoyu Bai04124232012-06-28 15:26:19 -0700[diff] [blame]1343 }
1344 }
1345
1346 @Override
Jeff Sharkeye8914c32012-05-01 16:26:09 -0700[diff] [blame]1347 public NetworkStats getNetworkStatsSummaryDev() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1348 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey9a2c2a62013-01-14 16:48:51 -0800[diff] [blame]1349 try {
1350 return mStatsFactory.readNetworkStatsSummaryDev();
1351 } catch (IOException e) {
1352 throw new IllegalStateException(e);
1353 }
Jeff Sharkeye8914c32012-05-01 16:26:09 -0700[diff] [blame]1354 }
1355
1356 @Override
1357 public NetworkStats getNetworkStatsSummaryXt() {
1358 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey9a2c2a62013-01-14 16:48:51 -0800[diff] [blame]1359 try {
1360 return mStatsFactory.readNetworkStatsSummaryXt();
1361 } catch (IOException e) {
1362 throw new IllegalStateException(e);
1363 }
Jeff Sharkeyae2c1812011-10-04 13:11:40 -0700[diff] [blame]1364 }
1365
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]1366 @Override
Jeff Sharkey9a13f362011-04-26 16:25:36 -0700[diff] [blame]1367 public NetworkStats getNetworkStatsDetail() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1368 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey9a2c2a62013-01-14 16:48:51 -0800[diff] [blame]1369 try {
Dianne Hackbornd0c5b9a2014-02-21 16:19:05 -0800[diff] [blame]1370 return mStatsFactory.readNetworkStatsDetail(UID_ALL, null, TAG_ALL, null);
Jeff Sharkey9a2c2a62013-01-14 16:48:51 -0800[diff] [blame]1371 } catch (IOException e) {
1372 throw new IllegalStateException(e);
1373 }
San Mehat91cac642010-03-31 14:31:36 -0700[diff] [blame]1374 }
1375
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]1376 @Override
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1377 public void setInterfaceQuota(String iface, long quotaBytes) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1378 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1379
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1380 synchronized (mQuotaLock) {
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1381 if (mActiveQuotas.containsKey(iface)) {
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1382 throw new IllegalStateException("iface " + iface + " already has quota");
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1383 }
1384
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1385 try {
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1386 // TODO: support quota shared across interfaces
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1387 mNetdService.bandwidthSetInterfaceQuota(iface, quotaBytes);
1388
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1389 mActiveQuotas.put(iface, quotaBytes);
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1390 } catch (RemoteException | ServiceSpecificException e) {
1391 throw new IllegalStateException(e);
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1392 }
Lorenzo Colitti50b60fc2017-08-11 13:47:49 +0900[diff] [blame]1393
1394 synchronized (mTetheringStatsProviders) {
1395 for (ITetheringStatsProvider provider : mTetheringStatsProviders.keySet()) {
1396 try {
1397 provider.setInterfaceQuota(iface, quotaBytes);
1398 } catch (RemoteException e) {
1399 Log.e(TAG, "Problem setting tethering data limit on provider " +
1400 mTetheringStatsProviders.get(provider) + ": " + e);
1401 }
1402 }
1403 }
Ashish Sharma50fd36d2011-06-15 19:34:53 -0700[diff] [blame]1404 }
1405 }
1406
1407 @Override
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1408 public void removeInterfaceQuota(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1409 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1410
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1411 synchronized (mQuotaLock) {
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1412 if (!mActiveQuotas.containsKey(iface)) {
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1413 // TODO: eventually consider throwing
1414 return;
1415 }
1416
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1417 mActiveQuotas.remove(iface);
1418 mActiveAlerts.remove(iface);
Jeff Sharkey38ddeaa2011-11-08 13:04:22 -0800[diff] [blame]1419
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1420 try {
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1421 // TODO: support quota shared across interfaces
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1422 mNetdService.bandwidthRemoveInterfaceQuota(iface);
1423 } catch (RemoteException | ServiceSpecificException e) {
1424 throw new IllegalStateException(e);
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1425 }
Lorenzo Colitti50b60fc2017-08-11 13:47:49 +0900[diff] [blame]1426
1427 synchronized (mTetheringStatsProviders) {
1428 for (ITetheringStatsProvider provider : mTetheringStatsProviders.keySet()) {
1429 try {
1430 provider.setInterfaceQuota(iface, ITetheringStatsProvider.QUOTA_UNLIMITED);
1431 } catch (RemoteException e) {
1432 Log.e(TAG, "Problem removing tethering data limit on provider " +
1433 mTetheringStatsProviders.get(provider) + ": " + e);
1434 }
1435 }
1436 }
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1437 }
1438 }
1439
1440 @Override
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1441 public void setInterfaceAlert(String iface, long alertBytes) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1442 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1443
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1444 // quick sanity check
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1445 if (!mActiveQuotas.containsKey(iface)) {
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1446 throw new IllegalStateException("setting alert requires existing quota on iface");
1447 }
1448
1449 synchronized (mQuotaLock) {
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1450 if (mActiveAlerts.containsKey(iface)) {
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1451 throw new IllegalStateException("iface " + iface + " already has alert");
1452 }
1453
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1454 try {
1455 // TODO: support alert shared across interfaces
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1456 mNetdService.bandwidthSetInterfaceAlert(iface, alertBytes);
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1457 mActiveAlerts.put(iface, alertBytes);
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1458 } catch (RemoteException | ServiceSpecificException e) {
1459 throw new IllegalStateException(e);
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1460 }
1461 }
1462 }
1463
1464 @Override
1465 public void removeInterfaceAlert(String iface) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1466 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1467
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1468 synchronized (mQuotaLock) {
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1469 if (!mActiveAlerts.containsKey(iface)) {
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1470 // TODO: eventually consider throwing
1471 return;
1472 }
1473
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1474 try {
1475 // TODO: support alert shared across interfaces
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1476 mNetdService.bandwidthRemoveInterfaceAlert(iface);
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1477 mActiveAlerts.remove(iface);
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1478 } catch (RemoteException | ServiceSpecificException e) {
1479 throw new IllegalStateException(e);
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1480 }
1481 }
1482 }
1483
1484 @Override
1485 public void setGlobalAlert(long alertBytes) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1486 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1487
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1488 try {
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1489 mNetdService.bandwidthSetGlobalAlert(alertBytes);
1490 } catch (RemoteException | ServiceSpecificException e) {
1491 throw new IllegalStateException(e);
Jeff Sharkey41ff7ec2011-07-25 15:21:22 -0700[diff] [blame]1492 }
1493 }
1494
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1495 private void setUidOnMeteredNetworkList(int uid, boolean blacklist, boolean enable) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1496 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1497
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]1498 synchronized (mQuotaLock) {
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1499 boolean oldEnable;
1500 SparseBooleanArray quotaList;
1501 synchronized (mRulesLock) {
1502 quotaList = blacklist ? mUidRejectOnMetered : mUidAllowOnMetered;
1503 oldEnable = quotaList.get(uid, false);
1504 }
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]1505 if (oldEnable == enable) {
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1506 // TODO: eventually consider throwing
1507 return;
1508 }
1509
Felipe Leme29e72ea2016-09-08 13:26:55 -0700[diff] [blame]1510 Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "inetd bandwidth");
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1511 try {
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1512 if (blacklist) {
1513 if (enable) {
1514 mNetdService.bandwidthAddNaughtyApp(uid);
1515 } else {
1516 mNetdService.bandwidthRemoveNaughtyApp(uid);
1517 }
1518 } else {
1519 if (enable) {
1520 mNetdService.bandwidthAddNiceApp(uid);
1521 } else {
1522 mNetdService.bandwidthRemoveNiceApp(uid);
1523 }
1524 }
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1525 synchronized (mRulesLock) {
1526 if (enable) {
1527 quotaList.put(uid, true);
1528 } else {
1529 quotaList.delete(uid);
1530 }
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1531 }
Luke Huangc7bea8662018-08-07 16:04:26 +0800[diff] [blame]1532 } catch (RemoteException | ServiceSpecificException e) {
1533 throw new IllegalStateException(e);
Felipe Leme29e72ea2016-09-08 13:26:55 -0700[diff] [blame]1534 } finally {
1535 Trace.traceEnd(Trace.TRACE_TAG_NETWORK);
Jeff Sharkeyb3f19ca2011-06-29 23:54:13 -0700[diff] [blame]1536 }
Ashish Sharma50fd36d2011-06-15 19:34:53 -0700[diff] [blame]1537 }
1538 }
1539
Jeff Sharkey63d27a92011-08-03 17:04:22 -0700[diff] [blame]1540 @Override
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]1541 public void setUidMeteredNetworkBlacklist(int uid, boolean enable) {
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1542 setUidOnMeteredNetworkList(uid, true, enable);
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]1543 }
1544
1545 @Override
1546 public void setUidMeteredNetworkWhitelist(int uid, boolean enable) {
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1547 setUidOnMeteredNetworkList(uid, false, enable);
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]1548 }
1549
1550 @Override
1551 public boolean setDataSaverModeEnabled(boolean enable) {
Sehee Parka9139bc2017-12-22 13:54:05 +0900[diff] [blame]1552 mContext.enforceCallingOrSelfPermission(NETWORK_SETTINGS, TAG);
1553
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]1554 if (DBG) Log.d(TAG, "setDataSaverMode: " + enable);
1555 synchronized (mQuotaLock) {
1556 if (mDataSaverMode == enable) {
1557 Log.w(TAG, "setDataSaverMode(): already " + mDataSaverMode);
1558 return true;
1559 }
Felipe Leme29e72ea2016-09-08 13:26:55 -0700[diff] [blame]1560 Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "bandwidthEnableDataSaver");
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]1561 try {
1562 final boolean changed = mNetdService.bandwidthEnableDataSaver(enable);
1563 if (changed) {
1564 mDataSaverMode = enable;
1565 } else {
1566 Log.w(TAG, "setDataSaverMode(" + enable + "): netd command silently failed");
1567 }
1568 return changed;
1569 } catch (RemoteException e) {
1570 Log.w(TAG, "setDataSaverMode(" + enable + "): netd command failed", e);
1571 return false;
Felipe Leme29e72ea2016-09-08 13:26:55 -0700[diff] [blame]1572 } finally {
1573 Trace.traceEnd(Trace.TRACE_TAG_NETWORK);
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]1574 }
1575 }
1576 }
1577
1578 @Override
Robin Lee17e61832016-05-09 13:46:28 +0100[diff] [blame]1579 public void setAllowOnlyVpnForUids(boolean add, UidRange[] uidRanges)
1580 throws ServiceSpecificException {
Rubin Xu2ea6c552018-01-11 10:59:19 +0000[diff] [blame]1581 mContext.enforceCallingOrSelfPermission(NETWORK_STACK, TAG);
Robin Lee17e61832016-05-09 13:46:28 +0100[diff] [blame]1582 try {
1583 mNetdService.networkRejectNonSecureVpn(add, uidRanges);
1584 } catch (ServiceSpecificException e) {
1585 Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")"
1586 + ": netd command failed", e);
1587 throw e;
1588 } catch (RemoteException e) {
1589 Log.w(TAG, "setAllowOnlyVpnForUids(" + add + ", " + Arrays.toString(uidRanges) + ")"
1590 + ": netd command failed", e);
1591 throw e.rethrowAsRuntimeException();
1592 }
1593 }
1594
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1595 private void applyUidCleartextNetworkPolicy(int uid, int policy) {
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]1596 final int policyValue;
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1597 switch (policy) {
1598 case StrictMode.NETWORK_POLICY_ACCEPT:
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]1599 policyValue = INetd.PENALTY_POLICY_ACCEPT;
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1600 break;
1601 case StrictMode.NETWORK_POLICY_LOG:
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]1602 policyValue = INetd.PENALTY_POLICY_LOG;
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1603 break;
1604 case StrictMode.NETWORK_POLICY_REJECT:
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]1605 policyValue = INetd.PENALTY_POLICY_REJECT;
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1606 break;
1607 default:
1608 throw new IllegalArgumentException("Unknown policy " + policy);
1609 }
1610
1611 try {
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]1612 mNetdService.strictUidCleartextPenalty(uid, policyValue);
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1613 mUidCleartextPolicy.put(uid, policy);
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]1614 } catch (RemoteException | ServiceSpecificException e) {
1615 throw new IllegalStateException(e);
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1616 }
1617 }
1618
Robin Lee17e61832016-05-09 13:46:28 +0100[diff] [blame]1619 @Override
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]1620 public void setUidCleartextNetworkPolicy(int uid, int policy) {
1621 if (Binder.getCallingUid() != uid) {
1622 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1623 }
1624
1625 synchronized (mQuotaLock) {
1626 final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT);
1627 if (oldPolicy == policy) {
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1628 // This also ensures we won't needlessly apply an ACCEPT policy if we've just
1629 // enabled strict and the underlying iptables rules are empty.
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]1630 return;
1631 }
1632
Luke Huang473eb872018-07-26 17:33:14 +0800[diff] [blame]1633 // TODO: remove this code after removing prepareNativeDaemon()
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]1634 if (!mStrictEnabled) {
1635 // Module isn't enabled yet; stash the requested policy away to
1636 // apply later once the daemon is connected.
1637 mUidCleartextPolicy.put(uid, policy);
1638 return;
1639 }
1640
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1641 // netd does not keep state on strict mode policies, and cannot replace a non-accept
1642 // policy without deleting it first. Rather than add state to netd, just always send
1643 // it an accept policy when switching between two non-accept policies.
Lorenzo Colitti26364f12017-08-20 11:54:57 +0900[diff] [blame]1644 // TODO: consider keeping state in netd so we can simplify this code.
Lorenzo Colitti8c253ad2017-07-19 00:23:44 +0900[diff] [blame]1645 if (oldPolicy != StrictMode.NETWORK_POLICY_ACCEPT &&
1646 policy != StrictMode.NETWORK_POLICY_ACCEPT) {
Lorenzo Colitti26364f12017-08-20 11:54:57 +0900[diff] [blame]1647 applyUidCleartextNetworkPolicy(uid, StrictMode.NETWORK_POLICY_ACCEPT);
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]1648 }
Lorenzo Colitti26364f12017-08-20 11:54:57 +0900[diff] [blame]1649
1650 applyUidCleartextNetworkPolicy(uid, policy);
Jeff Sharkey605eb792014-11-04 13:34:06 -0800[diff] [blame]1651 }
1652 }
1653
1654 @Override
Jeff Sharkey63d27a92011-08-03 17:04:22 -0700[diff] [blame]1655 public boolean isBandwidthControlEnabled() {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1656 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Luke Huang56a03a02018-09-07 12:02:16 +0800[diff] [blame]1657 return true;
Jeff Sharkey63d27a92011-08-03 17:04:22 -0700[diff] [blame]1658 }
1659
1660 @Override
Remi NGUYEN VAN088ff682018-03-06 12:36:54 +0900[diff] [blame]1661 public NetworkStats getNetworkStatsUidDetail(int uid, String[] ifaces) {
Jeff Sharkey4529bb62011-12-14 10:31:54 -0800[diff] [blame]1662 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Jeff Sharkey9a2c2a62013-01-14 16:48:51 -0800[diff] [blame]1663 try {
Remi NGUYEN VAN088ff682018-03-06 12:36:54 +0900[diff] [blame]1664 return mStatsFactory.readNetworkStatsDetail(uid, ifaces, TAG_ALL, null);
Jeff Sharkey9a2c2a62013-01-14 16:48:51 -0800[diff] [blame]1665 } catch (IOException e) {
1666 throw new IllegalStateException(e);
1667 }
Jeff Sharkeyeedcb952011-05-17 14:55:15 -0700[diff] [blame]1668 }
1669
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]1670 private class NetdTetheringStatsProvider extends ITetheringStatsProvider.Stub {
1671 @Override
Lorenzo Colittif1912ca2017-08-17 19:23:08 +0900[diff] [blame]1672 public NetworkStats getTetherStats(int how) {
1673 // We only need to return per-UID stats. Per-device stats are already counted by
1674 // interface counters.
1675 if (how != STATS_PER_UID) {
1676 return new NetworkStats(SystemClock.elapsedRealtime(), 0);
1677 }
1678
Luke Huang13b79e82018-09-26 14:53:42 +0800[diff] [blame]1679 final TetherStatsParcel[] tetherStatsVec;
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]1680 try {
Luke Huang13b79e82018-09-26 14:53:42 +0800[diff] [blame]1681 tetherStatsVec = mNetdService.tetherGetStats();
Lorenzo Colitti563dc452017-09-01 17:12:34 +0900[diff] [blame]1682 } catch (RemoteException | ServiceSpecificException e) {
1683 throw new IllegalStateException("problem parsing tethering stats: ", e);
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]1684 }
Jeff Sharkeye4984be2013-09-10 21:03:27 -0700[diff] [blame]1685
Lorenzo Colitti563dc452017-09-01 17:12:34 +0900[diff] [blame]1686 final NetworkStats stats = new NetworkStats(SystemClock.elapsedRealtime(),
Luke Huang13b79e82018-09-26 14:53:42 +0800[diff] [blame]1687 tetherStatsVec.length);
Lorenzo Colitti563dc452017-09-01 17:12:34 +0900[diff] [blame]1688 final NetworkStats.Entry entry = new NetworkStats.Entry();
1689
Luke Huang13b79e82018-09-26 14:53:42 +0800[diff] [blame]1690 for (TetherStatsParcel tetherStats : tetherStatsVec) {
Jeff Sharkeye4984be2013-09-10 21:03:27 -0700[diff] [blame]1691 try {
Luke Huang13b79e82018-09-26 14:53:42 +0800[diff] [blame]1692 entry.iface = tetherStats.iface;
Jeff Sharkeye4984be2013-09-10 21:03:27 -0700[diff] [blame]1693 entry.uid = UID_TETHERING;
1694 entry.set = SET_DEFAULT;
1695 entry.tag = TAG_NONE;
Luke Huang13b79e82018-09-26 14:53:42 +0800[diff] [blame]1696 entry.rxBytes = tetherStats.rxBytes;
1697 entry.rxPackets = tetherStats.rxPackets;
1698 entry.txBytes = tetherStats.txBytes;
1699 entry.txPackets = tetherStats.txPackets;
Jeff Sharkeye4984be2013-09-10 21:03:27 -0700[diff] [blame]1700 stats.combineValues(entry);
Lorenzo Colitti563dc452017-09-01 17:12:34 +0900[diff] [blame]1701 } catch (ArrayIndexOutOfBoundsException e) {
Luke Huang13b79e82018-09-26 14:53:42 +0800[diff] [blame]1702 throw new IllegalStateException("invalid tethering stats " + e);
Jeff Sharkeye4984be2013-09-10 21:03:27 -0700[diff] [blame]1703 }
1704 }
Lorenzo Colitti563dc452017-09-01 17:12:34 +0900[diff] [blame]1705
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]1706 return stats;
1707 }
Lorenzo Colitti50b60fc2017-08-11 13:47:49 +0900[diff] [blame]1708
1709 @Override
1710 public void setInterfaceQuota(String iface, long quotaBytes) {
1711 // Do nothing. netd is already informed of quota changes in setInterfaceQuota.
1712 }
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]1713 }
1714
1715 @Override
Lorenzo Colittif1912ca2017-08-17 19:23:08 +0900[diff] [blame]1716 public NetworkStats getNetworkStatsTethering(int how) {
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]1717 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1718
1719 final NetworkStats stats = new NetworkStats(SystemClock.elapsedRealtime(), 1);
1720 synchronized (mTetheringStatsProviders) {
1721 for (ITetheringStatsProvider provider: mTetheringStatsProviders.keySet()) {
1722 try {
Lorenzo Colittif1912ca2017-08-17 19:23:08 +0900[diff] [blame]1723 stats.combineAllValues(provider.getTetherStats(how));
Lorenzo Colitti07f13042017-07-10 19:06:57 +0900[diff] [blame]1724 } catch (RemoteException e) {
1725 Log.e(TAG, "Problem reading tethering stats from " +
1726 mTetheringStatsProviders.get(provider) + ": " + e);
1727 }
1728 }
Jeff Sharkeycdd02c5d2011-09-16 01:52:49 -0700[diff] [blame]1729 }
Jeff Sharkeye4984be2013-09-10 21:03:27 -0700[diff] [blame]1730 return stats;
Jeff Sharkeycdd02c5d2011-09-16 01:52:49 -0700[diff] [blame]1731 }
1732
Jeff Sharkeyaf75c332011-11-18 12:41:12 -0800[diff] [blame]1733 @Override
Erik Kline1742fe12017-12-13 19:40:49 +0900[diff] [blame]1734 public void setDnsConfigurationForNetwork(int netId, String[] servers, String[] domains,
Erik Klinee5dac902018-03-04 21:01:01 +0900[diff] [blame]1735 int[] params, String tlsHostname, String[] tlsServers) {
Pierre Imai8e48e672016-04-21 13:30:43 +0900[diff] [blame]1736 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
1737
Ben Schwartz6ec28df2017-10-02 13:08:06 -0400[diff] [blame]1738 final String[] tlsFingerprints = new String[0];
Pierre Imai8e48e672016-04-21 13:30:43 +0900[diff] [blame]1739 try {
Erik Kline1742fe12017-12-13 19:40:49 +0900[diff] [blame]1740 mNetdService.setResolverConfiguration(
Erik Klinee5dac902018-03-04 21:01:01 +0900[diff] [blame]1741 netId, servers, domains, params, tlsHostname, tlsServers, tlsFingerprints);
Pierre Imai8e48e672016-04-21 13:30:43 +0900[diff] [blame]1742 } catch (RemoteException e) {
1743 throw new RuntimeException(e);
1744 }
1745 }
1746
1747 @Override
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]1748 public void addVpnUidRanges(int netId, UidRange[] ranges) {
Chad Brubaker3277620a2013-06-12 13:37:30 -0700[diff] [blame]1749 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]1750
1751 try {
1752 mNetdService.networkAddUidRanges(netId, ranges);
1753 } catch (RemoteException | ServiceSpecificException e) {
1754 throw new IllegalStateException(e);
Chad Brubaker3277620a2013-06-12 13:37:30 -0700[diff] [blame]1755 }
1756 }
1757
1758 @Override
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]1759 public void removeVpnUidRanges(int netId, UidRange[] ranges) {
Chad Brubaker3277620a2013-06-12 13:37:30 -0700[diff] [blame]1760 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]1761 try {
1762 mNetdService.networkRemoveUidRanges(netId, ranges);
1763 } catch (RemoteException | ServiceSpecificException e) {
1764 throw new IllegalStateException(e);
Chad Brubakercca54c42013-06-27 17:41:38 -0700[diff] [blame]1765 }
1766 }
1767
1768 @Override
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1769 public void setFirewallEnabled(boolean enabled) {
Jeff Sharkeyf56e2432012-09-06 17:54:29 -0700[diff] [blame]1770 enforceSystemUid();
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1771 try {
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1772 mNetdService.firewallSetFirewallType(
1773 enabled ? INetd.FIREWALL_WHITELIST : INetd.FIREWALL_BLACKLIST);
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1774 mFirewallEnabled = enabled;
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1775 } catch (RemoteException | ServiceSpecificException e) {
1776 throw new IllegalStateException(e);
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1777 }
1778 }
1779
1780 @Override
1781 public boolean isFirewallEnabled() {
Jeff Sharkeyf56e2432012-09-06 17:54:29 -0700[diff] [blame]1782 enforceSystemUid();
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1783 return mFirewallEnabled;
1784 }
1785
1786 @Override
Jeff Sharkey2c092982012-08-24 11:44:40 -0700[diff] [blame]1787 public void setFirewallInterfaceRule(String iface, boolean allow) {
Jeff Sharkeyf56e2432012-09-06 17:54:29 -0700[diff] [blame]1788 enforceSystemUid();
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1789 Preconditions.checkState(mFirewallEnabled);
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1790 try {
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1791 mNetdService.firewallSetInterfaceRule(iface,
1792 allow ? INetd.FIREWALL_RULE_ALLOW : INetd.FIREWALL_RULE_DENY);
1793 } catch (RemoteException | ServiceSpecificException e) {
1794 throw new IllegalStateException(e);
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1795 }
1796 }
1797
Lorenzo Colitti3fef7232016-04-29 18:00:03 +0900[diff] [blame]1798 private void closeSocketsForFirewallChainLocked(int chain, String chainName) {
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1799 // UID ranges to close sockets on.
1800 UidRange[] ranges;
1801 // UID ranges whose sockets we won't touch.
1802 int[] exemptUids;
1803
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1804 int numUids = 0;
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1805 if (DBG) Slog.d(TAG, "Closing sockets after enabling chain " + chainName);
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1806 if (getFirewallType(chain) == FIREWALL_TYPE_WHITELIST) {
1807 // Close all sockets on all non-system UIDs...
1808 ranges = new UidRange[] {
1809 // TODO: is there a better way of finding all existing users? If so, we could
1810 // specify their ranges here.
1811 new UidRange(Process.FIRST_APPLICATION_UID, Integer.MAX_VALUE),
1812 };
1813 // ... except for the UIDs that have allow rules.
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1814 synchronized (mRulesLock) {
1815 final SparseIntArray rules = getUidFirewallRulesLR(chain);
1816 exemptUids = new int[rules.size()];
1817 for (int i = 0; i < exemptUids.length; i++) {
1818 if (rules.valueAt(i) == NetworkPolicyManager.FIREWALL_RULE_ALLOW) {
1819 exemptUids[numUids] = rules.keyAt(i);
1820 numUids++;
1821 }
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1822 }
1823 }
1824 // Normally, whitelist chains only contain deny rules, so numUids == exemptUids.length.
1825 // But the code does not guarantee this in any way, and at least in one case - if we add
1826 // a UID rule to the firewall, and then disable the firewall - the chains can contain
1827 // the wrong type of rule. In this case, don't close connections that we shouldn't.
1828 //
1829 // TODO: tighten up this code by ensuring we never set the wrong type of rule, and
1830 // fix setFirewallEnabled to grab mQuotaLock and clear rules.
1831 if (numUids != exemptUids.length) {
1832 exemptUids = Arrays.copyOf(exemptUids, numUids);
1833 }
1834 } else {
1835 // Close sockets for every UID that has a deny rule...
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1836 synchronized (mRulesLock) {
1837 final SparseIntArray rules = getUidFirewallRulesLR(chain);
1838 ranges = new UidRange[rules.size()];
1839 for (int i = 0; i < ranges.length; i++) {
1840 if (rules.valueAt(i) == NetworkPolicyManager.FIREWALL_RULE_DENY) {
1841 int uid = rules.keyAt(i);
1842 ranges[numUids] = new UidRange(uid, uid);
1843 numUids++;
1844 }
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1845 }
1846 }
1847 // As above; usually numUids == ranges.length, but not always.
1848 if (numUids != ranges.length) {
1849 ranges = Arrays.copyOf(ranges, numUids);
1850 }
1851 // ... with no exceptions.
1852 exemptUids = new int[0];
1853 }
1854
1855 try {
1856 mNetdService.socketDestroy(ranges, exemptUids);
1857 } catch(RemoteException | ServiceSpecificException e) {
1858 Slog.e(TAG, "Error closing sockets after enabling chain " + chainName + ": " + e);
1859 }
1860 }
1861
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1862 @Override
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]1863 public void setFirewallChainEnabled(int chain, boolean enable) {
Jeff Sharkeyf56e2432012-09-06 17:54:29 -0700[diff] [blame]1864 enforceSystemUid();
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]1865 synchronized (mQuotaLock) {
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1866 synchronized (mRulesLock) {
1867 if (getFirewallChainState(chain) == enable) {
1868 // All is the same, nothing to do. This relies on the fact that netd has child
1869 // chains default detached.
1870 return;
1871 }
1872 setFirewallChainState(chain, enable);
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]1873 }
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]1874
Luke Huang615e1022018-10-25 11:54:05 +0900[diff] [blame]1875 final String chainName = getFirewallChainName(chain);
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1876 if (chain == FIREWALL_CHAIN_NONE) {
Luke Huang615e1022018-10-25 11:54:05 +0900[diff] [blame]1877 throw new IllegalArgumentException("Bad child chain: " + chainName);
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1878 }
1879
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]1880 try {
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1881 mNetdService.firewallEnableChildChain(chain, enable);
1882 } catch (RemoteException | ServiceSpecificException e) {
1883 throw new IllegalStateException(e);
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]1884 }
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1885
1886 // Close any sockets that were opened by the affected UIDs. This has to be done after
1887 // disabling network connectivity, in case they react to the socket close by reopening
1888 // the connection and race with the iptables commands that enable the firewall. All
1889 // whitelist and blacklist chains allow RSTs through.
1890 if (enable) {
Luke Huang615e1022018-10-25 11:54:05 +0900[diff] [blame]1891 closeSocketsForFirewallChainLocked(chain, chainName);
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]1892 }
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]1893 }
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]1894 }
1895
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1896 private String getFirewallChainName(int chain) {
1897 switch (chain) {
1898 case FIREWALL_CHAIN_STANDBY:
1899 return FIREWALL_CHAIN_NAME_STANDBY;
1900 case FIREWALL_CHAIN_DOZABLE:
1901 return FIREWALL_CHAIN_NAME_DOZABLE;
1902 case FIREWALL_CHAIN_POWERSAVE:
1903 return FIREWALL_CHAIN_NAME_POWERSAVE;
1904 default:
1905 throw new IllegalArgumentException("Bad child chain: " + chain);
1906 }
1907 }
1908
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]1909 private int getFirewallType(int chain) {
1910 switch (chain) {
1911 case FIREWALL_CHAIN_STANDBY:
1912 return FIREWALL_TYPE_BLACKLIST;
1913 case FIREWALL_CHAIN_DOZABLE:
1914 return FIREWALL_TYPE_WHITELIST;
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]1915 case FIREWALL_CHAIN_POWERSAVE:
1916 return FIREWALL_TYPE_WHITELIST;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]1917 default:
1918 return isFirewallEnabled() ? FIREWALL_TYPE_WHITELIST : FIREWALL_TYPE_BLACKLIST;
1919 }
1920 }
1921
1922 @Override
1923 public void setFirewallUidRules(int chain, int[] uids, int[] rules) {
1924 enforceSystemUid();
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]1925 synchronized (mQuotaLock) {
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1926 synchronized (mRulesLock) {
1927 SparseIntArray uidFirewallRules = getUidFirewallRulesLR(chain);
1928 SparseIntArray newRules = new SparseIntArray();
1929 // apply new set of rules
1930 for (int index = uids.length - 1; index >= 0; --index) {
1931 int uid = uids[index];
1932 int rule = rules[index];
1933 updateFirewallUidRuleLocked(chain, uid, rule);
1934 newRules.put(uid, rule);
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]1935 }
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1936 // collect the rules to remove.
1937 SparseIntArray rulesToRemove = new SparseIntArray();
1938 for (int index = uidFirewallRules.size() - 1; index >= 0; --index) {
1939 int uid = uidFirewallRules.keyAt(index);
1940 if (newRules.indexOfKey(uid) < 0) {
1941 rulesToRemove.put(uid, FIREWALL_RULE_DEFAULT);
1942 }
1943 }
1944 // remove dead rules
1945 for (int index = rulesToRemove.size() - 1; index >= 0; --index) {
1946 int uid = rulesToRemove.keyAt(index);
1947 updateFirewallUidRuleLocked(chain, uid, FIREWALL_RULE_DEFAULT);
1948 }
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]1949 }
1950 try {
1951 switch (chain) {
1952 case FIREWALL_CHAIN_DOZABLE:
1953 mNetdService.firewallReplaceUidChain("fw_dozable", true, uids);
1954 break;
1955 case FIREWALL_CHAIN_STANDBY:
1956 mNetdService.firewallReplaceUidChain("fw_standby", false, uids);
1957 break;
1958 case FIREWALL_CHAIN_POWERSAVE:
1959 mNetdService.firewallReplaceUidChain("fw_powersave", true, uids);
1960 break;
1961 case FIREWALL_CHAIN_NONE:
1962 default:
1963 Slog.d(TAG, "setFirewallUidRules() called on invalid chain: " + chain);
1964 }
1965 } catch (RemoteException e) {
1966 Slog.w(TAG, "Error flushing firewall chain " + chain, e);
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]1967 }
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]1968 }
1969 }
1970
1971 @Override
1972 public void setFirewallUidRule(int chain, int uid, int rule) {
1973 enforceSystemUid();
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]1974 synchronized (mQuotaLock) {
1975 setFirewallUidRuleLocked(chain, uid, rule);
1976 }
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]1977 }
1978
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]1979 private void setFirewallUidRuleLocked(int chain, int uid, int rule) {
1980 if (updateFirewallUidRuleLocked(chain, uid, rule)) {
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1981 final int ruleType = getFirewallRuleType(chain, rule);
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]1982 try {
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]1983 mNetdService.firewallSetUidRule(chain, uid, ruleType);
1984 } catch (RemoteException | ServiceSpecificException e) {
1985 throw new IllegalStateException(e);
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]1986 }
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]1987 }
1988 }
1989
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]1990 // TODO: now that netd supports batching, NMS should not keep these data structures anymore...
1991 private boolean updateFirewallUidRuleLocked(int chain, int uid, int rule) {
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1992 synchronized (mRulesLock) {
1993 SparseIntArray uidFirewallRules = getUidFirewallRulesLR(chain);
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]1994
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]1995 final int oldUidFirewallRule = uidFirewallRules.get(uid, FIREWALL_RULE_DEFAULT);
1996 if (DBG) {
1997 Slog.d(TAG, "oldRule = " + oldUidFirewallRule
1998 + ", newRule=" + rule + " for uid=" + uid + " on chain " + chain);
1999 }
2000 if (oldUidFirewallRule == rule) {
2001 if (DBG) Slog.d(TAG, "!!!!! Skipping change");
2002 // TODO: eventually consider throwing
2003 return false;
2004 }
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]2005
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2006 String ruleName = getFirewallRuleName(chain, rule);
2007 String oldRuleName = getFirewallRuleName(chain, oldUidFirewallRule);
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]2008
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2009 if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) {
2010 uidFirewallRules.delete(uid);
2011 } else {
2012 uidFirewallRules.put(uid, rule);
2013 }
2014 return !ruleName.equals(oldRuleName);
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]2015 }
Felipe Lemea701cad2016-05-12 09:58:14 -0700[diff] [blame]2016 }
2017
Xiaohui Chen8dca36d2015-06-19 12:44:59 -0700[diff] [blame]2018 private @NonNull String getFirewallRuleName(int chain, int rule) {
2019 String ruleName;
2020 if (getFirewallType(chain) == FIREWALL_TYPE_WHITELIST) {
2021 if (rule == NetworkPolicyManager.FIREWALL_RULE_ALLOW) {
2022 ruleName = "allow";
2023 } else {
2024 ruleName = "deny";
2025 }
2026 } else { // Blacklist mode
2027 if (rule == NetworkPolicyManager.FIREWALL_RULE_DENY) {
2028 ruleName = "deny";
2029 } else {
2030 ruleName = "allow";
2031 }
2032 }
2033 return ruleName;
2034 }
2035
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2036 private @NonNull SparseIntArray getUidFirewallRulesLR(int chain) {
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]2037 switch (chain) {
2038 case FIREWALL_CHAIN_STANDBY:
2039 return mUidFirewallStandbyRules;
2040 case FIREWALL_CHAIN_DOZABLE:
2041 return mUidFirewallDozableRules;
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2042 case FIREWALL_CHAIN_POWERSAVE:
2043 return mUidFirewallPowerSaveRules;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]2044 case FIREWALL_CHAIN_NONE:
2045 return mUidFirewallRules;
2046 default:
2047 throw new IllegalArgumentException("Unknown chain:" + chain);
2048 }
2049 }
2050
Luke Huanga241db92018-07-31 20:15:24 +0800[diff] [blame]2051 private int getFirewallRuleType(int chain, int rule) {
Luke Huang615e1022018-10-25 11:54:05 +0900[diff] [blame]2052 if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) {
2053 return getFirewallType(chain) == FIREWALL_TYPE_WHITELIST
2054 ? INetd.FIREWALL_RULE_DENY : INetd.FIREWALL_RULE_ALLOW;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]2055 }
Luke Huang615e1022018-10-25 11:54:05 +0900[diff] [blame]2056 return rule;
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]2057 }
2058
Jeff Sharkeyf56e2432012-09-06 17:54:29 -0700[diff] [blame]2059 private static void enforceSystemUid() {
2060 final int uid = Binder.getCallingUid();
2061 if (uid != Process.SYSTEM_UID) {
2062 throw new SecurityException("Only available to AID_SYSTEM");
2063 }
2064 }
2065
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]2066 @Override
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]2067 public void registerNetworkActivityListener(INetworkActivityListener listener) {
2068 mNetworkActivityListeners.register(listener);
2069 }
2070
2071 @Override
2072 public void unregisterNetworkActivityListener(INetworkActivityListener listener) {
2073 mNetworkActivityListeners.unregister(listener);
2074 }
2075
2076 @Override
2077 public boolean isNetworkActive() {
2078 synchronized (mNetworkActivityListeners) {
2079 return mNetworkActive || mActiveIdleTimers.isEmpty();
2080 }
2081 }
2082
2083 private void reportNetworkActive() {
2084 final int length = mNetworkActivityListeners.beginBroadcast();
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]2085 try {
2086 for (int i = 0; i < length; i++) {
2087 try {
2088 mNetworkActivityListeners.getBroadcastItem(i).onNetworkActive();
Felipe Leme03e689d2016-03-02 16:17:38 -0800[diff] [blame]2089 } catch (RemoteException | RuntimeException e) {
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]2090 }
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]2091 }
Robert Greenwalt2c9f5472014-04-21 14:50:28 -0700[diff] [blame]2092 } finally {
2093 mNetworkActivityListeners.finishBroadcast();
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]2094 }
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]2095 }
2096
Mattias Falk8b47b362011-08-23 14:15:13 +0200[diff] [blame]2097 /** {@inheritDoc} */
Jeff Sharkey7b4596f2013-02-25 10:55:29 -0800[diff] [blame]2098 @Override
Jeff Sharkeyfa23c5a2011-08-09 21:44:24 -0700[diff] [blame]2099 public void monitor() {
2100 if (mConnector != null) {
2101 mConnector.monitor();
2102 }
2103 }
Jeff Sharkey47eb1022011-08-25 17:48:52 -0700[diff] [blame]2104
2105 @Override
2106 protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
Jeff Sharkeyfe9a53b2017-03-31 14:08:23 -0600[diff] [blame]2107 if (!DumpUtils.checkDumpPermission(mContext, TAG, pw)) return;
Jeff Sharkey47eb1022011-08-25 17:48:52 -0700[diff] [blame]2108
Robert Greenwalt470fd722012-01-18 12:51:15 -0800[diff] [blame]2109 pw.println("NetworkManagementService NativeDaemonConnector Log:");
2110 mConnector.dump(fd, pw, args);
2111 pw.println();
2112
Dianne Hackborn2ffa11e2014-04-21 15:56:18 -0700[diff] [blame]2113 pw.print("mMobileActivityFromRadio="); pw.print(mMobileActivityFromRadio);
2114 pw.print(" mLastPowerStateFromRadio="); pw.println(mLastPowerStateFromRadio);
2115 pw.print("mNetworkActive="); pw.println(mNetworkActive);
Jeff Sharkey47eb1022011-08-25 17:48:52 -0700[diff] [blame]2116
2117 synchronized (mQuotaLock) {
Jeff Sharkeyb24a7852012-05-01 15:19:37 -0700[diff] [blame]2118 pw.print("Active quota ifaces: "); pw.println(mActiveQuotas.toString());
2119 pw.print("Active alert ifaces: "); pw.println(mActiveAlerts.toString());
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]2120 pw.print("Data saver mode: "); pw.println(mDataSaverMode);
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2121 synchronized (mRulesLock) {
2122 dumpUidRuleOnQuotaLocked(pw, "blacklist", mUidRejectOnMetered);
2123 dumpUidRuleOnQuotaLocked(pw, "whitelist", mUidAllowOnMetered);
2124 }
Jeff Sharkey47eb1022011-08-25 17:48:52 -0700[diff] [blame]2125 }
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]2126
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2127 synchronized (mRulesLock) {
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2128 dumpUidFirewallRule(pw, "", mUidFirewallRules);
Amith Yamasani15e472352015-04-24 19:06:07 -0700[diff] [blame]2129
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2130 pw.print("UID firewall standby chain enabled: "); pw.println(
2131 getFirewallChainState(FIREWALL_CHAIN_STANDBY));
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2132 dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_STANDBY, mUidFirewallStandbyRules);
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]2133
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2134 pw.print("UID firewall dozable chain enabled: "); pw.println(
2135 getFirewallChainState(FIREWALL_CHAIN_DOZABLE));
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2136 dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_DOZABLE, mUidFirewallDozableRules);
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2137
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2138 pw.println("UID firewall powersave chain enabled: " +
2139 getFirewallChainState(FIREWALL_CHAIN_POWERSAVE));
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2140 dumpUidFirewallRule(pw, FIREWALL_CHAIN_NAME_POWERSAVE, mUidFirewallPowerSaveRules);
Xiaohui Chenb41c9f72015-06-17 15:55:37 -0700[diff] [blame]2141 }
2142
Dianne Hackborn77b987f2014-02-26 16:20:52 -0800[diff] [blame]2143 synchronized (mIdleTimerLock) {
2144 pw.println("Idle timers:");
2145 for (HashMap.Entry<String, IdleTimerParams> ent : mActiveIdleTimers.entrySet()) {
2146 pw.print(" "); pw.print(ent.getKey()); pw.println(":");
2147 IdleTimerParams params = ent.getValue();
2148 pw.print(" timeout="); pw.print(params.timeout);
2149 pw.print(" type="); pw.print(params.type);
2150 pw.print(" networkCount="); pw.println(params.networkCount);
2151 }
2152 }
2153
Jeff Sharkeyc268f0b2012-08-24 10:25:31 -0700[diff] [blame]2154 pw.print("Firewall enabled: "); pw.println(mFirewallEnabled);
Felipe Leme65be3022016-03-22 14:53:13 -0700[diff] [blame]2155 pw.print("Netd service status: " );
2156 if (mNetdService == null) {
2157 pw.println("disconnected");
2158 } else {
2159 try {
2160 final boolean alive = mNetdService.isAlive();
2161 pw.println(alive ? "alive": "dead");
2162 } catch (RemoteException e) {
2163 pw.println("unreachable");
2164 }
2165 }
2166 }
2167
2168 private void dumpUidRuleOnQuotaLocked(PrintWriter pw, String name, SparseBooleanArray list) {
2169 pw.print("UID bandwith control ");
2170 pw.print(name);
2171 pw.print(" rule: [");
2172 final int size = list.size();
2173 for (int i = 0; i < size; i++) {
2174 pw.print(list.keyAt(i));
2175 if (i < size - 1) pw.print(",");
2176 }
2177 pw.println("]");
Jeff Sharkey47eb1022011-08-25 17:48:52 -0700[diff] [blame]2178 }
Robert Greenwalt9ba9c582014-03-19 17:56:12 -0700[diff] [blame]2179
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2180 private void dumpUidFirewallRule(PrintWriter pw, String name, SparseIntArray rules) {
Lorenzo Colitti4cb42402016-04-24 12:52:00 +0900[diff] [blame]2181 pw.print("UID firewall ");
Felipe Leme011b98f2016-02-10 17:28:31 -0800[diff] [blame]2182 pw.print(name);
2183 pw.print(" rule: [");
2184 final int size = rules.size();
2185 for (int i = 0; i < size; i++) {
2186 pw.print(rules.keyAt(i));
2187 pw.print(":");
2188 pw.print(rules.valueAt(i));
2189 if (i < size - 1) pw.print(",");
2190 }
2191 pw.println("]");
2192 }
2193
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2194 @Override
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2195 public void createPhysicalNetwork(int netId, int permission) {
Robert Greenwalt9ba9c582014-03-19 17:56:12 -0700[diff] [blame]2196 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2197
2198 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2199 mNetdService.networkCreatePhysical(netId, permission);
2200 } catch (RemoteException | ServiceSpecificException e) {
2201 throw new IllegalStateException(e);
Robert Greenwalt9ba9c582014-03-19 17:56:12 -0700[diff] [blame]2202 }
2203 }
2204
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2205 @Override
ckenbed368e2018-12-05 20:32:30 +0900[diff] [blame]2206 public void createVirtualNetwork(int netId, boolean secure) {
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]2207 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2208
2209 try {
ckenbed368e2018-12-05 20:32:30 +0900[diff] [blame]2210 mNetdService.networkCreateVpn(netId, secure);
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2211 } catch (RemoteException | ServiceSpecificException e) {
2212 throw new IllegalStateException(e);
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]2213 }
2214 }
2215
2216 @Override
Robert Greenwalt9ba9c582014-03-19 17:56:12 -0700[diff] [blame]2217 public void removeNetwork(int netId) {
Erik Kline33d8e5c2018-01-15 17:05:07 +0900[diff] [blame]2218 mContext.enforceCallingOrSelfPermission(NETWORK_STACK, TAG);
Robert Greenwalt9ba9c582014-03-19 17:56:12 -0700[diff] [blame]2219
2220 try {
Erik Kline33d8e5c2018-01-15 17:05:07 +0900[diff] [blame]2221 mNetdService.networkDestroy(netId);
2222 } catch (ServiceSpecificException e) {
2223 Log.w(TAG, "removeNetwork(" + netId + "): ", e);
2224 throw e;
2225 } catch (RemoteException e) {
2226 Log.w(TAG, "removeNetwork(" + netId + "): ", e);
2227 throw e.rethrowAsRuntimeException();
Robert Greenwalt9ba9c582014-03-19 17:56:12 -0700[diff] [blame]2228 }
2229 }
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2230
2231 @Override
Paul Jensen992f2522014-04-28 10:33:11 -0400[diff] [blame]2232 public void addInterfaceToNetwork(String iface, int netId) {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2233 modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, netId, iface);
Paul Jensen992f2522014-04-28 10:33:11 -0400[diff] [blame]2234 }
2235
2236 @Override
2237 public void removeInterfaceFromNetwork(String iface, int netId) {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2238 modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, netId, iface);
Sreeram Ramachandrana77760d2014-07-17 17:09:07 -0700[diff] [blame]2239 }
Paul Jensen992f2522014-04-28 10:33:11 -0400[diff] [blame]2240
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2241 private void modifyInterfaceInNetwork(boolean add, int netId, String iface) {
Sreeram Ramachandrana77760d2014-07-17 17:09:07 -0700[diff] [blame]2242 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
Paul Jensen992f2522014-04-28 10:33:11 -0400[diff] [blame]2243 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2244 if (add) {
2245 mNetdService.networkAddInterface(netId, iface);
2246 } else {
2247 mNetdService.networkRemoveInterface(netId, iface);
2248 }
2249 } catch (RemoteException | ServiceSpecificException e) {
2250 throw new IllegalStateException(e);
Paul Jensen992f2522014-04-28 10:33:11 -0400[diff] [blame]2251 }
2252 }
2253
2254 @Override
Robert Greenwalt913c8952014-04-07 17:36:35 -0700[diff] [blame]2255 public void addLegacyRouteForNetId(int netId, RouteInfo routeInfo, int uid) {
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2256 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2257
Sreeram Ramachandrancc91c7b2014-06-03 18:41:43 -0700[diff] [blame]2258 final LinkAddress la = routeInfo.getDestinationLinkAddress();
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2259 final String ifName = routeInfo.getInterface();
2260 final String dst = la.toString();
2261 final String nextHop;
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2262
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2263 if (routeInfo.hasGateway()) {
2264 nextHop = routeInfo.getGateway().getHostAddress();
2265 } else {
2266 nextHop = "";
2267 }
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2268 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2269 mNetdService.networkAddLegacyRoute(netId, ifName, dst, nextHop, uid);
2270 } catch (RemoteException | ServiceSpecificException e) {
2271 throw new IllegalStateException(e);
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2272 }
2273 }
2274
2275 @Override
Sreeram Ramachandranf047f2a2014-04-15 16:04:26 -0700[diff] [blame]2276 public void setDefaultNetId(int netId) {
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2277 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2278
2279 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2280 mNetdService.networkSetDefault(netId);
2281 } catch (RemoteException | ServiceSpecificException e) {
2282 throw new IllegalStateException(e);
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2283 }
2284 }
2285
2286 @Override
2287 public void clearDefaultNetId() {
2288 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2289
2290 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2291 mNetdService.networkClearDefault();
2292 } catch (RemoteException | ServiceSpecificException e) {
2293 throw new IllegalStateException(e);
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2294 }
2295 }
2296
2297 @Override
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2298 public void setNetworkPermission(int netId, int permission) {
Paul Jensen487ffe72015-07-24 15:57:11 -0400[diff] [blame]2299 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2300
2301 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2302 mNetdService.networkSetPermissionForNetwork(netId, permission);
2303 } catch (RemoteException | ServiceSpecificException e) {
2304 throw new IllegalStateException(e);
Paul Jensen487ffe72015-07-24 15:57:11 -0400[diff] [blame]2305 }
2306 }
2307
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2308 private int parsePermission(String permission) {
2309 if (permission.equals("NETWORK")) {
2310 return INetd.PERMISSION_NETWORK;
2311 }
2312 if (permission.equals("SYSTEM")) {
2313 return INetd.PERMISSION_SYSTEM;
2314 }
2315 return INetd.PERMISSION_NONE;
2316 }
Paul Jensen487ffe72015-07-24 15:57:11 -0400[diff] [blame]2317
2318 @Override
Sreeram Ramachandrane4a05af2014-09-24 09:16:19 -0700[diff] [blame]2319 public void setPermission(String permission, int[] uids) {
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2320 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2321
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2322 try {
2323 mNetdService.networkSetPermissionForUser(parsePermission(permission), uids);
2324 } catch (RemoteException | ServiceSpecificException e) {
2325 throw new IllegalStateException(e);
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2326 }
2327 }
2328
2329 @Override
2330 public void clearPermission(int[] uids) {
2331 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2332
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2333 try {
2334 mNetdService.networkClearPermissionForUser(uids);
2335 } catch (RemoteException | ServiceSpecificException e) {
2336 throw new IllegalStateException(e);
Robert Greenwalt568891d2014-04-04 13:38:00 -0700[diff] [blame]2337 }
2338 }
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]2339
2340 @Override
2341 public void allowProtect(int uid) {
2342 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2343
2344 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2345 mNetdService.networkSetProtectAllow(uid);
2346 } catch (RemoteException | ServiceSpecificException e) {
2347 throw new IllegalStateException(e);
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]2348 }
2349 }
2350
2351 @Override
2352 public void denyProtect(int uid) {
2353 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2354
2355 try {
Luke Huang8a462ec2018-08-24 20:33:16 +0800[diff] [blame]2356 mNetdService.networkSetProtectDeny(uid);
2357 } catch (RemoteException | ServiceSpecificException e) {
2358 throw new IllegalStateException(e);
Paul Jensen6bc2c2c2014-05-07 15:27:40 -0400[diff] [blame]2359 }
2360 }
2361
Sreeram Ramachandrana77760d2014-07-17 17:09:07 -0700[diff] [blame]2362 @Override
2363 public void addInterfaceToLocalNetwork(String iface, List<RouteInfo> routes) {
Luke Huang706d7ab2018-10-16 15:42:15 +0800[diff] [blame]2364 modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, INetd.LOCAL_NET_ID, iface);
Sreeram Ramachandrana77760d2014-07-17 17:09:07 -0700[diff] [blame]2365
2366 for (RouteInfo route : routes) {
2367 if (!route.isDefaultRoute()) {
Luke Huang706d7ab2018-10-16 15:42:15 +0800[diff] [blame]2368 modifyRoute(MODIFY_OPERATION_ADD, INetd.LOCAL_NET_ID, route);
Sreeram Ramachandrana77760d2014-07-17 17:09:07 -0700[diff] [blame]2369 }
2370 }
2371 }
2372
2373 @Override
2374 public void removeInterfaceFromLocalNetwork(String iface) {
Luke Huang706d7ab2018-10-16 15:42:15 +0800[diff] [blame]2375 modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, INetd.LOCAL_NET_ID, iface);
Sreeram Ramachandrana77760d2014-07-17 17:09:07 -0700[diff] [blame]2376 }
Erik Kline6599ee82016-07-17 21:28:39 +0900[diff] [blame]2377
2378 @Override
2379 public int removeRoutesFromLocalNetwork(List<RouteInfo> routes) {
2380 int failures = 0;
2381
2382 for (RouteInfo route : routes) {
2383 try {
Luke Huang706d7ab2018-10-16 15:42:15 +0800[diff] [blame]2384 modifyRoute(MODIFY_OPERATION_REMOVE, INetd.LOCAL_NET_ID, route);
Erik Kline6599ee82016-07-17 21:28:39 +0900[diff] [blame]2385 } catch (IllegalStateException e) {
2386 failures++;
2387 }
2388 }
2389
2390 return failures;
2391 }
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2392
Sudheer Shankab8f23162017-08-04 13:30:10 -0700[diff] [blame]2393 @Override
2394 public boolean isNetworkRestricted(int uid) {
2395 mContext.enforceCallingOrSelfPermission(CONNECTIVITY_INTERNAL, TAG);
2396 return isNetworkRestrictedInternal(uid);
2397 }
2398
2399 private boolean isNetworkRestrictedInternal(int uid) {
2400 synchronized (mRulesLock) {
2401 if (getFirewallChainState(FIREWALL_CHAIN_STANDBY)
2402 && mUidFirewallStandbyRules.get(uid) == FIREWALL_RULE_DENY) {
2403 if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of app standby mode");
2404 return true;
2405 }
2406 if (getFirewallChainState(FIREWALL_CHAIN_DOZABLE)
2407 && mUidFirewallDozableRules.get(uid) != FIREWALL_RULE_ALLOW) {
2408 if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of device idle mode");
2409 return true;
2410 }
2411 if (getFirewallChainState(FIREWALL_CHAIN_POWERSAVE)
2412 && mUidFirewallPowerSaveRules.get(uid) != FIREWALL_RULE_ALLOW) {
2413 if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of power saver mode");
2414 return true;
2415 }
2416 if (mUidRejectOnMetered.get(uid)) {
2417 if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of no metered data"
2418 + " in the background");
2419 return true;
2420 }
2421 if (mDataSaverMode && !mUidAllowOnMetered.get(uid)) {
2422 if (DBG) Slog.d(TAG, "Uid " + uid + " restricted because of data saver mode");
2423 return true;
2424 }
2425 return false;
2426 }
2427 }
2428
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2429 private void setFirewallChainState(int chain, boolean state) {
2430 synchronized (mRulesLock) {
2431 mFirewallChainStates.put(chain, state);
2432 }
2433 }
2434
2435 private boolean getFirewallChainState(int chain) {
2436 synchronized (mRulesLock) {
2437 return mFirewallChainStates.get(chain);
2438 }
2439 }
2440
2441 @VisibleForTesting
2442 class LocalService extends NetworkManagementInternal {
2443 @Override
2444 public boolean isNetworkRestrictedForUid(int uid) {
Sudheer Shankab8f23162017-08-04 13:30:10 -0700[diff] [blame]2445 return isNetworkRestrictedInternal(uid);
Sudheer Shanka62f5c172017-03-17 16:25:55 -0700[diff] [blame]2446 }
2447 }
2448
2449 @VisibleForTesting
2450 Injector getInjector() {
2451 return new Injector();
2452 }
2453
2454 @VisibleForTesting
2455 class Injector {
2456 void setDataSaverMode(boolean dataSaverMode) {
2457 mDataSaverMode = dataSaverMode;
2458 }
2459
2460 void setFirewallChainState(int chain, boolean state) {
2461 NetworkManagementService.this.setFirewallChainState(chain, state);
2462 }
2463
2464 void setFirewallRule(int chain, int uid, int rule) {
2465 synchronized (mRulesLock) {
2466 getUidFirewallRulesLR(chain).put(uid, rule);
2467 }
2468 }
2469
2470 void setUidOnMeteredNetworkList(boolean blacklist, int uid, boolean enable) {
2471 synchronized (mRulesLock) {
2472 if (blacklist) {
2473 mUidRejectOnMetered.put(uid, enable);
2474 } else {
2475 mUidAllowOnMetered.put(uid, enable);
2476 }
2477 }
2478 }
2479
2480 void reset() {
2481 synchronized (mRulesLock) {
2482 setDataSaverMode(false);
2483 final int[] chains = {
2484 FIREWALL_CHAIN_DOZABLE,
2485 FIREWALL_CHAIN_STANDBY,
2486 FIREWALL_CHAIN_POWERSAVE
2487 };
2488 for (int chain : chains) {
2489 setFirewallChainState(chain, false);
2490 getUidFirewallRulesLR(chain).clear();
2491 }
2492 mUidAllowOnMetered.clear();
2493 mUidRejectOnMetered.clear();
2494 }
2495 }
2496 }
San Mehat873f2142010-01-14 10:25:07 -0800[diff] [blame]2497}