46c4fc357ce8e686b6e7c2adda573e9870a8221f |
|
04-May-2016 |
Felipe Leme <felipeal@google.com> |
Refactored NetworkPolicyManagerService mUidRules. NetworkPolicyManagerService (NMPS) keeps an internal list of uid rules (mUidRules) for network restrictions, and when these rules changes it needs to notify external listeners (such as ConnectivityService / CS). Prior to Android N, both Data Saver mode (the feature previously known as "Restrict Baground Data") and Battery Save mode used the same set of firewall rules to implement their restrictions: when Battery Saver mode NPMS would mark all networks as metered and set the proper firewall rules externally. Recently, these 2 modes were split in 2 distinct firewall rules and NMPS.updateRuleForRestrictBackgroundLocked() was changed to update the mUidRules logic based on the Data Saver firewall (since the Battery Saver firewall changes are handled externally, on updateRuleForRestrictPowerLocked()). As such, CS was not notified when the power-related changes were made, which would cause apps to get a state of CONNECTED / CONNECTED when querying its active connection. This change refactores the mUidRules to use bitmasks, in preparation for another change that will fix the issue. It also fixes a minor bug that was preventing removed packages to be removed from the whitelist. BUG: 28521946 Change-Id: I9f0e1509a6192cad403f740c1cd76a6b7dab7d26
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
70c57c2810eb5004ac6487921bfdf0880f818e3c |
|
29-Mar-2016 |
Felipe Leme <felipeal@google.com> |
Uses bw_happy_box and bw_penalty_box for Data Saver. bw_penalty_box is a blacklist-based firewall chain used to determine which UIDs do not have access to metered interfaces. It can be used alone or with bw_happy_box, which is a whitelist-based chain: when bw_happy_box is enabled, it's included in the bw_penalty_box chain. Currently, NMPS and NMS uses just bw_penalty_box for both blacklist and whitelist, so when Data Saver is turned on, it has to build a extensive list of UIDs to be blacklisted, which can take seconds (since it makes dozens of iptables, and which forks an iptables process) This CL changes this behavior so it uses both chain (plus a new bw_data_saver chain, which is added to the end of bw_happy_box), in which case the Data Saver switch is much faster (around 120-160ms), since it requires just 1 or 2 iptables calls (one to switch the bw_data_saver rule, and another to whitelist the foreground app if it's not whitelisted yet). BUG: 27127112 BUG: 26685616 Change-Id: If10222aef9f49a924b07b978d4bdccdd92f9acdb
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
011b98f93a4e0f609f9f3a83be784021c8b593a6 |
|
11-Feb-2016 |
Felipe Leme <felipeal@google.com> |
Created a firewall chain for power save mode. When power-save mode was first implemented, there were no firewall rules on netd, so the solution was to make all network interface metered and re-use the bw_penalty_box chain. This change removes that workaround by creating a explicit fw_powersave chain, whose behavior is similar to fw_dozable (in fact, it reuses some of its code); such change not only makes network restrictions on power-save mode simpler, but it also allows to optimze how the restrict network rules are changed (which will be done in a separate change). BUG: 27127112 BUG: 26685616 Change-Id: I7f7a7b1c1855e916c6651ad90da29fe187a7bea2
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
f8880561e67e1da246970b49b14285efd4164ab1 |
|
26-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
When system server goes down, crash apps more. Similar to first patch, but now using new "rethrowFromSystemServer()" method which internally translates DeadObjectException into DeadSystemException. New logic over in Log.printlns() now suppresses the DeadSystemException stack traces, since they're misleading and just added pressure to the precious log buffer space. Add some extra RuntimeInit checks to suppress logging-about-logging when the system server is dead. Bug: 27364859 Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
75f47866066d5b06924530417c7cb72296753ccb |
|
13-Oct-2015 |
Jeff Sharkey <jsharkey@android.com> |
resolved conflicts for f20a5700 to master Change-Id: I1f13a63c3680901fac58ef709118c9242032b11f
|
7f6d8754e6d509bf17fe0c46130c884b16706b12 |
|
12-Oct-2015 |
Jeff Sharkey <jsharkey@google.com> |
am a03ecf7d: Merge "Push firewall rules up to ConnectivityService." into mnc-dr-dev * commit 'a03ecf7d7c8ff2844caf5feecc6d29f1f7346ff9': Push firewall rules up to ConnectivityService.
|
dc988061ac145c86d6871e249d65ca326aaff99f |
|
14-Sep-2015 |
Jeff Sharkey <jsharkey@android.com> |
Push firewall rules up to ConnectivityService. getActiveNetworkInfo() and friends already know how to augment their results to help apps detect when network access is blocked. This change wires up the new app-idle and device-idle firewall rules to be reported through these APIs. This also causes other platform tools like DownloadManager and SyncManager to respect these new policies. Bug: 24050462 Change-Id: Id9517b0b70be7e3ca2ab27bed8049db916e4d829
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
143ebdb94e13f7a9fee2c9f3801bda1df17844c1 |
|
11-Aug-2015 |
Zach Johnson <zachoverflow@google.com> |
DO NOT MERGE Allow a custom component to handle network policy notifications Broadcasts information about network policy notifications to a custom component, if specified, so it can handle them. Also exposes an API to snooze warning notifications. Change-Id: Ic89478fa437861e2d4b6a9443858bcaf12122fba
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
b41c9f7f39939cee8d226eb5e506c3f0573f44f5 |
|
18-Jun-2015 |
Xiaohui Chen <xiaohuic@google.com> |
system_server: add two child chains to firewall This is an attempt to speed up getting out of device idle. It groups uid firewall rules in these child chains so we can attach/detach a whole chain instead of individual uid rules. BUG:21446713 Change-Id: Ie8f392da2deabe7cc86a9ecf4ed080163861d41e
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
15e47235c055495ec0ccc24768a6746a960d3a61 |
|
25-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Remove network access for idle apps Track apps going in and out of idle in the NetworkPolicyManagerService. Apply DROP rules in firewall controller if app is to be blacklisted for network access. Firewall can now be in whitelist (old) or blacklist mode. When in blacklist, it allows all by default and we can selectively DENY some uids. Track app idle in UsageStats and update periodically. Track charging/discharging states. TODO: Check for appidle temporary parole state Bug: 20066058 Change-Id: Ia65d7544204b3bcb78a517310ef4adcc05aac6fb
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
0b4daca9ba54b7252ea8c159218391380eb00c8a |
|
27-Apr-2015 |
Dianne Hackborn <hackbod@google.com> |
Implement user-settable power save whitelist. The whitelist is now maintained by DeviceIdleController, which is moving out into its own independent system service. Network stats now queries it for the whitelist, instead of collecting that itself. Also did a few improvements in alarm manager -- made the code for moving alarms out of the pending list more robust, and fixed the debug output to always print the contents of the pending list even if we aren't in a pending state. (That would have helped me identify the problem much earlier.) Change-Id: I0f7119d4c553c3af4d77b2f71246fa6e2c13c561
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
f1fb39763d87dabe254b6ed64ac8f20145035bc0 |
|
03-Apr-2015 |
Stuart Scott <stuartscott@google.com> |
Move factoryReset to service and protect. bug:16161518 Change-Id: I02d1bbae1887c62ee426e6f03e8bc1f18c6666bf
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
16a16899505ec0a9ede5b76650bfb8817b3227c7 |
|
16-Apr-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add OP_READ_PHONE_STATE app op - framework The READ_PHONE_STATE permission protects PII information and is in the Phone group. This change is adding the corrseponding app op for gating access to the API guarded by READ_POHNE state which will be used instead as an access control for legacy apps. Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
984dc850b4caeb4470e52bce773935be5305cf8e |
|
30-Mar-2015 |
Stuart Scott <stuartscott@google.com> |
Move reset network settings into framework. bug: 16161518 Change-Id: Ic3b537ebd09d1b9723feff9dcc96e20fda05a94f
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
be7c50e0a14e91330ce13161bc14a33d34ff6aca |
|
30-Jun-2014 |
Dianne Hackborn <hackbod@google.com> |
Add network access blocking when in battery save mode. The network policy manager now monitors battery save mode and, when in battery save, uses its facility to block access to metered networks to block access to all networks. That is, it tells the network management service that all networks have an (infinite) quota, and puts various app uids to be restricted under quota interfaces as appropriate. This new network blocking needs a new facility to be able to white list apps, such as GmsCore. To do this, I refactored the package manager's permission configuration stuff into a separate SystemConfig class that can be used by others, and it now has a new tag to specify package names that should be white-listed for power save mode. These are retrieved by the network policy manager and used to build a whitelist of uids. The new general config files can now go in system/etc/config, though currently everything still remains in the permissions dir. Still left to be done is changing the semantics of what uids are allowed in this mode, to include all perceptable uids. (So that we can still do things like background music playback.) This will be done in a follow-on CL. Change-Id: I9bb7029f61dae62e6236da5ca60765439f8d76d2
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
d0c6ccbafdebc73d03cf3cd47f02f9f6c78a69ff |
|
15-Sep-2012 |
Jeff Sharkey <jsharkey@android.com> |
Move NetworkPolicy from apps to UID. For multi-user devices, switch to storing policy per-user instead of per-app. Also watch for user added/removed broadcasts to clean up policies and apply global restrictions. Bug: 7121279 Change-Id: Ia7326bd0ebe0586fa4ec6d3a62f6313dc8814007
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
854b2b1670bda1eeb87a14b7ac3d222024f0aad6 |
|
14-Apr-2012 |
Jeff Sharkey <jsharkey@android.com> |
Surface list of apps with given network policy. Bug: 6007276 Change-Id: I0f0e939ee6481496480c4afaa108c99eb158547c
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
8fc27e8b87bd1def854a03d84009143b315d4176 |
|
05-Apr-2012 |
Jeff Sharkey <jsharkey@android.com> |
Support metered Wi-Fi NetworkPolicy. Add networkId field to NetworkIdentity to identify Wi-Fi networks by SSID. Add support for policies without usage cycles. Only apply mobile policies when SIM state is ready, which is cleaner than just checking for airplane mode. Also avoids creating no-op default policies when subscriberId is null. Bug: 3001465, 3291052 Change-Id: I1f8aaa49a5db306df022c402ea7f3f5d4bc0cfc7
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
8a8b581e669f6187b397f856a567a76ed8aba2c2 |
|
22-Mar-2012 |
Jeff Sharkey <jsharkey@android.com> |
Move network policy to per-appId (instead of UID). To support multi-user, store network policy per-appId and expand to apply rules to all UserInfo on device. Bug: 6140462 Change-Id: Ic0866b4d41c8c60cc1c0a597f0de927b92b65b1e
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
9bf3150cfae03421c9dd237b46657714859d871c |
|
10-Mar-2012 |
Jeff Sharkey <jsharkey@android.com> |
Save timezone when setting data cycle reset date. Instead of cycle reset at midnight UTC, use midnight of timezone active when user last set cycle reset date. Tests to verify, and also to test leap year behavior. Bug: 5938567 Change-Id: Ie06f7f0fa242d23110f9586a3f4f7037af87b31b
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
af82ea2abf53b6825fbbce23434419527d8e8b5c |
|
05-Aug-2011 |
Jeff Sharkey <jsharkey@android.com> |
Data cycle ends on last second of month. When data cycle resets on a day invalid in given month, snap the cycle to last second of month. Previous behavior was to bump fully into next month, but that causes cycle loops. Includes tests to verify. Bug: 4623124 Change-Id: I2f233091f6f1df33a2814284519cbc04532874e9
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
41ff7ec82422a5b6d00892afdb3232bc0e53d851 |
|
26-Jul-2011 |
Jeff Sharkey <jsharkey@android.com> |
Revise data limit notifs, watch kernel alerts. Teach NetworkPolicy limits to "snooze" when requested by user, and notify with both dialog and notification. Register for network alerts through NMS to trigger updates immediately instead of waiting for next stats update. Enforce that all NetworkPolicy are unique on a template basis, and move SCREEN_ON/OFF broadcasts to background thread. Launch SystemUI and Settings directly instead of using actions, and include full NetworkTemplate in extras. Tests to verify notification and snooze behavior. Bug: 5057979, 5023579, 4723336, 5045721 Change-Id: I03724beff94a7c0547cb5220431ba8d4cd44d077
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
b3f19ca36c8c1301893c621d8f2150e06210722c |
|
30-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Enforce background data flag, rules through netd. Connect up netd penalty box through NMS, and enforce the existing background data flag by putting all UIDs in penalty box. Allow platform applications to have policy applied. Only dispatch unique rules to netd, avoiding any repeats. Bug: 4598463, 4965677 Change-Id: Ibf9beff998ba7a1ea92f5e2f7eeba7b483d4b918
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
4414cea13908b8230640f84ef39603d68ff9c377 |
|
25-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Better network stats parsing, integer tags, async. Change NMS parsing to handle extended /proc/ stats formats by pairing values with header keys. Move TrafficStats to integer tags to match kernel internals, and offer well-known tags for system services. Async policy event dispatch from NPMS, and update tests to block for event dispatch. Narrow app policy to exclude apps signed with system key, which are usually critical. Bug: 4948913, 4903489, 4585280 Change-Id: Idb357227ccaa617906411f309371cea18d7bc519
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
1b5a2a96f793211bfbd39aa29cc41031dfa23950 |
|
19-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Read "qtaguid" network stats, refactor templates. Teach NMS to read qtaguid stats from kernel, but fall back to older stats when kernel doesn't support. Add "tags" to NetworkStats entries to support qtaguid. To work around double-reporting bug, subtract tagged stats from TAG_NONE entry. Flesh out stronger NetworkTemplate. All NetworkStatsService requests now require a template, and moved matching logic into template. Record UID stats keyed on complete NetworkIdentitySet definition, similar to how interface stats are stored. Since previous UID stats didn't have iface breakdown, discard during file format upgrade. Change-Id: I0447b5e7d205d73d28e71c889c568e536e91b8e4
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
fdfef57f498e3021a34342538aef9f1c7ccbae78 |
|
17-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Notify policy listeners about metered ifaces. Currently, kernel definition of metered networks is applied at the interface level. This change maintain list of those metered ifaces and notifies policy listeners, like ConnectivityService. (This gives us a consistent picture of when a network would be blocked.) Bug: 4601393 Change-Id: I277d5ca96ab967a1c1c3f1da8f9587557cd6d74c
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
1a303953589fdddf21d88b8fa660136f5b060d0d |
|
16-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
DownloadManager flags for network policy. Handful of DownloadManager flags to record when a download was paused because of NetworkPolicyManager rules. Change-Id: I99fc47f529cb6c8a42dbeca049e0cd0f1556eac4
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
14711eb5b6a45b587222ae71c57a381beb7b1a7e |
|
15-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Include template in data warning/limit intents. When launching warning/limit UI, include the template that triggered the notification. Also move actions and extra into contract class. Change-Id: Id2e63fd2d2e36a137a3fd8f889c7256038ca5f2e
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
497e4437af386930dff3bd55296d128bd4520959 |
|
15-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Data usage warning and limit notifications. Watch for network statistics to cross NetworkPolicy warning or limit, and show notifications to user as needed. Currently checks during any statistics update, but will eventually move to event registration through netd when kernel supports. Fixed accounting bug in getSummaryForNetwork(). Only apply UID policy to applications; applying to system processes could break critical services like RIL. Change-Id: Iac0f20e910e205f3cbc54ec96395ff268b1aa379
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
22c055e6424e0e9579711545d8f4800c0f796db8 |
|
13-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
External mutation of full NetworkPolicy set. Instead of embedding complex template coexistence rules into policy service, rely on external editors to enforce, and offer atomic get/set operations for full policy sets. Generate default mobile policy when none exists, using default of 4GB warning and cycle reset of current day. Dispatch listener events through Handler when holding internal lock, and catch CLASS_UNKNOWN networks in 3G_LOWER template. Change-Id: I063cf1eaf330e32b75d0697b89fc04488e6dfaea
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
cd2ca4038a027315832c38c68be5076000bc4b53 |
|
11-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Move data cycle methods to framework object. Moved so they can be used by both system service and Settings UI, since they both work with data usage cycles. Still covered by tests. Change-Id: I01c0c4db6da9457dd867c9167d31a5f9f8e5f5d9
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
21c9c45e5caf62b935354b74392fb40c4bf18529 |
|
07-Jun-2011 |
Jeff Sharkey <jsharkey@android.com> |
Interface-level network policy, persist policies. Define NetworkPolicy as cycle-reset day and warning/limit values, and set/get through NetworkPolicyManager. Watch ConnectivityManager for network connection events, and apply quota rules based on matching interfaces. Policy service matches based on strong identity to support IMSI-specific policy values. Calculates remaining quota based on current stats recorded since the last reset cycle day. Tests to verify edge cases around February. Persist network and UID policies in XML, and restore on boot. Change-Id: Id40ba7d6eed6094fbd5e18e6331286c606880d80
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
1b861278a2051f53ce7955fb7992fa536dc975d9 |
|
22-May-2011 |
Jeff Sharkey <jsharkey@android.com> |
Teach NetworkPolicyManager how to dumpsys itself. Includes details on all internally known UIDs, which can be used for debugging purposes. Change-Id: I340d25212e3c7a76a57de0a94ffeea34b6748941
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
c006f1aec15454782c35e028ad64d79a5c161cc1 |
|
20-May-2011 |
Jeff Sharkey <jsharkey@android.com> |
Policy and rules work for ConnectivityManager. Teach ConnectivityManager about UID-specific rules derived from policy, such as rejecting network traffic on "paid" interfaces. Calls that return NetworkInfo now filter based on any REJECT rules in effect for the calling UID. (Added uid parameter if callers that still want all interfaces.) Changed NetworkPolicyManager to derive rules based on current policy combined with PowerManager and ActivityManager status, which it passes to ConnectivityService for eventual enforcement through netd. When rules change the usability of a NetworkInfo for a specific UID, it also dispatches CONNECTIVITY_ACTION broadcasts to that UID. Combined paid and background policy together to match current working definition. Change-Id: I797ea49439fcc487cfe2cbc16703d4b91ceb9af6
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
eedcb9525ba5befee2ba6ebb7a9ee3f13395c2a3 |
|
17-May-2011 |
Jeff Sharkey <jsharkey@android.com> |
APIs to profile network usage for current UID. Added startDataProfiling() and stopDataProfiling() to TrafficStats, which can be used by apps to measure network usage delta between two points in time. Currently takes two NetworkStats snapshots and returns delta, which will eventually include tag-level granularity. Added tests for NetworkStats delta subtraction. Added NMS.getNetworkStatsUidDetail() that returns stats for specific UID. Always gives stats access for the calling UID, otherwise enforces that caller has permission. Fix readSingleLongFromFile(), since /proc/ files don't have well-defined lengths. Change-Id: Ic5b6414d8effbd66846e275b00d4b8a82c74589d
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|
d5cdd597b895a48ffa9a8e39f8a2504cd9b905c4 |
|
04-May-2011 |
Jeff Sharkey <jsharkey@android.com> |
First pass at NetworkPolicy and activity tracking. New system service that maintains low-level network policy rules and collects statistics to drive those rules. Will eventually connect to netfilter kernel module through NetworkManagementService and "netd". Begin tracking foreground activities in ActivityManagerService, which is updated as part of OOM adjustment. Eventually a network policy of POLICY_REJECT_BACKGROUND will reject network traffic from background processes. Change-Id: I5ffbbaee1b9628e9c3eff6b9cb2145fc5316e64d
/frameworks/base/core/java/android/net/NetworkPolicyManager.java
|