Cross Reference: /frameworks/base/core/java/android/net/NetworkPolicyManager.java

History log of /frameworks/base/core/java/android/net/NetworkPolicyManager.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
46c4fc357ce8e686b6e7c2adda573e9870a8221f	04-May-2016	Felipe Leme <felipeal@google.com>	Refactored NetworkPolicyManagerService mUidRules. NetworkPolicyManagerService (NMPS) keeps an internal list of uid rules (mUidRules) for network restrictions, and when these rules changes it needs to notify external listeners (such as ConnectivityService / CS). Prior to Android N, both Data Saver mode (the feature previously known as "Restrict Baground Data") and Battery Save mode used the same set of firewall rules to implement their restrictions: when Battery Saver mode NPMS would mark all networks as metered and set the proper firewall rules externally. Recently, these 2 modes were split in 2 distinct firewall rules and NMPS.updateRuleForRestrictBackgroundLocked() was changed to update the mUidRules logic based on the Data Saver firewall (since the Battery Saver firewall changes are handled externally, on updateRuleForRestrictPowerLocked()). As such, CS was not notified when the power-related changes were made, which would cause apps to get a state of CONNECTED / CONNECTED when querying its active connection. This change refactores the mUidRules to use bitmasks, in preparation for another change that will fix the issue. It also fixes a minor bug that was preventing removed packages to be removed from the whitelist. BUG: 28521946 Change-Id: I9f0e1509a6192cad403f740c1cd76a6b7dab7d26 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
70c57c2810eb5004ac6487921bfdf0880f818e3c	29-Mar-2016	Felipe Leme <felipeal@google.com>	Uses bw_happy_box and bw_penalty_box for Data Saver. bw_penalty_box is a blacklist-based firewall chain used to determine which UIDs do not have access to metered interfaces. It can be used alone or with bw_happy_box, which is a whitelist-based chain: when bw_happy_box is enabled, it's included in the bw_penalty_box chain. Currently, NMPS and NMS uses just bw_penalty_box for both blacklist and whitelist, so when Data Saver is turned on, it has to build a extensive list of UIDs to be blacklisted, which can take seconds (since it makes dozens of iptables, and which forks an iptables process) This CL changes this behavior so it uses both chain (plus a new bw_data_saver chain, which is added to the end of bw_happy_box), in which case the Data Saver switch is much faster (around 120-160ms), since it requires just 1 or 2 iptables calls (one to switch the bw_data_saver rule, and another to whitelist the foreground app if it's not whitelisted yet). BUG: 27127112 BUG: 26685616 Change-Id: If10222aef9f49a924b07b978d4bdccdd92f9acdb /frameworks/base/core/java/android/net/NetworkPolicyManager.java
011b98f93a4e0f609f9f3a83be784021c8b593a6	11-Feb-2016	Felipe Leme <felipeal@google.com>	Created a firewall chain for power save mode. When power-save mode was first implemented, there were no firewall rules on netd, so the solution was to make all network interface metered and re-use the bw_penalty_box chain. This change removes that workaround by creating a explicit fw_powersave chain, whose behavior is similar to fw_dozable (in fact, it reuses some of its code); such change not only makes network restrictions on power-save mode simpler, but it also allows to optimze how the restrict network rules are changed (which will be done in a separate change). BUG: 27127112 BUG: 26685616 Change-Id: I7f7a7b1c1855e916c6651ad90da29fe187a7bea2 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
f8880561e67e1da246970b49b14285efd4164ab1	26-Feb-2016	Jeff Sharkey <jsharkey@android.com>	When system server goes down, crash apps more. Similar to first patch, but now using new "rethrowFromSystemServer()" method which internally translates DeadObjectException into DeadSystemException. New logic over in Log.printlns() now suppresses the DeadSystemException stack traces, since they're misleading and just added pressure to the precious log buffer space. Add some extra RuntimeInit checks to suppress logging-about-logging when the system server is dead. Bug: 27364859 Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
75f47866066d5b06924530417c7cb72296753ccb	13-Oct-2015	Jeff Sharkey <jsharkey@android.com>	resolved conflicts for f20a5700 to master Change-Id: I1f13a63c3680901fac58ef709118c9242032b11f
7f6d8754e6d509bf17fe0c46130c884b16706b12	12-Oct-2015	Jeff Sharkey <jsharkey@google.com>	am a03ecf7d: Merge "Push firewall rules up to ConnectivityService." into mnc-dr-dev * commit 'a03ecf7d7c8ff2844caf5feecc6d29f1f7346ff9': Push firewall rules up to ConnectivityService.
dc988061ac145c86d6871e249d65ca326aaff99f	14-Sep-2015	Jeff Sharkey <jsharkey@android.com>	Push firewall rules up to ConnectivityService. getActiveNetworkInfo() and friends already know how to augment their results to help apps detect when network access is blocked. This change wires up the new app-idle and device-idle firewall rules to be reported through these APIs. This also causes other platform tools like DownloadManager and SyncManager to respect these new policies. Bug: 24050462 Change-Id: Id9517b0b70be7e3ca2ab27bed8049db916e4d829 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
143ebdb94e13f7a9fee2c9f3801bda1df17844c1	11-Aug-2015	Zach Johnson <zachoverflow@google.com>	DO NOT MERGE Allow a custom component to handle network policy notifications Broadcasts information about network policy notifications to a custom component, if specified, so it can handle them. Also exposes an API to snooze warning notifications. Change-Id: Ic89478fa437861e2d4b6a9443858bcaf12122fba /frameworks/base/core/java/android/net/NetworkPolicyManager.java
b41c9f7f39939cee8d226eb5e506c3f0573f44f5	18-Jun-2015	Xiaohui Chen <xiaohuic@google.com>	system_server: add two child chains to firewall This is an attempt to speed up getting out of device idle. It groups uid firewall rules in these child chains so we can attach/detach a whole chain instead of individual uid rules. BUG:21446713 Change-Id: Ie8f392da2deabe7cc86a9ecf4ed080163861d41e /frameworks/base/core/java/android/net/NetworkPolicyManager.java
15e47235c055495ec0ccc24768a6746a960d3a61	25-Apr-2015	Amith Yamasani <yamasani@google.com>	Remove network access for idle apps Track apps going in and out of idle in the NetworkPolicyManagerService. Apply DROP rules in firewall controller if app is to be blacklisted for network access. Firewall can now be in whitelist (old) or blacklist mode. When in blacklist, it allows all by default and we can selectively DENY some uids. Track app idle in UsageStats and update periodically. Track charging/discharging states. TODO: Check for appidle temporary parole state Bug: 20066058 Change-Id: Ia65d7544204b3bcb78a517310ef4adcc05aac6fb /frameworks/base/core/java/android/net/NetworkPolicyManager.java
0b4daca9ba54b7252ea8c159218391380eb00c8a	27-Apr-2015	Dianne Hackborn <hackbod@google.com>	Implement user-settable power save whitelist. The whitelist is now maintained by DeviceIdleController, which is moving out into its own independent system service. Network stats now queries it for the whitelist, instead of collecting that itself. Also did a few improvements in alarm manager -- made the code for moving alarms out of the pending list more robust, and fixed the debug output to always print the contents of the pending list even if we aren't in a pending state. (That would have helped me identify the problem much earlier.) Change-Id: I0f7119d4c553c3af4d77b2f71246fa6e2c13c561 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
f1fb39763d87dabe254b6ed64ac8f20145035bc0	03-Apr-2015	Stuart Scott <stuartscott@google.com>	Move factoryReset to service and protect. bug:16161518 Change-Id: I02d1bbae1887c62ee426e6f03e8bc1f18c6666bf /frameworks/base/core/java/android/net/NetworkPolicyManager.java
16a16899505ec0a9ede5b76650bfb8817b3227c7	16-Apr-2015	Svet Ganov <svetoslavganov@google.com>	Add OP_READ_PHONE_STATE app op - framework The READ_PHONE_STATE permission protects PII information and is in the Phone group. This change is adding the corrseponding app op for gating access to the API guarded by READ_POHNE state which will be used instead as an access control for legacy apps. Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba /frameworks/base/core/java/android/net/NetworkPolicyManager.java
984dc850b4caeb4470e52bce773935be5305cf8e	30-Mar-2015	Stuart Scott <stuartscott@google.com>	Move reset network settings into framework. bug: 16161518 Change-Id: Ic3b537ebd09d1b9723feff9dcc96e20fda05a94f /frameworks/base/core/java/android/net/NetworkPolicyManager.java
be7c50e0a14e91330ce13161bc14a33d34ff6aca	30-Jun-2014	Dianne Hackborn <hackbod@google.com>	Add network access blocking when in battery save mode. The network policy manager now monitors battery save mode and, when in battery save, uses its facility to block access to metered networks to block access to all networks. That is, it tells the network management service that all networks have an (infinite) quota, and puts various app uids to be restricted under quota interfaces as appropriate. This new network blocking needs a new facility to be able to white list apps, such as GmsCore. To do this, I refactored the package manager's permission configuration stuff into a separate SystemConfig class that can be used by others, and it now has a new tag to specify package names that should be white-listed for power save mode. These are retrieved by the network policy manager and used to build a whitelist of uids. The new general config files can now go in system/etc/config, though currently everything still remains in the permissions dir. Still left to be done is changing the semantics of what uids are allowed in this mode, to include all perceptable uids. (So that we can still do things like background music playback.) This will be done in a follow-on CL. Change-Id: I9bb7029f61dae62e6236da5ca60765439f8d76d2 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
d0c6ccbafdebc73d03cf3cd47f02f9f6c78a69ff	15-Sep-2012	Jeff Sharkey <jsharkey@android.com>	Move NetworkPolicy from apps to UID. For multi-user devices, switch to storing policy per-user instead of per-app. Also watch for user added/removed broadcasts to clean up policies and apply global restrictions. Bug: 7121279 Change-Id: Ia7326bd0ebe0586fa4ec6d3a62f6313dc8814007 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
854b2b1670bda1eeb87a14b7ac3d222024f0aad6	14-Apr-2012	Jeff Sharkey <jsharkey@android.com>	Surface list of apps with given network policy. Bug: 6007276 Change-Id: I0f0e939ee6481496480c4afaa108c99eb158547c /frameworks/base/core/java/android/net/NetworkPolicyManager.java
8fc27e8b87bd1def854a03d84009143b315d4176	05-Apr-2012	Jeff Sharkey <jsharkey@android.com>	Support metered Wi-Fi NetworkPolicy. Add networkId field to NetworkIdentity to identify Wi-Fi networks by SSID. Add support for policies without usage cycles. Only apply mobile policies when SIM state is ready, which is cleaner than just checking for airplane mode. Also avoids creating no-op default policies when subscriberId is null. Bug: 3001465, 3291052 Change-Id: I1f8aaa49a5db306df022c402ea7f3f5d4bc0cfc7 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
8a8b581e669f6187b397f856a567a76ed8aba2c2	22-Mar-2012	Jeff Sharkey <jsharkey@android.com>	Move network policy to per-appId (instead of UID). To support multi-user, store network policy per-appId and expand to apply rules to all UserInfo on device. Bug: 6140462 Change-Id: Ic0866b4d41c8c60cc1c0a597f0de927b92b65b1e /frameworks/base/core/java/android/net/NetworkPolicyManager.java
9bf3150cfae03421c9dd237b46657714859d871c	10-Mar-2012	Jeff Sharkey <jsharkey@android.com>	Save timezone when setting data cycle reset date. Instead of cycle reset at midnight UTC, use midnight of timezone active when user last set cycle reset date. Tests to verify, and also to test leap year behavior. Bug: 5938567 Change-Id: Ie06f7f0fa242d23110f9586a3f4f7037af87b31b /frameworks/base/core/java/android/net/NetworkPolicyManager.java
af82ea2abf53b6825fbbce23434419527d8e8b5c	05-Aug-2011	Jeff Sharkey <jsharkey@android.com>	Data cycle ends on last second of month. When data cycle resets on a day invalid in given month, snap the cycle to last second of month. Previous behavior was to bump fully into next month, but that causes cycle loops. Includes tests to verify. Bug: 4623124 Change-Id: I2f233091f6f1df33a2814284519cbc04532874e9 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
41ff7ec82422a5b6d00892afdb3232bc0e53d851	26-Jul-2011	Jeff Sharkey <jsharkey@android.com>	Revise data limit notifs, watch kernel alerts. Teach NetworkPolicy limits to "snooze" when requested by user, and notify with both dialog and notification. Register for network alerts through NMS to trigger updates immediately instead of waiting for next stats update. Enforce that all NetworkPolicy are unique on a template basis, and move SCREEN_ON/OFF broadcasts to background thread. Launch SystemUI and Settings directly instead of using actions, and include full NetworkTemplate in extras. Tests to verify notification and snooze behavior. Bug: 5057979, 5023579, 4723336, 5045721 Change-Id: I03724beff94a7c0547cb5220431ba8d4cd44d077 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
b3f19ca36c8c1301893c621d8f2150e06210722c	30-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Enforce background data flag, rules through netd. Connect up netd penalty box through NMS, and enforce the existing background data flag by putting all UIDs in penalty box. Allow platform applications to have policy applied. Only dispatch unique rules to netd, avoiding any repeats. Bug: 4598463, 4965677 Change-Id: Ibf9beff998ba7a1ea92f5e2f7eeba7b483d4b918 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
4414cea13908b8230640f84ef39603d68ff9c377	25-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Better network stats parsing, integer tags, async. Change NMS parsing to handle extended /proc/ stats formats by pairing values with header keys. Move TrafficStats to integer tags to match kernel internals, and offer well-known tags for system services. Async policy event dispatch from NPMS, and update tests to block for event dispatch. Narrow app policy to exclude apps signed with system key, which are usually critical. Bug: 4948913, 4903489, 4585280 Change-Id: Idb357227ccaa617906411f309371cea18d7bc519 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
1b5a2a96f793211bfbd39aa29cc41031dfa23950	19-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Read "qtaguid" network stats, refactor templates. Teach NMS to read qtaguid stats from kernel, but fall back to older stats when kernel doesn't support. Add "tags" to NetworkStats entries to support qtaguid. To work around double-reporting bug, subtract tagged stats from TAG_NONE entry. Flesh out stronger NetworkTemplate. All NetworkStatsService requests now require a template, and moved matching logic into template. Record UID stats keyed on complete NetworkIdentitySet definition, similar to how interface stats are stored. Since previous UID stats didn't have iface breakdown, discard during file format upgrade. Change-Id: I0447b5e7d205d73d28e71c889c568e536e91b8e4 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
fdfef57f498e3021a34342538aef9f1c7ccbae78	17-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Notify policy listeners about metered ifaces. Currently, kernel definition of metered networks is applied at the interface level. This change maintain list of those metered ifaces and notifies policy listeners, like ConnectivityService. (This gives us a consistent picture of when a network would be blocked.) Bug: 4601393 Change-Id: I277d5ca96ab967a1c1c3f1da8f9587557cd6d74c /frameworks/base/core/java/android/net/NetworkPolicyManager.java
1a303953589fdddf21d88b8fa660136f5b060d0d	16-Jun-2011	Jeff Sharkey <jsharkey@android.com>	DownloadManager flags for network policy. Handful of DownloadManager flags to record when a download was paused because of NetworkPolicyManager rules. Change-Id: I99fc47f529cb6c8a42dbeca049e0cd0f1556eac4 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
14711eb5b6a45b587222ae71c57a381beb7b1a7e	15-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Include template in data warning/limit intents. When launching warning/limit UI, include the template that triggered the notification. Also move actions and extra into contract class. Change-Id: Id2e63fd2d2e36a137a3fd8f889c7256038ca5f2e /frameworks/base/core/java/android/net/NetworkPolicyManager.java
497e4437af386930dff3bd55296d128bd4520959	15-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Data usage warning and limit notifications. Watch for network statistics to cross NetworkPolicy warning or limit, and show notifications to user as needed. Currently checks during any statistics update, but will eventually move to event registration through netd when kernel supports. Fixed accounting bug in getSummaryForNetwork(). Only apply UID policy to applications; applying to system processes could break critical services like RIL. Change-Id: Iac0f20e910e205f3cbc54ec96395ff268b1aa379 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
22c055e6424e0e9579711545d8f4800c0f796db8	13-Jun-2011	Jeff Sharkey <jsharkey@android.com>	External mutation of full NetworkPolicy set. Instead of embedding complex template coexistence rules into policy service, rely on external editors to enforce, and offer atomic get/set operations for full policy sets. Generate default mobile policy when none exists, using default of 4GB warning and cycle reset of current day. Dispatch listener events through Handler when holding internal lock, and catch CLASS_UNKNOWN networks in 3G_LOWER template. Change-Id: I063cf1eaf330e32b75d0697b89fc04488e6dfaea /frameworks/base/core/java/android/net/NetworkPolicyManager.java
cd2ca4038a027315832c38c68be5076000bc4b53	11-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Move data cycle methods to framework object. Moved so they can be used by both system service and Settings UI, since they both work with data usage cycles. Still covered by tests. Change-Id: I01c0c4db6da9457dd867c9167d31a5f9f8e5f5d9 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
21c9c45e5caf62b935354b74392fb40c4bf18529	07-Jun-2011	Jeff Sharkey <jsharkey@android.com>	Interface-level network policy, persist policies. Define NetworkPolicy as cycle-reset day and warning/limit values, and set/get through NetworkPolicyManager. Watch ConnectivityManager for network connection events, and apply quota rules based on matching interfaces. Policy service matches based on strong identity to support IMSI-specific policy values. Calculates remaining quota based on current stats recorded since the last reset cycle day. Tests to verify edge cases around February. Persist network and UID policies in XML, and restore on boot. Change-Id: Id40ba7d6eed6094fbd5e18e6331286c606880d80 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
1b861278a2051f53ce7955fb7992fa536dc975d9	22-May-2011	Jeff Sharkey <jsharkey@android.com>	Teach NetworkPolicyManager how to dumpsys itself. Includes details on all internally known UIDs, which can be used for debugging purposes. Change-Id: I340d25212e3c7a76a57de0a94ffeea34b6748941 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
c006f1aec15454782c35e028ad64d79a5c161cc1	20-May-2011	Jeff Sharkey <jsharkey@android.com>	Policy and rules work for ConnectivityManager. Teach ConnectivityManager about UID-specific rules derived from policy, such as rejecting network traffic on "paid" interfaces. Calls that return NetworkInfo now filter based on any REJECT rules in effect for the calling UID. (Added uid parameter if callers that still want all interfaces.) Changed NetworkPolicyManager to derive rules based on current policy combined with PowerManager and ActivityManager status, which it passes to ConnectivityService for eventual enforcement through netd. When rules change the usability of a NetworkInfo for a specific UID, it also dispatches CONNECTIVITY_ACTION broadcasts to that UID. Combined paid and background policy together to match current working definition. Change-Id: I797ea49439fcc487cfe2cbc16703d4b91ceb9af6 /frameworks/base/core/java/android/net/NetworkPolicyManager.java
eedcb9525ba5befee2ba6ebb7a9ee3f13395c2a3	17-May-2011	Jeff Sharkey <jsharkey@android.com>	APIs to profile network usage for current UID. Added startDataProfiling() and stopDataProfiling() to TrafficStats, which can be used by apps to measure network usage delta between two points in time. Currently takes two NetworkStats snapshots and returns delta, which will eventually include tag-level granularity. Added tests for NetworkStats delta subtraction. Added NMS.getNetworkStatsUidDetail() that returns stats for specific UID. Always gives stats access for the calling UID, otherwise enforces that caller has permission. Fix readSingleLongFromFile(), since /proc/ files don't have well-defined lengths. Change-Id: Ic5b6414d8effbd66846e275b00d4b8a82c74589d /frameworks/base/core/java/android/net/NetworkPolicyManager.java
d5cdd597b895a48ffa9a8e39f8a2504cd9b905c4	04-May-2011	Jeff Sharkey <jsharkey@android.com>	First pass at NetworkPolicy and activity tracking. New system service that maintains low-level network policy rules and collects statistics to drive those rules. Will eventually connect to netfilter kernel module through NetworkManagementService and "netd". Begin tracking foreground activities in ActivityManagerService, which is updated as part of OOM adjustment. Eventually a network policy of POLICY_REJECT_BACKGROUND will reject network traffic from background processes. Change-Id: I5ffbbaee1b9628e9c3eff6b9cb2145fc5316e64d /frameworks/base/core/java/android/net/NetworkPolicyManager.java