INetd.aidl revision b8087363143050d214d48e5620a330776ca95a69
1/** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.net; 18 19import android.net.UidRange; 20 21/** {@hide} */ 22interface INetd { 23 /** 24 * Returns true if the service is responding. 25 */ 26 boolean isAlive(); 27 28 /** 29 * Replaces the contents of the specified UID-based firewall chain. 30 * 31 * The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP 32 * rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN 33 * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified 34 * UIDs, and a DROP rule at the end. The chain will be created if it does not exist. 35 * 36 * @param chainName The name of the chain to replace. 37 * @param isWhitelist Whether this is a whitelist or blacklist chain. 38 * @param uids The list of UIDs to allow/deny. 39 * @return true if the chain was successfully replaced, false otherwise. 40 */ 41 boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids); 42 43 /** 44 * Enables or disables data saver mode on costly network interfaces. 45 * 46 * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly 47 * interfaces. Traffic to/from other apps or on other network interfaces is allowed. 48 * - When enabled, only apps that are in the happy box chain and not in the penalty box chain 49 * are allowed network connectivity on costly interfaces. All other packets on these 50 * interfaces are rejected. The happy box chain always contains all system UIDs; to disallow 51 * traffic from system UIDs, place them in the penalty box chain. 52 * 53 * By default, data saver mode is disabled. This command has no effect but might still return an 54 * error) if {@code enable} is the same as the current value. 55 * 56 * @param enable whether to enable or disable data saver mode. 57 * @return true if the if the operation was successful, false otherwise. 58 */ 59 boolean bandwidthEnableDataSaver(boolean enable); 60 61 /** 62 * Adds or removes one rule for each supplied UID range to prohibit all network activity outside 63 * of secure VPN. 64 * 65 * When a UID is covered by one of these rules, traffic sent through any socket that is not 66 * protected or explicitly overriden by the system will be rejected. The kernel will respond 67 * with an ICMP prohibit message. 68 * 69 * Initially, there are no such rules. Any rules that are added will only last until the next 70 * restart of netd or the device. 71 * 72 * @param add {@code true} if the specified UID ranges should be denied access to any network 73 * which is not secure VPN by adding rules, {@code false} to remove existing rules. 74 * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or 75 * remove this restriction. 76 * <p> Added rules should not overlap with existing rules. Likewise, removed rules should 77 * each correspond to an existing rule. 78 * 79 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 80 * unix errno. 81 */ 82 void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges); 83} 84