INetd.aidl revision b8087363143050d214d48e5620a330776ca95a69 
1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net;
18
19import android.net.UidRange;
20
21/** {@hide} */
22interface INetd {
23    /**
24     * Returns true if the service is responding.
25     */
26    boolean isAlive();
27
28    /**
29     * Replaces the contents of the specified UID-based firewall chain.
30     *
31     * The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP
32     * rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN
33     * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified
34     * UIDs, and a DROP rule at the end. The chain will be created if it does not exist.
35     *
36     * @param chainName The name of the chain to replace.
37     * @param isWhitelist Whether this is a whitelist or blacklist chain.
38     * @param uids The list of UIDs to allow/deny.
39     * @return true if the chain was successfully replaced, false otherwise.
40     */
41    boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids);
42
43    /**
44     * Enables or disables data saver mode on costly network interfaces.
45     *
46     * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly
47     *   interfaces. Traffic to/from other apps or on other network interfaces is allowed.
48     * - When enabled, only apps that are in the happy box chain and not in the penalty box chain
49     *   are allowed network connectivity on costly interfaces. All other packets on these
50     *   interfaces are rejected. The happy box chain always contains all system UIDs; to disallow
51     *   traffic from system UIDs, place them in the penalty box chain.
52     *
53     * By default, data saver mode is disabled. This command has no effect but might still return an
54     * error) if {@code enable} is the same as the current value.
55     *
56     * @param enable whether to enable or disable data saver mode.
57     * @return true if the if the operation was successful, false otherwise.
58     */
59    boolean bandwidthEnableDataSaver(boolean enable);
60
61    /**
62     * Adds or removes one rule for each supplied UID range to prohibit all network activity outside
63     * of secure VPN.
64     *
65     * When a UID is covered by one of these rules, traffic sent through any socket that is not
66     * protected or explicitly overriden by the system will be rejected. The kernel will respond
67     * with an ICMP prohibit message.
68     *
69     * Initially, there are no such rules. Any rules that are added will only last until the next
70     * restart of netd or the device.
71     *
72     * @param add {@code true} if the specified UID ranges should be denied access to any network
73     *        which is not secure VPN by adding rules, {@code false} to remove existing rules.
74     * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or
75     *        remove this restriction.
76     *        <p> Added rules should not overlap with existing rules. Likewise, removed rules should
77     *        each correspond to an existing rule.
78     *
79     * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
80     *         unix errno.
81     */
82    void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges);
83}
84