diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java index f2ca18b2cc..c977391143 100644 --- a/service/src/com/android/server/BpfNetMaps.java +++ b/service/src/com/android/server/BpfNetMaps.java @@ -69,15 +69,10 @@ public class BpfNetMaps { * Add naughty app bandwidth rule for specific app * * @param uid uid of target app - * @throws RemoteException when netd has crashed. * @throws ServiceSpecificException in case of failure, with an error code indicating the * cause of the failure. */ - public void addNaughtyApp(final int uid) throws RemoteException { - if (USE_NETD) { - mNetd.bandwidthAddNaughtyApp(uid); - return; - } + public void addNaughtyApp(final int uid) { final int err = native_addNaughtyApp(uid); maybeThrow(err, "Unable to add naughty app"); } @@ -86,15 +81,10 @@ public class BpfNetMaps { * Remove naughty app bandwidth rule for specific app * * @param uid uid of target app - * @throws RemoteException when netd has crashed. * @throws ServiceSpecificException in case of failure, with an error code indicating the * cause of the failure. */ - public void removeNaughtyApp(final int uid) throws RemoteException { - if (USE_NETD) { - mNetd.bandwidthRemoveNaughtyApp(uid); - return; - } + public void removeNaughtyApp(final int uid) { final int err = native_removeNaughtyApp(uid); maybeThrow(err, "Unable to remove naughty app"); } @@ -103,15 +93,10 @@ public class BpfNetMaps { * Add nice app bandwidth rule for specific app * * @param uid uid of target app - * @throws RemoteException when netd has crashed. * @throws ServiceSpecificException in case of failure, with an error code indicating the * cause of the failure. */ - public void addNiceApp(final int uid) throws RemoteException { - if (USE_NETD) { - mNetd.bandwidthAddNiceApp(uid); - return; - } + public void addNiceApp(final int uid) { final int err = native_addNiceApp(uid); maybeThrow(err, "Unable to add nice app"); } @@ -120,15 +105,10 @@ public class BpfNetMaps { * Remove nice app bandwidth rule for specific app * * @param uid uid of target app - * @throws RemoteException when netd has crashed. * @throws ServiceSpecificException in case of failure, with an error code indicating the * cause of the failure. */ - public void removeNiceApp(final int uid) throws RemoteException { - if (USE_NETD) { - mNetd.bandwidthRemoveNiceApp(uid); - return; - } + public void removeNiceApp(final int uid) { final int err = native_removeNiceApp(uid); maybeThrow(err, "Unable to remove nice app"); } @@ -138,15 +118,10 @@ public class BpfNetMaps { * * @param childChain target chain to enable * @param enable whether to enable or disable child chain. - * @throws RemoteException when netd has crashed. * @throws ServiceSpecificException in case of failure, with an error code indicating the * cause of the failure. */ - public void setChildChain(final int childChain, final boolean enable) throws RemoteException { - if (USE_NETD) { - mNetd.firewallEnableChildChain(childChain, enable); - return; - } + public void setChildChain(final int childChain, final boolean enable) { final int err = native_setChildChain(childChain, enable); maybeThrow(err, "Unable to set child chain"); } @@ -163,14 +138,9 @@ public class BpfNetMaps { * @param isAllowlist Whether this is an allowlist or denylist chain. * @param uids The list of UIDs to allow/deny. * @return 0 if the chain was successfully replaced, errno otherwise. - * @throws RemoteException when netd has crashed. */ public int replaceUidChain(final String chainName, final boolean isAllowlist, - final int[] uids) throws RemoteException { - if (USE_NETD) { - mNetd.firewallReplaceUidChain(chainName, isAllowlist, uids); - return 0; - } + final int[] uids) { final int err = native_replaceUidChain(chainName, isAllowlist, uids); if (err != 0) { Log.e(TAG, "replaceUidChain failed: " + Os.strerror(-err)); @@ -184,16 +154,10 @@ public class BpfNetMaps { * @param childChain target chain * @param uid uid to allow/deny * @param firewallRule either FIREWALL_RULE_ALLOW or FIREWALL_RULE_DENY - * @throws RemoteException when netd has crashed. * @throws ServiceSpecificException in case of failure, with an error code indicating the * cause of the failure. */ - public void setUidRule(final int childChain, final int uid, final int firewallRule) - throws RemoteException { - if (USE_NETD) { - mNetd.firewallSetUidRule(childChain, uid, firewallRule); - return; - } + public void setUidRule(final int childChain, final int uid, final int firewallRule) { final int err = native_setUidRule(childChain, uid, firewallRule); maybeThrow(err, "Unable to set uid rule"); } diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index ab78104a51..aa3d9c4b62 100644 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -11056,7 +11056,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } else { mBpfNetMaps.removeNiceApp(uid); } - } catch (RemoteException | ServiceSpecificException e) { + } catch (ServiceSpecificException e) { throw new IllegalStateException(e); } } @@ -11071,7 +11071,7 @@ public class ConnectivityService extends IConnectivityManager.Stub } else { mBpfNetMaps.removeNaughtyApp(uid); } - } catch (RemoteException | ServiceSpecificException e) { + } catch (ServiceSpecificException e) { throw new IllegalStateException(e); } } @@ -11083,7 +11083,7 @@ public class ConnectivityService extends IConnectivityManager.Stub try { mBpfNetMaps.setUidRule(chain, uid, allow ? INetd.FIREWALL_RULE_ALLOW : INetd.FIREWALL_RULE_DENY); - } catch (RemoteException | ServiceSpecificException e) { + } catch (ServiceSpecificException e) { throw new IllegalStateException(e); } } @@ -11094,7 +11094,7 @@ public class ConnectivityService extends IConnectivityManager.Stub try { mBpfNetMaps.setChildChain(chain, enable); - } catch (RemoteException | ServiceSpecificException e) { + } catch (ServiceSpecificException e) { throw new IllegalStateException(e); } } @@ -11125,7 +11125,7 @@ public class ConnectivityService extends IConnectivityManager.Stub throw new IllegalArgumentException("replaceFirewallChain with invalid chain: " + chain); } - } catch (RemoteException | ServiceSpecificException e) { + } catch (ServiceSpecificException e) { throw new IllegalStateException(e); } } diff --git a/tests/unit/java/com/android/server/BpfNetMapsTest.java b/tests/unit/java/com/android/server/BpfNetMapsTest.java index ac21e77b77..2959ac9234 100644 --- a/tests/unit/java/com/android/server/BpfNetMapsTest.java +++ b/tests/unit/java/com/android/server/BpfNetMapsTest.java @@ -16,8 +16,6 @@ package com.android.server; -import static android.net.INetd.FIREWALL_CHAIN_DOZABLE; -import static android.net.INetd.FIREWALL_RULE_ALLOW; import static android.net.INetd.PERMISSION_INTERNET; import static org.junit.Assume.assumeFalse; @@ -60,20 +58,6 @@ public final class BpfNetMapsTest { @Test public void testBpfNetMapsBeforeT() throws Exception { assumeFalse(SdkLevel.isAtLeastT()); - mBpfNetMaps.addNaughtyApp(TEST_UID); - verify(mNetd).bandwidthAddNaughtyApp(TEST_UID); - mBpfNetMaps.removeNaughtyApp(TEST_UID); - verify(mNetd).bandwidthRemoveNaughtyApp(TEST_UID); - mBpfNetMaps.addNiceApp(TEST_UID); - verify(mNetd).bandwidthAddNiceApp(TEST_UID); - mBpfNetMaps.removeNiceApp(TEST_UID); - verify(mNetd).bandwidthRemoveNiceApp(TEST_UID); - mBpfNetMaps.setChildChain(FIREWALL_CHAIN_DOZABLE, true); - verify(mNetd).firewallEnableChildChain(FIREWALL_CHAIN_DOZABLE, true); - mBpfNetMaps.replaceUidChain(CHAINNAME, true, TEST_UIDS); - verify(mNetd).firewallReplaceUidChain(CHAINNAME, true, TEST_UIDS); - mBpfNetMaps.setUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID, FIREWALL_RULE_ALLOW); - verify(mNetd).firewallSetUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID, FIREWALL_RULE_ALLOW); mBpfNetMaps.addUidInterfaceRules(IFNAME, TEST_UIDS); verify(mNetd).firewallAddUidInterfaceRules(IFNAME, TEST_UIDS); mBpfNetMaps.removeUidInterfaceRules(TEST_UIDS);