LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove network access for idle apps

Browse Source 
Track apps going in and out of idle in the NetworkPolicyManagerService.
Apply DROP rules in firewall controller if app is to be blacklisted
for network access.

Firewall can now be in whitelist (old) or blacklist mode. When in
blacklist, it allows all by default and we can selectively DENY
some uids.

Track app idle in UsageStats and update periodically.
Track charging/discharging states.

TODO: Check for appidle temporary parole state

Bug: 20066058
Change-Id: Ia65d7544204b3bcb78a517310ef4adcc05aac6fb
This commit is contained in:
Amith Yamasani
2015-04-24 19:06:07 -07:00
parent 299db05f65
commit 2a37b3cc84
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/core/java/com/android/server/ConnectivityService.java
View File

@@ -24,6 +24,7 @@ import static android.net.ConnectivityManager.TYPE_VPN;
import static android.net.ConnectivityManager.getNetworkTypeName;
import static android.net.ConnectivityManager.isNetworkTypeValid;
import static android.net.NetworkPolicyManager.RULE_ALLOW_ALL;
import static android.net.NetworkPolicyManager.RULE_REJECT_ALL;
import static android.net.NetworkPolicyManager.RULE_REJECT_METERED;
import android.annotation.Nullable;
@@ -832,7 +833,8 @@ public class ConnectivityService extends IConnectivityManager.Stub
uidRules = mUidRules.get(uid, RULE_ALLOW_ALL);
}
if (networkCostly && (uidRules & RULE_REJECT_METERED) != 0) {
if ((uidRules & RULE_REJECT_ALL) != 0
|| (networkCostly && (uidRules & RULE_REJECT_METERED) != 0)) {
return true;
}
@@ -3490,7 +3492,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
synchronized(mRulesLock) {
uidRules = mUidRules.get(uid, RULE_ALLOW_ALL);
}
if ((uidRules & RULE_REJECT_METERED) != 0) {
if ((uidRules & (RULE_REJECT_METERED | RULE_REJECT_ALL)) != 0) {
// we could silently fail or we can filter the available nets to only give
// them those they have access to. Chose the more useful
networkCapabilities.addCapability(NetworkCapabilities.NET_CAPABILITY_NOT_METERED);