Api review: change updateFirewallRule to setUidFirewallRule

Bug: 218494748 Test: TH Change-Id: I52a02ebe109b687359f579c16fded4af3c9cd242 Merged-In: I52a02ebe109b687359f579c16fded4af3c9cd242
2022-03-22 16:29:56 +08:00
parent 697c18376b
commit 3c04e66da0
4 changed files with 72 additions and 9 deletions
--- a/framework/src/android/net/ConnectivityManager.java
+++ b/framework/src/android/net/ConnectivityManager.java
@@ -994,6 +994,36 @@ public class ConnectivityManager {
    public @interface FirewallChain {}
    // LINT.ThenChange(packages/modules/Connectivity/service/native/include/Common.h)

+    /**
+     * Specify default rule which may allow or drop packets depending on existing policy.
+     * @hide
+     */
+    @SystemApi(client = MODULE_LIBRARIES)
+    public static final int FIREWALL_RULE_DEFAULT = 0;
+
+    /**
+     * Specify allow rule which allows packets.
+     * @hide
+     */
+    @SystemApi(client = MODULE_LIBRARIES)
+    public static final int FIREWALL_RULE_ALLOW = 1;
+
+    /**
+     * Specify deny rule which drops packets.
+     * @hide
+     */
+    @SystemApi(client = MODULE_LIBRARIES)
+    public static final int FIREWALL_RULE_DENY = 2;
+
+    /** @hide */
+    @Retention(RetentionPolicy.SOURCE)
+    @IntDef(flag = false, prefix = "FIREWALL_RULE_", value = {
+        FIREWALL_RULE_DEFAULT,
+        FIREWALL_RULE_ALLOW,
+        FIREWALL_RULE_DENY
+    })
+    public @interface FirewallRule {}
+
    /**
     * A kludge to facilitate static access where a Context pointer isn't available, like in the
     * case of the static set/getProcessDefaultNetwork methods and from the Network class.
@@ -5802,8 +5832,9 @@ public class ConnectivityManager {
     *
     * @param chain target chain.
     * @param uid uid to allow/deny.
-     * @param allow whether networking is allowed or denied.
+     * @param rule firewall rule to allow/drop packets.
     * @throws IllegalStateException if updating firewall rule failed.
+     * @throws IllegalArgumentException if {@code rule} is not a valid rule.
     * @hide
     */
    @SystemApi(client = MODULE_LIBRARIES)
@@ -5812,10 +5843,10 @@ public class ConnectivityManager {
            android.Manifest.permission.NETWORK_STACK,
            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
    })
-    public void updateFirewallRule(@FirewallChain final int chain, final int uid,
-            final boolean allow) {
+    public void setUidFirewallRule(@FirewallChain final int chain, final int uid,
+            @FirewallRule final int rule) {
        try {
-            mService.updateFirewallRule(chain, uid, allow);
+            mService.setUidFirewallRule(chain, uid, rule);
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        }