Merge "Refactor BpfNetMaps and getChainEnabled"
This commit is contained in:
Motomu Utsumi
@@ -5922,7 +5922,7 @@ public class ConnectivityManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the specified firewall chain status.
|
* Get the specified firewall chain's status.
|
||||||
*
|
*
|
||||||
* @param chain target chain.
|
* @param chain target chain.
|
||||||
* @return {@code true} if chain is enabled, {@code false} if chain is disabled.
|
* @return {@code true} if chain is enabled, {@code false} if chain is disabled.
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ public class BpfNetMaps {
|
|||||||
private static final String TAG = "BpfNetMaps";
|
private static final String TAG = "BpfNetMaps";
|
||||||
private final INetd mNetd;
|
private final INetd mNetd;
|
||||||
// Use legacy netd for releases before T.
|
// Use legacy netd for releases before T.
|
||||||
private static final boolean USE_NETD = !SdkLevel.isAtLeastT();
|
private static final boolean PRE_T = !SdkLevel.isAtLeastT();
|
||||||
private static boolean sInitialized = false;
|
private static boolean sInitialized = false;
|
||||||
|
|
||||||
// Lock for sConfigurationMap entry for UID_RULES_CONFIGURATION_KEY.
|
// Lock for sConfigurationMap entry for UID_RULES_CONFIGURATION_KEY.
|
||||||
@@ -112,7 +112,7 @@ public class BpfNetMaps {
|
|||||||
*/
|
*/
|
||||||
private static synchronized void ensureInitialized() {
|
private static synchronized void ensureInitialized() {
|
||||||
if (sInitialized) return;
|
if (sInitialized) return;
|
||||||
if (!USE_NETD) {
|
if (!PRE_T) {
|
||||||
System.loadLibrary("service-connectivity");
|
System.loadLibrary("service-connectivity");
|
||||||
native_init();
|
native_init();
|
||||||
initialize(new Dependencies());
|
initialize(new Dependencies());
|
||||||
@@ -143,7 +143,7 @@ public class BpfNetMaps {
|
|||||||
public BpfNetMaps() {
|
public BpfNetMaps() {
|
||||||
this(null);
|
this(null);
|
||||||
|
|
||||||
if (USE_NETD) throw new IllegalArgumentException("BpfNetMaps need to use netd before T");
|
if (PRE_T) throw new IllegalArgumentException("BpfNetMaps need to use netd before T");
|
||||||
}
|
}
|
||||||
|
|
||||||
public BpfNetMaps(final INetd netd) {
|
public BpfNetMaps(final INetd netd) {
|
||||||
@@ -169,8 +169,8 @@ public class BpfNetMaps {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void throwIfUseNetd(final String msg) {
|
private void throwIfPreT(final String msg) {
|
||||||
if (USE_NETD) {
|
if (PRE_T) {
|
||||||
throw new UnsupportedOperationException(msg);
|
throw new UnsupportedOperationException(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -233,7 +233,7 @@ public class BpfNetMaps {
|
|||||||
* cause of the failure.
|
* cause of the failure.
|
||||||
*/
|
*/
|
||||||
public void setChildChain(final int childChain, final boolean enable) {
|
public void setChildChain(final int childChain, final boolean enable) {
|
||||||
throwIfUseNetd("setChildChain is not available on pre-T devices");
|
throwIfPreT("setChildChain is not available on pre-T devices");
|
||||||
|
|
||||||
final long match = getMatchByFirewallChain(childChain);
|
final long match = getMatchByFirewallChain(childChain);
|
||||||
try {
|
try {
|
||||||
@@ -244,7 +244,7 @@ public class BpfNetMaps {
|
|||||||
"Unable to get firewall chain status: sConfigurationMap does not have"
|
"Unable to get firewall chain status: sConfigurationMap does not have"
|
||||||
+ " entry for UID_RULES_CONFIGURATION_KEY");
|
+ " entry for UID_RULES_CONFIGURATION_KEY");
|
||||||
}
|
}
|
||||||
final long newConfig = enable ? (config.val | match) : (config.val & (~match));
|
final long newConfig = enable ? (config.val | match) : (config.val & ~match);
|
||||||
sConfigurationMap.updateEntry(UID_RULES_CONFIGURATION_KEY, new U32(newConfig));
|
sConfigurationMap.updateEntry(UID_RULES_CONFIGURATION_KEY, new U32(newConfig));
|
||||||
}
|
}
|
||||||
} catch (ErrnoException e) {
|
} catch (ErrnoException e) {
|
||||||
@@ -254,7 +254,7 @@ public class BpfNetMaps {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the specified firewall chain status.
|
* Get the specified firewall chain's status.
|
||||||
*
|
*
|
||||||
* @param childChain target chain
|
* @param childChain target chain
|
||||||
* @return {@code true} if chain is enabled, {@code false} if chain is not enabled.
|
* @return {@code true} if chain is enabled, {@code false} if chain is not enabled.
|
||||||
@@ -262,8 +262,8 @@ public class BpfNetMaps {
|
|||||||
* @throws ServiceSpecificException in case of failure, with an error code indicating the
|
* @throws ServiceSpecificException in case of failure, with an error code indicating the
|
||||||
* cause of the failure.
|
* cause of the failure.
|
||||||
*/
|
*/
|
||||||
public boolean getChainEnabled(final int childChain) {
|
public boolean isChainEnabled(final int childChain) {
|
||||||
throwIfUseNetd("getChainEnabled is not available on pre-T devices");
|
throwIfPreT("isChainEnabled is not available on pre-T devices");
|
||||||
|
|
||||||
final long match = getMatchByFirewallChain(childChain);
|
final long match = getMatchByFirewallChain(childChain);
|
||||||
try {
|
try {
|
||||||
@@ -334,7 +334,7 @@ public class BpfNetMaps {
|
|||||||
* cause of the failure.
|
* cause of the failure.
|
||||||
*/
|
*/
|
||||||
public void addUidInterfaceRules(final String ifName, final int[] uids) throws RemoteException {
|
public void addUidInterfaceRules(final String ifName, final int[] uids) throws RemoteException {
|
||||||
if (USE_NETD) {
|
if (PRE_T) {
|
||||||
mNetd.firewallAddUidInterfaceRules(ifName, uids);
|
mNetd.firewallAddUidInterfaceRules(ifName, uids);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -354,7 +354,7 @@ public class BpfNetMaps {
|
|||||||
* cause of the failure.
|
* cause of the failure.
|
||||||
*/
|
*/
|
||||||
public void removeUidInterfaceRules(final int[] uids) throws RemoteException {
|
public void removeUidInterfaceRules(final int[] uids) throws RemoteException {
|
||||||
if (USE_NETD) {
|
if (PRE_T) {
|
||||||
mNetd.firewallRemoveUidInterfaceRules(uids);
|
mNetd.firewallRemoveUidInterfaceRules(uids);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -397,7 +397,7 @@ public class BpfNetMaps {
|
|||||||
* @throws RemoteException when netd has crashed.
|
* @throws RemoteException when netd has crashed.
|
||||||
*/
|
*/
|
||||||
public void setNetPermForUids(final int permissions, final int[] uids) throws RemoteException {
|
public void setNetPermForUids(final int permissions, final int[] uids) throws RemoteException {
|
||||||
if (USE_NETD) {
|
if (PRE_T) {
|
||||||
mNetd.trafficSetNetPermForUids(permissions, uids);
|
mNetd.trafficSetNetPermForUids(permissions, uids);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -413,7 +413,7 @@ public class BpfNetMaps {
|
|||||||
*/
|
*/
|
||||||
public void dump(final FileDescriptor fd, boolean verbose)
|
public void dump(final FileDescriptor fd, boolean verbose)
|
||||||
throws IOException, ServiceSpecificException {
|
throws IOException, ServiceSpecificException {
|
||||||
if (USE_NETD) {
|
if (PRE_T) {
|
||||||
throw new ServiceSpecificException(
|
throw new ServiceSpecificException(
|
||||||
EOPNOTSUPP, "dumpsys connectivity trafficcontroller dump not available on pre-T"
|
EOPNOTSUPP, "dumpsys connectivity trafficcontroller dump not available on pre-T"
|
||||||
+ " devices, use dumpsys netd trafficcontroller instead.");
|
+ " devices, use dumpsys netd trafficcontroller instead.");
|
||||||
|
|||||||
@@ -11387,7 +11387,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
public boolean getFirewallChainEnabled(final int chain) {
|
public boolean getFirewallChainEnabled(final int chain) {
|
||||||
enforceNetworkStackOrSettingsPermission();
|
enforceNetworkStackOrSettingsPermission();
|
||||||
|
|
||||||
return mBpfNetMaps.getChainEnabled(chain);
|
return mBpfNetMaps.isChainEnabled(chain);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@@ -116,7 +116,7 @@ public final class BpfNetMapsTest {
|
|||||||
verify(mNetd).trafficSetNetPermForUids(PERMISSION_INTERNET, TEST_UIDS);
|
verify(mNetd).trafficSetNetPermForUids(PERMISSION_INTERNET, TEST_UIDS);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void doTestGetChainEnabled(final List<Integer> enableChains) throws Exception {
|
private void doTestIsChainEnabled(final List<Integer> enableChains) throws Exception {
|
||||||
long match = 0;
|
long match = 0;
|
||||||
for (final int chain: enableChains) {
|
for (final int chain: enableChains) {
|
||||||
match |= mBpfNetMaps.getMatchByFirewallChain(chain);
|
match |= mBpfNetMaps.getMatchByFirewallChain(chain);
|
||||||
@@ -126,67 +126,67 @@ public final class BpfNetMapsTest {
|
|||||||
for (final int chain: FIREWALL_CHAINS) {
|
for (final int chain: FIREWALL_CHAINS) {
|
||||||
final String testCase = "EnabledChains: " + enableChains + " CheckedChain: " + chain;
|
final String testCase = "EnabledChains: " + enableChains + " CheckedChain: " + chain;
|
||||||
if (enableChains.contains(chain)) {
|
if (enableChains.contains(chain)) {
|
||||||
assertTrue("Expected getChainEnabled returns True, " + testCase,
|
assertTrue("Expected isChainEnabled returns True, " + testCase,
|
||||||
mBpfNetMaps.getChainEnabled(chain));
|
mBpfNetMaps.isChainEnabled(chain));
|
||||||
} else {
|
} else {
|
||||||
assertFalse("Expected getChainEnabled returns False, " + testCase,
|
assertFalse("Expected isChainEnabled returns False, " + testCase,
|
||||||
mBpfNetMaps.getChainEnabled(chain));
|
mBpfNetMaps.isChainEnabled(chain));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void doTestGetChainEnabled(final int enableChain) throws Exception {
|
private void doTestIsChainEnabled(final int enableChain) throws Exception {
|
||||||
doTestGetChainEnabled(List.of(enableChain));
|
doTestIsChainEnabled(List.of(enableChain));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
||||||
public void testGetChainEnabled() throws Exception {
|
public void testIsChainEnabled() throws Exception {
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_DOZABLE);
|
doTestIsChainEnabled(FIREWALL_CHAIN_DOZABLE);
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_STANDBY);
|
doTestIsChainEnabled(FIREWALL_CHAIN_STANDBY);
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_POWERSAVE);
|
doTestIsChainEnabled(FIREWALL_CHAIN_POWERSAVE);
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_RESTRICTED);
|
doTestIsChainEnabled(FIREWALL_CHAIN_RESTRICTED);
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_LOW_POWER_STANDBY);
|
doTestIsChainEnabled(FIREWALL_CHAIN_LOW_POWER_STANDBY);
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_OEM_DENY_1);
|
doTestIsChainEnabled(FIREWALL_CHAIN_OEM_DENY_1);
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_OEM_DENY_2);
|
doTestIsChainEnabled(FIREWALL_CHAIN_OEM_DENY_2);
|
||||||
doTestGetChainEnabled(FIREWALL_CHAIN_OEM_DENY_3);
|
doTestIsChainEnabled(FIREWALL_CHAIN_OEM_DENY_3);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
||||||
public void testGetChainEnabledMultipleChainEnabled() throws Exception {
|
public void testIsChainEnabledMultipleChainEnabled() throws Exception {
|
||||||
doTestGetChainEnabled(List.of(
|
doTestIsChainEnabled(List.of(
|
||||||
FIREWALL_CHAIN_DOZABLE,
|
FIREWALL_CHAIN_DOZABLE,
|
||||||
FIREWALL_CHAIN_STANDBY));
|
FIREWALL_CHAIN_STANDBY));
|
||||||
doTestGetChainEnabled(List.of(
|
doTestIsChainEnabled(List.of(
|
||||||
FIREWALL_CHAIN_DOZABLE,
|
FIREWALL_CHAIN_DOZABLE,
|
||||||
FIREWALL_CHAIN_STANDBY,
|
FIREWALL_CHAIN_STANDBY,
|
||||||
FIREWALL_CHAIN_POWERSAVE,
|
FIREWALL_CHAIN_POWERSAVE,
|
||||||
FIREWALL_CHAIN_RESTRICTED));
|
FIREWALL_CHAIN_RESTRICTED));
|
||||||
doTestGetChainEnabled(FIREWALL_CHAINS);
|
doTestIsChainEnabled(FIREWALL_CHAINS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
||||||
public void testGetChainEnabledInvalidChain() {
|
public void testIsChainEnabledInvalidChain() {
|
||||||
final Class<ServiceSpecificException> expected = ServiceSpecificException.class;
|
final Class<ServiceSpecificException> expected = ServiceSpecificException.class;
|
||||||
assertThrows(expected, () -> mBpfNetMaps.getChainEnabled(-1 /* childChain */));
|
assertThrows(expected, () -> mBpfNetMaps.isChainEnabled(-1 /* childChain */));
|
||||||
assertThrows(expected, () -> mBpfNetMaps.getChainEnabled(1000 /* childChain */));
|
assertThrows(expected, () -> mBpfNetMaps.isChainEnabled(1000 /* childChain */));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
|
||||||
public void testGetChainEnabledMissingConfiguration() {
|
public void testIsChainEnabledMissingConfiguration() {
|
||||||
// sConfigurationMap does not have entry for UID_RULES_CONFIGURATION_KEY
|
// sConfigurationMap does not have entry for UID_RULES_CONFIGURATION_KEY
|
||||||
assertThrows(ServiceSpecificException.class,
|
assertThrows(ServiceSpecificException.class,
|
||||||
() -> mBpfNetMaps.getChainEnabled(FIREWALL_CHAIN_DOZABLE));
|
() -> mBpfNetMaps.isChainEnabled(FIREWALL_CHAIN_DOZABLE));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@IgnoreAfter(Build.VERSION_CODES.S_V2)
|
@IgnoreAfter(Build.VERSION_CODES.S_V2)
|
||||||
public void testGetChainEnabledBeforeT() {
|
public void testIsChainEnabledBeforeT() {
|
||||||
assertThrows(UnsupportedOperationException.class,
|
assertThrows(UnsupportedOperationException.class,
|
||||||
() -> mBpfNetMaps.getChainEnabled(FIREWALL_CHAIN_DOZABLE));
|
() -> mBpfNetMaps.isChainEnabled(FIREWALL_CHAIN_DOZABLE));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void doTestSetChildChain(final List<Integer> testChains) throws Exception {
|
private void doTestSetChildChain(final List<Integer> testChains) throws Exception {
|
||||||
|
|||||||
Reference in New Issue
Block a user