diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java index 02083fff55..eeedfd1641 100644 --- a/framework/src/android/net/ConnectivityManager.java +++ b/framework/src/android/net/ConnectivityManager.java @@ -5922,7 +5922,7 @@ public class ConnectivityManager { } /** - * Get the specified firewall chain status. + * Get the specified firewall chain's status. * * @param chain target chain. * @return {@code true} if chain is enabled, {@code false} if chain is disabled. diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java index 3ee3ea139b..81e9e3ab87 100644 --- a/service/src/com/android/server/BpfNetMaps.java +++ b/service/src/com/android/server/BpfNetMaps.java @@ -53,7 +53,7 @@ public class BpfNetMaps { private static final String TAG = "BpfNetMaps"; private final INetd mNetd; // Use legacy netd for releases before T. - private static final boolean USE_NETD = !SdkLevel.isAtLeastT(); + private static final boolean PRE_T = !SdkLevel.isAtLeastT(); private static boolean sInitialized = false; // Lock for sConfigurationMap entry for UID_RULES_CONFIGURATION_KEY. @@ -112,7 +112,7 @@ public class BpfNetMaps { */ private static synchronized void ensureInitialized() { if (sInitialized) return; - if (!USE_NETD) { + if (!PRE_T) { System.loadLibrary("service-connectivity"); native_init(); initialize(new Dependencies()); @@ -143,7 +143,7 @@ public class BpfNetMaps { public BpfNetMaps() { this(null); - if (USE_NETD) throw new IllegalArgumentException("BpfNetMaps need to use netd before T"); + if (PRE_T) throw new IllegalArgumentException("BpfNetMaps need to use netd before T"); } public BpfNetMaps(final INetd netd) { @@ -169,8 +169,8 @@ public class BpfNetMaps { } } - private void throwIfUseNetd(final String msg) { - if (USE_NETD) { + private void throwIfPreT(final String msg) { + if (PRE_T) { throw new UnsupportedOperationException(msg); } } @@ -233,7 +233,7 @@ public class BpfNetMaps { * cause of the failure. */ public void setChildChain(final int childChain, final boolean enable) { - throwIfUseNetd("setChildChain is not available on pre-T devices"); + throwIfPreT("setChildChain is not available on pre-T devices"); final long match = getMatchByFirewallChain(childChain); try { @@ -244,7 +244,7 @@ public class BpfNetMaps { "Unable to get firewall chain status: sConfigurationMap does not have" + " entry for UID_RULES_CONFIGURATION_KEY"); } - final long newConfig = enable ? (config.val | match) : (config.val & (~match)); + final long newConfig = enable ? (config.val | match) : (config.val & ~match); sConfigurationMap.updateEntry(UID_RULES_CONFIGURATION_KEY, new U32(newConfig)); } } catch (ErrnoException e) { @@ -254,7 +254,7 @@ public class BpfNetMaps { } /** - * Get the specified firewall chain status. + * Get the specified firewall chain's status. * * @param childChain target chain * @return {@code true} if chain is enabled, {@code false} if chain is not enabled. @@ -262,8 +262,8 @@ public class BpfNetMaps { * @throws ServiceSpecificException in case of failure, with an error code indicating the * cause of the failure. */ - public boolean getChainEnabled(final int childChain) { - throwIfUseNetd("getChainEnabled is not available on pre-T devices"); + public boolean isChainEnabled(final int childChain) { + throwIfPreT("isChainEnabled is not available on pre-T devices"); final long match = getMatchByFirewallChain(childChain); try { @@ -334,7 +334,7 @@ public class BpfNetMaps { * cause of the failure. */ public void addUidInterfaceRules(final String ifName, final int[] uids) throws RemoteException { - if (USE_NETD) { + if (PRE_T) { mNetd.firewallAddUidInterfaceRules(ifName, uids); return; } @@ -354,7 +354,7 @@ public class BpfNetMaps { * cause of the failure. */ public void removeUidInterfaceRules(final int[] uids) throws RemoteException { - if (USE_NETD) { + if (PRE_T) { mNetd.firewallRemoveUidInterfaceRules(uids); return; } @@ -397,7 +397,7 @@ public class BpfNetMaps { * @throws RemoteException when netd has crashed. */ public void setNetPermForUids(final int permissions, final int[] uids) throws RemoteException { - if (USE_NETD) { + if (PRE_T) { mNetd.trafficSetNetPermForUids(permissions, uids); return; } @@ -413,7 +413,7 @@ public class BpfNetMaps { */ public void dump(final FileDescriptor fd, boolean verbose) throws IOException, ServiceSpecificException { - if (USE_NETD) { + if (PRE_T) { throw new ServiceSpecificException( EOPNOTSUPP, "dumpsys connectivity trafficcontroller dump not available on pre-T" + " devices, use dumpsys netd trafficcontroller instead."); diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index 656865415a..b210bb32be 100644 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -11387,7 +11387,7 @@ public class ConnectivityService extends IConnectivityManager.Stub public boolean getFirewallChainEnabled(final int chain) { enforceNetworkStackOrSettingsPermission(); - return mBpfNetMaps.getChainEnabled(chain); + return mBpfNetMaps.isChainEnabled(chain); } @Override diff --git a/tests/unit/java/com/android/server/BpfNetMapsTest.java b/tests/unit/java/com/android/server/BpfNetMapsTest.java index 99e7ecc3ab..634ec9c35e 100644 --- a/tests/unit/java/com/android/server/BpfNetMapsTest.java +++ b/tests/unit/java/com/android/server/BpfNetMapsTest.java @@ -116,7 +116,7 @@ public final class BpfNetMapsTest { verify(mNetd).trafficSetNetPermForUids(PERMISSION_INTERNET, TEST_UIDS); } - private void doTestGetChainEnabled(final List enableChains) throws Exception { + private void doTestIsChainEnabled(final List enableChains) throws Exception { long match = 0; for (final int chain: enableChains) { match |= mBpfNetMaps.getMatchByFirewallChain(chain); @@ -126,67 +126,67 @@ public final class BpfNetMapsTest { for (final int chain: FIREWALL_CHAINS) { final String testCase = "EnabledChains: " + enableChains + " CheckedChain: " + chain; if (enableChains.contains(chain)) { - assertTrue("Expected getChainEnabled returns True, " + testCase, - mBpfNetMaps.getChainEnabled(chain)); + assertTrue("Expected isChainEnabled returns True, " + testCase, + mBpfNetMaps.isChainEnabled(chain)); } else { - assertFalse("Expected getChainEnabled returns False, " + testCase, - mBpfNetMaps.getChainEnabled(chain)); + assertFalse("Expected isChainEnabled returns False, " + testCase, + mBpfNetMaps.isChainEnabled(chain)); } } } - private void doTestGetChainEnabled(final int enableChain) throws Exception { - doTestGetChainEnabled(List.of(enableChain)); + private void doTestIsChainEnabled(final int enableChain) throws Exception { + doTestIsChainEnabled(List.of(enableChain)); } @Test @IgnoreUpTo(Build.VERSION_CODES.S_V2) - public void testGetChainEnabled() throws Exception { - doTestGetChainEnabled(FIREWALL_CHAIN_DOZABLE); - doTestGetChainEnabled(FIREWALL_CHAIN_STANDBY); - doTestGetChainEnabled(FIREWALL_CHAIN_POWERSAVE); - doTestGetChainEnabled(FIREWALL_CHAIN_RESTRICTED); - doTestGetChainEnabled(FIREWALL_CHAIN_LOW_POWER_STANDBY); - doTestGetChainEnabled(FIREWALL_CHAIN_OEM_DENY_1); - doTestGetChainEnabled(FIREWALL_CHAIN_OEM_DENY_2); - doTestGetChainEnabled(FIREWALL_CHAIN_OEM_DENY_3); + public void testIsChainEnabled() throws Exception { + doTestIsChainEnabled(FIREWALL_CHAIN_DOZABLE); + doTestIsChainEnabled(FIREWALL_CHAIN_STANDBY); + doTestIsChainEnabled(FIREWALL_CHAIN_POWERSAVE); + doTestIsChainEnabled(FIREWALL_CHAIN_RESTRICTED); + doTestIsChainEnabled(FIREWALL_CHAIN_LOW_POWER_STANDBY); + doTestIsChainEnabled(FIREWALL_CHAIN_OEM_DENY_1); + doTestIsChainEnabled(FIREWALL_CHAIN_OEM_DENY_2); + doTestIsChainEnabled(FIREWALL_CHAIN_OEM_DENY_3); } @Test @IgnoreUpTo(Build.VERSION_CODES.S_V2) - public void testGetChainEnabledMultipleChainEnabled() throws Exception { - doTestGetChainEnabled(List.of( + public void testIsChainEnabledMultipleChainEnabled() throws Exception { + doTestIsChainEnabled(List.of( FIREWALL_CHAIN_DOZABLE, FIREWALL_CHAIN_STANDBY)); - doTestGetChainEnabled(List.of( + doTestIsChainEnabled(List.of( FIREWALL_CHAIN_DOZABLE, FIREWALL_CHAIN_STANDBY, FIREWALL_CHAIN_POWERSAVE, FIREWALL_CHAIN_RESTRICTED)); - doTestGetChainEnabled(FIREWALL_CHAINS); + doTestIsChainEnabled(FIREWALL_CHAINS); } @Test @IgnoreUpTo(Build.VERSION_CODES.S_V2) - public void testGetChainEnabledInvalidChain() { + public void testIsChainEnabledInvalidChain() { final Class expected = ServiceSpecificException.class; - assertThrows(expected, () -> mBpfNetMaps.getChainEnabled(-1 /* childChain */)); - assertThrows(expected, () -> mBpfNetMaps.getChainEnabled(1000 /* childChain */)); + assertThrows(expected, () -> mBpfNetMaps.isChainEnabled(-1 /* childChain */)); + assertThrows(expected, () -> mBpfNetMaps.isChainEnabled(1000 /* childChain */)); } @Test @IgnoreUpTo(Build.VERSION_CODES.S_V2) - public void testGetChainEnabledMissingConfiguration() { + public void testIsChainEnabledMissingConfiguration() { // sConfigurationMap does not have entry for UID_RULES_CONFIGURATION_KEY assertThrows(ServiceSpecificException.class, - () -> mBpfNetMaps.getChainEnabled(FIREWALL_CHAIN_DOZABLE)); + () -> mBpfNetMaps.isChainEnabled(FIREWALL_CHAIN_DOZABLE)); } @Test @IgnoreAfter(Build.VERSION_CODES.S_V2) - public void testGetChainEnabledBeforeT() { + public void testIsChainEnabledBeforeT() { assertThrows(UnsupportedOperationException.class, - () -> mBpfNetMaps.getChainEnabled(FIREWALL_CHAIN_DOZABLE)); + () -> mBpfNetMaps.isChainEnabled(FIREWALL_CHAIN_DOZABLE)); } private void doTestSetChildChain(final List testChains) throws Exception {