Add RESTRICTED_ALLOWED_APPS setting

This setting is OEM upstream requirement for third party apps
using restricted networks.

Bug: 185149952
Test: atests FrameworksNetTests
Change-Id: I5e16b46cf2935f38ee1e516bb8b85fa487cf9f61

framework/src/android/net/ConnectivitySettingsManager.java

@@ -30,6 +30,7 @@ import android.content.Context;
 import android.net.ConnectivityManager.MultipathPreference;
 import android.provider.Settings;
 import android.text.TextUtils;
+import android.util.ArraySet;
 import android.util.Range;
 
 import com.android.net.module.util.ProxyUtils;
@@ -38,6 +39,9 @@ import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.time.Duration;
 import java.util.List;
+import java.util.Set;
+import java.util.StringJoiner;
+import java.util.regex.Pattern;
 
 /**
  * A manager class for connectivity module settings.
@@ -368,6 +372,13 @@ public class ConnectivitySettingsManager {
     private static final String PRIVATE_DNS_MODE_OPPORTUNISTIC_STRING = "opportunistic";
     private static final String PRIVATE_DNS_MODE_PROVIDER_HOSTNAME_STRING = "hostname";
 
+    /**
+     * A list of apps that should be granted netd system permission for using restricted networks.
+     *
+     * @hide
+     */
+    public static final String RESTRICTED_ALLOWED_APPS = "restricted_allowed_apps";
+
     /**
      * Get mobile data activity timeout from {@link Settings}.
      *
@@ -1014,4 +1025,47 @@ public class ConnectivitySettingsManager {
     public static void setMobileDataPreferredApps(@NonNull Context context, @Nullable String list) {
         Settings.Secure.putString(context.getContentResolver(), MOBILE_DATA_PREFERRED_APPS, list);
     }
+
+    /**
+     * Get the list of apps(from {@link Settings}) that should be granted netd system permission for
+     * using restricted networks.
+     *
+     * @param context The {@link Context} to query the setting.
+     * @return A list of apps that should be granted netd system permission for using restricted
+     *         networks or null if no setting value.
+     */
+    @NonNull
+    public static Set<String> getRestrictedAllowedApps(@NonNull Context context) {
+        final String appList = Settings.Secure.getString(
+                context.getContentResolver(), RESTRICTED_ALLOWED_APPS);
+        if (TextUtils.isEmpty(appList)) {
+            return new ArraySet<>();
+        }
+        return new ArraySet<>(appList.split(";"));
+    }
+
+    /**
+     * Set the list of apps(from {@link Settings}) that should be granted netd system permission for
+     * using restricted networks.
+     *
+     * Note: Please refer to android developer guidelines for valid app(package name).
+     * https://developer.android.com/guide/topics/manifest/manifest-element.html#package
+     *
+     * @param context The {@link Context} to set the setting.
+     * @param list A list of apps that should be granted netd system permission for using
+     *             restricted networks.
+     */
+    public static void setRestrictedAllowedApps(@NonNull Context context,
+            @NonNull Set<String> list) {
+        final Pattern appPattern = Pattern.compile("[a-zA-Z_0-9]+([.][a-zA-Z_0-9]+)*");
+        final StringJoiner joiner = new StringJoiner(";");
+        for (String app : list) {
+            if (!appPattern.matcher(app).matches()) {
+                throw new IllegalArgumentException("Invalid app(package name)");
+            }
+            joiner.add(app);
+        }
+        Settings.Secure.putString(
+                context.getContentResolver(), RESTRICTED_ALLOWED_APPS, joiner.toString());
+    }
 }