LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add setFirewallChainEnabled API

Browse Source 
To deprecated firewallEnableChildChain netd binder and move the
functionality to tethering (connectivity) mainline module, expose
setFirewallChainEnabled to support the caller outside the module.
Currently the API are still call to netd. Will replace with the
implementation inside tethering (connectivity) module.

Bug: 209935649
Test: atest CtsHostsideNetworkTests
Change-Id: I9b64c9d12260521489a87fbeae5afbee2a8ea8f6
This commit is contained in:
markchien
2022-01-13 23:43:53 +08:00
parent e1561fa800
commit 98a6f95d0f
4 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
framework/api/module-lib-current.txt
View File

@@ -17,6 +17,7 @@ package android.net {
method @RequiresPermission(anyOf={android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_SETUP_WIZARD, android.Manifest.permission.NETWORK_STACK, android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK}) public void setAcceptPartialConnectivity(@NonNull android.net.Network, boolean, boolean);
method @RequiresPermission(anyOf={android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_SETUP_WIZARD, android.Manifest.permission.NETWORK_STACK, android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK}) public void setAcceptUnvalidated(@NonNull android.net.Network, boolean, boolean);
method @RequiresPermission(anyOf={android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_SETUP_WIZARD, android.Manifest.permission.NETWORK_STACK, android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK}) public void setAvoidUnvalidated(@NonNull android.net.Network);
method @RequiresPermission(anyOf={android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_STACK, android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK}) public void setFirewallChainEnabled(int, boolean);
method @RequiresPermission(android.Manifest.permission.NETWORK_STACK) public void setGlobalProxy(@Nullable android.net.ProxyInfo);
method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public void setLegacyLockdownVpnEnabled(boolean);
method @Deprecated @RequiresPermission(android.Manifest.permission.NETWORK_STACK) public void setProfileNetworkPreference(@NonNull android.os.UserHandle, int, @Nullable java.util.concurrent.Executor, @Nullable Runnable);

22
framework/src/android/net/ConnectivityManager.java
View File

@@ -5660,4 +5660,26 @@ public class ConnectivityManager {
throw e.rethrowFromSystemServer();
}
}
/**
* Enables or disables the specified firewall chain.
*
* @param chain target chain.
* @param enable whether the chain should be enabled.
* @throws IllegalStateException if set firewall chain failed.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
@RequiresPermission(anyOf = {
android.Manifest.permission.NETWORK_SETTINGS,
android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
})
public void setFirewallChainEnabled(@FirewallChain final int chain, final boolean enable) {
try {
mService.setFirewallChainEnabled(chain, enable);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
}

2
framework/src/android/net/IConnectivityManager.aidl
View File

@@ -236,4 +236,6 @@ interface IConnectivityManager
void updateMeteredNetworkDenyList(int uid, boolean add);
void updateFirewallRule(int chain, int uid, boolean allow);
void setFirewallChainEnabled(int chain, boolean enable);
}

12
service/src/com/android/server/ConnectivityService.java
View File

@@ -10622,4 +10622,16 @@ public class ConnectivityService extends IConnectivityManager.Stub
throw new IllegalStateException(e);
}
}
@Override
public void setFirewallChainEnabled(final int chain, final boolean enable) {
enforceNetworkStackOrSettingsPermission();
try {
mNetd.firewallEnableChildChain(chain, enable);
} catch (RemoteException | ServiceSpecificException e) {
throw new IllegalStateException(e);
}
}
}