LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Add updateFirewallRule API"

Browse Source
This commit is contained in:
Mark Chien
2022-01-14 05:33:22 +00:00
committed by Gerrit Code Review
parent bb766e83c3 e1561fa800
commit c65ecacd6f
4 changed files with 91 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
framework/src/android/net/ConnectivityManager.java
View File

@@ -930,6 +930,48 @@ public class ConnectivityManager {
@UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 130143562)
private final IConnectivityManager mService;
/**
* Firewall chain for device idle (doze mode).
* Allowlist of apps that have network access in device idle.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
public static final int FIREWALL_CHAIN_DOZABLE = 1;
/**
* Firewall chain used for app standby.
* Denylist of apps that do not have network access.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
public static final int FIREWALL_CHAIN_STANDBY = 2;
/**
* Firewall chain used for battery saver.
* Allowlist of apps that have network access when battery saver is on.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
public static final int FIREWALL_CHAIN_POWERSAVE = 3;
/**
* Firewall chain used for restricted networking mode.
* Allowlist of apps that have access in restricted networking mode.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
public static final int FIREWALL_CHAIN_RESTRICTED = 4;
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@IntDef(flag = false, prefix = "FIREWALL_CHAIN_", value = {
FIREWALL_CHAIN_DOZABLE,
FIREWALL_CHAIN_STANDBY,
FIREWALL_CHAIN_POWERSAVE,
FIREWALL_CHAIN_RESTRICTED
})
public @interface FirewallChain {}
/**
* A kludge to facilitate static access where a Context pointer isn't available, like in the
* case of the static set/getProcessDefaultNetwork methods and from the Network class.
@@ -5566,9 +5608,11 @@ public class ConnectivityManager {
}
/**
* Allow target application using metered network.
* Sets whether the specified UID is allowed to use data on metered networks even when
* background data is restricted.
*
* @param uid uid of target app
* @throws IllegalStateException if update allow list failed.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
@@ -5582,15 +5626,15 @@ public class ConnectivityManager {
mService.updateMeteredNetworkAllowList(uid, add);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (IllegalStateException ie) {
throw ie;
}
}
/**
* Disallow target application using metered network.
* Sets whether the specified UID is prevented from using background data on metered networks.
* Takes precedence over {@link #updateMeteredNetworkAllowList}.
*
* @param uid uid of target app
* @throws IllegalStateException if update deny list failed.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
@@ -5604,8 +5648,30 @@ public class ConnectivityManager {
mService.updateMeteredNetworkDenyList(uid, add);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (IllegalStateException ie) {
throw ie;
}
}
/**
* Sets a firewall rule for the specified UID on the specified chain.
*
* @param chain target chain.
* @param uid uid to allow/deny.
* @param allow either add or remove rule.
* @throws IllegalStateException if update firewall rule failed.
* @hide
*/
@SystemApi(client = MODULE_LIBRARIES)
@RequiresPermission(anyOf = {
android.Manifest.permission.NETWORK_SETTINGS,
android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
})
public void updateFirewallRule(@FirewallChain final int chain, final int uid,
final boolean allow) {
try {
mService.updateFirewallRule(chain, uid, allow);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
}

2
framework/src/android/net/IConnectivityManager.aidl
View File

@@ -234,4 +234,6 @@ interface IConnectivityManager
void updateMeteredNetworkAllowList(int uid, boolean add);
void updateMeteredNetworkDenyList(int uid, boolean add);
void updateFirewallRule(int chain, int uid, boolean allow);
}