Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Minor fixes for netd restarts and StrictController."

Browse Source
This commit is contained in:
Treehugger Robot
2017-08-09 10:26:14 +00:00
committed by Gerrit Code Review
parent 973ddd55eb 8c253ade20
commit 2f5ca257b5
1 changed files with 66 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
services/core/java/com/android/server/NetworkManagementService.java
View File

@@ -64,6 +64,7 @@ import android.net.NetworkStats;
import android.net.NetworkUtils;
import android.net.RouteInfo;
import android.net.UidRange;
import android.net.util.NetdService;
import android.net.wifi.WifiConfiguration;
import android.net.wifi.WifiConfiguration.KeyMgmt;
import android.os.BatteryStats;
@@ -340,7 +341,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub
if (DBG) Slog.d(TAG, "Awaiting socket connection");
connectedSignal.await();
if (DBG) Slog.d(TAG, "Connected");
if (DBG) Slog.d(TAG, "Connecting native netd service");
service.connectNativeNetdService();
if (DBG) Slog.d(TAG, "Connected");
return service;
}
@@ -549,14 +552,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
}
private void connectNativeNetdService() {
boolean nativeServiceAvailable = false;
try {
mNetdService = INetd.Stub.asInterface(ServiceManager.getService(NETD_SERVICE_NAME));
nativeServiceAvailable = mNetdService.isAlive();
} catch (RemoteException e) {}
if (!nativeServiceAvailable) {
Slog.wtf(TAG, "Can't connect to NativeNetdService " + NETD_SERVICE_NAME);
}
mNetdService = NetdService.get();
}
/**
@@ -569,37 +565,31 @@ public class NetworkManagementService extends INetworkManagementService.Stub
// only enable bandwidth control when support exists
final boolean hasKernelSupport = new File("/proc/net/xt_qtaguid/ctrl").exists();
if (hasKernelSupport) {
Slog.d(TAG, "enabling bandwidth control");
try {
mConnector.execute("bandwidth", "enable");
mBandwidthControlEnabled = true;
} catch (NativeDaemonConnectorException e) {
Log.wtf(TAG, "problem enabling bandwidth controls", e);
}
} else {
Slog.i(TAG, "not enabling bandwidth control");
}
SystemProperties.set(PROP_QTAGUID_ENABLED, mBandwidthControlEnabled ? "1" : "0");
if (mBandwidthControlEnabled) {
try {
getBatteryStats().noteNetworkStatsEnabled();
} catch (RemoteException e) {
}
}
try {
mConnector.execute("strict", "enable");
mStrictEnabled = true;
} catch (NativeDaemonConnectorException e) {
Log.wtf(TAG, "Failed strict enable", e);
}
// push any existing quota or UID rules
synchronized (mQuotaLock) {
if (hasKernelSupport) {
Slog.d(TAG, "enabling bandwidth control");
try {
mConnector.execute("bandwidth", "enable");
mBandwidthControlEnabled = true;
} catch (NativeDaemonConnectorException e) {
Log.wtf(TAG, "problem enabling bandwidth controls", e);
}
} else {
Slog.i(TAG, "not enabling bandwidth control");
}
SystemProperties.set(PROP_QTAGUID_ENABLED, mBandwidthControlEnabled ? "1" : "0");
try {
mConnector.execute("strict", "enable");
mStrictEnabled = true;
} catch (NativeDaemonConnectorException e) {
Log.wtf(TAG, "Failed strict enable", e);
}
setDataSaverModeEnabled(mDataSaverMode);
int size = mActiveQuotas.size();
@@ -672,6 +662,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub
setFirewallChainEnabled(FIREWALL_CHAIN_POWERSAVE, true);
}
}
if (mBandwidthControlEnabled) {
try {
getBatteryStats().noteNetworkStatsEnabled();
} catch (RemoteException e) {
}
}
}
/**
@@ -1716,6 +1714,30 @@ public class NetworkManagementService extends INetworkManagementService.Stub
}
}
private void applyUidCleartextNetworkPolicy(int uid, int policy) {
final String policyString;
switch (policy) {
case StrictMode.NETWORK_POLICY_ACCEPT:
policyString = "accept";
break;
case StrictMode.NETWORK_POLICY_LOG:
policyString = "log";
break;
case StrictMode.NETWORK_POLICY_REJECT:
policyString = "reject";
break;
default:
throw new IllegalArgumentException("Unknown policy " + policy);
}
try {
mConnector.execute("strict", "set_uid_cleartext_policy", uid, policyString);
mUidCleartextPolicy.put(uid, policy);
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
}
}
@Override
public void setUidCleartextNetworkPolicy(int uid, int policy) {
if (Binder.getCallingUid() != uid) {
@@ -1725,6 +1747,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub
synchronized (mQuotaLock) {
final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT);
if (oldPolicy == policy) {
// This also ensures we won't needlessly apply an ACCEPT policy if we've just
// enabled strict and the underlying iptables rules are empty.
return;
}
@@ -1735,28 +1759,15 @@ public class NetworkManagementService extends INetworkManagementService.Stub
return;
}
final String policyString;
switch (policy) {
case StrictMode.NETWORK_POLICY_ACCEPT:
policyString = "accept";
break;
case StrictMode.NETWORK_POLICY_LOG:
policyString = "log";
break;
case StrictMode.NETWORK_POLICY_REJECT:
policyString = "reject";
break;
default:
throw new IllegalArgumentException("Unknown policy " + policy);
}
try {
mConnector.execute("strict", "set_uid_cleartext_policy", uid, policyString);
mUidCleartextPolicy.put(uid, policy);
} catch (NativeDaemonConnectorException e) {
throw e.rethrowAsParcelableException();
// netd does not keep state on strict mode policies, and cannot replace a non-accept
// policy without deleting it first. Rather than add state to netd, just always send
// it an accept policy when switching between two non-accept policies.
if (oldPolicy != StrictMode.NETWORK_POLICY_ACCEPT &&
policy != StrictMode.NETWORK_POLICY_ACCEPT) {
applyUidCleartextNetworkPolicy(uid, policy);
}
}
applyUidCleartextNetworkPolicy(uid, policy);
}
@Override