Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update language to comply with Android’s inclusive language guidance.

Browse Source 
See https://source.android.com/setup/contribute/respectful-code for reference

Leaving the power save whitelists as is for now. These will be handled
in a follow-up cl.

Bug: 161896447
Test: atest ./hostsidetests/net/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Test: atest ./services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java
Change-Id: I5059d8362a02a7b4622c71fdf15297af87c5a3dd
This commit is contained in:
Sudheer Shanka
2020-07-31 02:57:01 -07:00
parent 6117d617e9
commit 76e523aa00
10 changed files with 231 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/java/android/os/INetworkManagementService.aidl
View File

@@ -287,8 +287,8 @@ interface INetworkManagementService
/**
* Control network activity of a UID over interfaces with a quota limit.
*/
void setUidMeteredNetworkBlacklist(int uid, boolean enable);
void setUidMeteredNetworkWhitelist(int uid, boolean enable);
void setUidMeteredNetworkDenylist(int uid, boolean enable);
void setUidMeteredNetworkAllowlist(int uid, boolean enable);
boolean setDataSaverModeEnabled(boolean enable);
void setUidCleartextNetworkPolicy(int uid, int policy);

36
services/core/java/com/android/server/NetworkManagementService.java
View File

@@ -185,10 +185,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
/** Set of interfaces with active alerts. */
@GuardedBy("mQuotaLock")
private HashMap<String, Long> mActiveAlerts = Maps.newHashMap();
/** Set of UIDs blacklisted on metered networks. */
/** Set of UIDs denylisted on metered networks. */
@GuardedBy("mRulesLock")
private SparseBooleanArray mUidRejectOnMetered = new SparseBooleanArray();
/** Set of UIDs whitelisted on metered networks. */
/** Set of UIDs allowlisted on metered networks. */
@GuardedBy("mRulesLock")
private SparseBooleanArray mUidAllowOnMetered = new SparseBooleanArray();
/** Set of UIDs with cleartext penalties. */
@@ -561,27 +561,27 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
synchronized (mRulesLock) {
size = mUidRejectOnMetered.size();
if (size > 0) {
if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered blacklist rules");
if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered denylist rules");
uidRejectOnQuota = mUidRejectOnMetered;
mUidRejectOnMetered = new SparseBooleanArray();
}
size = mUidAllowOnMetered.size();
if (size > 0) {
if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered whitelist rules");
if (DBG) Slog.d(TAG, "Pushing " + size + " UIDs to metered allowlist rules");
uidAcceptOnQuota = mUidAllowOnMetered;
mUidAllowOnMetered = new SparseBooleanArray();
}
}
if (uidRejectOnQuota != null) {
for (int i = 0; i < uidRejectOnQuota.size(); i++) {
setUidMeteredNetworkBlacklist(uidRejectOnQuota.keyAt(i),
setUidMeteredNetworkDenylist(uidRejectOnQuota.keyAt(i),
uidRejectOnQuota.valueAt(i));
}
}
if (uidAcceptOnQuota != null) {
for (int i = 0; i < uidAcceptOnQuota.size(); i++) {
setUidMeteredNetworkWhitelist(uidAcceptOnQuota.keyAt(i),
setUidMeteredNetworkAllowlist(uidAcceptOnQuota.keyAt(i),
uidAcceptOnQuota.valueAt(i));
}
}
@@ -1307,14 +1307,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
}
}
private void setUidOnMeteredNetworkList(int uid, boolean blacklist, boolean enable) {
private void setUidOnMeteredNetworkList(int uid, boolean denylist, boolean enable) {
NetworkStack.checkNetworkStackPermission(mContext);
synchronized (mQuotaLock) {
boolean oldEnable;
SparseBooleanArray quotaList;
synchronized (mRulesLock) {
quotaList = blacklist ? mUidRejectOnMetered : mUidAllowOnMetered;
quotaList = denylist ? mUidRejectOnMetered : mUidAllowOnMetered;
oldEnable = quotaList.get(uid, false);
}
if (oldEnable == enable) {
@@ -1324,7 +1324,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "inetd bandwidth");
try {
if (blacklist) {
if (denylist) {
if (enable) {
mNetdService.bandwidthAddNaughtyApp(uid);
} else {
@@ -1353,12 +1353,12 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
}
@Override
public void setUidMeteredNetworkBlacklist(int uid, boolean enable) {
public void setUidMeteredNetworkDenylist(int uid, boolean enable) {
setUidOnMeteredNetworkList(uid, true, enable);
}
@Override
public void setUidMeteredNetworkWhitelist(int uid, boolean enable) {
public void setUidMeteredNetworkAllowlist(int uid, boolean enable) {
setUidOnMeteredNetworkList(uid, false, enable);
}
@@ -1626,7 +1626,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
}
}
}
// Normally, whitelist chains only contain deny rules, so numUids == exemptUids.length.
// Normally, allowlist chains only contain deny rules, so numUids == exemptUids.length.
// But the code does not guarantee this in any way, and at least in one case - if we add
// a UID rule to the firewall, and then disable the firewall - the chains can contain
// the wrong type of rule. In this case, don't close connections that we shouldn't.
@@ -1691,7 +1691,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
// Close any sockets that were opened by the affected UIDs. This has to be done after
// disabling network connectivity, in case they react to the socket close by reopening
// the connection and race with the iptables commands that enable the firewall. All
// whitelist and blacklist chains allow RSTs through.
// allowlist and denylist chains allow RSTs through.
if (enable) {
closeSocketsForFirewallChainLocked(chain, chainName);
}
@@ -1828,7 +1828,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
} else {
ruleName = "deny";
}
} else { // Blacklist mode
} else { // Denylist mode
if (rule == FIREWALL_RULE_DENY) {
ruleName = "deny";
} else {
@@ -1913,8 +1913,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
pw.print("Active alert ifaces: "); pw.println(mActiveAlerts.toString());
pw.print("Data saver mode: "); pw.println(mDataSaverMode);
synchronized (mRulesLock) {
dumpUidRuleOnQuotaLocked(pw, "blacklist", mUidRejectOnMetered);
dumpUidRuleOnQuotaLocked(pw, "whitelist", mUidAllowOnMetered);
dumpUidRuleOnQuotaLocked(pw, "denylist", mUidRejectOnMetered);
dumpUidRuleOnQuotaLocked(pw, "allowlist", mUidAllowOnMetered);
}
}
@@ -2179,9 +2179,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub {
}
}
void setUidOnMeteredNetworkList(boolean blacklist, int uid, boolean enable) {
void setUidOnMeteredNetworkList(boolean denylist, int uid, boolean enable) {
synchronized (mRulesLock) {
if (blacklist) {
if (denylist) {
mUidRejectOnMetered.put(uid, enable);
} else {
mUidAllowOnMetered.put(uid, enable);

18
services/core/java/com/android/server/net/NetworkPolicyLogger.java
View File

@@ -70,9 +70,9 @@ public class NetworkPolicyLogger {
static final int NTWK_BLOCKED_POWER = 0;
static final int NTWK_ALLOWED_NON_METERED = 1;
static final int NTWK_BLOCKED_BLACKLIST = 2;
static final int NTWK_ALLOWED_WHITELIST = 3;
static final int NTWK_ALLOWED_TMP_WHITELIST = 4;
static final int NTWK_BLOCKED_DENYLIST = 2;
static final int NTWK_ALLOWED_ALLOWLIST = 3;
static final int NTWK_ALLOWED_TMP_ALLOWLIST = 4;
static final int NTWK_BLOCKED_BG_RESTRICT = 5;
static final int NTWK_ALLOWED_DEFAULT = 6;
static final int NTWK_ALLOWED_SYSTEM = 7;
@@ -269,12 +269,12 @@ public class NetworkPolicyLogger {
return "blocked by power restrictions";
case NTWK_ALLOWED_NON_METERED:
return "allowed on unmetered network";
case NTWK_BLOCKED_BLACKLIST:
return "blacklisted on metered network";
case NTWK_ALLOWED_WHITELIST:
return "whitelisted on metered network";
case NTWK_ALLOWED_TMP_WHITELIST:
return "temporary whitelisted on metered network";
case NTWK_BLOCKED_DENYLIST:
return "denylisted on metered network";
case NTWK_ALLOWED_ALLOWLIST:
return "allowlisted on metered network";
case NTWK_ALLOWED_TMP_ALLOWLIST:
return "temporary allowlisted on metered network";
case NTWK_BLOCKED_BG_RESTRICT:
return "blocked when background is restricted";
case NTWK_ALLOWED_DEFAULT:

264
services/core/java/com/android/server/net/NetworkPolicyManagerService.java
View File

@@ -101,13 +101,13 @@ import static com.android.internal.util.XmlUtils.writeIntAttribute;
import static com.android.internal.util.XmlUtils.writeLongAttribute;
import static com.android.internal.util.XmlUtils.writeStringAttribute;
import static com.android.server.NetworkManagementService.LIMIT_GLOBAL_ALERT;
import static com.android.server.net.NetworkPolicyLogger.NTWK_ALLOWED_ALLOWLIST;
import static com.android.server.net.NetworkPolicyLogger.NTWK_ALLOWED_DEFAULT;
import static com.android.server.net.NetworkPolicyLogger.NTWK_ALLOWED_NON_METERED;
import static com.android.server.net.NetworkPolicyLogger.NTWK_ALLOWED_SYSTEM;
import static com.android.server.net.NetworkPolicyLogger.NTWK_ALLOWED_TMP_WHITELIST;
import static com.android.server.net.NetworkPolicyLogger.NTWK_ALLOWED_WHITELIST;
import static com.android.server.net.NetworkPolicyLogger.NTWK_ALLOWED_TMP_ALLOWLIST;
import static com.android.server.net.NetworkPolicyLogger.NTWK_BLOCKED_BG_RESTRICT;
import static com.android.server.net.NetworkPolicyLogger.NTWK_BLOCKED_BLACKLIST;
import static com.android.server.net.NetworkPolicyLogger.NTWK_BLOCKED_DENYLIST;
import static com.android.server.net.NetworkPolicyLogger.NTWK_BLOCKED_POWER;
import static com.android.server.net.NetworkStatsService.ACTION_NETWORK_STATS_UPDATED;
@@ -507,7 +507,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
* UIDs that have been initially white-listed by system to avoid restricted background.
*/
@GuardedBy("mUidRulesFirstLock")
private final SparseBooleanArray mDefaultRestrictBackgroundWhitelistUids =
private final SparseBooleanArray mDefaultRestrictBackgroundAllowlistUids =
new SparseBooleanArray();
/**
@@ -515,7 +515,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
* but later revoked by user.
*/
@GuardedBy("mUidRulesFirstLock")
private final SparseBooleanArray mRestrictBackgroundWhitelistRevokedUids =
private final SparseBooleanArray mRestrictBackgroundAllowlistRevokedUids =
new SparseBooleanArray();
/** Set of ifaces that are metered. */
@@ -582,7 +582,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
@GuardedBy("mUidRulesFirstLock")
private final SparseBooleanArray mInternetPermissionMap = new SparseBooleanArray();
// TODO: keep whitelist of system-critical services that should never have
// TODO: keep allowlist of system-critical services that should never have
// rules enforced, such as system, phone, and radio UIDs.
// TODO: migrate notifications to SystemUI
@@ -668,26 +668,26 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
/**
* Whitelists pre-defined apps for restrict background, but only if the user didn't already
* revoke the whitelist.
* Allows pre-defined apps for restrict background, but only if the user didn't already
* revoked them.
*
* @return whether any uid has been whitelisted.
* @return whether any uid has been allowlisted.
*/
@GuardedBy("mUidRulesFirstLock")
boolean addDefaultRestrictBackgroundWhitelistUidsUL() {
boolean addDefaultRestrictBackgroundAllowlistUidsUL() {
final List<UserInfo> users = mUserManager.getUsers();
final int numberUsers = users.size();
boolean changed = false;
for (int i = 0; i < numberUsers; i++) {
final UserInfo user = users.get(i);
changed = addDefaultRestrictBackgroundWhitelistUidsUL(user.id) || changed;
changed = addDefaultRestrictBackgroundAllowlistUidsUL(user.id) || changed;
}
return changed;
}
@GuardedBy("mUidRulesFirstLock")
private boolean addDefaultRestrictBackgroundWhitelistUidsUL(int userId) {
private boolean addDefaultRestrictBackgroundAllowlistUidsUL(int userId) {
final SystemConfig sysConfig = SystemConfig.getInstance();
final PackageManager pm = mContext.getPackageManager();
final ArraySet<String> allowDataUsage = sysConfig.getAllowInDataUsageSave();
@@ -695,7 +695,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
for (int i = 0; i < allowDataUsage.size(); i++) {
final String pkg = allowDataUsage.valueAt(i);
if (LOGD)
Slog.d(TAG, "checking restricted background whitelisting for package " + pkg
Slog.d(TAG, "checking restricted background allowlisting for package " + pkg
+ " and user " + userId);
final ApplicationInfo app;
try {
@@ -706,20 +706,20 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
continue;
}
if (!app.isPrivilegedApp()) {
Slog.e(TAG, "addDefaultRestrictBackgroundWhitelistUidsUL(): "
Slog.e(TAG, "addDefaultRestrictBackgroundAllowlistUidsUL(): "
+ "skipping non-privileged app " + pkg);
continue;
}
final int uid = UserHandle.getUid(userId, app.uid);
mDefaultRestrictBackgroundWhitelistUids.append(uid, true);
mDefaultRestrictBackgroundAllowlistUids.append(uid, true);
if (LOGD)
Slog.d(TAG, "Adding uid " + uid + " (user " + userId + ") to default restricted "
+ "background whitelist. Revoked status: "
+ mRestrictBackgroundWhitelistRevokedUids.get(uid));
if (!mRestrictBackgroundWhitelistRevokedUids.get(uid)) {
+ "background allowlist. Revoked status: "
+ mRestrictBackgroundAllowlistRevokedUids.get(uid));
if (!mRestrictBackgroundAllowlistRevokedUids.get(uid)) {
if (LOGD)
Slog.d(TAG, "adding default package " + pkg + " (uid " + uid + " for user "
+ userId + ") to restrict background whitelist");
+ userId + ") to restrict background allowlist");
setUidPolicyUncheckedUL(uid, POLICY_ALLOW_METERED_BACKGROUND, false);
changed = true;
}
@@ -799,7 +799,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
});
if (addDefaultRestrictBackgroundWhitelistUidsUL()) {
if (addDefaultRestrictBackgroundAllowlistUidsUL()) {
writePolicyAL();
}
@@ -1005,14 +1005,14 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
case ACTION_USER_ADDED:
synchronized (mUidRulesFirstLock) {
// Remove any persistable state for the given user; both cleaning up after a
// USER_REMOVED, and one last sanity check during USER_ADDED
// USER_REMOVED, and one last check during USER_ADDED
removeUserStateUL(userId, true, false);
// Removing outside removeUserStateUL since that can also be called when
// user resets app preferences.
mMeteredRestrictedUids.remove(userId);
if (action == ACTION_USER_ADDED) {
// Add apps that are whitelisted by default.
addDefaultRestrictBackgroundWhitelistUidsUL(userId);
// Add apps that are allowlisted by default.
addDefaultRestrictBackgroundAllowlistUidsUL(userId);
}
// Update global restrict for that user
synchronized (mNetworkPoliciesSecondLock) {
@@ -2196,12 +2196,12 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
in.setInput(fis, StandardCharsets.UTF_8.name());
// Must save the <restrict-background> tags and convert them to <uid-policy> later,
// to skip UIDs that were explicitly blacklisted.
final SparseBooleanArray whitelistedRestrictBackground = new SparseBooleanArray();
// to skip UIDs that were explicitly denylisted.
final SparseBooleanArray allowlistedRestrictBackground = new SparseBooleanArray();
int type;
int version = VERSION_INIT;
boolean insideWhitelist = false;
boolean insideAllowlist = false;
while ((type = in.next()) != END_DOCUMENT) {
final String tag = in.getName();
if (type == START_TAG) {
@@ -2340,28 +2340,28 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
Slog.w(TAG, "unable to apply policy to UID " + uid + "; ignoring");
}
} else if (TAG_WHITELIST.equals(tag)) {
insideWhitelist = true;
} else if (TAG_RESTRICT_BACKGROUND.equals(tag) && insideWhitelist) {
insideAllowlist = true;
} else if (TAG_RESTRICT_BACKGROUND.equals(tag) && insideAllowlist) {
final int uid = readIntAttribute(in, ATTR_UID);
whitelistedRestrictBackground.append(uid, true);
} else if (TAG_REVOKED_RESTRICT_BACKGROUND.equals(tag) && insideWhitelist) {
allowlistedRestrictBackground.append(uid, true);
} else if (TAG_REVOKED_RESTRICT_BACKGROUND.equals(tag) && insideAllowlist) {
final int uid = readIntAttribute(in, ATTR_UID);
mRestrictBackgroundWhitelistRevokedUids.put(uid, true);
mRestrictBackgroundAllowlistRevokedUids.put(uid, true);
}
} else if (type == END_TAG) {
if (TAG_WHITELIST.equals(tag)) {
insideWhitelist = false;
insideAllowlist = false;
}
}
}
final int size = whitelistedRestrictBackground.size();
final int size = allowlistedRestrictBackground.size();
for (int i = 0; i < size; i++) {
final int uid = whitelistedRestrictBackground.keyAt(i);
final int uid = allowlistedRestrictBackground.keyAt(i);
final int policy = mUidPolicy.get(uid, POLICY_NONE);
if ((policy & POLICY_REJECT_METERED_BACKGROUND) != 0) {
Slog.w(TAG, "ignoring restrict-background-whitelist for " + uid
Slog.w(TAG, "ignoring restrict-background-allowlist for " + uid
+ " because its policy is " + uidPoliciesToString(policy));
continue;
}
@@ -2533,13 +2533,13 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
out.endTag(null, TAG_POLICY_LIST);
// write all whitelists
// write all allowlists
out.startTag(null, TAG_WHITELIST);
// revoked restrict background whitelist
int size = mRestrictBackgroundWhitelistRevokedUids.size();
// revoked restrict background allowlist
int size = mRestrictBackgroundAllowlistRevokedUids.size();
for (int i = 0; i < size; i++) {
final int uid = mRestrictBackgroundWhitelistRevokedUids.keyAt(i);
final int uid = mRestrictBackgroundAllowlistRevokedUids.keyAt(i);
out.startTag(null, TAG_REVOKED_RESTRICT_BACKGROUND);
writeIntAttribute(out, ATTR_UID, uid);
out.endTag(null, TAG_REVOKED_RESTRICT_BACKGROUND);
@@ -2619,21 +2619,21 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
setUidPolicyUncheckedUL(uid, policy, false);
final boolean notifyApp;
if (!isUidValidForWhitelistRulesUL(uid)) {
if (!isUidValidForAllowlistRulesUL(uid)) {
notifyApp = false;
} else {
final boolean wasBlacklisted = oldPolicy == POLICY_REJECT_METERED_BACKGROUND;
final boolean isBlacklisted = policy == POLICY_REJECT_METERED_BACKGROUND;
final boolean wasWhitelisted = oldPolicy == POLICY_ALLOW_METERED_BACKGROUND;
final boolean isWhitelisted = policy == POLICY_ALLOW_METERED_BACKGROUND;
final boolean wasBlocked = wasBlacklisted || (mRestrictBackground && !wasWhitelisted);
final boolean isBlocked = isBlacklisted || (mRestrictBackground && !isWhitelisted);
if ((wasWhitelisted && (!isWhitelisted || isBlacklisted))
&& mDefaultRestrictBackgroundWhitelistUids.get(uid)
&& !mRestrictBackgroundWhitelistRevokedUids.get(uid)) {
final boolean wasDenylisted = oldPolicy == POLICY_REJECT_METERED_BACKGROUND;
final boolean isDenylisted = policy == POLICY_REJECT_METERED_BACKGROUND;
final boolean wasAllowlisted = oldPolicy == POLICY_ALLOW_METERED_BACKGROUND;
final boolean isAllowlisted = policy == POLICY_ALLOW_METERED_BACKGROUND;
final boolean wasBlocked = wasDenylisted || (mRestrictBackground && !wasAllowlisted);
final boolean isBlocked = isDenylisted || (mRestrictBackground && !isAllowlisted);
if ((wasAllowlisted && (!isAllowlisted || isDenylisted))
&& mDefaultRestrictBackgroundAllowlistUids.get(uid)
&& !mRestrictBackgroundAllowlistRevokedUids.get(uid)) {
if (LOGD)
Slog.d(TAG, "Adding uid " + uid + " to revoked restrict background whitelist");
mRestrictBackgroundWhitelistRevokedUids.append(uid, true);
Slog.d(TAG, "Adding uid " + uid + " to revoked restrict background allowlist");
mRestrictBackgroundAllowlistRevokedUids.append(uid, true);
}
notifyApp = wasBlocked != isBlocked;
}
@@ -2700,11 +2700,11 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
mLogger.removingUserState(userId);
boolean changed = false;
// Remove entries from revoked default restricted background UID whitelist
for (int i = mRestrictBackgroundWhitelistRevokedUids.size() - 1; i >= 0; i--) {
final int uid = mRestrictBackgroundWhitelistRevokedUids.keyAt(i);
// Remove entries from revoked default restricted background UID allowlist
for (int i = mRestrictBackgroundAllowlistRevokedUids.size() - 1; i >= 0; i--) {
final int uid = mRestrictBackgroundAllowlistRevokedUids.keyAt(i);
if (UserHandle.getUserId(uid) == userId) {
mRestrictBackgroundWhitelistRevokedUids.removeAt(i);
mRestrictBackgroundAllowlistRevokedUids.removeAt(i);
changed = true;
}
}
@@ -2913,7 +2913,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
Slog.d(TAG, "setRestrictBackgroundUL(): " + restrictBackground + "; reason: " + reason);
final boolean oldRestrictBackground = mRestrictBackground;
mRestrictBackground = restrictBackground;
// Must whitelist foreground apps before turning data saver mode on.
// Must allowlist foreground apps before turning data saver mode on.
// TODO: there is no need to iterate through all apps here, just those in the foreground,
// so it could call AM to get the UIDs of such apps, and iterate through them instead.
updateRulesForRestrictBackgroundUL();
@@ -2966,7 +2966,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
Binder.restoreCallingIdentity(token);
}
if (policy == POLICY_REJECT_METERED_BACKGROUND) {
// App is blacklisted.
// App is denylisted.
return RESTRICT_BACKGROUND_STATUS_ENABLED;
}
if (!mRestrictBackground) {
@@ -3543,25 +3543,25 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
fout.decreaseIndent();
}
size = mDefaultRestrictBackgroundWhitelistUids.size();
size = mDefaultRestrictBackgroundAllowlistUids.size();
if (size > 0) {
fout.println("Default restrict background whitelist uids:");
fout.println("Default restrict background allowlist uids:");
fout.increaseIndent();
for (int i = 0; i < size; i++) {
fout.print("UID=");
fout.print(mDefaultRestrictBackgroundWhitelistUids.keyAt(i));
fout.print(mDefaultRestrictBackgroundAllowlistUids.keyAt(i));
fout.println();
}
fout.decreaseIndent();
}
size = mRestrictBackgroundWhitelistRevokedUids.size();
size = mRestrictBackgroundAllowlistRevokedUids.size();
if (size > 0) {
fout.println("Default restrict background whitelist uids revoked by users:");
fout.println("Default restrict background allowlist uids revoked by users:");
fout.increaseIndent();
for (int i = 0; i < size; i++) {
fout.print("UID=");
fout.print(mRestrictBackgroundWhitelistRevokedUids.keyAt(i));
fout.print(mRestrictBackgroundAllowlistRevokedUids.keyAt(i));
fout.println();
}
fout.decreaseIndent();
@@ -3882,7 +3882,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
@GuardedBy("mUidRulesFirstLock")
void updateRuleForAppIdleUL(int uid) {
if (!isUidValidForBlacklistRulesUL(uid)) return;
if (!isUidValidForDenylistRulesUL(uid)) return;
if (Trace.isTagEnabled(Trace.TRACE_TAG_NETWORK)) {
Trace.traceBegin(Trace.TRACE_TAG_NETWORK, "updateRuleForAppIdleUL: " + uid );
@@ -3915,13 +3915,13 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
final SparseIntArray blockedUids = new SparseIntArray();
for (int i = 0; i < ruleCount; i++) {
final int uid = mUidFirewallStandbyRules.keyAt(i);
if (!isUidValidForBlacklistRulesUL(uid)) {
if (!isUidValidForDenylistRulesUL(uid)) {
continue;
}
int oldRules = mUidRules.get(uid);
if (enableChain) {
// Chain wasn't enabled before and the other power-related
// chains are whitelists, so we can clear the
// chains are allowlists, so we can clear the
// MASK_ALL_NETWORKS part of the rules and re-inform listeners if
// the effective rules result in blocking network access.
oldRules &= MASK_METERED_NETWORKS;
@@ -4079,10 +4079,10 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
// TODO: the MEDIA / DRM restriction might not be needed anymore, in which case both
// methods below could be merged into a isUidValidForRules() method.
@GuardedBy("mUidRulesFirstLock")
private boolean isUidValidForBlacklistRulesUL(int uid) {
private boolean isUidValidForDenylistRulesUL(int uid) {
// allow rules on specific system services, and any apps
if (uid == android.os.Process.MEDIA_UID || uid == android.os.Process.DRM_UID
|| isUidValidForWhitelistRulesUL(uid)) {
|| isUidValidForAllowlistRulesUL(uid)) {
return true;
}
@@ -4090,7 +4090,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
@GuardedBy("mUidRulesFirstLock")
private boolean isUidValidForWhitelistRulesUL(int uid) {
private boolean isUidValidForAllowlistRulesUL(int uid) {
return UserHandle.isApp(uid) && hasInternetPermissionUL(uid);
}
@@ -4235,23 +4235,23 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
/**
* Applies network rules to bandwidth controllers based on process state and user-defined
* restrictions (blacklist / whitelist).
* restrictions (allowlist / denylist).
*
* <p>
* {@code netd} defines 3 firewall chains that govern whether an app has access to metered
* networks:
* <ul>
* <li>@{code bw_penalty_box}: UIDs added to this chain do not have access (blacklist).
* <li>@{code bw_happy_box}: UIDs added to this chain have access (whitelist), unless they're
* also blacklisted.
* <li>@{code bw_penalty_box}: UIDs added to this chain do not have access (denylist).
* <li>@{code bw_happy_box}: UIDs added to this chain have access (allowlist), unless they're
* also denylisted.
* <li>@{code bw_data_saver}: when enabled (through {@link #setRestrictBackground(boolean)}),
* no UIDs other than those whitelisted will have access.
* no UIDs other than those allowlisted will have access.
* <ul>
*
* <p>The @{code bw_penalty_box} and @{code bw_happy_box} are primarily managed through the
* {@link #setUidPolicy(int, int)} and {@link #addRestrictBackgroundWhitelistedUid(int)} /
* {@link #removeRestrictBackgroundWhitelistedUid(int)} methods (for blacklist and whitelist
* respectively): these methods set the proper internal state (blacklist / whitelist), then call
* {@link #setUidPolicy(int, int)} and {@link #addRestrictBackgroundAllowlistedUid(int)} /
* {@link #removeRestrictBackgroundDenylistedUid(int)} methods (for denylist and allowlist
* respectively): these methods set the proper internal state (denylist / allowlist), then call
* this ({@link #updateRulesForDataUsageRestrictionsUL(int)}) to propagate the rules to
* {@link INetworkManagementService}, but this method should also be called in events (like
* Data Saver Mode flips or UID state changes) that might affect the foreground app, since the
@@ -4260,7 +4260,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
* <ul>
* <li>When Data Saver mode is on, the foreground app should be temporarily added to
* {@code bw_happy_box} before the @{code bw_data_saver} chain is enabled.
* <li>If the foreground app is blacklisted by the user, it should be temporarily removed from
* <li>If the foreground app is denylisted by the user, it should be temporarily removed from
* {@code bw_penalty_box}.
* <li>When the app leaves foreground state, the temporary changes above should be reverted.
* </ul>
@@ -4285,7 +4285,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
private void updateRulesForDataUsageRestrictionsULInner(int uid) {
if (!isUidValidForWhitelistRulesUL(uid)) {
if (!isUidValidForAllowlistRulesUL(uid)) {
if (LOGD) Slog.d(TAG, "no need to update restrict data rules for uid " + uid);
return;
}
@@ -4295,8 +4295,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
final boolean isForeground = isUidForegroundOnRestrictBackgroundUL(uid);
final boolean isRestrictedByAdmin = isRestrictedByAdminUL(uid);
final boolean isBlacklisted = (uidPolicy & POLICY_REJECT_METERED_BACKGROUND) != 0;
final boolean isWhitelisted = (uidPolicy & POLICY_ALLOW_METERED_BACKGROUND) != 0;
final boolean isDenylisted = (uidPolicy & POLICY_REJECT_METERED_BACKGROUND) != 0;
final boolean isAllowlisted = (uidPolicy & POLICY_ALLOW_METERED_BACKGROUND) != 0;
final int oldRule = oldUidRules & MASK_METERED_NETWORKS;
int newRule = RULE_NONE;
@@ -4304,15 +4304,15 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
if (isRestrictedByAdmin) {
newRule = RULE_REJECT_METERED;
} else if (isForeground) {
if (isBlacklisted || (mRestrictBackground && !isWhitelisted)) {
if (isDenylisted || (mRestrictBackground && !isAllowlisted)) {
newRule = RULE_TEMPORARY_ALLOW_METERED;
} else if (isWhitelisted) {
} else if (isAllowlisted) {
newRule = RULE_ALLOW_METERED;
}
} else {
if (isBlacklisted) {
if (isDenylisted) {
newRule = RULE_REJECT_METERED;
} else if (mRestrictBackground && isWhitelisted) {
} else if (mRestrictBackground && isAllowlisted) {
newRule = RULE_ALLOW_METERED;
}
}
@@ -4321,8 +4321,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
if (LOGV) {
Log.v(TAG, "updateRuleForRestrictBackgroundUL(" + uid + ")"
+ ": isForeground=" +isForeground
+ ", isBlacklisted=" + isBlacklisted
+ ", isWhitelisted=" + isWhitelisted
+ ", isDenylisted=" + isDenylisted
+ ", isAllowlisted=" + isAllowlisted
+ ", isRestrictedByAdmin=" + isRestrictedByAdmin
+ ", oldRule=" + uidRulesToString(oldRule)
+ ", newRule=" + uidRulesToString(newRule)
@@ -4339,49 +4339,49 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
// Second step: apply bw changes based on change of state.
if (newRule != oldRule) {
if (hasRule(newRule, RULE_TEMPORARY_ALLOW_METERED)) {
// Temporarily whitelist foreground app, removing from blacklist if necessary
// Temporarily allowlist foreground app, removing from denylist if necessary
// (since bw_penalty_box prevails over bw_happy_box).
setMeteredNetworkWhitelist(uid, true);
setMeteredNetworkAllowlist(uid, true);
// TODO: if statement below is used to avoid an unnecessary call to netd / iptables,
// but ideally it should be just:
// setMeteredNetworkBlacklist(uid, isBlacklisted);
if (isBlacklisted) {
setMeteredNetworkBlacklist(uid, false);
// setMeteredNetworkDenylist(uid, isDenylisted);
if (isDenylisted) {
setMeteredNetworkDenylist(uid, false);
}
} else if (hasRule(oldRule, RULE_TEMPORARY_ALLOW_METERED)) {
// Remove temporary whitelist from app that is not on foreground anymore.
// Remove temporary allowlist from app that is not on foreground anymore.
// TODO: if statements below are used to avoid unnecessary calls to netd / iptables,
// but ideally they should be just:
// setMeteredNetworkWhitelist(uid, isWhitelisted);
// setMeteredNetworkBlacklist(uid, isBlacklisted);
if (!isWhitelisted) {
setMeteredNetworkWhitelist(uid, false);
// setMeteredNetworkAllowlist(uid, isAllowlisted);
// setMeteredNetworkDenylist(uid, isDenylisted);
if (!isAllowlisted) {
setMeteredNetworkAllowlist(uid, false);
}
if (isBlacklisted || isRestrictedByAdmin) {
setMeteredNetworkBlacklist(uid, true);
if (isDenylisted || isRestrictedByAdmin) {
setMeteredNetworkDenylist(uid, true);
}
} else if (hasRule(newRule, RULE_REJECT_METERED)
|| hasRule(oldRule, RULE_REJECT_METERED)) {
// Flip state because app was explicitly added or removed to blacklist.
setMeteredNetworkBlacklist(uid, (isBlacklisted || isRestrictedByAdmin));
if (hasRule(oldRule, RULE_REJECT_METERED) && isWhitelisted) {
// Since blacklist prevails over whitelist, we need to handle the special case
// where app is whitelisted and blacklisted at the same time (although such
// scenario should be blocked by the UI), then blacklist is removed.
setMeteredNetworkWhitelist(uid, isWhitelisted);
// Flip state because app was explicitly added or removed to denylist.
setMeteredNetworkDenylist(uid, (isDenylisted || isRestrictedByAdmin));
if (hasRule(oldRule, RULE_REJECT_METERED) && isAllowlisted) {
// Since dneylist prevails over allowlist, we need to handle the special case
// where app is allowlisted and denylisted at the same time (although such
// scenario should be blocked by the UI), then denylist is removed.
setMeteredNetworkAllowlist(uid, isAllowlisted);
}
} else if (hasRule(newRule, RULE_ALLOW_METERED)
|| hasRule(oldRule, RULE_ALLOW_METERED)) {
// Flip state because app was explicitly added or removed to whitelist.
setMeteredNetworkWhitelist(uid, isWhitelisted);
// Flip state because app was explicitly added or removed to allowlist.
setMeteredNetworkAllowlist(uid, isAllowlisted);
} else {
// All scenarios should have been covered above.
Log.wtf(TAG, "Unexpected change of metered UID state for " + uid
+ ": foreground=" + isForeground
+ ", whitelisted=" + isWhitelisted
+ ", blacklisted=" + isBlacklisted
+ ", allowlisted=" + isAllowlisted
+ ", denylisted=" + isDenylisted
+ ", isRestrictedByAdmin=" + isRestrictedByAdmin
+ ", newRule=" + uidRulesToString(newUidRules)
+ ", oldRule=" + uidRulesToString(oldUidRules));
@@ -4397,7 +4397,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
* listeners in case of change.
* <p>
* There are 3 power-related rules that affects whether an app has background access on
* non-metered networks, and when the condition applies and the UID is not whitelisted for power
* non-metered networks, and when the condition applies and the UID is not allowlisted for power
* restriction, it's added to the equivalent firewall chain:
* <ul>
* <li>App is idle: {@code fw_standby} firewall chain.
@@ -4406,7 +4406,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
* </ul>
* <p>
* This method updates the power-related part of the {@link #mUidRules} for a given uid based on
* these modes, the UID process state (foreground or not), and the UIDwhitelist state.
* these modes, the UID process state (foreground or not), and the UID allowlist state.
* <p>
* <strong>NOTE: </strong>This method does not update the firewall rules on {@code netd}.
*/
@@ -4450,7 +4450,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
@GuardedBy("mUidRulesFirstLock")
private int updateRulesForPowerRestrictionsULInner(int uid, int oldUidRules,
boolean isUidIdle) {
if (!isUidValidForBlacklistRulesUL(uid)) {
if (!isUidValidForDenylistRulesUL(uid)) {
if (LOGD) Slog.d(TAG, "no need to update restrict power rules for uid " + uid);
return RULE_NONE;
}
@@ -4859,23 +4859,23 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
}
private void setMeteredNetworkBlacklist(int uid, boolean enable) {
if (LOGV) Slog.v(TAG, "setMeteredNetworkBlacklist " + uid + ": " + enable);
private void setMeteredNetworkDenylist(int uid, boolean enable) {
if (LOGV) Slog.v(TAG, "setMeteredNetworkDenylist " + uid + ": " + enable);
try {
mNetworkManager.setUidMeteredNetworkBlacklist(uid, enable);
mNetworkManager.setUidMeteredNetworkDenylist(uid, enable);
} catch (IllegalStateException e) {
Log.wtf(TAG, "problem setting blacklist (" + enable + ") rules for " + uid, e);
Log.wtf(TAG, "problem setting denylist (" + enable + ") rules for " + uid, e);
} catch (RemoteException e) {
// ignored; service lives in system_server
}
}
private void setMeteredNetworkWhitelist(int uid, boolean enable) {
if (LOGV) Slog.v(TAG, "setMeteredNetworkWhitelist " + uid + ": " + enable);
private void setMeteredNetworkAllowlist(int uid, boolean enable) {
if (LOGV) Slog.v(TAG, "setMeteredNetworkAllowlist " + uid + ": " + enable);
try {
mNetworkManager.setUidMeteredNetworkWhitelist(uid, enable);
mNetworkManager.setUidMeteredNetworkAllowlist(uid, enable);
} catch (IllegalStateException e) {
Log.wtf(TAG, "problem setting whitelist (" + enable + ") rules for " + uid, e);
Log.wtf(TAG, "problem setting allowlist (" + enable + ") rules for " + uid, e);
} catch (RemoteException e) {
// ignored; service lives in system_server
}
@@ -4936,7 +4936,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
/**
* Add or remove a uid to the firewall blacklist for all network ifaces.
* Add or remove a uid to the firewall denylist for all network ifaces.
*/
private void setUidFirewallRule(int chain, int uid, int rule) {
if (Trace.isTagEnabled(Trace.TRACE_TAG_NETWORK)) {
@@ -4966,7 +4966,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
/**
* Add or remove a uid to the firewall blacklist for all network ifaces.
* Add or remove a uid to the firewall denylist for all network ifaces.
*/
@GuardedBy("mUidRulesFirstLock")
private void enableFirewallChainUL(int chain, boolean enable) {
@@ -4995,8 +4995,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
mNetworkManager.setFirewallUidRule(FIREWALL_CHAIN_STANDBY, uid, FIREWALL_RULE_DEFAULT);
mNetworkManager
.setFirewallUidRule(FIREWALL_CHAIN_POWERSAVE, uid, FIREWALL_RULE_DEFAULT);
mNetworkManager.setUidMeteredNetworkWhitelist(uid, false);
mNetworkManager.setUidMeteredNetworkBlacklist(uid, false);
mNetworkManager.setUidMeteredNetworkAllowlist(uid, false);
mNetworkManager.setUidMeteredNetworkDenylist(uid, false);
} catch (IllegalStateException e) {
Log.wtf(TAG, "problem resetting firewall uid rules for " + uid, e);
} catch (RemoteException e) {
@@ -5189,13 +5189,13 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
reason = NTWK_ALLOWED_NON_METERED;
}
else if (hasRule(uidRules, RULE_REJECT_METERED)) {
reason = NTWK_BLOCKED_BLACKLIST;
reason = NTWK_BLOCKED_DENYLIST;
}
else if (hasRule(uidRules, RULE_ALLOW_METERED)) {
reason = NTWK_ALLOWED_WHITELIST;
reason = NTWK_ALLOWED_ALLOWLIST;
}
else if (hasRule(uidRules, RULE_TEMPORARY_ALLOW_METERED)) {
reason = NTWK_ALLOWED_TMP_WHITELIST;
reason = NTWK_ALLOWED_TMP_ALLOWLIST;
}
else if (isBackgroundRestricted) {
reason = NTWK_BLOCKED_BG_RESTRICT;
@@ -5208,13 +5208,13 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
switch(reason) {
case NTWK_ALLOWED_DEFAULT:
case NTWK_ALLOWED_NON_METERED:
case NTWK_ALLOWED_TMP_WHITELIST:
case NTWK_ALLOWED_WHITELIST:
case NTWK_ALLOWED_TMP_ALLOWLIST:
case NTWK_ALLOWED_ALLOWLIST:
case NTWK_ALLOWED_SYSTEM:
blocked = false;
break;
case NTWK_BLOCKED_POWER:
case NTWK_BLOCKED_BLACKLIST:
case NTWK_BLOCKED_DENYLIST:
case NTWK_BLOCKED_BG_RESTRICT:
blocked = true;
break;
@@ -5234,7 +5234,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
public void resetUserState(int userId) {
synchronized (mUidRulesFirstLock) {
boolean changed = removeUserStateUL(userId, false, true);
changed = addDefaultRestrictBackgroundWhitelistUidsUL(userId) || changed;
changed = addDefaultRestrictBackgroundAllowlistUidsUL(userId) || changed;
if (changed) {
synchronized (mNetworkPoliciesSecondLock) {
writePolicyAL();

0
services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/restrict-background-lists-whitelist-format.xml → services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/restrict-background-lists-allowlist-format.xml
View File

0
services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-whitelisted-restrict-background-off.xml → services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-allowlisted-restrict-background-off.xml
View File

0
services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-whitelisted-restrict-background-on.xml → services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-allowlisted-restrict-background-on.xml
View File

0
services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-blacklisted-restrict-background-off.xml → services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-denylisted-restrict-background-off.xml
View File

0
services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-blacklisted-restrict-background-on.xml → services/tests/servicestests/assets/NetworkPolicyManagerServiceTest/netpolicy/uidA-denylisted-restrict-background-on.xml
View File

146
services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java
View File

@@ -462,7 +462,7 @@ public class NetworkPolicyManagerServiceTest {
@Test
public void testTurnRestrictBackgroundOn() throws Exception {
assertRestrictBackgroundOff(); // Sanity check.
assertRestrictBackgroundOff();
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
setRestrictBackground(true);
assertRestrictBackgroundChangedReceived(futureIntent, null);
@@ -471,7 +471,7 @@ public class NetworkPolicyManagerServiceTest {
@Test
@NetPolicyXml("restrict-background-on.xml")
public void testTurnRestrictBackgroundOff() throws Exception {
assertRestrictBackgroundOn(); // Sanity check.
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
setRestrictBackground(false);
@@ -479,28 +479,27 @@ public class NetworkPolicyManagerServiceTest {
}
/**
* Adds whitelist when restrict background is on - app should receive an intent.
* Adds allowlist when restrict background is on - app should receive an intent.
*/
@Test
@NetPolicyXml("restrict-background-on.xml")
public void testAddRestrictBackgroundWhitelist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn(); // Sanity check.
public void testAddRestrictBackgroundAllowlist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
addRestrictBackgroundWhitelist(true);
addRestrictBackgroundAllowlist(true);
}
/**
* Adds whitelist when restrict background is off - app should not receive an intent.
* Adds allowlist when restrict background is off - app should not receive an intent.
*/
@Test
public void testAddRestrictBackgroundWhitelist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff(); // Sanity check.
addRestrictBackgroundWhitelist(false);
public void testAddRestrictBackgroundAllowlist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff();
addRestrictBackgroundAllowlist(false);
}
private void addRestrictBackgroundWhitelist(boolean expectIntent) throws Exception {
// Sanity checks.
assertWhitelistUids();
private void addRestrictBackgroundAllowlist(boolean expectIntent) throws Exception {
assertAllowlistUids();
assertUidPolicy(UID_A, POLICY_NONE);
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
@@ -508,7 +507,7 @@ public class NetworkPolicyManagerServiceTest {
mService.setUidPolicy(UID_A, POLICY_ALLOW_METERED_BACKGROUND);
assertWhitelistUids(UID_A);
assertAllowlistUids(UID_A);
assertUidPolicy(UID_A, POLICY_ALLOW_METERED_BACKGROUND);
mPolicyListener.waitAndVerify()
.onUidPoliciesChanged(APP_ID_A, POLICY_ALLOW_METERED_BACKGROUND);
@@ -520,24 +519,24 @@ public class NetworkPolicyManagerServiceTest {
}
/**
* Removes whitelist when restrict background is on - app should receive an intent.
* Removes allowlist when restrict background is on - app should receive an intent.
*/
@Test
@NetPolicyXml("uidA-whitelisted-restrict-background-on.xml")
public void testRemoveRestrictBackgroundWhitelist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn(); // Sanity check.
@NetPolicyXml("uidA-allowlisted-restrict-background-on.xml")
public void testRemoveRestrictBackgroundAllowlist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
removeRestrictBackgroundWhitelist(true);
removeRestrictBackgroundAllowlist(true);
}
/**
* Removes whitelist when restrict background is off - app should not receive an intent.
* Removes allowlist when restrict background is off - app should not receive an intent.
*/
@Test
@NetPolicyXml("uidA-whitelisted-restrict-background-off.xml")
public void testRemoveRestrictBackgroundWhitelist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff(); // Sanity check.
removeRestrictBackgroundWhitelist(false);
@NetPolicyXml("uidA-allowlisted-restrict-background-off.xml")
public void testRemoveRestrictBackgroundAllowlist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff();
removeRestrictBackgroundAllowlist(false);
}
@Test
@@ -688,9 +687,8 @@ public class NetworkPolicyManagerServiceTest {
assertFalse(mService.getRestrictBackground());
}
private void removeRestrictBackgroundWhitelist(boolean expectIntent) throws Exception {
// Sanity checks.
assertWhitelistUids(UID_A);
private void removeRestrictBackgroundAllowlist(boolean expectIntent) throws Exception {
assertAllowlistUids(UID_A);
assertUidPolicy(UID_A, POLICY_ALLOW_METERED_BACKGROUND);
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
@@ -698,7 +696,7 @@ public class NetworkPolicyManagerServiceTest {
mService.setUidPolicy(UID_A, POLICY_NONE);
assertWhitelistUids();
assertAllowlistUids();
assertUidPolicy(UID_A, POLICY_NONE);
mPolicyListener.waitAndVerify().onUidPoliciesChanged(APP_ID_A, POLICY_NONE);
if (expectIntent) {
@@ -709,27 +707,27 @@ public class NetworkPolicyManagerServiceTest {
}
/**
* Adds blacklist when restrict background is on - app should not receive an intent.
* Adds denylist when restrict background is on - app should not receive an intent.
*/
@Test
@NetPolicyXml("restrict-background-on.xml")
public void testAddRestrictBackgroundBlacklist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn(); // Sanity check.
public void testAddRestrictBackgroundDenylist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
addRestrictBackgroundBlacklist(false);
addRestrictBackgroundDenylist(false);
}
/**
* Adds blacklist when restrict background is off - app should receive an intent.
* Adds denylist when restrict background is off - app should receive an intent.
*/
@Test
public void testAddRestrictBackgroundBlacklist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff(); // Sanity check.
addRestrictBackgroundBlacklist(true);
public void testAddRestrictBackgroundDenylist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff();
addRestrictBackgroundDenylist(true);
}
private void addRestrictBackgroundBlacklist(boolean expectIntent) throws Exception {
assertUidPolicy(UID_A, POLICY_NONE); // Sanity check.
private void addRestrictBackgroundDenylist(boolean expectIntent) throws Exception {
assertUidPolicy(UID_A, POLICY_NONE);
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
mPolicyListener.expect().onUidPoliciesChanged(anyInt(), anyInt());
@@ -746,28 +744,28 @@ public class NetworkPolicyManagerServiceTest {
}
/**
* Removes blacklist when restrict background is on - app should not receive an intent.
* Removes denylist when restrict background is on - app should not receive an intent.
*/
@Test
@NetPolicyXml("uidA-blacklisted-restrict-background-on.xml")
public void testRemoveRestrictBackgroundBlacklist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn(); // Sanity check.
@NetPolicyXml("uidA-denylisted-restrict-background-on.xml")
public void testRemoveRestrictBackgroundDenylist_restrictBackgroundOn() throws Exception {
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
removeRestrictBackgroundBlacklist(false);
removeRestrictBackgroundDenylist(false);
}
/**
* Removes blacklist when restrict background is off - app should receive an intent.
* Removes denylist when restrict background is off - app should receive an intent.
*/
@Test
@NetPolicyXml("uidA-blacklisted-restrict-background-off.xml")
public void testRemoveRestrictBackgroundBlacklist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff(); // Sanity check.
removeRestrictBackgroundBlacklist(true);
@NetPolicyXml("uidA-denylisted-restrict-background-off.xml")
public void testRemoveRestrictBackgroundDenylist_restrictBackgroundOff() throws Exception {
assertRestrictBackgroundOff();
removeRestrictBackgroundDenylist(true);
}
private void removeRestrictBackgroundBlacklist(boolean expectIntent) throws Exception {
assertUidPolicy(UID_A, POLICY_REJECT_METERED_BACKGROUND); // Sanity check.
private void removeRestrictBackgroundDenylist(boolean expectIntent) throws Exception {
assertUidPolicy(UID_A, POLICY_REJECT_METERED_BACKGROUND);
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
mPolicyListener.expect().onUidPoliciesChanged(anyInt(), anyInt());
@@ -784,9 +782,8 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
@NetPolicyXml("uidA-blacklisted-restrict-background-on.xml")
public void testBlacklistedAppIsNotNotifiedWhenRestrictBackgroundIsOn() throws Exception {
// Sanity checks.
@NetPolicyXml("uidA-denylisted-restrict-background-on.xml")
public void testDenylistedAppIsNotNotifiedWhenRestrictBackgroundIsOn() throws Exception {
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
assertUidPolicy(UID_A, POLICY_REJECT_METERED_BACKGROUND);
@@ -797,12 +794,11 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
@NetPolicyXml("uidA-whitelisted-restrict-background-on.xml")
public void testWhitelistedAppIsNotNotifiedWhenRestrictBackgroundIsOn() throws Exception {
// Sanity checks.
@NetPolicyXml("uidA-allowlisted-restrict-background-on.xml")
public void testAllowlistedAppIsNotNotifiedWhenRestrictBackgroundIsOn() throws Exception {
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
assertWhitelistUids(UID_A);
assertAllowlistUids(UID_A);
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
setRestrictBackground(true);
@@ -810,12 +806,11 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
@NetPolicyXml("uidA-whitelisted-restrict-background-on.xml")
public void testWhitelistedAppIsNotifiedWhenBlacklisted() throws Exception {
// Sanity checks.
@NetPolicyXml("uidA-allowlisted-restrict-background-on.xml")
public void testAllowlistedAppIsNotifiedWhenDenylisted() throws Exception {
assertRestrictBackgroundOn();
assertRestrictBackgroundChangedReceived(mFutureIntent, null);
assertWhitelistUids(UID_A);
assertAllowlistUids(UID_A);
final FutureIntent futureIntent = newRestrictBackgroundChangedFuture();
mService.setUidPolicy(UID_A, POLICY_REJECT_METERED_BACKGROUND);
@@ -823,8 +818,8 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
@NetPolicyXml("restrict-background-lists-whitelist-format.xml")
public void testRestrictBackgroundLists_whitelistFormat() throws Exception {
@NetPolicyXml("restrict-background-lists-allowlist-format.xml")
public void testRestrictBackgroundLists_allowlistFormat() throws Exception {
restrictBackgroundListsTest();
}
@@ -835,33 +830,33 @@ public class NetworkPolicyManagerServiceTest {
}
private void restrictBackgroundListsTest() throws Exception {
// UIds that are whitelisted.
assertWhitelistUids(UID_A, UID_B, UID_C);
// UIds that are allowlisted.
assertAllowlistUids(UID_A, UID_B, UID_C);
assertUidPolicy(UID_A, POLICY_ALLOW_METERED_BACKGROUND);
assertUidPolicy(UID_B, POLICY_ALLOW_METERED_BACKGROUND);
assertUidPolicy(UID_C, POLICY_ALLOW_METERED_BACKGROUND);
// UIDs that are blacklisted.
// UIDs that are denylisted.
assertUidPolicy(UID_D, POLICY_NONE);
assertUidPolicy(UID_E, POLICY_REJECT_METERED_BACKGROUND);
// UIDS that have legacy policies.
assertUidPolicy(UID_F, 2); // POLICY_ALLOW_BACKGROUND_BATTERY_SAVE
// Remove whitelist.
// Remove allowlist.
mService.setUidPolicy(UID_A, POLICY_NONE);
assertUidPolicy(UID_A, POLICY_NONE);
assertWhitelistUids(UID_B, UID_C);
assertAllowlistUids(UID_B, UID_C);
// Add whitelist when blacklisted.
// Add allowlist when denylisted.
mService.setUidPolicy(UID_E, POLICY_ALLOW_METERED_BACKGROUND);
assertUidPolicy(UID_E, POLICY_ALLOW_METERED_BACKGROUND);
assertWhitelistUids(UID_B, UID_C, UID_E);
assertAllowlistUids(UID_B, UID_C, UID_E);
// Add blacklist when whitelisted.
// Add denylist when allowlisted.
mService.setUidPolicy(UID_B, POLICY_REJECT_METERED_BACKGROUND);
assertUidPolicy(UID_B, POLICY_REJECT_METERED_BACKGROUND);
assertWhitelistUids(UID_C, UID_E);
assertAllowlistUids(UID_C, UID_E);
}
/**
@@ -870,9 +865,9 @@ public class NetworkPolicyManagerServiceTest {
@Test
@NetPolicyXml("restrict-background-lists-mixed-format.xml")
public void testRestrictBackgroundLists_mixedFormat() throws Exception {
assertWhitelistUids(UID_A, UID_C, UID_D);
assertAllowlistUids(UID_A, UID_C, UID_D);
assertUidPolicy(UID_A, POLICY_ALLOW_METERED_BACKGROUND);
assertUidPolicy(UID_B, POLICY_REJECT_METERED_BACKGROUND); // Blacklist prevails.
assertUidPolicy(UID_B, POLICY_REJECT_METERED_BACKGROUND); // Denylist prevails.
assertUidPolicy(UID_C, (POLICY_ALLOW_METERED_BACKGROUND | 2));
assertUidPolicy(UID_D, POLICY_ALLOW_METERED_BACKGROUND);
}
@@ -2045,7 +2040,7 @@ public class NetworkPolicyManagerServiceTest {
}
}
private void assertWhitelistUids(int... uids) {
private void assertAllowlistUids(int... uids) {
assertContainsInAnyOrder(mService.getUidsWithPolicy(POLICY_ALLOW_METERED_BACKGROUND), uids);
}
@@ -2133,7 +2128,6 @@ public class NetworkPolicyManagerServiceTest {
private void setRestrictBackground(boolean flag) throws Exception {
mService.setRestrictBackground(flag);
// Sanity check.
assertEquals("restrictBackground not set", flag, mService.getRestrictBackground());
}