From 22173bc1808905090672e5fb51ce5207b46fadf7 Mon Sep 17 00:00:00 2001 From: "Soi, Yoshinari" Date: Tue, 22 Dec 2015 12:02:18 +0900 Subject: [PATCH] When the device boots up, netd works more than required When the device boots up, netd adds rules for applications which do not have the NETWORK permission to iptables. Therefore, optimize NetworkPolicyManagerService to not touch uids that do not have the NETWORK permission. This modification is similar to Google commit 88e98dfa5. Change-Id: Ic8bb837143b9e349859210654248195d62b73d17 --- .../server/net/NetworkPolicyManagerService.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java index 7c9c0181b4e03..ff8c05f5d31c8 100644 --- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java +++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java @@ -2223,12 +2223,23 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { uidRules.clear(); // Fully update the app idle firewall chain. + final IPackageManager ipm = AppGlobals.getPackageManager(); final List users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { UserInfo user = users.get(ui); int[] idleUids = mUsageStats.getIdleUidsForUser(user.id); for (int uid : idleUids) { if (!mPowerSaveTempWhitelistAppIds.get(UserHandle.getAppId(uid), false)) { + // quick check: if this uid doesn't have INTERNET permission, it + // doesn't have network access anyway, so it is a waste to mess + // with it here. + try { + if (ipm.checkUidPermission(Manifest.permission.INTERNET, uid) + != PackageManager.PERMISSION_GRANTED) { + continue; + } + } catch (RemoteException e) { + } uidRules.put(uid, FIREWALL_RULE_DENY); } }