From a065da1703406c7e45acf7b3f16feed3b6a558a6 Mon Sep 17 00:00:00 2001 From: "Soi, Yoshinari" Date: Tue, 22 Dec 2015 12:02:18 +0900 Subject: [PATCH] When the device boots up, netd works more than required When the device boots up, netd adds rules for applications which do not have the NETWORK permission to iptables. Therefore, optimize NetworkPolicyManagerService to not touch uids that do not have the NETWORK permission. This modification is similar to Google commit 88e98dfa5. Cherry picked from AOSP commit to master. Bug: 27165396 Change-Id: Ic8bb837143b9e349859210654248195d62b73d17 --- .../server/net/NetworkPolicyManagerService.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java index b2e6adfd028a2..21fb304bd2ef3 100644 --- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java +++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java @@ -2298,12 +2298,23 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub { uidRules.clear(); // Fully update the app idle firewall chain. + final IPackageManager ipm = AppGlobals.getPackageManager(); final List users = mUserManager.getUsers(); for (int ui = users.size() - 1; ui >= 0; ui--) { UserInfo user = users.get(ui); int[] idleUids = mUsageStats.getIdleUidsForUser(user.id); for (int uid : idleUids) { if (!mPowerSaveTempWhitelistAppIds.get(UserHandle.getAppId(uid), false)) { + // quick check: if this uid doesn't have INTERNET permission, it + // doesn't have network access anyway, so it is a waste to mess + // with it here. + try { + if (ipm.checkUidPermission(Manifest.permission.INTERNET, uid) + != PackageManager.PERMISSION_GRANTED) { + continue; + } + } catch (RemoteException e) { + } uidRules.put(uid, FIREWALL_RULE_DENY); } }