diff options
| author | 2023-05-29 19:14:44 +0900 | |
|---|---|---|
| committer | 2023-06-09 09:26:28 +0000 | |
| commit | 03d91162fc3aec6a57781bf3bbf982c16f2c2942 (patch) | |
| tree | 27fd3bc711596dfc471653df23d3c66b205ee2e2 | |
| parent | cc2a4ccc883dbeae75066aa8a8071c5fe0517383 (diff) | |
Remove unused methods from NetworkManagementService.
More methods are unused, but they are marked @UnsupportedAppUsage
and therefore aren't removed by this patch.
Also address warnings :
• member can be final
• deprecated NetworkStack permission check methods
• redundant public modifier
Test: TH
Bug: 64955351
(cherry picked from commit eec9f31d85fc090722015830a9ad87f9f29b035f)
(cherry picked from commit 5956c8058c468d11d37e2dbd0c847da368ac4cd5)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:158469f5201bfe432da324272400631c91bc78fc)
Merged-In: Ib0d4e8c6a063ed57c5a790eab3868ed4fe9cf096
Change-Id: Ib0d4e8c6a063ed57c5a790eab3868ed4fe9cf096
3 files changed, 43 insertions, 318 deletions
diff --git a/core/java/android/net/ITetheringStatsProvider.aidl b/core/java/android/net/ITetheringStatsProvider.aidl index da0bf4c47b94..199afa2ed417 100644 --- a/core/java/android/net/ITetheringStatsProvider.aidl +++ b/core/java/android/net/ITetheringStatsProvider.aidl @@ -29,12 +29,6 @@ import android.net.NetworkStats; * @hide */ interface ITetheringStatsProvider { - // Returns cumulative statistics for all tethering sessions since boot, on all upstreams. - // @code {how} is one of the NetworkStats.STATS_PER_* constants. If {@code how} is - // {@code STATS_PER_IFACE}, the provider should not include any traffic that is already - // counted by kernel interface counters. - NetworkStats getTetherStats(int how); - // Sets the interface quota for the specified upstream interface. This is defined as the number // of bytes, starting from zero and counting from now, after which data should stop being // forwarded to/from the specified upstream. A value of QUOTA_UNLIMITED means there is no limit. diff --git a/core/java/android/os/INetworkManagementService.aidl b/core/java/android/os/INetworkManagementService.aidl index 40f7533a2800..7fa99242cc89 100644 --- a/core/java/android/os/INetworkManagementService.aidl +++ b/core/java/android/os/INetworkManagementService.aidl @@ -144,14 +144,6 @@ interface INetworkManagementService void startTethering(in String[] dhcpRanges); /** - * Start tethering services with the specified dhcp server range and - * DNS proxy config. - * {@code boolean} is used to control legacy DNS proxy server. - * {@code String[]} is a set of start end pairs defining the ranges. - */ - void startTetheringWithConfiguration(boolean usingLegacyDnsProxy, in String[] dhcpRanges); - - /** * Stop currently running tethering services */ @UnsupportedAppUsage @@ -182,23 +174,6 @@ interface INetworkManagementService String[] listTetheredInterfaces(); /** - * Returns the list of DNS forwarders (in order of priority) - */ - String[] getDnsForwarders(); - - /** - * Enables unidirectional packet forwarding from {@code fromIface} to - * {@code toIface}. - */ - void startInterfaceForwarding(String fromIface, String toIface); - - /** - * Disables unidirectional packet forwarding from {@code fromIface} to - * {@code toIface}. - */ - void stopInterfaceForwarding(String fromIface, String toIface); - - /** * Enables Network Address Translation between two interfaces. * The address and netmask of the external interface is used for * the NAT'ed network. @@ -213,42 +188,10 @@ interface INetworkManagementService void disableNat(String internalInterface, String externalInterface); /** - * Registers a {@code ITetheringStatsProvider} to provide tethering statistics. - * All registered providers will be called in order, and their results will be added together. - * Netd is always registered as a tethering stats provider. - */ - void registerTetheringStatsProvider(ITetheringStatsProvider provider, String name); - - /** - * Unregisters a previously-registered {@code ITetheringStatsProvider}. - */ - void unregisterTetheringStatsProvider(ITetheringStatsProvider provider); - - /** - * Reports that a tethering provider has reached a data limit. - * - * Currently triggers a global alert, which causes NetworkStatsService to poll counters and - * re-evaluate data usage. - * - * This does not take an interface name because: - * 1. The tethering offload stats provider cannot reliably determine the interface on which the - * limit was reached, because the HAL does not provide it. - * 2. Firing an interface-specific alert instead of a global alert isn't really useful since in - * all cases of interest, the system responds to both in the same way - it polls stats, and - * then notifies NetworkPolicyManagerService of the fact. - */ - void tetherLimitReached(ITetheringStatsProvider provider); - - /** ** DATA USAGE RELATED **/ /** - * Return summary of network statistics all tethering interfaces. - */ - NetworkStats getNetworkStatsTethering(int how); - - /** * Set quota for an interface. */ void setInterfaceQuota(String iface, long quotaBytes); @@ -269,11 +212,6 @@ interface INetworkManagementService void removeInterfaceAlert(String iface); /** - * Set alert across all interfaces. - */ - void setGlobalAlert(long alertBytes); - - /** * Control network activity of a UID over interfaces with a quota limit. */ void setUidOnMeteredNetworkDenylist(int uid, boolean enable); @@ -291,7 +229,6 @@ interface INetworkManagementService void setFirewallEnabled(boolean enabled); boolean isFirewallEnabled(); - void setFirewallInterfaceRule(String iface, boolean allow); void setFirewallUidRule(int chain, int uid, int rule); void setFirewallUidRules(int chain, in int[] uids, in int[] rules); void setFirewallChainEnabled(int chain, boolean enable); @@ -306,10 +243,6 @@ interface INetworkManagementService */ void denyProtect(int uid); - void addInterfaceToLocalNetwork(String iface, in List<RouteInfo> routes); - void removeInterfaceFromLocalNetwork(String iface); - int removeRoutesFromLocalNetwork(in List<RouteInfo> routes); - @EnforcePermission("OBSERVE_NETWORK_POLICY") boolean isNetworkRestricted(int uid); } diff --git a/services/core/java/com/android/server/net/NetworkManagementService.java b/services/core/java/com/android/server/net/NetworkManagementService.java index e5ffa7e15f28..5aed791ffaa8 100644 --- a/services/core/java/com/android/server/net/NetworkManagementService.java +++ b/services/core/java/com/android/server/net/NetworkManagementService.java @@ -34,8 +34,6 @@ import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_RESTRICTED; import static android.net.NetworkPolicyManager.FIREWALL_CHAIN_NAME_STANDBY; import static android.net.NetworkPolicyManager.FIREWALL_RULE_DEFAULT; -import static com.android.net.module.util.NetworkStatsUtils.LIMIT_GLOBAL_ALERT; - import android.annotation.NonNull; import android.app.ActivityManager; import android.content.Context; @@ -50,8 +48,6 @@ import android.net.InterfaceConfigurationParcel; import android.net.IpPrefix; import android.net.LinkAddress; import android.net.NetworkPolicyManager; -import android.net.NetworkStack; -import android.net.NetworkStats; import android.net.RouteInfo; import android.net.util.NetdService; import android.os.BatteryStats; @@ -78,28 +74,20 @@ import com.android.internal.annotations.GuardedBy; import com.android.internal.app.IBatteryStats; import com.android.internal.util.DumpUtils; import com.android.internal.util.HexDump; -import com.android.internal.util.Preconditions; import com.android.net.module.util.NetdUtils; import com.android.net.module.util.NetdUtils.ModifyOperation; +import com.android.net.module.util.PermissionUtils; import com.android.server.FgThread; import com.android.server.LocalServices; import com.google.android.collect.Maps; -import java.io.BufferedReader; -import java.io.DataInputStream; import java.io.FileDescriptor; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStreamReader; import java.io.PrintWriter; import java.net.InetAddress; -import java.net.InterfaceAddress; import java.util.ArrayList; import java.util.HashMap; -import java.util.List; import java.util.Map; -import java.util.Objects; /** * @hide @@ -129,13 +117,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub { private static final String TAG = "NetworkManagement"; private static final boolean DBG = Log.isLoggable(TAG, Log.DEBUG); - private static final int MAX_UID_RANGES_PER_COMMAND = 10; - - static final int DAEMON_MSG_MOBILE_CONN_REAL_TIME_INFO = 1; - - static final boolean MODIFY_OPERATION_ADD = true; - static final boolean MODIFY_OPERATION_REMOVE = false; - /** * Binder context for this service */ @@ -182,35 +163,35 @@ public class NetworkManagementService extends INetworkManagementService.Stub { private SparseIntArray mUidCleartextPolicy = new SparseIntArray(); /** Set of UIDs that are to be blocked/allowed by firewall controller. */ @GuardedBy("mRulesLock") - private SparseIntArray mUidFirewallRules = new SparseIntArray(); + private final SparseIntArray mUidFirewallRules = new SparseIntArray(); /** * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches * to application idles. */ @GuardedBy("mRulesLock") - private SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); + private final SparseIntArray mUidFirewallStandbyRules = new SparseIntArray(); /** * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches * to device idles. */ @GuardedBy("mRulesLock") - private SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); + private final SparseIntArray mUidFirewallDozableRules = new SparseIntArray(); /** * Set of UIDs that are to be blocked/allowed by firewall controller. This set of Ids matches * to device on power-save mode. */ @GuardedBy("mRulesLock") - private SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray(); + private final SparseIntArray mUidFirewallPowerSaveRules = new SparseIntArray(); /** * Contains the per-UID firewall rules that are used when Restricted Networking Mode is enabled. */ @GuardedBy("mRulesLock") - private SparseIntArray mUidFirewallRestrictedRules = new SparseIntArray(); + private final SparseIntArray mUidFirewallRestrictedRules = new SparseIntArray(); /** * Contains the per-UID firewall rules that are used when Low Power Standby is enabled. */ @GuardedBy("mRulesLock") - private SparseIntArray mUidFirewallLowPowerStandbyRules = new SparseIntArray(); + private final SparseIntArray mUidFirewallLowPowerStandbyRules = new SparseIntArray(); /** Set of states for the child firewall chains. True if the chain is active. */ @GuardedBy("mRulesLock") final SparseBooleanArray mFirewallChainStates = new SparseBooleanArray(); @@ -243,13 +224,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub { } } - private NetworkManagementService() { - mContext = null; - mDaemonHandler = null; - mDeps = null; - mNetdUnsolicitedEventListener = null; - } - static NetworkManagementService create(Context context, Dependencies deps) throws InterruptedException { final NetworkManagementService service = @@ -290,19 +264,19 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void registerObserver(INetworkManagementEventObserver observer) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); mObservers.register(observer); } @Override public void unregisterObserver(INetworkManagementEventObserver observer) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); mObservers.unregister(observer); } @FunctionalInterface private interface NetworkManagementEventCallback { - public void sendCallback(INetworkManagementEventObserver o) throws RemoteException; + void sendCallback(INetworkManagementEventObserver o) throws RemoteException; } private void invokeForAllObservers(NetworkManagementEventCallback eventCallback) { @@ -368,35 +342,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub { type, isActive, tsNanos, uid)); } - @Override - public void registerTetheringStatsProvider(ITetheringStatsProvider provider, String name) { - NetworkStack.checkNetworkStackPermission(mContext); - Objects.requireNonNull(provider); - synchronized(mTetheringStatsProviders) { - mTetheringStatsProviders.put(provider, name); - } - } - - @Override - public void unregisterTetheringStatsProvider(ITetheringStatsProvider provider) { - NetworkStack.checkNetworkStackPermission(mContext); - synchronized(mTetheringStatsProviders) { - mTetheringStatsProviders.remove(provider); - } - } - - @Override - public void tetherLimitReached(ITetheringStatsProvider provider) { - NetworkStack.checkNetworkStackPermission(mContext); - synchronized(mTetheringStatsProviders) { - if (!mTetheringStatsProviders.containsKey(provider)) { - return; - } - // No current code examines the interface parameter in a global alert. Just pass null. - mDaemonHandler.post(() -> notifyLimitReached(LIMIT_GLOBAL_ALERT, null)); - } - } - // Sync the state of the given chain with the native daemon. private void syncFirewallChainLocked(int chain, String name) { SparseIntArray rules; @@ -666,7 +611,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { public String[] listInterfaces() { // TODO: Remove CONNECTIVITY_INTERNAL after bluetooth tethering has no longer called these // APIs. - NetworkStack.checkNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); + PermissionUtils.enforceNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); try { return mNetdService.interfaceGetList(); } catch (RemoteException | ServiceSpecificException e) { @@ -718,7 +663,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { public InterfaceConfiguration getInterfaceConfig(String iface) { // TODO: Remove CONNECTIVITY_INTERNAL after bluetooth tethering has no longer called these // APIs. - NetworkStack.checkNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); + PermissionUtils.enforceNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); final InterfaceConfigurationParcel result; try { result = mNetdService.interfaceGetCfg(iface); @@ -738,7 +683,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { public void setInterfaceConfig(String iface, InterfaceConfiguration cfg) { // TODO: Remove CONNECTIVITY_INTERNAL after bluetooth tethering has no longer called these // APIs. - NetworkStack.checkNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); + PermissionUtils.enforceNetworkStackPermissionOr(mContext, CONNECTIVITY_INTERNAL); LinkAddress linkAddr = cfg.getLinkAddress(); if (linkAddr == null || linkAddr.getAddress() == null) { throw new IllegalStateException("Null LinkAddress given"); @@ -755,7 +700,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setInterfaceDown(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); final InterfaceConfiguration ifcg = getInterfaceConfig(iface); ifcg.setInterfaceDown(); setInterfaceConfig(iface, ifcg); @@ -763,7 +708,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setInterfaceUp(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); final InterfaceConfiguration ifcg = getInterfaceConfig(iface); ifcg.setInterfaceUp(); setInterfaceConfig(iface, ifcg); @@ -771,7 +716,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setInterfaceIpv6PrivacyExtensions(String iface, boolean enable) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.interfaceSetIPv6PrivacyExtensions(iface, enable); } catch (RemoteException | ServiceSpecificException e) { @@ -783,7 +728,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { IPv6 addresses on interface down, but we need to do full clean up here */ @Override public void clearInterfaceAddresses(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.interfaceClearAddrs(iface); } catch (RemoteException | ServiceSpecificException e) { @@ -793,7 +738,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void enableIpv6(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.interfaceSetEnableIPv6(iface, true); } catch (RemoteException | ServiceSpecificException e) { @@ -803,7 +748,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setIPv6AddrGenMode(String iface, int mode) throws ServiceSpecificException { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.setIPv6AddrGenMode(iface, mode); } catch (RemoteException e) { @@ -813,7 +758,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void disableIpv6(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.interfaceSetEnableIPv6(iface, false); } catch (RemoteException | ServiceSpecificException e) { @@ -823,44 +768,16 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void addRoute(int netId, RouteInfo route) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); NetdUtils.modifyRoute(mNetdService, ModifyOperation.ADD, netId, route); } @Override public void removeRoute(int netId, RouteInfo route) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); NetdUtils.modifyRoute(mNetdService, ModifyOperation.REMOVE, netId, route); } - private ArrayList<String> readRouteList(String filename) { - FileInputStream fstream = null; - ArrayList<String> list = new ArrayList<>(); - - try { - fstream = new FileInputStream(filename); - DataInputStream in = new DataInputStream(fstream); - BufferedReader br = new BufferedReader(new InputStreamReader(in)); - String s; - - // throw away the title line - - while (((s = br.readLine()) != null) && (s.length() != 0)) { - list.add(s); - } - } catch (IOException ex) { - // return current list, possibly empty - } finally { - if (fstream != null) { - try { - fstream.close(); - } catch (IOException ex) {} - } - } - - return list; - } - @android.annotation.EnforcePermission(android.Manifest.permission.SHUTDOWN) @Override public void shutdown() { @@ -873,11 +790,10 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public boolean getIpForwardingEnabled() throws IllegalStateException{ - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { - final boolean isEnabled = mNetdService.ipfwdEnabled(); - return isEnabled; + return mNetdService.ipfwdEnabled(); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } @@ -885,7 +801,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setIpForwardingEnabled(boolean enable) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { if (enable) { mNetdService.ipfwdEnableForwarding("tethering"); @@ -899,14 +815,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void startTethering(String[] dhcpRange) { - startTetheringWithConfiguration(true, dhcpRange); - } - - @Override - public void startTetheringWithConfiguration(boolean usingLegacyDnsProxy, String[] dhcpRange) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { - NetdUtils.tetherStart(mNetdService, usingLegacyDnsProxy, dhcpRange); + NetdUtils.tetherStart(mNetdService, true /* usingLegacyDnsProxy */, dhcpRange); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } @@ -914,7 +825,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void stopTethering() { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.tetherStop(); } catch (RemoteException | ServiceSpecificException e) { @@ -924,11 +835,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public boolean isTetheringStarted() { - NetworkStack.checkNetworkStackPermission(mContext); - + PermissionUtils.enforceNetworkStackPermission(mContext); try { - final boolean isEnabled = mNetdService.tetherIsEnabled(); - return isEnabled; + return mNetdService.tetherIsEnabled(); } catch (RemoteException | ServiceSpecificException e) { throw new IllegalStateException(e); } @@ -936,7 +845,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void tetherInterface(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { final LinkAddress addr = getInterfaceConfig(iface).getLinkAddress(); final IpPrefix dest = new IpPrefix(addr.getAddress(), addr.getPrefixLength()); @@ -948,7 +857,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void untetherInterface(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { NetdUtils.untetherInterface(mNetdService, iface); } catch (RemoteException | ServiceSpecificException e) { @@ -958,7 +867,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public String[] listTetheredInterfaces() { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { return mNetdService.tetherInterfaceList(); } catch (RemoteException | ServiceSpecificException e) { @@ -967,51 +876,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { } @Override - public String[] getDnsForwarders() { - NetworkStack.checkNetworkStackPermission(mContext); - try { - return mNetdService.tetherDnsList(); - } catch (RemoteException | ServiceSpecificException e) { - throw new IllegalStateException(e); - } - } - - private List<InterfaceAddress> excludeLinkLocal(List<InterfaceAddress> addresses) { - ArrayList<InterfaceAddress> filtered = new ArrayList<>(addresses.size()); - for (InterfaceAddress ia : addresses) { - if (!ia.getAddress().isLinkLocalAddress()) - filtered.add(ia); - } - return filtered; - } - - private void modifyInterfaceForward(boolean add, String fromIface, String toIface) { - try { - if (add) { - mNetdService.ipfwdAddInterfaceForward(fromIface, toIface); - } else { - mNetdService.ipfwdRemoveInterfaceForward(fromIface, toIface); - } - } catch (RemoteException | ServiceSpecificException e) { - throw new IllegalStateException(e); - } - } - - @Override - public void startInterfaceForwarding(String fromIface, String toIface) { - NetworkStack.checkNetworkStackPermission(mContext); - modifyInterfaceForward(true, fromIface, toIface); - } - - @Override - public void stopInterfaceForwarding(String fromIface, String toIface) { - NetworkStack.checkNetworkStackPermission(mContext); - modifyInterfaceForward(false, fromIface, toIface); - } - - @Override public void enableNat(String internalInterface, String externalInterface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.tetherAddForward(internalInterface, externalInterface); } catch (RemoteException | ServiceSpecificException e) { @@ -1021,7 +887,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void disableNat(String internalInterface, String externalInterface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.tetherRemoveForward(internalInterface, externalInterface); } catch (RemoteException | ServiceSpecificException e) { @@ -1031,7 +897,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setInterfaceQuota(String iface, long quotaBytes) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); synchronized (mQuotaLock) { if (mActiveQuotas.containsKey(iface)) { @@ -1062,7 +928,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void removeInterfaceQuota(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); synchronized (mQuotaLock) { if (!mActiveQuotas.containsKey(iface)) { @@ -1095,7 +961,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setInterfaceAlert(String iface, long alertBytes) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); // quick validity check if (!mActiveQuotas.containsKey(iface)) { @@ -1119,7 +985,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void removeInterfaceAlert(String iface) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); synchronized (mQuotaLock) { if (!mActiveAlerts.containsKey(iface)) { @@ -1137,19 +1003,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub { } } - @Override - public void setGlobalAlert(long alertBytes) { - NetworkStack.checkNetworkStackPermission(mContext); - - try { - mNetdService.bandwidthSetGlobalAlert(alertBytes); - } catch (RemoteException | ServiceSpecificException e) { - throw new IllegalStateException(e); - } - } - private void setUidOnMeteredNetworkList(int uid, boolean allowlist, boolean enable) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); synchronized (mQuotaLock) { boolean oldEnable; @@ -1261,7 +1116,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void setUidCleartextNetworkPolicy(int uid, int policy) { if (mDeps.getCallingUid() != uid) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); } synchronized (mQuotaLock) { @@ -1300,26 +1155,12 @@ public class NetworkManagementService extends INetworkManagementService.Stub { private class NetdTetheringStatsProvider extends ITetheringStatsProvider.Stub { @Override - public NetworkStats getTetherStats(int how) { - // Remove the implementation of NetdTetheringStatsProvider#getTetherStats - // since all callers are migrated to use INetd#tetherGetStats directly. - throw new UnsupportedOperationException(); - } - - @Override public void setInterfaceQuota(String iface, long quotaBytes) { // Do nothing. netd is already informed of quota changes in setInterfaceQuota. } } @Override - public NetworkStats getNetworkStatsTethering(int how) { - // Remove the implementation of getNetworkStatsTethering since all callers are migrated - // to use INetd#tetherGetStats directly. - throw new UnsupportedOperationException(); - } - - @Override public void setFirewallEnabled(boolean enabled) { enforceSystemUid(); try { @@ -1338,18 +1179,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub { } @Override - public void setFirewallInterfaceRule(String iface, boolean allow) { - enforceSystemUid(); - Preconditions.checkState(mFirewallEnabled); - try { - mNetdService.firewallSetInterfaceRule(iface, - allow ? INetd.FIREWALL_RULE_ALLOW : INetd.FIREWALL_RULE_DENY); - } catch (RemoteException | ServiceSpecificException e) { - throw new IllegalStateException(e); - } - } - - @Override public void setFirewallChainEnabled(int chain, boolean enable) { enforceSystemUid(); synchronized (mQuotaLock) { @@ -1619,22 +1448,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub { pw.println("]"); } - private void modifyInterfaceInNetwork(boolean add, int netId, String iface) { - NetworkStack.checkNetworkStackPermission(mContext); - try { - if (add) { - mNetdService.networkAddInterface(netId, iface); - } else { - mNetdService.networkRemoveInterface(netId, iface); - } - } catch (RemoteException | ServiceSpecificException e) { - throw new IllegalStateException(e); - } - } - @Override public void allowProtect(int uid) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.networkSetProtectAllow(uid); @@ -1645,7 +1461,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub { @Override public void denyProtect(int uid) { - NetworkStack.checkNetworkStackPermission(mContext); + PermissionUtils.enforceNetworkStackPermission(mContext); try { mNetdService.networkSetProtectDeny(uid); @@ -1654,24 +1470,6 @@ public class NetworkManagementService extends INetworkManagementService.Stub { } } - @Override - public void addInterfaceToLocalNetwork(String iface, List<RouteInfo> routes) { - modifyInterfaceInNetwork(MODIFY_OPERATION_ADD, INetd.LOCAL_NET_ID, iface); - // modifyInterfaceInNetwork already check calling permission. - NetdUtils.addRoutesToLocalNetwork(mNetdService, iface, routes); - } - - @Override - public void removeInterfaceFromLocalNetwork(String iface) { - modifyInterfaceInNetwork(MODIFY_OPERATION_REMOVE, INetd.LOCAL_NET_ID, iface); - } - - @Override - public int removeRoutesFromLocalNetwork(List<RouteInfo> routes) { - NetworkStack.checkNetworkStackPermission(mContext); - return NetdUtils.removeRoutesFromLocalNetwork(mNetdService, routes); - } - @android.annotation.EnforcePermission(android.Manifest.permission.OBSERVE_NETWORK_POLICY) @Override public boolean isNetworkRestricted(int uid) { |