summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Suprabh Shukla <suprabh@google.com> 2024-11-08 23:08:19 +0000
committer Android Build Cherrypicker Worker <android-build-cherrypicker-worker@google.com> 2024-11-08 23:08:19 +0000
commit0ab54d6c305bce6d850ac97515afaaad95fc8b6c (patch)
tree4910b0f6837dc1958cf1108b79f54cbef7bab979
parent50ef447e31b0b5b968130116645c6f7b89eb3ca2 (diff)
Cleaning up flag NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE
This flag should be enabled in the Android 15 release. Cleaning up the flag so the value of true is used by code instead. Note: No functional change is intended by the CL if the flag value is considered to be true. Flag: EXEMPT removing \ com.android.server.net.network_blocked_for_top_sleeping_and_above Test: atest CtsHostsideNetworkPolicyTests Test: atest FrameworksServicesTests:NetworkPolicyManagerServiceTest Bug: 304347838 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1d534ee4ecc1877b66b894572d96e04561e64f9d) Merged-In: Ibe8b4226368b6ce17b8c1c084129924844391372 Change-Id: Ibe8b4226368b6ce17b8c1c084129924844391372
Diffstat
-rw-r--r--services/core/java/com/android/server/net/NetworkPolicyManagerService.java207
-rw-r--r--services/core/java/com/android/server/net/flags.aconfig7
-rw-r--r--services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java13
3 files changed, 87 insertions, 140 deletions
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index 2a3be1e119bf..7de2815eba6b 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -513,12 +513,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
private boolean mLoadedRestrictBackground;
/**
- * Whether or not network for apps in proc-states greater than
- * {@link NetworkPolicyManager#BACKGROUND_THRESHOLD_STATE} is always blocked.
- */
- private boolean mBackgroundNetworkRestricted;
-
- /**
* Whether or not metered firewall chains should be used for uid policy controlling access to
* metered networks.
*/
@@ -1117,14 +1111,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
writePolicyAL();
}
- // The flag is boot-stable.
- mBackgroundNetworkRestricted = Flags.networkBlockedForTopSleepingAndAbove();
- if (mBackgroundNetworkRestricted) {
- // Firewall rules and UidBlockedState will get updated in
- // updateRulesForGlobalChangeAL below.
- enableFirewallChainUL(FIREWALL_CHAIN_BACKGROUND, true);
- }
-
+ enableFirewallChainUL(FIREWALL_CHAIN_BACKGROUND, true);
setRestrictBackgroundUL(mLoadedRestrictBackground, "init_service");
updateRulesForGlobalChangeAL(false);
updateNotificationsNL();
@@ -1135,11 +1122,8 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
final int changes = ActivityManager.UID_OBSERVER_PROCSTATE
| ActivityManager.UID_OBSERVER_GONE
| ActivityManager.UID_OBSERVER_CAPABILITY;
-
- final int cutpoint = mBackgroundNetworkRestricted ? PROCESS_STATE_UNKNOWN
- : NetworkPolicyManager.FOREGROUND_THRESHOLD_STATE;
mActivityManagerInternal.registerNetworkPolicyUidObserver(mUidObserver, changes,
- cutpoint, "android");
+ PROCESS_STATE_UNKNOWN, "android");
mNetworkManager.registerObserver(mAlertObserver);
} catch (RemoteException e) {
// ignored; both services live in system_server
@@ -1280,21 +1264,19 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
// different chains may change.
return true;
}
- if (mBackgroundNetworkRestricted) {
- if ((previousProcState >= BACKGROUND_THRESHOLD_STATE)
+ if ((previousProcState >= BACKGROUND_THRESHOLD_STATE)
!= (newProcState >= BACKGROUND_THRESHOLD_STATE)) {
- // Proc-state change crossed BACKGROUND_THRESHOLD_STATE: The network rules will
- // need to be re-evaluated for the background chain.
- return true;
- }
- if (mUseDifferentDelaysForBackgroundChain
- && newProcState >= BACKGROUND_THRESHOLD_STATE
- && getBackgroundTransitioningDelay(newProcState)
- < getBackgroundTransitioningDelay(previousProcState)) {
- // The old and new proc-state both are in the blocked state but the background
- // transition delay is reduced, so we may have to update the rules sooner.
- return true;
- }
+ // Proc-state change crossed BACKGROUND_THRESHOLD_STATE: The network rules will
+ // need to be re-evaluated for the background chain.
+ return true;
+ }
+ if (mUseDifferentDelaysForBackgroundChain
+ && newProcState >= BACKGROUND_THRESHOLD_STATE
+ && getBackgroundTransitioningDelay(newProcState)
+ < getBackgroundTransitioningDelay(previousProcState)) {
+ // The old and new proc-state both are in the blocked state but the background
+ // transition delay is reduced, so we may have to update the rules sooner.
+ return true;
}
final int networkCapabilities = PROCESS_CAPABILITY_POWER_RESTRICTED_NETWORK
| PROCESS_CAPABILITY_USER_RESTRICTED_NETWORK;
@@ -1367,9 +1349,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
// on background handler thread, and POWER_SAVE_WHITELIST_CHANGED is protected
synchronized (mUidRulesFirstLock) {
updatePowerSaveAllowlistUL();
- if (mBackgroundNetworkRestricted) {
- updateRulesForBackgroundChainUL();
- }
+ updateRulesForBackgroundChainUL();
updateRulesForRestrictPowerUL();
updateRulesForAppIdleUL();
}
@@ -4100,8 +4080,6 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
fout.println();
fout.println("Flags:");
- fout.println(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE + ": "
- + mBackgroundNetworkRestricted);
fout.println(Flags.FLAG_USE_METERED_FIREWALL_CHAINS + ": "
+ mUseMeteredFirewallChains);
fout.println(Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN + ": "
@@ -4251,35 +4229,33 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
fout.decreaseIndent();
}
- if (mBackgroundNetworkRestricted) {
+ fout.println();
+ if (mUseDifferentDelaysForBackgroundChain) {
+ fout.print("Background restrictions short delay: ");
+ TimeUtils.formatDuration(mBackgroundRestrictionShortDelayMs, fout);
fout.println();
- if (mUseDifferentDelaysForBackgroundChain) {
- fout.print("Background restrictions short delay: ");
- TimeUtils.formatDuration(mBackgroundRestrictionShortDelayMs, fout);
- fout.println();
- fout.print("Background restrictions long delay: ");
- TimeUtils.formatDuration(mBackgroundRestrictionLongDelayMs, fout);
- fout.println();
- }
+ fout.print("Background restrictions long delay: ");
+ TimeUtils.formatDuration(mBackgroundRestrictionLongDelayMs, fout);
+ fout.println();
+ }
- size = mBackgroundTransitioningUids.size();
- if (size > 0) {
- final long nowUptime = SystemClock.uptimeMillis();
- fout.println("Uids transitioning to background:");
- fout.increaseIndent();
- for (int i = 0; i < size; i++) {
- fout.print("UID=");
- fout.print(mBackgroundTransitioningUids.keyAt(i));
- fout.print(", ");
- TimeUtils.formatDuration(mBackgroundTransitioningUids.valueAt(i),
- nowUptime, fout);
- fout.println();
- }
- fout.decreaseIndent();
+ size = mBackgroundTransitioningUids.size();
+ if (size > 0) {
+ final long nowUptime = SystemClock.uptimeMillis();
+ fout.println("Uids transitioning to background:");
+ fout.increaseIndent();
+ for (int i = 0; i < size; i++) {
+ fout.print("UID=");
+ fout.print(mBackgroundTransitioningUids.keyAt(i));
+ fout.print(", ");
+ TimeUtils.formatDuration(mBackgroundTransitioningUids.valueAt(i),
+ nowUptime, fout);
+ fout.println();
}
- fout.println();
+ fout.decreaseIndent();
}
+ fout.println();
final SparseBooleanArray knownUids = new SparseBooleanArray();
collectKeys(mUidState, knownUids);
@@ -4465,51 +4441,49 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
}
updatePowerRestrictionRules = true;
}
- if (mBackgroundNetworkRestricted) {
- final boolean wasAllowed = isProcStateAllowedNetworkWhileBackground(
- oldUidState);
- final boolean isAllowed = isProcStateAllowedNetworkWhileBackground(newUidState);
- if (!wasAllowed && isAllowed) {
- mBackgroundTransitioningUids.delete(uid);
- updateRuleForBackgroundUL(uid);
- updatePowerRestrictionRules = true;
- } else if (!isAllowed) {
- final int transitionIdx = mBackgroundTransitioningUids.indexOfKey(uid);
- final long completionTimeMs = SystemClock.uptimeMillis()
- + getBackgroundTransitioningDelay(procState);
- boolean completionTimeUpdated = false;
- if (wasAllowed) {
- // Rules need to transition from allowed to blocked after the respective
- // delay.
- if (transitionIdx < 0) {
- // This is just a defensive check in case the upstream code ever
- // makes multiple calls for the same process state change.
- mBackgroundTransitioningUids.put(uid, completionTimeMs);
- completionTimeUpdated = true;
- }
- } else if (mUseDifferentDelaysForBackgroundChain) {
- // wasAllowed was false, but the transition delay may have reduced.
- // Currently, this can happen when the uid transitions from
- // LAST_ACTIVITY to CACHED_ACTIVITY, for example.
- if (transitionIdx >= 0
- && completionTimeMs < mBackgroundTransitioningUids.valueAt(
- transitionIdx)) {
- mBackgroundTransitioningUids.setValueAt(transitionIdx,
- completionTimeMs);
- completionTimeUpdated = true;
- }
+ final boolean wasAllowed = isProcStateAllowedNetworkWhileBackground(
+ oldUidState);
+ final boolean isAllowed = isProcStateAllowedNetworkWhileBackground(newUidState);
+ if (!wasAllowed && isAllowed) {
+ mBackgroundTransitioningUids.delete(uid);
+ updateRuleForBackgroundUL(uid);
+ updatePowerRestrictionRules = true;
+ } else if (!isAllowed) {
+ final int transitionIdx = mBackgroundTransitioningUids.indexOfKey(uid);
+ final long completionTimeMs = SystemClock.uptimeMillis()
+ + getBackgroundTransitioningDelay(procState);
+ boolean completionTimeUpdated = false;
+ if (wasAllowed) {
+ // Rules need to transition from allowed to blocked after the respective
+ // delay.
+ if (transitionIdx < 0) {
+ // This is just a defensive check in case the upstream code ever
+ // makes multiple calls for the same process state change.
+ mBackgroundTransitioningUids.put(uid, completionTimeMs);
+ completionTimeUpdated = true;
}
- if (completionTimeUpdated
- && completionTimeMs < mNextProcessBackgroundUidsTime) {
- // Many uids may be in this "transitioning" state at the same time,
- // so we always keep one message to process transition completion at
- // the earliest time.
- mHandler.removeMessages(MSG_PROCESS_BACKGROUND_TRANSITIONING_UIDS);
- mHandler.sendEmptyMessageAtTime(
- MSG_PROCESS_BACKGROUND_TRANSITIONING_UIDS, completionTimeMs);
- mNextProcessBackgroundUidsTime = completionTimeMs;
+ } else if (mUseDifferentDelaysForBackgroundChain) {
+ // wasAllowed was false, but the transition delay may have reduced.
+ // Currently, this can happen when the uid transitions from
+ // LAST_ACTIVITY to CACHED_ACTIVITY, for example.
+ if (transitionIdx >= 0
+ && completionTimeMs < mBackgroundTransitioningUids.valueAt(
+ transitionIdx)) {
+ mBackgroundTransitioningUids.setValueAt(transitionIdx,
+ completionTimeMs);
+ completionTimeUpdated = true;
}
}
+ if (completionTimeUpdated
+ && completionTimeMs < mNextProcessBackgroundUidsTime) {
+ // Many uids may be in this "transitioning" state at the same time,
+ // so we always keep one message to process transition completion at
+ // the earliest time.
+ mHandler.removeMessages(MSG_PROCESS_BACKGROUND_TRANSITIONING_UIDS);
+ mHandler.sendEmptyMessageAtTime(
+ MSG_PROCESS_BACKGROUND_TRANSITIONING_UIDS, completionTimeMs);
+ mNextProcessBackgroundUidsTime = completionTimeMs;
+ }
}
if (mLowPowerStandbyActive) {
boolean allowedInLpsChanged =
@@ -4545,12 +4519,10 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
if (mRestrictPower) {
updateRuleForRestrictPowerUL(uid);
}
- if (mBackgroundNetworkRestricted) {
- // Uid is no longer running, there is no point in any grace period of network
- // access during transitions to lower importance proc-states.
- mBackgroundTransitioningUids.delete(uid);
- updateRuleForBackgroundUL(uid);
- }
+ // Uid is no longer running, there is no point in any grace period of network
+ // access during transitions to lower importance proc-states.
+ mBackgroundTransitioningUids.delete(uid);
+ updateRuleForBackgroundUL(uid);
updateRulesForPowerRestrictionsUL(uid);
if (mLowPowerStandbyActive) {
updateRuleForLowPowerStandbyUL(uid);
@@ -5021,9 +4993,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
"updateRulesForGlobalChangeAL: " + (restrictedNetworksChanged ? "R" : "-"));
}
try {
- if (mBackgroundNetworkRestricted) {
- updateRulesForBackgroundChainUL();
- }
+ updateRulesForBackgroundChainUL();
updateRulesForAppIdleUL();
updateRulesForRestrictPowerUL();
updateRulesForRestrictBackgroundUL();
@@ -5183,9 +5153,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
updateRuleForAppIdleUL(uid, PROCESS_STATE_UNKNOWN);
updateRuleForDeviceIdleUL(uid);
updateRuleForRestrictPowerUL(uid);
- if (mBackgroundNetworkRestricted) {
- updateRuleForBackgroundUL(uid);
- }
+ updateRuleForBackgroundUL(uid);
// Update internal rules.
updateRulesForPowerRestrictionsUL(uid);
}
@@ -5358,9 +5326,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
updateRuleForDeviceIdleUL(uid);
updateRuleForAppIdleUL(uid, PROCESS_STATE_UNKNOWN);
updateRuleForRestrictPowerUL(uid);
- if (mBackgroundNetworkRestricted) {
- updateRuleForBackgroundUL(uid);
- }
+ updateRuleForBackgroundUL(uid);
// If the uid has the necessary permissions, then it should be added to the restricted mode
// firewall allowlist.
@@ -5611,7 +5577,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
newBlockedReasons |= (mLowPowerStandbyActive ? BLOCKED_REASON_LOW_POWER_STANDBY : 0);
newBlockedReasons |= (isUidIdle ? BLOCKED_REASON_APP_STANDBY : 0);
newBlockedReasons |= (uidBlockedState.blockedReasons & BLOCKED_REASON_RESTRICTED_MODE);
- newBlockedReasons |= mBackgroundNetworkRestricted ? BLOCKED_REASON_APP_BACKGROUND : 0;
+ newBlockedReasons |= BLOCKED_REASON_APP_BACKGROUND;
newAllowedReasons |= (isSystem(uid) ? ALLOWED_REASON_SYSTEM : 0);
newAllowedReasons |= (isForeground ? ALLOWED_REASON_FOREGROUND : 0);
@@ -5624,8 +5590,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
& ALLOWED_REASON_RESTRICTED_MODE_PERMISSIONS);
newAllowedReasons |= (isAllowlistedFromLowPowerStandbyUL(uid))
? ALLOWED_REASON_LOW_POWER_STANDBY_ALLOWLIST : 0;
- newAllowedReasons |= (mBackgroundNetworkRestricted
- && isUidExemptFromBackgroundRestrictions(uid))
+ newAllowedReasons |= isUidExemptFromBackgroundRestrictions(uid)
? ALLOWED_REASON_NOT_IN_BACKGROUND : 0;
uidBlockedState.blockedReasons = (uidBlockedState.blockedReasons
diff --git a/services/core/java/com/android/server/net/flags.aconfig b/services/core/java/com/android/server/net/flags.aconfig
index 7f04e665567e..3c0ff6115fcd 100644
--- a/services/core/java/com/android/server/net/flags.aconfig
+++ b/services/core/java/com/android/server/net/flags.aconfig
@@ -2,13 +2,6 @@ package: "com.android.server.net"
container: "system"
flag {
- name: "network_blocked_for_top_sleeping_and_above"
- namespace: "backstage_power"
- description: "Block network access for apps in a low importance background state"
- bug: "304347838"
-}
-
-flag {
name: "use_metered_firewall_chains"
namespace: "backstage_power"
description: "Use metered firewall chains to control access to metered networks"
diff --git a/services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java b/services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java
index dddab657be14..5a7027edc20d 100644
--- a/services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java
@@ -2158,13 +2158,11 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
public void testBackgroundChainEnabled() throws Exception {
verify(mNetworkManager).setFirewallChainEnabled(FIREWALL_CHAIN_BACKGROUND, true);
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
@RequiresFlagsDisabled(Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN)
public void testBackgroundChainOnProcStateChangeSameDelay() throws Exception {
// initialization calls setFirewallChainEnabled, so we want to reset the invocations.
@@ -2194,10 +2192,7 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled({
- Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE,
- Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN
- })
+ @RequiresFlagsEnabled(Flags.FLAG_USE_DIFFERENT_DELAYS_FOR_BACKGROUND_CHAIN)
public void testBackgroundChainOnProcStateChangeDifferentDelays() throws Exception {
// The app will be blocked when there is no prior proc-state.
assertTrue(mService.isUidNetworkingBlocked(UID_A, false));
@@ -2247,7 +2242,6 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
public void testBackgroundChainOnAllowlistChange() throws Exception {
// initialization calls setFirewallChainEnabled, so we want to reset the invocations.
clearInvocations(mNetworkManager);
@@ -2285,7 +2279,6 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
public void testBackgroundChainOnTempAllowlistChange() throws Exception {
// initialization calls setFirewallChainEnabled, so we want to reset the invocations.
clearInvocations(mNetworkManager);
@@ -2387,7 +2380,6 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
public void testUidObserverFiltersProcStateChanges() throws Exception {
int testProcStateSeq = 0;
try (SyncBarrier b = new SyncBarrier(mService.mUidEventHandler)) {
@@ -2450,7 +2442,6 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
public void testUidObserverFiltersStaleChanges() throws Exception {
final int testProcStateSeq = 51;
try (SyncBarrier b = new SyncBarrier(mService.mUidEventHandler)) {
@@ -2470,7 +2461,6 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
public void testUidObserverFiltersCapabilityChanges() throws Exception {
int testProcStateSeq = 0;
try (SyncBarrier b = new SyncBarrier(mService.mUidEventHandler)) {
@@ -2559,7 +2549,6 @@ public class NetworkPolicyManagerServiceTest {
}
@Test
- @RequiresFlagsEnabled(Flags.FLAG_NETWORK_BLOCKED_FOR_TOP_SLEEPING_AND_ABOVE)
public void testObsoleteHandleUidChanged() throws Exception {
callAndWaitOnUidGone(UID_A);
assertTrue(mService.isUidNetworkingBlocked(UID_A, false));
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-21 09:42:39 +0000