Do not apply background rules for core uids - platform/frameworks/base

diff options

author	Suprabh Shukla <suprabh@google.com>	2024-08-08 21:07:00 +0000
committer	Android Build Cherrypicker Worker <android-build-cherrypicker-worker@google.com>	2024-08-08 21:07:00 +0000
commit	4c00a0677af6cfa88974e8104891c71b625d1ab1 (patch)
tree	2e8cbe505b1a41f1f8246ed168cf1e889a10eb77 /libs/androidfw/StringPool.cpp
parent	e74cf64ecfeb5496ac69f9ce18b686d9e25ed7a6 (diff)

Do not apply background rules for core uids

Core uids are exempt from firewalls by the underlying stack, so they will always be allowed network. Similarly, apps without the INTERNET permission cannot access network regardless of firewall rules. Currently, the code is fragmented in applying rules to these uids. To make debugging and code maintenance easier, we want to be consistent by never setting any rules for such uids. Once the feature is enabled and tested, upstream code paths for all firewall rules can be simplified to use the same check. Flag: com.android.server.net.never_apply_rules_to_core_uids Test: atest FrameworksServicesTests:NetworkPolicyManagerServiceTest BYPASS_INCLUSIVE_LANGUAGE_REASON=Existing methods Bug: 356956588 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:da8a8cb6ea581986e7f0ba2c8c3462b2d66492fc) Merged-In: Ibe50b806a0632d09772e7e2e8deea6d2fefdc946 Change-Id: Ibe50b806a0632d09772e7e2e8deea6d2fefdc946

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: