diff options
| -rw-r--r-- | services/core/java/com/android/server/NetworkManagementService.java | 117 |
1 files changed, 64 insertions, 53 deletions
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java index aaec642ab4e2..097202b9b0a9 100644 --- a/services/core/java/com/android/server/NetworkManagementService.java +++ b/services/core/java/com/android/server/NetworkManagementService.java @@ -64,6 +64,7 @@ import android.net.NetworkStats; import android.net.NetworkUtils; import android.net.RouteInfo; import android.net.UidRange; +import android.net.util.NetdService; import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiConfiguration.KeyMgmt; import android.os.BatteryStats; @@ -340,7 +341,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub if (DBG) Slog.d(TAG, "Awaiting socket connection"); connectedSignal.await(); if (DBG) Slog.d(TAG, "Connected"); + if (DBG) Slog.d(TAG, "Connecting native netd service"); service.connectNativeNetdService(); + if (DBG) Slog.d(TAG, "Connected"); return service; } @@ -549,14 +552,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub } private void connectNativeNetdService() { - boolean nativeServiceAvailable = false; - try { - mNetdService = INetd.Stub.asInterface(ServiceManager.getService(NETD_SERVICE_NAME)); - nativeServiceAvailable = mNetdService.isAlive(); - } catch (RemoteException e) {} - if (!nativeServiceAvailable) { - Slog.wtf(TAG, "Can't connect to NativeNetdService " + NETD_SERVICE_NAME); - } + mNetdService = NetdService.get(); } /** @@ -569,36 +565,30 @@ public class NetworkManagementService extends INetworkManagementService.Stub // only enable bandwidth control when support exists final boolean hasKernelSupport = new File("/proc/net/xt_qtaguid/ctrl").exists(); - if (hasKernelSupport) { - Slog.d(TAG, "enabling bandwidth control"); - try { - mConnector.execute("bandwidth", "enable"); - mBandwidthControlEnabled = true; - } catch (NativeDaemonConnectorException e) { - Log.wtf(TAG, "problem enabling bandwidth controls", e); - } - } else { - Slog.i(TAG, "not enabling bandwidth control"); - } - SystemProperties.set(PROP_QTAGUID_ENABLED, mBandwidthControlEnabled ? "1" : "0"); + // push any existing quota or UID rules + synchronized (mQuotaLock) { - if (mBandwidthControlEnabled) { - try { - getBatteryStats().noteNetworkStatsEnabled(); - } catch (RemoteException e) { + if (hasKernelSupport) { + Slog.d(TAG, "enabling bandwidth control"); + try { + mConnector.execute("bandwidth", "enable"); + mBandwidthControlEnabled = true; + } catch (NativeDaemonConnectorException e) { + Log.wtf(TAG, "problem enabling bandwidth controls", e); + } + } else { + Slog.i(TAG, "not enabling bandwidth control"); } - } - try { - mConnector.execute("strict", "enable"); - mStrictEnabled = true; - } catch (NativeDaemonConnectorException e) { - Log.wtf(TAG, "Failed strict enable", e); - } + SystemProperties.set(PROP_QTAGUID_ENABLED, mBandwidthControlEnabled ? "1" : "0"); - // push any existing quota or UID rules - synchronized (mQuotaLock) { + try { + mConnector.execute("strict", "enable"); + mStrictEnabled = true; + } catch (NativeDaemonConnectorException e) { + Log.wtf(TAG, "Failed strict enable", e); + } setDataSaverModeEnabled(mDataSaverMode); @@ -672,6 +662,14 @@ public class NetworkManagementService extends INetworkManagementService.Stub setFirewallChainEnabled(FIREWALL_CHAIN_POWERSAVE, true); } } + + if (mBandwidthControlEnabled) { + try { + getBatteryStats().noteNetworkStatsEnabled(); + } catch (RemoteException e) { + } + } + } /** @@ -1716,6 +1714,30 @@ public class NetworkManagementService extends INetworkManagementService.Stub } } + private void applyUidCleartextNetworkPolicy(int uid, int policy) { + final String policyString; + switch (policy) { + case StrictMode.NETWORK_POLICY_ACCEPT: + policyString = "accept"; + break; + case StrictMode.NETWORK_POLICY_LOG: + policyString = "log"; + break; + case StrictMode.NETWORK_POLICY_REJECT: + policyString = "reject"; + break; + default: + throw new IllegalArgumentException("Unknown policy " + policy); + } + + try { + mConnector.execute("strict", "set_uid_cleartext_policy", uid, policyString); + mUidCleartextPolicy.put(uid, policy); + } catch (NativeDaemonConnectorException e) { + throw e.rethrowAsParcelableException(); + } + } + @Override public void setUidCleartextNetworkPolicy(int uid, int policy) { if (Binder.getCallingUid() != uid) { @@ -1725,6 +1747,8 @@ public class NetworkManagementService extends INetworkManagementService.Stub synchronized (mQuotaLock) { final int oldPolicy = mUidCleartextPolicy.get(uid, StrictMode.NETWORK_POLICY_ACCEPT); if (oldPolicy == policy) { + // This also ensures we won't needlessly apply an ACCEPT policy if we've just + // enabled strict and the underlying iptables rules are empty. return; } @@ -1735,28 +1759,15 @@ public class NetworkManagementService extends INetworkManagementService.Stub return; } - final String policyString; - switch (policy) { - case StrictMode.NETWORK_POLICY_ACCEPT: - policyString = "accept"; - break; - case StrictMode.NETWORK_POLICY_LOG: - policyString = "log"; - break; - case StrictMode.NETWORK_POLICY_REJECT: - policyString = "reject"; - break; - default: - throw new IllegalArgumentException("Unknown policy " + policy); - } - - try { - mConnector.execute("strict", "set_uid_cleartext_policy", uid, policyString); - mUidCleartextPolicy.put(uid, policy); - } catch (NativeDaemonConnectorException e) { - throw e.rethrowAsParcelableException(); + // netd does not keep state on strict mode policies, and cannot replace a non-accept + // policy without deleting it first. Rather than add state to netd, just always send + // it an accept policy when switching between two non-accept policies. + if (oldPolicy != StrictMode.NETWORK_POLICY_ACCEPT && + policy != StrictMode.NETWORK_POLICY_ACCEPT) { + applyUidCleartextNetworkPolicy(uid, policy); } } + applyUidCleartextNetworkPolicy(uid, policy); } @Override |