framework/src/android/net/BpfNetMapsConstants.java

/*
 * Copyright (C) 2023 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.net;

import static android.net.ConnectivityManager.FIREWALL_CHAIN_BACKGROUND;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_1;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_2;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_3;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;

import android.util.Pair;

import com.android.net.module.util.Struct;

import java.util.Arrays;
import java.util.List;

/**
 * BpfNetMaps related constants that can be shared among modules.
 *
 * @hide
 */
// Note that this class should be put into bootclasspath instead of static libraries.
// Because modules could have different copies of this class if this is statically linked,
// which would be problematic if the definitions in these modules are not synchronized.
public class BpfNetMapsConstants {
    // Prevent this class from being accidental instantiated.
    private BpfNetMapsConstants() {}

    public static final String CONFIGURATION_MAP_PATH =
            "/sys/fs/bpf/netd_shared/map_netd_configuration_map";
    public static final String UID_OWNER_MAP_PATH =
            "/sys/fs/bpf/netd_shared/map_netd_uid_owner_map";
    public static final String UID_PERMISSION_MAP_PATH =
            "/sys/fs/bpf/netd_shared/map_netd_uid_permission_map";
    public static final String COOKIE_TAG_MAP_PATH =
            "/sys/fs/bpf/netd_shared/map_netd_cookie_tag_map";
    public static final String DATA_SAVER_ENABLED_MAP_PATH =
            "/sys/fs/bpf/netd_shared/map_netd_data_saver_enabled_map";
    public static final String INGRESS_DISCARD_MAP_PATH =
            "/sys/fs/bpf/netd_shared/map_netd_ingress_discard_map";
    public static final Struct.S32 UID_RULES_CONFIGURATION_KEY = new Struct.S32(0);
    public static final Struct.S32 CURRENT_STATS_MAP_CONFIGURATION_KEY = new Struct.S32(1);
    public static final Struct.S32 DATA_SAVER_ENABLED_KEY = new Struct.S32(0);

    public static final short DATA_SAVER_DISABLED = 0;
    public static final short DATA_SAVER_ENABLED = 1;

    // LINT.IfChange(match_type)
    public static final long NO_MATCH = 0;
    public static final long HAPPY_BOX_MATCH = (1 << 0);
    public static final long PENALTY_BOX_MATCH = (1 << 1);
    public static final long DOZABLE_MATCH = (1 << 2);
    public static final long STANDBY_MATCH = (1 << 3);
    public static final long POWERSAVE_MATCH = (1 << 4);
    public static final long RESTRICTED_MATCH = (1 << 5);
    public static final long LOW_POWER_STANDBY_MATCH = (1 << 6);
    public static final long IIF_MATCH = (1 << 7);
    public static final long LOCKDOWN_VPN_MATCH = (1 << 8);
    public static final long OEM_DENY_1_MATCH = (1 << 9);
    public static final long OEM_DENY_2_MATCH = (1 << 10);
    public static final long OEM_DENY_3_MATCH = (1 << 11);
    public static final long BACKGROUND_MATCH = (1 << 12);

    public static final List<Pair<Long, String>> MATCH_LIST = Arrays.asList(
            Pair.create(HAPPY_BOX_MATCH, "HAPPY_BOX_MATCH"),
            Pair.create(PENALTY_BOX_MATCH, "PENALTY_BOX_MATCH"),
            Pair.create(DOZABLE_MATCH, "DOZABLE_MATCH"),
            Pair.create(STANDBY_MATCH, "STANDBY_MATCH"),
            Pair.create(POWERSAVE_MATCH, "POWERSAVE_MATCH"),
            Pair.create(RESTRICTED_MATCH, "RESTRICTED_MATCH"),
            Pair.create(LOW_POWER_STANDBY_MATCH, "LOW_POWER_STANDBY_MATCH"),
            Pair.create(IIF_MATCH, "IIF_MATCH"),
            Pair.create(LOCKDOWN_VPN_MATCH, "LOCKDOWN_VPN_MATCH"),
            Pair.create(OEM_DENY_1_MATCH, "OEM_DENY_1_MATCH"),
            Pair.create(OEM_DENY_2_MATCH, "OEM_DENY_2_MATCH"),
            Pair.create(OEM_DENY_3_MATCH, "OEM_DENY_3_MATCH"),
            Pair.create(BACKGROUND_MATCH, "BACKGROUND_MATCH")
    );

    /**
     * List of all firewall allow chains.
     *
     * Allow chains mean the firewall denies all uids by default, uids must be explicitly allowed.
     */
    public static final List<Integer> ALLOW_CHAINS = List.of(
            FIREWALL_CHAIN_DOZABLE,
            FIREWALL_CHAIN_POWERSAVE,
            FIREWALL_CHAIN_RESTRICTED,
            FIREWALL_CHAIN_LOW_POWER_STANDBY,
            FIREWALL_CHAIN_BACKGROUND
    );

    /**
     * List of all firewall deny chains.
     *
     * Deny chains mean the firewall allows all uids by default, uids must be explicitly denied.
     */
    public static final List<Integer> DENY_CHAINS = List.of(
            FIREWALL_CHAIN_STANDBY,
            FIREWALL_CHAIN_OEM_DENY_1,
            FIREWALL_CHAIN_OEM_DENY_2,
            FIREWALL_CHAIN_OEM_DENY_3
    );
    // LINT.ThenChange(../../../../bpf_progs/netd.h)
}