Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / d1f779d88f96ee42cb0decf1ca656c6a38def7f7 / . / framework / src / android / net / BpfNetMapsUtils.java
blob: e9c9137e37679478eb3cd641c68999bf375afdd4 [file] [log] [blame]
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]1/*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.net;
18
Junyu Laie0031522023-08-29 18:32:57 +0800[diff] [blame]19import static android.net.BpfNetMapsConstants.ALLOW_CHAINS;
20import static android.net.BpfNetMapsConstants.DENY_CHAINS;
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]21import static android.net.BpfNetMapsConstants.DOZABLE_MATCH;
22import static android.net.BpfNetMapsConstants.LOW_POWER_STANDBY_MATCH;
23import static android.net.BpfNetMapsConstants.MATCH_LIST;
24import static android.net.BpfNetMapsConstants.NO_MATCH;
25import static android.net.BpfNetMapsConstants.OEM_DENY_1_MATCH;
26import static android.net.BpfNetMapsConstants.OEM_DENY_2_MATCH;
27import static android.net.BpfNetMapsConstants.OEM_DENY_3_MATCH;
28import static android.net.BpfNetMapsConstants.POWERSAVE_MATCH;
29import static android.net.BpfNetMapsConstants.RESTRICTED_MATCH;
30import static android.net.BpfNetMapsConstants.STANDBY_MATCH;
31import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE;
32import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY;
33import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_1;
34import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_2;
35import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_3;
36import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
37import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
38import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
39import static android.system.OsConstants.EINVAL;
40
41import android.os.ServiceSpecificException;
42import android.util.Pair;
43
Junyu Lai626045a2023-08-28 18:49:44 +0800[diff] [blame]44import com.android.modules.utils.build.SdkLevel;
45
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]46import java.util.StringJoiner;
47
48/**
49 * The classes and the methods for BpfNetMaps utilization.
50 *
51 * @hide
52 */
53// Note that this class should be put into bootclasspath instead of static libraries.
54// Because modules could have different copies of this class if this is statically linked,
55// which would be problematic if the definitions in these modules are not synchronized.
56public class BpfNetMapsUtils {
57 // Prevent this class from being accidental instantiated.
58 private BpfNetMapsUtils() {}
59
60 /**
61 * Get corresponding match from firewall chain.
62 */
63 public static long getMatchByFirewallChain(final int chain) {
64 switch (chain) {
65 case FIREWALL_CHAIN_DOZABLE:
66 return DOZABLE_MATCH;
67 case FIREWALL_CHAIN_STANDBY:
68 return STANDBY_MATCH;
69 case FIREWALL_CHAIN_POWERSAVE:
70 return POWERSAVE_MATCH;
71 case FIREWALL_CHAIN_RESTRICTED:
72 return RESTRICTED_MATCH;
73 case FIREWALL_CHAIN_LOW_POWER_STANDBY:
74 return LOW_POWER_STANDBY_MATCH;
75 case FIREWALL_CHAIN_OEM_DENY_1:
76 return OEM_DENY_1_MATCH;
77 case FIREWALL_CHAIN_OEM_DENY_2:
78 return OEM_DENY_2_MATCH;
79 case FIREWALL_CHAIN_OEM_DENY_3:
80 return OEM_DENY_3_MATCH;
81 default:
82 throw new ServiceSpecificException(EINVAL, "Invalid firewall chain: " + chain);
83 }
84 }
85
86 /**
Junyu Laie0031522023-08-29 18:32:57 +0800[diff] [blame]87 * Get whether the chain is an allow-list or a deny-list.
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]88 *
89 * ALLOWLIST means the firewall denies all by default, uids must be explicitly allowed
Junyu Laie0031522023-08-29 18:32:57 +0800[diff] [blame]90 * DENYLIST means the firewall allows all by default, uids must be explicitly denied
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]91 */
92 public static boolean isFirewallAllowList(final int chain) {
Junyu Laie0031522023-08-29 18:32:57 +0800[diff] [blame]93 if (ALLOW_CHAINS.contains(chain)) {
94 return true;
95 } else if (DENY_CHAINS.contains(chain)) {
96 return false;
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]97 }
Junyu Laie0031522023-08-29 18:32:57 +0800[diff] [blame]98 throw new ServiceSpecificException(EINVAL, "Invalid firewall chain: " + chain);
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]99 }
100
101 /**
102 * Get match string representation from the given match bitmap.
103 */
104 public static String matchToString(long matchMask) {
105 if (matchMask == NO_MATCH) {
106 return "NO_MATCH";
107 }
108
109 final StringJoiner sj = new StringJoiner(" ");
110 for (final Pair<Long, String> match : MATCH_LIST) {
111 final long matchFlag = match.first;
112 final String matchName = match.second;
113 if ((matchMask & matchFlag) != 0) {
114 sj.add(matchName);
115 matchMask &= ~matchFlag;
116 }
117 }
118 if (matchMask != 0) {
119 sj.add("UNKNOWN_MATCH(" + matchMask + ")");
120 }
121 return sj.toString();
122 }
Junyu Lai626045a2023-08-28 18:49:44 +0800[diff] [blame]123
124 public static final boolean PRE_T = !SdkLevel.isAtLeastT();
125
126 /**
127 * Throw UnsupportedOperationException if SdkLevel is before T.
128 */
129 public static void throwIfPreT(final String msg) {
130 if (PRE_T) {
131 throw new UnsupportedOperationException(msg);
132 }
133 }
Junyu Lai29b7b632023-08-23 17:35:17 +0800[diff] [blame]134}