Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / da8a8cb6ea581986e7f0ba2c8c3462b2d66492fc
commitda8a8cb6ea581986e7f0ba2c8c3462b2d66492fc[log] [tgz]
authorSuprabh Shukla <suprabh@google.com>Wed Jul 31 17:47:58 2024 -0700
committerSuprabh Shukla <suprabh@google.com>Wed Aug 07 17:32:14 2024 +0000
tree49bf1829699f562a1cd44ba7dfe689864a7b15d6
parent0e03926c02ef05035a7e97109ba7cfbd828df834 [diff]
Do not apply background rules for core uids

Core uids are exempt from firewalls by the underlying stack, so they
will always be allowed network.
Similarly, apps without the INTERNET permission cannot access network
regardless of firewall rules.

Currently, the code is fragmented in applying rules to these uids.
To make debugging and code maintenance easier, we want to be consistent
by never setting any rules for such uids.

Once the feature is enabled and tested, upstream code paths for all
firewall rules can be simplified to use the same check.

Flag: com.android.server.net.never_apply_rules_to_core_uids

Test: atest FrameworksServicesTests:NetworkPolicyManagerServiceTest

BYPASS_INCLUSIVE_LANGUAGE_REASON=Existing methods

Bug: 356956588
Change-Id: Ibe50b806a0632d09772e7e2e8deea6d2fefdc946
3 files changed
tree: 49bf1829699f562a1cd44ba7dfe689864a7b15d6
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. ravenwood/
  30. rs/
  31. samples/
  32. sax/
  33. services/
  34. startop/
  35. telecomm/
  36. telephony/
  37. test-base/
  38. test-junit/
  39. test-legacy/
  40. test-mock/
  41. test-runner/
  42. tests/
  43. tools/
  44. wifi/
  45. .clang-format
  46. .gitignore
  47. .mailmap
  48. AconfigFlags.bp
  49. ADPF_OWNERS
  50. Android.bp
  51. BAL_OWNERS
  52. BATTERY_STATS_OWNERS
  53. BROADCASTS_OWNERS
  54. CleanSpec.mk
  55. framework-jarjar-rules.txt
  56. GAME_MANAGER_OWNERS
  57. INPUT_OWNERS
  58. INTENT_OWNERS
  59. lint-baseline.xml
  60. LSE_APP_COMPAT_OWNERS
  61. MEMORY_OWNERS
  62. METADATA
  63. MODULE_LICENSE_APACHE2
  64. MULTIUSER_OWNERS
  65. NOTICE
  66. OWNERS
  67. OWNERS.md
  68. PACKAGE_MANAGER_OWNERS
  69. pathmap.mk
  70. PERFORMANCE_OWNERS
  71. PREUPLOAD.cfg
  72. ProtoLibraries.bp
  73. Ravenwood.bp
  74. SECURITY_STATE_OWNERS
  75. SQLITE_OWNERS
  76. TEST_MAPPING
  77. TestProtoLibraries.bp
  78. THERMAL_OWNERS
  79. TRACE_OWNERS
  80. WEAR_OWNERS
  81. ZYGOTE_OWNERS