Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_modules_Connectivity-old / refs/heads/typhoon^! / .
commitfa4a374b135bac46996356f95c5e9f48ec8bd7c0[log] [tgz]
authorTommy Webb <tommy@calyxinstitute.org>Wed Mar 22 09:05:18 2023 -0400
committerJackeagle <jackeagle102@gmail.com>Wed Aug 30 00:57:08 2023 -0400
treea95b76681c45fb08e50b4db7457b1e9aa0a7ee90
parent9e72cc8143faecf4f378d53e42dec6e686902f33 [diff]
Expose new isUidCurrentlyDisallowedByPolicy

Allows determining if a UID is blocked based on its transports.

Change-Id: I2729b61c349ec2812a74d7d1c04b90a58b0f5b88
Signed-off-by: Mohammad Hasan Keramat J <ikeramat@protonmail.com>

diff --git a/framework/api/module-lib-current.txt b/framework/api/module-lib-current.txt
index 6131116..d1b7213 100644
--- a/framework/api/module-lib-current.txt
+++ b/framework/api/module-lib-current.txt

@@ -14,6 +14,7 @@
     method @NonNull public static android.util.Range<java.lang.Integer> getIpSecNetIdRange();
     method @Nullable @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public android.net.LinkProperties getRedactedLinkPropertiesForPackage(@NonNull android.net.LinkProperties, int, @NonNull String);
     method @Nullable @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public android.net.NetworkCapabilities getRedactedNetworkCapabilitiesForPackage(@NonNull android.net.NetworkCapabilities, int, @NonNull String);
+    method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public boolean isUidCurrentlyDisallowedByPolicy(int);
     method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public void registerDefaultNetworkCallbackForUid(int, @NonNull android.net.ConnectivityManager.NetworkCallback, @NonNull android.os.Handler);
     method @RequiresPermission(anyOf={android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, android.Manifest.permission.NETWORK_SETTINGS}) public void registerSystemDefaultNetworkCallback(@NonNull android.net.ConnectivityManager.NetworkCallback, @NonNull android.os.Handler);
     method @RequiresPermission(anyOf={android.Manifest.permission.NETWORK_SETTINGS, android.Manifest.permission.NETWORK_STACK, android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK}) public void removeUidFromMeteredNetworkAllowList(int);

diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
index 4ab2d0f..0a05d43 100644
--- a/framework/src/android/net/ConnectivityManager.java
+++ b/framework/src/android/net/ConnectivityManager.java

@@ -1438,6 +1438,24 @@
     }
 
     /**
+     * Returns whether the specified UID is blocked due to disallowed transports.
+     *
+     * @hide
+     */
+    @RequiresPermission(anyOf = {
+            NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+            android.Manifest.permission.NETWORK_STACK,
+            android.Manifest.permission.NETWORK_SETTINGS})
+    @SystemApi(client = MODULE_LIBRARIES)
+    public boolean isUidCurrentlyDisallowedByPolicy(int uid) {
+        try {
+            return mService.isUidCurrentlyDisallowedByPolicy(uid);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
+    /**
      * Informs ConnectivityService of whether the legacy lockdown VPN, as implemented by
      * LockdownVpnTracker, is in use. This is deprecated for new devices starting from Android 12
      * but is still supported for backwards compatibility.

diff --git a/framework/src/android/net/IConnectivityManager.aidl b/framework/src/android/net/IConnectivityManager.aidl
index bb36bb8..a837b56 100644
--- a/framework/src/android/net/IConnectivityManager.aidl
+++ b/framework/src/android/net/IConnectivityManager.aidl

@@ -247,4 +247,5 @@
     void replaceFirewallChain(int chain, in int[] uids);
 
     void setUidsAllowedTransports(in int[] uids, in long[] allowedTransportsPacked);
+    boolean isUidCurrentlyDisallowedByPolicy(int uid);
 }

diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index fabad93..186fd17 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java

@@ -2226,7 +2226,8 @@
     }
 
     /** Check if UID is currently disallowed general network access based on policies. */
-    private boolean isUidCurrentlyDisallowedByPolicy(int uid) {
+    @Override
+    public boolean isUidCurrentlyDisallowedByPolicy(int uid) {
         return mLastDisallowedUidsDenylist.contains(uid);
     }