• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net;
18 
19 import static android.net.ConnectivityManager.FIREWALL_CHAIN_BACKGROUND;
20 import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE;
21 import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY;
22 import static android.net.ConnectivityManager.FIREWALL_CHAIN_METERED_ALLOW;
23 import static android.net.ConnectivityManager.FIREWALL_CHAIN_METERED_DENY_ADMIN;
24 import static android.net.ConnectivityManager.FIREWALL_CHAIN_METERED_DENY_USER;
25 import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_1;
26 import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_2;
27 import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_3;
28 import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
29 import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
30 import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
31 
32 import android.util.Pair;
33 
34 import com.android.net.module.util.Struct;
35 
36 import java.util.Arrays;
37 import java.util.List;
38 
39 /**
40  * BpfNetMaps related constants that can be shared among modules.
41  *
42  * @hide
43  */
44 // Note that this class should be put into bootclasspath instead of static libraries.
45 // Because modules could have different copies of this class if this is statically linked,
46 // which would be problematic if the definitions in these modules are not synchronized.
47 public class BpfNetMapsConstants {
48     // Prevent this class from being accidental instantiated.
BpfNetMapsConstants()49     private BpfNetMapsConstants() {}
50 
51     public static final String CONFIGURATION_MAP_PATH =
52             "/sys/fs/bpf/netd_shared/map_netd_configuration_map";
53     public static final String UID_OWNER_MAP_PATH =
54             "/sys/fs/bpf/netd_shared/map_netd_uid_owner_map";
55     public static final String UID_PERMISSION_MAP_PATH =
56             "/sys/fs/bpf/netd_shared/map_netd_uid_permission_map";
57     public static final String COOKIE_TAG_MAP_PATH =
58             "/sys/fs/bpf/netd_shared/map_netd_cookie_tag_map";
59     public static final String DATA_SAVER_ENABLED_MAP_PATH =
60             "/sys/fs/bpf/netd_shared/map_netd_data_saver_enabled_map";
61     public static final String INGRESS_DISCARD_MAP_PATH =
62             "/sys/fs/bpf/netd_shared/map_netd_ingress_discard_map";
63     public static final String LOCAL_NET_ACCESS_MAP_PATH =
64             "/sys/fs/bpf/netd_shared/map_netd_local_net_access_map";
65     public static final String LOCAL_NET_BLOCKED_UID_MAP_PATH =
66             "/sys/fs/bpf/netd_shared/map_netd_local_net_blocked_uid_map";
67 
68     public static final Struct.S32 UID_RULES_CONFIGURATION_KEY = new Struct.S32(0);
69     public static final Struct.S32 CURRENT_STATS_MAP_CONFIGURATION_KEY = new Struct.S32(1);
70     public static final Struct.S32 DATA_SAVER_ENABLED_KEY = new Struct.S32(0);
71 
72     public static final short DATA_SAVER_DISABLED = 0;
73     public static final short DATA_SAVER_ENABLED = 1;
74 
75     // LINT.IfChange(match_type)
76     public static final long NO_MATCH = 0;
77     public static final long HAPPY_BOX_MATCH = (1 << 0);
78     public static final long PENALTY_BOX_USER_MATCH = (1 << 1);
79     public static final long DOZABLE_MATCH = (1 << 2);
80     public static final long STANDBY_MATCH = (1 << 3);
81     public static final long POWERSAVE_MATCH = (1 << 4);
82     public static final long RESTRICTED_MATCH = (1 << 5);
83     public static final long LOW_POWER_STANDBY_MATCH = (1 << 6);
84     public static final long IIF_MATCH = (1 << 7);
85     public static final long LOCKDOWN_VPN_MATCH = (1 << 8);
86     public static final long OEM_DENY_1_MATCH = (1 << 9);
87     public static final long OEM_DENY_2_MATCH = (1 << 10);
88     public static final long OEM_DENY_3_MATCH = (1 << 11);
89     public static final long BACKGROUND_MATCH = (1 << 12);
90     public static final long PENALTY_BOX_ADMIN_MATCH = (1 << 13);
91 
92     public static final List<Pair<Long, String>> MATCH_LIST = Arrays.asList(
93             Pair.create(HAPPY_BOX_MATCH, "HAPPY_BOX_MATCH"),
94             Pair.create(PENALTY_BOX_USER_MATCH, "PENALTY_BOX_USER_MATCH"),
95             Pair.create(DOZABLE_MATCH, "DOZABLE_MATCH"),
96             Pair.create(STANDBY_MATCH, "STANDBY_MATCH"),
97             Pair.create(POWERSAVE_MATCH, "POWERSAVE_MATCH"),
98             Pair.create(RESTRICTED_MATCH, "RESTRICTED_MATCH"),
99             Pair.create(LOW_POWER_STANDBY_MATCH, "LOW_POWER_STANDBY_MATCH"),
100             Pair.create(IIF_MATCH, "IIF_MATCH"),
101             Pair.create(LOCKDOWN_VPN_MATCH, "LOCKDOWN_VPN_MATCH"),
102             Pair.create(OEM_DENY_1_MATCH, "OEM_DENY_1_MATCH"),
103             Pair.create(OEM_DENY_2_MATCH, "OEM_DENY_2_MATCH"),
104             Pair.create(OEM_DENY_3_MATCH, "OEM_DENY_3_MATCH"),
105             Pair.create(BACKGROUND_MATCH, "BACKGROUND_MATCH"),
106             Pair.create(PENALTY_BOX_ADMIN_MATCH, "PENALTY_BOX_ADMIN_MATCH")
107     );
108 
109     /**
110      * List of all firewall allow chains that are applied to all networks regardless of meteredness
111      * See {@link #METERED_ALLOW_CHAINS} for allow chains that are only applied to metered networks.
112      *
113      * Allow chains mean the firewall denies all uids by default, uids must be explicitly allowed.
114      */
115     public static final List<Integer> ALLOW_CHAINS = List.of(
116             FIREWALL_CHAIN_DOZABLE,
117             FIREWALL_CHAIN_POWERSAVE,
118             FIREWALL_CHAIN_RESTRICTED,
119             FIREWALL_CHAIN_LOW_POWER_STANDBY,
120             FIREWALL_CHAIN_BACKGROUND
121     );
122 
123     /**
124      * List of all firewall deny chains that are applied to all networks regardless of meteredness
125      * See {@link #METERED_DENY_CHAINS} for deny chains that are only applied to metered networks.
126      *
127      * Deny chains mean the firewall allows all uids by default, uids must be explicitly denied.
128      */
129     public static final List<Integer> DENY_CHAINS = List.of(
130             FIREWALL_CHAIN_STANDBY,
131             FIREWALL_CHAIN_OEM_DENY_1,
132             FIREWALL_CHAIN_OEM_DENY_2,
133             FIREWALL_CHAIN_OEM_DENY_3
134     );
135 
136     /**
137      * List of all firewall allow chains that are only applied to metered networks.
138      * See {@link #ALLOW_CHAINS} for allow chains that are applied to all networks regardless of
139      * meteredness.
140      */
141     public static final List<Integer> METERED_ALLOW_CHAINS = List.of(
142             FIREWALL_CHAIN_METERED_ALLOW
143     );
144 
145     /**
146      * List of all firewall deny chains that are only applied to metered networks.
147      * See {@link #DENY_CHAINS} for deny chains that are applied to all networks regardless of
148      * meteredness.
149      */
150     public static final List<Integer> METERED_DENY_CHAINS = List.of(
151             FIREWALL_CHAIN_METERED_DENY_USER,
152             FIREWALL_CHAIN_METERED_DENY_ADMIN
153     );
154     // LINT.ThenChange(../../../../bpf_progs/netd.h)
155 }
156