diff options
| author | Danesh M <daneshm90@gmail.com> | 2016-03-07 15:08:15 -0800 |
|---|---|---|
| committer | Arne Coucheron <arco68@gmail.com> | 2017-01-18 23:17:00 +0000 |
| commit | 2338babddfcf5f90c574b7a0d470f48dea8001ee (patch) | |
| tree | 6fe099f3c4531b02d63170d580866fcdecf60b84 | |
| parent | 53123e3e1183887991504ce4b035289a002d9408 (diff) | |
| download | android_system_netd-cm-14.1_old.tar.gz android_system_netd-cm-14.1_old.tar.bz2 android_system_netd-cm-14.1_old.zip | |
NetD : Allow passing in interface names for wifi/data app restrictionstaging/cm-14.1-cafrebasecm-14.1_old
CYAN-3976
CRACKLING-834
Changes from original cm-13.0 patch:
*) Move wifi/cell data app restrict rules into their own chain
(instead of adding directly to INPUT/OUTPUT). Now they
are flushed during soft restart.
*) Introduce helper function manipulateRestrictAppsInOut() to
reduce code duplication and cleanup the asprintf() /
manipulateRestrictApps() call sequence.
Change-Id: Ie91f7f4a826047cd6bd0de9a4246285d90ed4c83
(cherry picked from commit 38e79bccd6091ea0b929183cc9d9167f41eb4a2c)
| -rw-r--r-- | server/BandwidthController.cpp | 62 | ||||
| -rw-r--r-- | server/BandwidthController.h | 17 | ||||
| -rwxr-xr-x | server/CommandListener.cpp | 24 |
3 files changed, 61 insertions, 42 deletions
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp index a594cc65..70e0552e 100644 --- a/server/BandwidthController.cpp +++ b/server/BandwidthController.cpp @@ -158,6 +158,8 @@ static const std::vector<std::string> IPT_FLUSH_COMMANDS = { ":bw_penalty_box -", ":bw_data_saver -", ":bw_costly_shared -", + ":bw_restrict_app_INPUT -", + ":bw_restrict_app_OUTPUT -", "COMMIT", "*raw", ":bw_raw_PREROUTING -", @@ -176,6 +178,10 @@ static const std::vector<std::string> IPT_BASIC_ACCOUNTING_COMMANDS = { "-A bw_happy_box --jump bw_data_saver", "-A bw_data_saver -j RETURN", HAPPY_BOX_WHITELIST_COMMAND, + "-I bw_INPUT -j bw_restrict_app_INPUT", + "-I bw_OUTPUT -j bw_restrict_app_OUTPUT", + "-A bw_restrict_app_INPUT -j RETURN", + "-A bw_restrict_app_OUTPUT -j RETURN", "COMMIT", "*raw", @@ -383,43 +389,51 @@ int BandwidthController::manipulateNiceApps(int numUids, char *appStrUids[], Spe return manipulateSpecialApps(numUids, appStrUids, "bw_happy_box", IptJumpReturn, appOp); } -int BandwidthController::manipulateRestrictAppsOnData(int numUids, char *appUids[], +int BandwidthController::manipulateRestrictAppsOnData(const char *iface, int numUids, char *appUids[], RestrictAppOp appOp) { - int ret = manipulateRestrictApps(numUids, appUids, "INPUT -i rmnet_data0", - restrictAppUidsOnData, appOp); - if (ret != 0) { - return ret; - } else { - return manipulateRestrictApps(numUids, appUids, "OUTPUT -o rmnet_data0", - restrictAppUidsOnData, appOp); - } + return manipulateRestrictAppsInOut(iface, numUids, appUids, appOp, restrictAppUidsOnData); } -int BandwidthController::manipulateRestrictAppsOnWlan(int numUids, char *appUids[], +int BandwidthController::manipulateRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[], RestrictAppOp appOp) { - int ret = manipulateRestrictApps(numUids, appUids,"INPUT -i wlan0", - restrictAppUidsOnWlan, appOp); + return manipulateRestrictAppsInOut(iface, numUids, appUids, appOp, restrictAppUidsOnWlan); +} + +int BandwidthController::manipulateRestrictAppsInOut(const char *iface, int numUids, char *appUids[], + RestrictAppOp appOp, std::list<int /*appUid*/> &restrictAppUids) { + char *chain; + if (asprintf(&chain, "bw_restrict_app_INPUT -i %s", iface) < 0) { + return -1; + } + int ret = manipulateRestrictApps(numUids, appUids, chain, + restrictAppUids, appOp); + free(chain); if (ret != 0) { return ret; - } else { - return manipulateRestrictApps(numUids, appUids,"OUTPUT -o wlan0", - restrictAppUidsOnWlan, appOp); } + if (asprintf(&chain, "bw_restrict_app_OUTPUT -o %s", iface) < 0) { + return -1; + } + ret = manipulateRestrictApps(numUids, appUids, chain, + restrictAppUids, appOp); + free(chain); + return ret; } -int BandwidthController::addRestrictAppsOnData(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnData(numUids, appUids, RestrictAppOpAdd); + +int BandwidthController::addRestrictAppsOnData(const char *iface, int numUids, char *appUids[]) { + return manipulateRestrictAppsOnData(iface, numUids, appUids, RestrictAppOpAdd); } -int BandwidthController::removeRestrictAppsOnData(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnData(numUids, appUids, RestrictAppOpRemove); +int BandwidthController::removeRestrictAppsOnData(const char *iface, int numUids, char *appUids[]) { + return manipulateRestrictAppsOnData(iface, numUids, appUids, RestrictAppOpRemove); } -int BandwidthController::addRestrictAppsOnWlan(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnWlan(numUids, appUids, RestrictAppOpAdd); +int BandwidthController::addRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[]) { + return manipulateRestrictAppsOnWlan(iface, numUids, appUids, RestrictAppOpAdd); } -int BandwidthController::removeRestrictAppsOnWlan(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnWlan(numUids, appUids, RestrictAppOpRemove); +int BandwidthController::removeRestrictAppsOnWlan(const char *iface,int numUids, char *appUids[]) { + return manipulateRestrictAppsOnWlan(iface, numUids, appUids, RestrictAppOpRemove); } @@ -433,7 +447,7 @@ int BandwidthController::manipulateRestrictApps(int numUids, char *appStrUids[], int appUids[numUids]; std::string iptCmd; std::list<int /*uid*/>::iterator it; - bool isOutputChain = !strncmp(chain, "OUTPUT", strlen("OUTPUT")); + bool isOutputChain = !strncmp(chain, "bw_restrict_app_OUTPUT", strlen("bw_restrict_app_OUTPUT")); switch (appOp) { case RestrictAppOpAdd: op = IptOpInsert; diff --git a/server/BandwidthController.h b/server/BandwidthController.h index 955ea384..c896eb56 100644 --- a/server/BandwidthController.h +++ b/server/BandwidthController.h @@ -98,11 +98,11 @@ public: int setInterfaceAlert(const char *iface, int64_t bytes); int removeInterfaceAlert(const char *iface); - int addRestrictAppsOnData(int numUids, char *appUids[]); - int removeRestrictAppsOnData(int numUids, char *appUids[]); + int addRestrictAppsOnData(const char *iface, int numUids, char *appUids[]); + int removeRestrictAppsOnData(const char *iface, int numUids, char *appUids[]); - int addRestrictAppsOnWlan(int numUids, char *appUids[]); - int removeRestrictAppsOnWlan(int numUids, char *appUids[]); + int addRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[]); + int removeRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[]); /* * For single pair of ifaces, stats should have ifaceIn and ifaceOut initialized. @@ -149,8 +149,13 @@ protected: int manipulateNaughtyApps(int numUids, char *appStrUids[], SpecialAppOp appOp); int manipulateNiceApps(int numUids, char *appStrUids[], SpecialAppOp appOp); - int manipulateRestrictAppsOnData(int numUids, char* appStrUids[], RestrictAppOp appOp); - int manipulateRestrictAppsOnWlan(int numUids, char* appStrUids[], RestrictAppOp appOp); + int manipulateRestrictAppsOnData(const char *iface, int numUids, char* appStrUids[], + RestrictAppOp appOp); + int manipulateRestrictAppsOnWlan(const char *iface, int numUids, char* appStrUids[], + RestrictAppOp appOp); + int manipulateRestrictAppsInOut(const char *iface, int numUids, char *appUids[], + RestrictAppOp appOp, + std::list<int /*appUid*/> &restrictAppUids); int manipulateRestrictApps(int numUids, char *appStrUids[], const char *chain, std::list<int /*appUid*/> &restrictAppUids, diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp index 5b284c4d..b16da187 100755 --- a/server/CommandListener.cpp +++ b/server/CommandListener.cpp @@ -1281,38 +1281,38 @@ int CommandListener::BandwidthControlCmd::runCommand(SocketClient *cli, int argc } if (!strcmp(argv[1], "addrestrictappsondata")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "addrestrictappsondata <appUid> ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "addrestrictappsondata <interface> <appUid> ..."); return 0; } - int rc = gCtls->bandwidthCtrl.addRestrictAppsOnData(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.addRestrictAppsOnData(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } if (!strcmp(argv[1], "removerestrictappsondata")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "removerestrictappsondata <appUid> ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "removerestrictappsondata <interface> <appUid> ..."); return 0; } - int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnData(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnData(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } if (!strcmp(argv[1], "addrestrictappsonwlan")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "addrestrictappsonwlan <appUid> ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "addrestrictappsonwlan <interface> <appUid> ..."); return 0; } - int rc = gCtls->bandwidthCtrl.addRestrictAppsOnWlan(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.addRestrictAppsOnWlan(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } if (!strcmp(argv[1], "removerestrictappsonwlan")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "removerestrictappsonwlan <appUid> ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "removerestrictappsonwlan <inteface> <appUid> ..."); return 0; } - int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnWlan(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnWlan(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } |