From 2338babddfcf5f90c574b7a0d470f48dea8001ee Mon Sep 17 00:00:00 2001 From: Danesh M Date: Mon, 7 Mar 2016 15:08:15 -0800 Subject: NetD : Allow passing in interface names for wifi/data app restriction CYAN-3976 CRACKLING-834 Changes from original cm-13.0 patch: *) Move wifi/cell data app restrict rules into their own chain (instead of adding directly to INPUT/OUTPUT). Now they are flushed during soft restart. *) Introduce helper function manipulateRestrictAppsInOut() to reduce code duplication and cleanup the asprintf() / manipulateRestrictApps() call sequence. Change-Id: Ie91f7f4a826047cd6bd0de9a4246285d90ed4c83 (cherry picked from commit 38e79bccd6091ea0b929183cc9d9167f41eb4a2c) --- server/BandwidthController.cpp | 62 ++++++++++++++++++++++++++---------------- server/BandwidthController.h | 17 ++++++++---- server/CommandListener.cpp | 24 ++++++++-------- 3 files changed, 61 insertions(+), 42 deletions(-) diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp index a594cc65..70e0552e 100644 --- a/server/BandwidthController.cpp +++ b/server/BandwidthController.cpp @@ -158,6 +158,8 @@ static const std::vector IPT_FLUSH_COMMANDS = { ":bw_penalty_box -", ":bw_data_saver -", ":bw_costly_shared -", + ":bw_restrict_app_INPUT -", + ":bw_restrict_app_OUTPUT -", "COMMIT", "*raw", ":bw_raw_PREROUTING -", @@ -176,6 +178,10 @@ static const std::vector IPT_BASIC_ACCOUNTING_COMMANDS = { "-A bw_happy_box --jump bw_data_saver", "-A bw_data_saver -j RETURN", HAPPY_BOX_WHITELIST_COMMAND, + "-I bw_INPUT -j bw_restrict_app_INPUT", + "-I bw_OUTPUT -j bw_restrict_app_OUTPUT", + "-A bw_restrict_app_INPUT -j RETURN", + "-A bw_restrict_app_OUTPUT -j RETURN", "COMMIT", "*raw", @@ -383,43 +389,51 @@ int BandwidthController::manipulateNiceApps(int numUids, char *appStrUids[], Spe return manipulateSpecialApps(numUids, appStrUids, "bw_happy_box", IptJumpReturn, appOp); } -int BandwidthController::manipulateRestrictAppsOnData(int numUids, char *appUids[], +int BandwidthController::manipulateRestrictAppsOnData(const char *iface, int numUids, char *appUids[], RestrictAppOp appOp) { - int ret = manipulateRestrictApps(numUids, appUids, "INPUT -i rmnet_data0", - restrictAppUidsOnData, appOp); - if (ret != 0) { - return ret; - } else { - return manipulateRestrictApps(numUids, appUids, "OUTPUT -o rmnet_data0", - restrictAppUidsOnData, appOp); - } + return manipulateRestrictAppsInOut(iface, numUids, appUids, appOp, restrictAppUidsOnData); } -int BandwidthController::manipulateRestrictAppsOnWlan(int numUids, char *appUids[], +int BandwidthController::manipulateRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[], RestrictAppOp appOp) { - int ret = manipulateRestrictApps(numUids, appUids,"INPUT -i wlan0", - restrictAppUidsOnWlan, appOp); + return manipulateRestrictAppsInOut(iface, numUids, appUids, appOp, restrictAppUidsOnWlan); +} + +int BandwidthController::manipulateRestrictAppsInOut(const char *iface, int numUids, char *appUids[], + RestrictAppOp appOp, std::list &restrictAppUids) { + char *chain; + if (asprintf(&chain, "bw_restrict_app_INPUT -i %s", iface) < 0) { + return -1; + } + int ret = manipulateRestrictApps(numUids, appUids, chain, + restrictAppUids, appOp); + free(chain); if (ret != 0) { return ret; - } else { - return manipulateRestrictApps(numUids, appUids,"OUTPUT -o wlan0", - restrictAppUidsOnWlan, appOp); } + if (asprintf(&chain, "bw_restrict_app_OUTPUT -o %s", iface) < 0) { + return -1; + } + ret = manipulateRestrictApps(numUids, appUids, chain, + restrictAppUids, appOp); + free(chain); + return ret; } -int BandwidthController::addRestrictAppsOnData(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnData(numUids, appUids, RestrictAppOpAdd); + +int BandwidthController::addRestrictAppsOnData(const char *iface, int numUids, char *appUids[]) { + return manipulateRestrictAppsOnData(iface, numUids, appUids, RestrictAppOpAdd); } -int BandwidthController::removeRestrictAppsOnData(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnData(numUids, appUids, RestrictAppOpRemove); +int BandwidthController::removeRestrictAppsOnData(const char *iface, int numUids, char *appUids[]) { + return manipulateRestrictAppsOnData(iface, numUids, appUids, RestrictAppOpRemove); } -int BandwidthController::addRestrictAppsOnWlan(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnWlan(numUids, appUids, RestrictAppOpAdd); +int BandwidthController::addRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[]) { + return manipulateRestrictAppsOnWlan(iface, numUids, appUids, RestrictAppOpAdd); } -int BandwidthController::removeRestrictAppsOnWlan(int numUids, char *appUids[]) { - return manipulateRestrictAppsOnWlan(numUids, appUids, RestrictAppOpRemove); +int BandwidthController::removeRestrictAppsOnWlan(const char *iface,int numUids, char *appUids[]) { + return manipulateRestrictAppsOnWlan(iface, numUids, appUids, RestrictAppOpRemove); } @@ -433,7 +447,7 @@ int BandwidthController::manipulateRestrictApps(int numUids, char *appStrUids[], int appUids[numUids]; std::string iptCmd; std::list::iterator it; - bool isOutputChain = !strncmp(chain, "OUTPUT", strlen("OUTPUT")); + bool isOutputChain = !strncmp(chain, "bw_restrict_app_OUTPUT", strlen("bw_restrict_app_OUTPUT")); switch (appOp) { case RestrictAppOpAdd: op = IptOpInsert; diff --git a/server/BandwidthController.h b/server/BandwidthController.h index 955ea384..c896eb56 100644 --- a/server/BandwidthController.h +++ b/server/BandwidthController.h @@ -98,11 +98,11 @@ public: int setInterfaceAlert(const char *iface, int64_t bytes); int removeInterfaceAlert(const char *iface); - int addRestrictAppsOnData(int numUids, char *appUids[]); - int removeRestrictAppsOnData(int numUids, char *appUids[]); + int addRestrictAppsOnData(const char *iface, int numUids, char *appUids[]); + int removeRestrictAppsOnData(const char *iface, int numUids, char *appUids[]); - int addRestrictAppsOnWlan(int numUids, char *appUids[]); - int removeRestrictAppsOnWlan(int numUids, char *appUids[]); + int addRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[]); + int removeRestrictAppsOnWlan(const char *iface, int numUids, char *appUids[]); /* * For single pair of ifaces, stats should have ifaceIn and ifaceOut initialized. @@ -149,8 +149,13 @@ protected: int manipulateNaughtyApps(int numUids, char *appStrUids[], SpecialAppOp appOp); int manipulateNiceApps(int numUids, char *appStrUids[], SpecialAppOp appOp); - int manipulateRestrictAppsOnData(int numUids, char* appStrUids[], RestrictAppOp appOp); - int manipulateRestrictAppsOnWlan(int numUids, char* appStrUids[], RestrictAppOp appOp); + int manipulateRestrictAppsOnData(const char *iface, int numUids, char* appStrUids[], + RestrictAppOp appOp); + int manipulateRestrictAppsOnWlan(const char *iface, int numUids, char* appStrUids[], + RestrictAppOp appOp); + int manipulateRestrictAppsInOut(const char *iface, int numUids, char *appUids[], + RestrictAppOp appOp, + std::list &restrictAppUids); int manipulateRestrictApps(int numUids, char *appStrUids[], const char *chain, std::list &restrictAppUids, diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp index 5b284c4d..b16da187 100755 --- a/server/CommandListener.cpp +++ b/server/CommandListener.cpp @@ -1281,38 +1281,38 @@ int CommandListener::BandwidthControlCmd::runCommand(SocketClient *cli, int argc } if (!strcmp(argv[1], "addrestrictappsondata")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "addrestrictappsondata ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "addrestrictappsondata ..."); return 0; } - int rc = gCtls->bandwidthCtrl.addRestrictAppsOnData(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.addRestrictAppsOnData(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } if (!strcmp(argv[1], "removerestrictappsondata")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "removerestrictappsondata ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "removerestrictappsondata ..."); return 0; } - int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnData(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnData(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } if (!strcmp(argv[1], "addrestrictappsonwlan")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "addrestrictappsonwlan ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "addrestrictappsonwlan ..."); return 0; } - int rc = gCtls->bandwidthCtrl.addRestrictAppsOnWlan(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.addRestrictAppsOnWlan(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } if (!strcmp(argv[1], "removerestrictappsonwlan")) { - if (argc < 3) { - sendGenericSyntaxError(cli, "removerestrictappsonwlan ..."); + if (argc < 4) { + sendGenericSyntaxError(cli, "removerestrictappsonwlan ..."); return 0; } - int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnWlan(argc - 2, argv + 2); + int rc = gCtls->bandwidthCtrl.removeRestrictAppsOnWlan(argv[2], argc - 3, argv + 3); sendGenericOkFail(cli, rc); return 0; } -- cgit v1.2.3