Search in sources :

Example 11 with GuardedBy

use of com.android.internal.annotations.GuardedBy in project android_frameworks_base by crdroidandroid.

the class ApfFilter method beginProgramLocked.

/**
     * Begin generating an APF program to:
     * <ul>
     * <li>Drop ARP requests not for us, if mIPv4Address is set,
     * <li>Drop IPv4 broadcast packets, except DHCP destined to our MAC,
     * <li>Drop IPv4 multicast packets, if mMulticastFilter,
     * <li>Pass all other IPv4 packets,
     * <li>Drop all broadcast non-IP non-ARP packets.
     * <li>Pass all non-ICMPv6 IPv6 packets,
     * <li>Pass all non-IPv4 and non-IPv6 packets,
     * <li>Drop IPv6 ICMPv6 NAs to ff02::1.
     * <li>Drop IPv6 ICMPv6 RSs.
     * <li>Let execution continue off the end of the program for IPv6 ICMPv6 packets. This allows
     *     insertion of RA filters here, or if there aren't any, just passes the packets.
     * </ul>
     */
@GuardedBy("this")
private ApfGenerator beginProgramLocked() throws IllegalInstructionException {
    ApfGenerator gen = new ApfGenerator();
    // This is guaranteed to return true because of the check in maybeCreate.
    gen.setApfVersion(mApfCapabilities.apfVersionSupported);
    // Here's a basic summary of what the initial program does:
    //
    // if it's ARP:
    //   insert ARP filter to drop or pass these appropriately
    // if it's IPv4:
    //   insert IPv4 filter to drop or pass these appropriately
    // if it's not IPv6:
    //   if it's broadcast:
    //     drop
    //   pass
    // insert IPv6 filter to drop, pass, or fall off the end for ICMPv6 packets
    // Add ARP filters:
    String skipArpFiltersLabel = "skipArpFilters";
    gen.addLoad16(Register.R0, ETH_ETHERTYPE_OFFSET);
    gen.addJumpIfR0NotEquals(ETH_P_ARP, skipArpFiltersLabel);
    generateArpFilterLocked(gen);
    gen.defineLabel(skipArpFiltersLabel);
    // Add IPv4 filters:
    String skipIPv4FiltersLabel = "skipIPv4Filters";
    // NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
    // execute the ARP filter, since that filter does not fall through, but either drops or
    // passes.
    gen.addJumpIfR0NotEquals(ETH_P_IP, skipIPv4FiltersLabel);
    generateIPv4FilterLocked(gen);
    gen.defineLabel(skipIPv4FiltersLabel);
    // Check for IPv6:
    // NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
    // execute the ARP or IPv4 filters, since those filters do not fall through, but either
    // drop or pass.
    String ipv6FilterLabel = "IPv6Filters";
    gen.addJumpIfR0Equals(ETH_P_IPV6, ipv6FilterLabel);
    // Drop non-IP non-ARP broadcasts, pass the rest
    gen.addLoadImmediate(Register.R0, ETH_DEST_ADDR_OFFSET);
    gen.addJumpIfBytesNotEqual(Register.R0, ETH_BROADCAST_MAC_ADDRESS, gen.PASS_LABEL);
    gen.addJump(gen.DROP_LABEL);
    // Add IPv6 filters:
    gen.defineLabel(ipv6FilterLabel);
    generateIPv6FilterLocked(gen);
    return gen;
}
Also used : ApfGenerator(android.net.apf.ApfGenerator) GuardedBy(com.android.internal.annotations.GuardedBy)

Example 12 with GuardedBy

use of com.android.internal.annotations.GuardedBy in project android_frameworks_base by crdroidandroid.

the class ApfFilter method installNewProgramLocked.

/**
     * Generate and install a new filter program.
     */
@GuardedBy("this")
@VisibleForTesting
void installNewProgramLocked() {
    purgeExpiredRasLocked();
    ArrayList<Ra> rasToFilter = new ArrayList<>();
    final byte[] program;
    long programMinLifetime = Long.MAX_VALUE;
    try {
        // Step 1: Determine how many RA filters we can fit in the program.
        ApfGenerator gen = beginProgramLocked();
        for (Ra ra : mRas) {
            ra.generateFilterLocked(gen);
            // Stop if we get too big.
            if (gen.programLengthOverEstimate() > mApfCapabilities.maximumApfProgramSize)
                break;
            rasToFilter.add(ra);
        }
        // Step 2: Actually generate the program
        gen = beginProgramLocked();
        for (Ra ra : rasToFilter) {
            programMinLifetime = Math.min(programMinLifetime, ra.generateFilterLocked(gen));
        }
        // Execution will reach the end of the program if no filters match, which will pass the
        // packet to the AP.
        program = gen.generate();
    } catch (IllegalInstructionException e) {
        Log.e(TAG, "Program failed to generate: ", e);
        return;
    }
    mLastTimeInstalledProgram = curTime();
    mLastInstalledProgramMinLifetime = programMinLifetime;
    mLastInstalledProgram = program;
    mNumProgramUpdates++;
    if (VDBG) {
        hexDump("Installing filter: ", program, program.length);
    }
    mIpManagerCallback.installPacketFilter(program);
    int flags = ApfProgramEvent.flagsFor(mIPv4Address != null, mMulticastFilter);
    mMetricsLog.log(new ApfProgramEvent(programMinLifetime, rasToFilter.size(), mRas.size(), program.length, flags));
}
Also used : IllegalInstructionException(android.net.apf.ApfGenerator.IllegalInstructionException) ApfGenerator(android.net.apf.ApfGenerator) ArrayList(java.util.ArrayList) ApfProgramEvent(android.net.metrics.ApfProgramEvent) VisibleForTesting(com.android.internal.annotations.VisibleForTesting) GuardedBy(com.android.internal.annotations.GuardedBy)

Example 13 with GuardedBy

use of com.android.internal.annotations.GuardedBy in project android_frameworks_base by crdroidandroid.

the class UserManagerService method computeEffectiveUserRestrictionsLR.

@GuardedBy("mRestrictionsLock")
private Bundle computeEffectiveUserRestrictionsLR(int userId) {
    final Bundle baseRestrictions = UserRestrictionsUtils.nonNull(mBaseUserRestrictions.get(userId));
    final Bundle global = mDevicePolicyGlobalUserRestrictions;
    final Bundle local = mDevicePolicyLocalUserRestrictions.get(userId);
    if (UserRestrictionsUtils.isEmpty(global) && UserRestrictionsUtils.isEmpty(local)) {
        // Common case first.
        return baseRestrictions;
    }
    final Bundle effective = UserRestrictionsUtils.clone(baseRestrictions);
    UserRestrictionsUtils.merge(effective, global);
    UserRestrictionsUtils.merge(effective, local);
    return effective;
}
Also used : Bundle(android.os.Bundle) PersistableBundle(android.os.PersistableBundle) GuardedBy(com.android.internal.annotations.GuardedBy)

Example 14 with GuardedBy

use of com.android.internal.annotations.GuardedBy in project platform_frameworks_base by android.

the class ApfFilter method installNewProgramLocked.

/**
     * Generate and install a new filter program.
     */
@GuardedBy("this")
@VisibleForTesting
void installNewProgramLocked() {
    purgeExpiredRasLocked();
    ArrayList<Ra> rasToFilter = new ArrayList<>();
    final byte[] program;
    long programMinLifetime = Long.MAX_VALUE;
    try {
        // Step 1: Determine how many RA filters we can fit in the program.
        ApfGenerator gen = beginProgramLocked();
        for (Ra ra : mRas) {
            ra.generateFilterLocked(gen);
            // Stop if we get too big.
            if (gen.programLengthOverEstimate() > mApfCapabilities.maximumApfProgramSize)
                break;
            rasToFilter.add(ra);
        }
        // Step 2: Actually generate the program
        gen = beginProgramLocked();
        for (Ra ra : rasToFilter) {
            programMinLifetime = Math.min(programMinLifetime, ra.generateFilterLocked(gen));
        }
        // Execution will reach the end of the program if no filters match, which will pass the
        // packet to the AP.
        program = gen.generate();
    } catch (IllegalInstructionException | IllegalStateException e) {
        Log.e(TAG, "Failed to generate APF program.", e);
        return;
    }
    mLastTimeInstalledProgram = currentTimeSeconds();
    mLastInstalledProgramMinLifetime = programMinLifetime;
    mLastInstalledProgram = program;
    mNumProgramUpdates++;
    if (VDBG) {
        hexDump("Installing filter: ", program, program.length);
    }
    mIpManagerCallback.installPacketFilter(program);
    int flags = ApfProgramEvent.flagsFor(mIPv4Address != null, mMulticastFilter);
    mMetricsLog.log(new ApfProgramEvent(programMinLifetime, rasToFilter.size(), mRas.size(), program.length, flags));
}
Also used : IllegalInstructionException(android.net.apf.ApfGenerator.IllegalInstructionException) ApfGenerator(android.net.apf.ApfGenerator) ArrayList(java.util.ArrayList) ApfProgramEvent(android.net.metrics.ApfProgramEvent) VisibleForTesting(com.android.internal.annotations.VisibleForTesting) GuardedBy(com.android.internal.annotations.GuardedBy)

Example 15 with GuardedBy

use of com.android.internal.annotations.GuardedBy in project platform_frameworks_base by android.

the class ApfFilter method beginProgramLocked.

/**
     * Begin generating an APF program to:
     * <ul>
     * <li>Drop ARP requests not for us, if mIPv4Address is set,
     * <li>Drop IPv4 broadcast packets, except DHCP destined to our MAC,
     * <li>Drop IPv4 multicast packets, if mMulticastFilter,
     * <li>Pass all other IPv4 packets,
     * <li>Drop all broadcast non-IP non-ARP packets.
     * <li>Pass all non-ICMPv6 IPv6 packets,
     * <li>Pass all non-IPv4 and non-IPv6 packets,
     * <li>Drop IPv6 ICMPv6 NAs to ff02::1.
     * <li>Drop IPv6 ICMPv6 RSs.
     * <li>Let execution continue off the end of the program for IPv6 ICMPv6 packets. This allows
     *     insertion of RA filters here, or if there aren't any, just passes the packets.
     * </ul>
     */
@GuardedBy("this")
private ApfGenerator beginProgramLocked() throws IllegalInstructionException {
    ApfGenerator gen = new ApfGenerator();
    // This is guaranteed to return true because of the check in maybeCreate.
    gen.setApfVersion(mApfCapabilities.apfVersionSupported);
    // Here's a basic summary of what the initial program does:
    //
    // if it's ARP:
    //   insert ARP filter to drop or pass these appropriately
    // if it's IPv4:
    //   insert IPv4 filter to drop or pass these appropriately
    // if it's not IPv6:
    //   if it's broadcast:
    //     drop
    //   pass
    // insert IPv6 filter to drop, pass, or fall off the end for ICMPv6 packets
    // Add ARP filters:
    String skipArpFiltersLabel = "skipArpFilters";
    gen.addLoad16(Register.R0, ETH_ETHERTYPE_OFFSET);
    gen.addJumpIfR0NotEquals(ETH_P_ARP, skipArpFiltersLabel);
    generateArpFilterLocked(gen);
    gen.defineLabel(skipArpFiltersLabel);
    // Add IPv4 filters:
    String skipIPv4FiltersLabel = "skipIPv4Filters";
    // NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
    // execute the ARP filter, since that filter does not fall through, but either drops or
    // passes.
    gen.addJumpIfR0NotEquals(ETH_P_IP, skipIPv4FiltersLabel);
    generateIPv4FilterLocked(gen);
    gen.defineLabel(skipIPv4FiltersLabel);
    // Check for IPv6:
    // NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
    // execute the ARP or IPv4 filters, since those filters do not fall through, but either
    // drop or pass.
    String ipv6FilterLabel = "IPv6Filters";
    gen.addJumpIfR0Equals(ETH_P_IPV6, ipv6FilterLabel);
    // Drop non-IP non-ARP broadcasts, pass the rest
    gen.addLoadImmediate(Register.R0, ETH_DEST_ADDR_OFFSET);
    gen.addJumpIfBytesNotEqual(Register.R0, ETH_BROADCAST_MAC_ADDRESS, gen.PASS_LABEL);
    gen.addJump(gen.DROP_LABEL);
    // Add IPv6 filters:
    gen.defineLabel(ipv6FilterLabel);
    generateIPv6FilterLocked(gen);
    return gen;
}
Also used : ApfGenerator(android.net.apf.ApfGenerator) GuardedBy(com.android.internal.annotations.GuardedBy)

Aggregations

GuardedBy (com.android.internal.annotations.GuardedBy)23 ApfGenerator (android.net.apf.ApfGenerator)8 Bundle (android.os.Bundle)8 PersistableBundle (android.os.PersistableBundle)8 IOException (java.io.IOException)7 NameNotFoundException (android.content.pm.PackageManager.NameNotFoundException)5 AtomicFile (android.util.AtomicFile)5 InputStream (java.io.InputStream)5 ArrayList (java.util.ArrayList)5 XmlPullParserException (org.xmlpull.v1.XmlPullParserException)5 IllegalInstructionException (android.net.apf.ApfGenerator.IllegalInstructionException)4 ApfProgramEvent (android.net.metrics.ApfProgramEvent)4 RemoteException (android.os.RemoteException)4 VisibleForTesting (com.android.internal.annotations.VisibleForTesting)4 ZygoteProcess (android.os.ZygoteProcess)1 BufferedWriter (java.io.BufferedWriter)1 DataInputStream (java.io.DataInputStream)1 TimeoutException (java.util.concurrent.TimeoutException)1