Example 16 with GuardedBy
use of com.android.internal.annotations.GuardedBy in project platform_frameworks_base by android.
the class ApfFilter method beginProgramLocked.
/**
* Begin generating an APF program to:
* <ul>
* <li>Drop ARP requests not for us, if mIPv4Address is set,
* <li>Drop IPv4 broadcast packets, except DHCP destined to our MAC,
* <li>Drop IPv4 multicast packets, if mMulticastFilter,
* <li>Pass all other IPv4 packets,
* <li>Drop all broadcast non-IP non-ARP packets.
* <li>Pass all non-ICMPv6 IPv6 packets,
* <li>Pass all non-IPv4 and non-IPv6 packets,
* <li>Drop IPv6 ICMPv6 NAs to ff02::1.
* <li>Drop IPv6 ICMPv6 RSs.
* <li>Let execution continue off the end of the program for IPv6 ICMPv6 packets. This allows
* insertion of RA filters here, or if there aren't any, just passes the packets.
* </ul>
*/
@GuardedBy("this")
private ApfGenerator beginProgramLocked() throws IllegalInstructionException {
ApfGenerator gen = new ApfGenerator();
// This is guaranteed to return true because of the check in maybeCreate.
gen.setApfVersion(mApfCapabilities.apfVersionSupported);
// Here's a basic summary of what the initial program does:
//
// if it's ARP:
// insert ARP filter to drop or pass these appropriately
// if it's IPv4:
// insert IPv4 filter to drop or pass these appropriately
// if it's not IPv6:
// if it's broadcast:
// drop
// pass
// insert IPv6 filter to drop, pass, or fall off the end for ICMPv6 packets
// Add ARP filters:
String skipArpFiltersLabel = "skipArpFilters";
gen.addLoad16(Register.R0, ETH_ETHERTYPE_OFFSET);
gen.addJumpIfR0NotEquals(ETH_P_ARP, skipArpFiltersLabel);
generateArpFilterLocked(gen);
gen.defineLabel(skipArpFiltersLabel);
// Add IPv4 filters:
String skipIPv4FiltersLabel = "skipIPv4Filters";
// NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
// execute the ARP filter, since that filter does not fall through, but either drops or
// passes.
gen.addJumpIfR0NotEquals(ETH_P_IP, skipIPv4FiltersLabel);
generateIPv4FilterLocked(gen);
gen.defineLabel(skipIPv4FiltersLabel);
// Check for IPv6:
// NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
// execute the ARP or IPv4 filters, since those filters do not fall through, but either
// drop or pass.
String ipv6FilterLabel = "IPv6Filters";
gen.addJumpIfR0Equals(ETH_P_IPV6, ipv6FilterLabel);
// Drop non-IP non-ARP broadcasts, pass the rest
gen.addLoadImmediate(Register.R0, ETH_DEST_ADDR_OFFSET);
gen.addJumpIfBytesNotEqual(Register.R0, ETH_BROADCAST_MAC_ADDRESS, gen.PASS_LABEL);
gen.addJump(gen.DROP_LABEL);
// Add IPv6 filters:
gen.defineLabel(ipv6FilterLabel);
generateIPv6FilterLocked(gen);
return gen;
}
Also used :
ApfGenerator(android.net.apf.ApfGenerator)
GuardedBy(com.android.internal.annotations.GuardedBy)
Example 17 with GuardedBy
use of com.android.internal.annotations.GuardedBy in project android_frameworks_base by DirtyUnicorns.
the class UserManagerService method computeEffectiveUserRestrictionsLR.
@GuardedBy("mRestrictionsLock")
private Bundle computeEffectiveUserRestrictionsLR(int userId) {
final Bundle baseRestrictions = UserRestrictionsUtils.nonNull(mBaseUserRestrictions.get(userId));
final Bundle global = mDevicePolicyGlobalUserRestrictions;
final Bundle local = mDevicePolicyLocalUserRestrictions.get(userId);
if (UserRestrictionsUtils.isEmpty(global) && UserRestrictionsUtils.isEmpty(local)) {
// Common case first.
return baseRestrictions;
}
final Bundle effective = UserRestrictionsUtils.clone(baseRestrictions);
UserRestrictionsUtils.merge(effective, global);
UserRestrictionsUtils.merge(effective, local);
return effective;
}
Also used :
Bundle(android.os.Bundle)
PersistableBundle(android.os.PersistableBundle)
GuardedBy(com.android.internal.annotations.GuardedBy)
Example 18 with GuardedBy
use of com.android.internal.annotations.GuardedBy in project android_frameworks_base by DirtyUnicorns.
the class ApfFilter method installNewProgramLocked.
/**
* Generate and install a new filter program.
*/
@GuardedBy("this")
@VisibleForTesting
void installNewProgramLocked() {
purgeExpiredRasLocked();
ArrayList<Ra> rasToFilter = new ArrayList<>();
final byte[] program;
long programMinLifetime = Long.MAX_VALUE;
try {
// Step 1: Determine how many RA filters we can fit in the program.
ApfGenerator gen = beginProgramLocked();
for (Ra ra : mRas) {
ra.generateFilterLocked(gen);
// Stop if we get too big.
if (gen.programLengthOverEstimate() > mApfCapabilities.maximumApfProgramSize)
break;
rasToFilter.add(ra);
}
// Step 2: Actually generate the program
gen = beginProgramLocked();
for (Ra ra : rasToFilter) {
programMinLifetime = Math.min(programMinLifetime, ra.generateFilterLocked(gen));
}
// Execution will reach the end of the program if no filters match, which will pass the
// packet to the AP.
program = gen.generate();
} catch (IllegalInstructionException e) {
Log.e(TAG, "Program failed to generate: ", e);
return;
}
mLastTimeInstalledProgram = curTime();
mLastInstalledProgramMinLifetime = programMinLifetime;
mLastInstalledProgram = program;
mNumProgramUpdates++;
if (VDBG) {
hexDump("Installing filter: ", program, program.length);
}
mIpManagerCallback.installPacketFilter(program);
int flags = ApfProgramEvent.flagsFor(mIPv4Address != null, mMulticastFilter);
mMetricsLog.log(new ApfProgramEvent(programMinLifetime, rasToFilter.size(), mRas.size(), program.length, flags));
}
Also used :
IllegalInstructionException(android.net.apf.ApfGenerator.IllegalInstructionException)
ApfGenerator(android.net.apf.ApfGenerator)
ArrayList(java.util.ArrayList)
ApfProgramEvent(android.net.metrics.ApfProgramEvent)
VisibleForTesting(com.android.internal.annotations.VisibleForTesting)
GuardedBy(com.android.internal.annotations.GuardedBy)
Example 19 with GuardedBy
use of com.android.internal.annotations.GuardedBy in project android_frameworks_base by DirtyUnicorns.
the class ApfFilter method beginProgramLocked.
/**
* Begin generating an APF program to:
* <ul>
* <li>Drop ARP requests not for us, if mIPv4Address is set,
* <li>Drop IPv4 broadcast packets, except DHCP destined to our MAC,
* <li>Drop IPv4 multicast packets, if mMulticastFilter,
* <li>Pass all other IPv4 packets,
* <li>Drop all broadcast non-IP non-ARP packets.
* <li>Pass all non-ICMPv6 IPv6 packets,
* <li>Pass all non-IPv4 and non-IPv6 packets,
* <li>Drop IPv6 ICMPv6 NAs to ff02::1.
* <li>Drop IPv6 ICMPv6 RSs.
* <li>Let execution continue off the end of the program for IPv6 ICMPv6 packets. This allows
* insertion of RA filters here, or if there aren't any, just passes the packets.
* </ul>
*/
@GuardedBy("this")
private ApfGenerator beginProgramLocked() throws IllegalInstructionException {
ApfGenerator gen = new ApfGenerator();
// This is guaranteed to return true because of the check in maybeCreate.
gen.setApfVersion(mApfCapabilities.apfVersionSupported);
// Here's a basic summary of what the initial program does:
//
// if it's ARP:
// insert ARP filter to drop or pass these appropriately
// if it's IPv4:
// insert IPv4 filter to drop or pass these appropriately
// if it's not IPv6:
// if it's broadcast:
// drop
// pass
// insert IPv6 filter to drop, pass, or fall off the end for ICMPv6 packets
// Add ARP filters:
String skipArpFiltersLabel = "skipArpFilters";
gen.addLoad16(Register.R0, ETH_ETHERTYPE_OFFSET);
gen.addJumpIfR0NotEquals(ETH_P_ARP, skipArpFiltersLabel);
generateArpFilterLocked(gen);
gen.defineLabel(skipArpFiltersLabel);
// Add IPv4 filters:
String skipIPv4FiltersLabel = "skipIPv4Filters";
// NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
// execute the ARP filter, since that filter does not fall through, but either drops or
// passes.
gen.addJumpIfR0NotEquals(ETH_P_IP, skipIPv4FiltersLabel);
generateIPv4FilterLocked(gen);
gen.defineLabel(skipIPv4FiltersLabel);
// Check for IPv6:
// NOTE: Relies on R0 containing ethertype. This is safe because if we got here, we did not
// execute the ARP or IPv4 filters, since those filters do not fall through, but either
// drop or pass.
String ipv6FilterLabel = "IPv6Filters";
gen.addJumpIfR0Equals(ETH_P_IPV6, ipv6FilterLabel);
// Drop non-IP non-ARP broadcasts, pass the rest
gen.addLoadImmediate(Register.R0, ETH_DEST_ADDR_OFFSET);
gen.addJumpIfBytesNotEqual(Register.R0, ETH_BROADCAST_MAC_ADDRESS, gen.PASS_LABEL);
gen.addJump(gen.DROP_LABEL);
// Add IPv6 filters:
gen.defineLabel(ipv6FilterLabel);
generateIPv6FilterLocked(gen);
return gen;
}
Also used :
ApfGenerator(android.net.apf.ApfGenerator)
GuardedBy(com.android.internal.annotations.GuardedBy)
Example 20 with GuardedBy
use of com.android.internal.annotations.GuardedBy in project android_frameworks_base by AOSPA.
the class RegisteredServicesCache method findOrCreateUserLocked.
@GuardedBy("mServicesLock")
private UserServices<V> findOrCreateUserLocked(int userId, boolean loadFromFileIfNew) {
UserServices<V> services = mUserServices.get(userId);
if (services == null) {
services = new UserServices<V>();
mUserServices.put(userId, services);
if (loadFromFileIfNew && mSerializerAndParser != null) {
// Check if user exists and try loading data from file
// clear existing data if there was an error during migration
UserInfo user = getUser(userId);
if (user != null) {
AtomicFile file = createFileForUser(user.id);
if (file.getBaseFile().exists()) {
if (DEBUG) {
Slog.i(TAG, String.format("Loading u%s data from %s", user.id, file));
}
InputStream is = null;
try {
is = file.openRead();
readPersistentServicesLocked(is);
} catch (Exception e) {
Log.w(TAG, "Error reading persistent services for user " + user.id, e);
} finally {
IoUtils.closeQuietly(is);
}
}
}
}
}
return services;
}
Also used :
AtomicFile(android.util.AtomicFile)
InputStream(java.io.InputStream)
NameNotFoundException(android.content.pm.PackageManager.NameNotFoundException)
IOException(java.io.IOException)
XmlPullParserException(org.xmlpull.v1.XmlPullParserException)
GuardedBy(com.android.internal.annotations.GuardedBy)
Aggregations
GuardedBy (com.android.internal.annotations.GuardedBy)23
ApfGenerator (android.net.apf.ApfGenerator)8
Bundle (android.os.Bundle)8
PersistableBundle (android.os.PersistableBundle)8
IOException (java.io.IOException)7
NameNotFoundException (android.content.pm.PackageManager.NameNotFoundException)5
AtomicFile (android.util.AtomicFile)5
InputStream (java.io.InputStream)5
ArrayList (java.util.ArrayList)5
XmlPullParserException (org.xmlpull.v1.XmlPullParserException)5
IllegalInstructionException (android.net.apf.ApfGenerator.IllegalInstructionException)4
ApfProgramEvent (android.net.metrics.ApfProgramEvent)4
RemoteException (android.os.RemoteException)4
VisibleForTesting (com.android.internal.annotations.VisibleForTesting)4
ZygoteProcess (android.os.ZygoteProcess)1
BufferedWriter (java.io.BufferedWriter)1
DataInputStream (java.io.DataInputStream)1
TimeoutException (java.util.concurrent.TimeoutException)1
