1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net;
18 
19 import static android.net.ConnectivityManager.FIREWALL_CHAIN_BACKGROUND;
20 import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE;
21 import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY;
22 import static android.net.ConnectivityManager.FIREWALL_CHAIN_METERED_ALLOW;
23 import static android.net.ConnectivityManager.FIREWALL_CHAIN_METERED_DENY_ADMIN;
24 import static android.net.ConnectivityManager.FIREWALL_CHAIN_METERED_DENY_USER;
25 import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_1;
26 import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_2;
27 import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_3;
28 import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
29 import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
30 import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
31 
32 import android.util.Pair;
33 
34 import com.android.net.module.util.Struct;
35 
36 import java.util.Arrays;
37 import java.util.List;
38 
39 /**
40  * BpfNetMaps related constants that can be shared among modules.
41  *
42  * @hide
43  */
44 // Note that this class should be put into bootclasspath instead of static libraries.
45 // Because modules could have different copies of this class if this is statically linked,
46 // which would be problematic if the definitions in these modules are not synchronized.
47 public class BpfNetMapsConstants {
48     // Prevent this class from being accidental instantiated.
BpfNetMapsConstants()49     private BpfNetMapsConstants() {}
50 
51     public static final String CONFIGURATION_MAP_PATH =
52             "/sys/fs/bpf/netd_shared/map_netd_configuration_map";
53     public static final String UID_OWNER_MAP_PATH =
54             "/sys/fs/bpf/netd_shared/map_netd_uid_owner_map";
55     public static final String UID_PERMISSION_MAP_PATH =
56             "/sys/fs/bpf/netd_shared/map_netd_uid_permission_map";
57     public static final String COOKIE_TAG_MAP_PATH =
58             "/sys/fs/bpf/netd_shared/map_netd_cookie_tag_map";
59     public static final String DATA_SAVER_ENABLED_MAP_PATH =
60             "/sys/fs/bpf/netd_shared/map_netd_data_saver_enabled_map";
61     public static final String INGRESS_DISCARD_MAP_PATH =
62             "/sys/fs/bpf/netd_shared/map_netd_ingress_discard_map";
63     public static final Struct.S32 UID_RULES_CONFIGURATION_KEY = new Struct.S32(0);
64     public static final Struct.S32 CURRENT_STATS_MAP_CONFIGURATION_KEY = new Struct.S32(1);
65     public static final Struct.S32 DATA_SAVER_ENABLED_KEY = new Struct.S32(0);
66 
67     public static final short DATA_SAVER_DISABLED = 0;
68     public static final short DATA_SAVER_ENABLED = 1;
69 
70     // LINT.IfChange(match_type)
71     public static final long NO_MATCH = 0;
72     public static final long HAPPY_BOX_MATCH = (1 << 0);
73     public static final long PENALTY_BOX_USER_MATCH = (1 << 1);
74     public static final long DOZABLE_MATCH = (1 << 2);
75     public static final long STANDBY_MATCH = (1 << 3);
76     public static final long POWERSAVE_MATCH = (1 << 4);
77     public static final long RESTRICTED_MATCH = (1 << 5);
78     public static final long LOW_POWER_STANDBY_MATCH = (1 << 6);
79     public static final long IIF_MATCH = (1 << 7);
80     public static final long LOCKDOWN_VPN_MATCH = (1 << 8);
81     public static final long OEM_DENY_1_MATCH = (1 << 9);
82     public static final long OEM_DENY_2_MATCH = (1 << 10);
83     public static final long OEM_DENY_3_MATCH = (1 << 11);
84     public static final long BACKGROUND_MATCH = (1 << 12);
85     public static final long PENALTY_BOX_ADMIN_MATCH = (1 << 13);
86 
87     public static final List<Pair<Long, String>> MATCH_LIST = Arrays.asList(
88             Pair.create(HAPPY_BOX_MATCH, "HAPPY_BOX_MATCH"),
89             Pair.create(PENALTY_BOX_USER_MATCH, "PENALTY_BOX_USER_MATCH"),
90             Pair.create(DOZABLE_MATCH, "DOZABLE_MATCH"),
91             Pair.create(STANDBY_MATCH, "STANDBY_MATCH"),
92             Pair.create(POWERSAVE_MATCH, "POWERSAVE_MATCH"),
93             Pair.create(RESTRICTED_MATCH, "RESTRICTED_MATCH"),
94             Pair.create(LOW_POWER_STANDBY_MATCH, "LOW_POWER_STANDBY_MATCH"),
95             Pair.create(IIF_MATCH, "IIF_MATCH"),
96             Pair.create(LOCKDOWN_VPN_MATCH, "LOCKDOWN_VPN_MATCH"),
97             Pair.create(OEM_DENY_1_MATCH, "OEM_DENY_1_MATCH"),
98             Pair.create(OEM_DENY_2_MATCH, "OEM_DENY_2_MATCH"),
99             Pair.create(OEM_DENY_3_MATCH, "OEM_DENY_3_MATCH"),
100             Pair.create(BACKGROUND_MATCH, "BACKGROUND_MATCH"),
101             Pair.create(PENALTY_BOX_ADMIN_MATCH, "PENALTY_BOX_ADMIN_MATCH")
102     );
103 
104     /**
105      * List of all firewall allow chains that are applied to all networks regardless of meteredness
106      * See {@link #METERED_ALLOW_CHAINS} for allow chains that are only applied to metered networks.
107      *
108      * Allow chains mean the firewall denies all uids by default, uids must be explicitly allowed.
109      */
110     public static final List<Integer> ALLOW_CHAINS = List.of(
111             FIREWALL_CHAIN_DOZABLE,
112             FIREWALL_CHAIN_POWERSAVE,
113             FIREWALL_CHAIN_RESTRICTED,
114             FIREWALL_CHAIN_LOW_POWER_STANDBY,
115             FIREWALL_CHAIN_BACKGROUND
116     );
117 
118     /**
119      * List of all firewall deny chains that are applied to all networks regardless of meteredness
120      * See {@link #METERED_DENY_CHAINS} for deny chains that are only applied to metered networks.
121      *
122      * Deny chains mean the firewall allows all uids by default, uids must be explicitly denied.
123      */
124     public static final List<Integer> DENY_CHAINS = List.of(
125             FIREWALL_CHAIN_STANDBY,
126             FIREWALL_CHAIN_OEM_DENY_1,
127             FIREWALL_CHAIN_OEM_DENY_2,
128             FIREWALL_CHAIN_OEM_DENY_3
129     );
130 
131     /**
132      * List of all firewall allow chains that are only applied to metered networks.
133      * See {@link #ALLOW_CHAINS} for allow chains that are applied to all networks regardless of
134      * meteredness.
135      */
136     public static final List<Integer> METERED_ALLOW_CHAINS = List.of(
137             FIREWALL_CHAIN_METERED_ALLOW
138     );
139 
140     /**
141      * List of all firewall deny chains that are only applied to metered networks.
142      * See {@link #DENY_CHAINS} for deny chains that are applied to all networks regardless of
143      * meteredness.
144      */
145     public static final List<Integer> METERED_DENY_CHAINS = List.of(
146             FIREWALL_CHAIN_METERED_DENY_USER,
147             FIREWALL_CHAIN_METERED_DENY_ADMIN
148     );
149     // LINT.ThenChange(../../../../bpf_progs/netd.h)
150 }
151