Implement backup/restore for network policy

Uldiniad · Genkzsz11 · commit 9f3e932cb898 · 2021-05-10T19:54:03.000+07:00
Modify network policy XML parser helper functions for backup/restore scenarios

Issue: calyxos#384
Change-Id: I77158b344a47138a17fbce72d3ecb3be6927b870
Signed-off-by: Pranav Vashi &lt;neobuddy89@gmail.com&gt;
diff --git a/core/java/android/net/INetworkPolicyManager.aidl b/core/java/android/net/INetworkPolicyManager.aidl
@@ -78,4 +78,7 @@ interface INetworkPolicyManager {
     void factoryReset(String subscriber);
 
     boolean isUidNetworkingBlocked(int uid, boolean meteredNetwork);
+
+    byte[] getBackupPayload();
+    void applyRestore(in byte[] payload);
 }
diff --git a/core/java/com/android/server/backup/NetworkPolicyBackupHelper.java b/core/java/com/android/server/backup/NetworkPolicyBackupHelper.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2021 The Calyx Institute
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.backup;
+
+import android.app.backup.BlobBackupHelper;
+import android.content.Context;
+import android.net.INetworkPolicyManager;
+import android.os.ServiceManager;
+import android.util.Log;
+import android.util.Slog;
+
+public class NetworkPolicyBackupHelper extends BlobBackupHelper {
+    private static final String TAG = "NetworkPolicyBackupHelper";
+    private static final boolean DEBUG = Log.isLoggable(TAG, Log.DEBUG);
+
+    // Current version of the blob schema
+    static final int BLOB_VERSION = 1;
+
+    // Key under which the payload blob is stored
+    static final String KEY_NETWORK_POLICY = "network_policy";
+
+    public NetworkPolicyBackupHelper() {
+        super(BLOB_VERSION, KEY_NETWORK_POLICY);
+    }
+
+    @Override
+    protected byte[] getBackupPayload(String key) {
+        byte[] newPayload = null;
+        if (KEY_NETWORK_POLICY.equals(key)) {
+            try {
+                INetworkPolicyManager npm = INetworkPolicyManager.Stub.asInterface(
+                        ServiceManager.getService(Context.NETWORK_POLICY_SERVICE));
+                newPayload = npm.getBackupPayload();
+            } catch (Exception e) {
+                // Treat as no data
+                Slog.e(TAG, "Couldn't communicate with network policy manager");
+                newPayload = null;
+            }
+        }
+        return newPayload;
+    }
+
+    @Override
+    protected void applyRestoredPayload(String key, byte[] payload) {
+        if (DEBUG) {
+            Slog.v(TAG, "Got restore of " + key);
+        }
+
+        if (KEY_NETWORK_POLICY.equals(key)) {
+            try {
+                INetworkPolicyManager.Stub.asInterface(
+                        ServiceManager.getService(Context.NETWORK_POLICY_SERVICE))
+                        .applyRestore(payload);
+            } catch (Exception e) {
+                Slog.e(TAG, "Couldn't communicate with network policy manager");
+            }
+        }
+    }
+
+}
diff --git a/services/core/java/com/android/server/backup/SystemBackupAgent.java b/services/core/java/com/android/server/backup/SystemBackupAgent.java
@@ -24,6 +24,7 @@
 import android.app.backup.FullBackupDataOutput;
 import android.app.backup.WallpaperBackupHelper;
 import android.content.Context;
+import android.net.INetworkPolicyManager;
 import android.os.Environment;
 import android.os.ParcelFileDescriptor;
 import android.os.RemoteException;
@@ -56,6 +57,7 @@ public class SystemBackupAgent extends BackupAgentHelper {
     private static final String ACCOUNT_MANAGER_HELPER = "account_manager";
     private static final String SLICES_HELPER = "slices";
     private static final String PEOPLE_HELPER = "people";
+    private static final String NETWORK_POLICY_HELPER = "network_policy";
 
     // These paths must match what the WallpaperManagerService uses.  The leaf *_FILENAME
     // are also used in the full-backup file format, so must not change unless steps are
@@ -101,6 +103,7 @@ public void onCreate(UserHandle user) {
         addHelper(ACCOUNT_MANAGER_HELPER, new AccountManagerBackupHelper());
         addHelper(SLICES_HELPER, new SliceBackupHelper(this));
         addHelper(PEOPLE_HELPER, new PeopleBackupHelper(mUserId));
+        addHelper(NETWORK_POLICY_HELPER, new NetworkPolicyBackupHelper());
     }
 
     @Override
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -252,6 +252,8 @@
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlSerializer;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileDescriptor;
 import java.io.FileInputStream;
@@ -377,6 +379,7 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
     private static final String ATTR_OWNER_PACKAGE = "ownerPackage";
     private static final String ATTR_NETWORK_TYPES = "networkTypes";
     private static final String ATTR_XML_UTILS_NAME = "name";
+    private static final String ATTR_USER_ID = "userId";
 
     private static final String ACTION_ALLOW_BACKGROUND =
             "com.android.server.net.action.ALLOW_BACKGROUND";
@@ -2233,7 +2236,7 @@ private void readPolicyAL() {
         FileInputStream fis = null;
         try {
             fis = mPolicyFile.openRead();
-            readPolicyXml(fis);
+            readPolicyXml(fis, false);
         } catch (FileNotFoundException e) {
             // missing policy is okay, probably first boot
             upgradeDefaultBackgroundDataUL();
@@ -2244,7 +2247,7 @@ private void readPolicyAL() {
         }
     }
 
-    private void readPolicyXml(InputStream inputStream) {
+    private void readPolicyXml(InputStream inputStream, boolean forRestore) throws IOException, XmlPullParserException {
         final XmlPullParser in = Xml.newPullParser();
         in.setInput(inputStream, StandardCharsets.UTF_8.name());
 
@@ -2384,7 +2387,12 @@ private void readPolicyXml(InputStream inputStream) {
                             SubscriptionPlan.class, mSubscriptionPlans.get(subId), plan));
                     mSubscriptionPlansOwner.put(subId, ownerPackage);
                 } else if (TAG_UID_POLICY.equals(tag)) {
-                    final int uid = readIntAttribute(in, ATTR_UID);
+                    int uid;
+                    if (!forRestore) {
+                        uid = readIntAttribute(in, ATTR_UID);
+                    } else {
+                        uid = getUidForPackage(readStringAttribute(in, ATTR_XML_UTILS_NAME), readIntAttribute(in, ATTR_USER_ID));
+                    }
                     final int policy = readIntAttribute(in, ATTR_POLICY);
 
                     if (UserHandle.isApp(uid)) {
@@ -2407,10 +2415,20 @@ private void readPolicyXml(InputStream inputStream) {
                 } else if (TAG_WHITELIST.equals(tag)) {
                     insideWhitelist = true;
                 } else if (TAG_RESTRICT_BACKGROUND.equals(tag) && insideWhitelist) {
-                    final int uid = readIntAttribute(in, ATTR_UID);
+                    int uid;
+                    if (!forRestore) {
+                        uid = readIntAttribute(in, ATTR_UID);
+                    } else {
+                        uid = getUidForPackage(readStringAttribute(in, ATTR_XML_UTILS_NAME), readIntAttribute(in, ATTR_USER_ID));
+                    }
                     whitelistedRestrictBackground.append(uid, true);
                 } else if (TAG_REVOKED_RESTRICT_BACKGROUND.equals(tag) && insideWhitelist) {
-                    final int uid = readIntAttribute(in, ATTR_UID);
+                    int uid;
+                    if (!forRestore) {
+                        uid = readIntAttribute(in, ATTR_UID);
+                    } else {
+                        uid = getUidForPackage(readStringAttribute(in, ATTR_XML_UTILS_NAME), readIntAttribute(in, ATTR_USER_ID));
+                    }
                     mRestrictBackgroundWhitelistRevokedUids.put(uid, true);
                 }
             } else if (type == END_TAG) {
@@ -2506,7 +2524,7 @@ void writePolicyAL() {
         try {
             fos = mPolicyFile.startWrite();
 
-            writePolicyXml(fos);
+            writePolicyXml(fos, false);
 
             mPolicyFile.finishWrite(fos);
         } catch (IOException e) {
@@ -2516,7 +2534,7 @@ void writePolicyAL() {
         }
     }
 
-    private void writePolicyXml(OutputStream outputStream) {
+    private void writePolicyXml(OutputStream outputStream, boolean forBackup) throws IOException {
         XmlSerializer out = new FastXmlSerializer();
         out.setOutput(outputStream, StandardCharsets.UTF_8.name());
         out.startDocument(null, true);
@@ -2596,7 +2614,13 @@ private void writePolicyXml(OutputStream outputStream) {
             if (policy == POLICY_NONE) continue;
 
             out.startTag(null, TAG_UID_POLICY);
-            writeIntAttribute(out, ATTR_UID, uid);
+
+            if (!forBackup) {
+                writeIntAttribute(out, ATTR_UID, uid);
+            } else {
+                writeStringAttribute(out, ATTR_XML_UTILS_NAME, getPackageForUid(uid));
+                writeIntAttribute(out, ATTR_USER_ID, UserHandle.getUserId(uid));
+            }
             writeIntAttribute(out, ATTR_POLICY, policy);
             out.endTag(null, TAG_UID_POLICY);
         }
@@ -2611,7 +2635,12 @@ private void writePolicyXml(OutputStream outputStream) {
         for (int i = 0; i < size; i++) {
             final int uid = mRestrictBackgroundWhitelistRevokedUids.keyAt(i);
             out.startTag(null, TAG_REVOKED_RESTRICT_BACKGROUND);
-            writeIntAttribute(out, ATTR_UID, uid);
+            if (!forBackup) {
+                writeIntAttribute(out, ATTR_UID, uid);
+            } else {
+                writeStringAttribute(out, ATTR_XML_UTILS_NAME, getPackageForUid(uid));
+                writeIntAttribute(out, ATTR_USER_ID, UserHandle.getUserId(uid));
+            }
             out.endTag(null, TAG_REVOKED_RESTRICT_BACKGROUND);
         }
 
@@ -2620,6 +2649,44 @@ private void writePolicyXml(OutputStream outputStream) {
         out.endDocument();
     }
 
+    @Override
+    public byte[] getBackupPayload() {
+        enforceSystemCaller();
+        if (LOGD) Slog.d(TAG, "getBackupPayload");
+        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        try {
+            writePolicyXml(baos, true);
+            return baos.toByteArray();
+        } catch (IOException e) {
+            Slog.w(TAG, "getBackupPayload: error writing payload", e);
+        }
+        return null;
+    }
+
+    @Override
+    public void applyRestore(byte[] payload) {
+        enforceSystemCaller();
+        if (LOGD) Slog.d(TAG, "applyRestore payload="
+                + (payload != null ? new String(payload, StandardCharsets.UTF_8) : null));
+        if (payload == null) {
+            Slog.w(TAG, "applyRestore: no payload to restore");
+            return;
+        }
+
+        // clear any existing policy and read from disk
+        mNetworkPolicy.clear();
+        mSubscriptionPlans.clear();
+        mSubscriptionPlansOwner.clear();
+        mUidPolicy.clear();
+
+        final ByteArrayInputStream bais = new ByteArrayInputStream(payload);
+        try {
+            readPolicyXml(bais, true);
+        } catch (IOException | XmlPullParserException e) {
+            Slog.w(TAG, "applyRestore: error reading payload", e);
+        }
+    }
+
     @Override
     public void setUidPolicy(int uid, int policy) {
         mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
@@ -2828,6 +2895,12 @@ private void enforceAnyPermissionOf(String... permissions) {
         }
     }
 
+    private void enforceSystemCaller() {
+        if (Binder.getCallingUid() != android.os.Process.SYSTEM_UID) {
+            throw new SecurityException("Caller must be system");
+        }
+    }
+
     @Override
     public void registerListener(INetworkPolicyListener listener) {
         // TODO: Remove CONNECTIVITY_INTERNAL and the *AnyPermissionOf methods above after all apps
@@ -5522,6 +5595,10 @@ private void setMeteredRestrictedPackagesInternal(Set<String> packageNames, int
         }
     }
 
+    private String getPackageForUid(int uid) {
+        return mContext.getPackageManager().getPackagesForUid(uid)[0];
+    }
+
     private int getUidForPackage(String packageName, int userId) {
         try {
             return mContext.getPackageManager().getPackageUidAsUser(packageName,

Original file line number	Diff line number	Diff line change
`@@ -78,4 +78,7 @@ interface INetworkPolicyManager {`
`78`	`78`	`void factoryReset(String subscriber);`
`79`	`79`
`80`	`80`	`boolean isUidNetworkingBlocked(int uid, boolean meteredNetwork);`
	`81`	`+`
	`82`	`+ byte[] getBackupPayload();`
	`83`	`+ void applyRestore(in byte[] payload);`
`81`	`84`	`}`