From: hyunuktak Date: Fri, 26 Oct 2018 06:35:32 +0000 (+0900) Subject: Add some chains to separate monitoring and restriction X-Git-Tag: accepted/tizen/unified/20181120.162734~9 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fconnectivity%2Fstc-manager.git;a=commitdiff_plain;h=d71b5bc1cd81d5c0d699ec606a2ea2959fd88e07 Add some chains to separate monitoring and restriction Change-Id: I621a21188ce5a03250d6113663848dd1d27b1efb Signed-off-by: hyunuktak --- diff --git a/data/exceptions b/data/exceptions index 178bd7e..ef89dd3 100644 --- a/data/exceptions +++ b/data/exceptions @@ -49,3 +49,6 @@ sdbd:sys sdbd-user:sys pushd:sys dbus-daemon:sys +dlogsend:sys +sync:sys +reboot:sys diff --git a/include/stc-manager.h b/include/stc-manager.h index 9496953..d1f4d93 100644 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -25,7 +25,7 @@ #define STC_BACKGROUND_APP_SUFFIX "_BACKGROUND" #define STC_TETHERING_APP_SUFFIX "_TETHERING" -#define STC_BACKGROUND_APP_ID "BACKGROUND" +#define STC_TOTAL_BACKGROUND "TOTAL_BACKGROUND" #define STC_TOTAL_DATACALL "TOTAL_DATACALL" #define STC_TOTAL_WIFI "TOTAL_WIFI" #define STC_TOTAL_BLUETOOTH "TOTAL_BLUETOOTH" diff --git a/plugin/procfs/stc-plugin-procfs.c b/plugin/procfs/stc-plugin-procfs.c index f04446b..4aa36c6 100755 --- a/plugin/procfs/stc-plugin-procfs.c +++ b/plugin/procfs/stc-plugin-procfs.c @@ -62,7 +62,6 @@ static int nl_connector_sock = -1; static guint nl_connector_gsource_id = 0; static GTree *proc_tree; - static gboolean __process_nl_connector_message(GIOChannel *source, GIOCondition condition, gpointer user_data); @@ -304,11 +303,8 @@ static void __process_event_fork(int tgid, int pid) if (STC_ERROR_NONE == proc_get_cmdline(pid, cmdline) && STC_ERROR_NONE == proc_get_status(pid, status)) { - if (__check_excn(cmdline)) { - if (STC_DEBUG_LOG) - STC_LOGD("[%s] monitoring is excepted", cmdline); + if (__check_excn(cmdline)) return; - } unsigned int i; proc_key_s key; @@ -345,11 +341,8 @@ static void __process_event_exec(int tgid, int pid) if (STC_ERROR_NONE == proc_get_cmdline(pid, cmdline) && STC_ERROR_NONE == proc_get_status(pid, status)) { - if (__check_excn(cmdline)) { - if (STC_DEBUG_LOG) - STC_LOGD("[%s] monitoring is excepted", cmdline); + if (__check_excn(cmdline)) return; - } unsigned int i; proc_key_s key; @@ -605,7 +598,8 @@ stc_error_e stc_plugin_procfs_status_changed(stc_cmd_type_e cmd, switch (cmd) { case STC_CMD_SET_FOREGRD: { - uint32_t classid; + uint32_t fg_classid; + uint32_t bg_classid; char *bg_app_id; stc_app_value_s app_value; stc_proc_value_s proc_value; @@ -616,26 +610,29 @@ stc_error_e stc_plugin_procfs_status_changed(stc_cmd_type_e cmd, bg_app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, NULL); app_value.type = app_type; + app_value.state = STC_APP_STATE_FOREGROUND; app_value.processes = NULL; proc_value.pid = pid; proc_value.ground = STC_APP_STATE_FOREGROUND; - classid = get_classid_by_app_id(bg_app_id, FALSE); - stc_monitor_proc_remove(classid, pid); + bg_classid = get_classid_by_app_id(bg_app_id, FALSE); + fg_classid = get_classid_by_app_id(app_id, TRUE); + + stc_monitor_app_add(fg_classid, app_id, pkg_id, app_value); - classid = get_classid_by_app_id(app_id, TRUE); + stc_monitor_proc_move(bg_classid, fg_classid); - stc_monitor_app_add(classid, app_id, pkg_id, app_value); - stc_monitor_proc_add(classid, app_id, proc_value); - stc_monitor_proc_update_ground(classid, app_id, proc_value); + stc_monitor_proc_add(fg_classid, app_id, proc_value); + stc_monitor_proc_update_ground(fg_classid, app_id, proc_value); FREE(bg_app_id); break; } case STC_CMD_SET_BACKGRD: { - uint32_t classid; + uint32_t bg_classid; + uint32_t fg_classid; char *bg_app_id; stc_app_value_s app_value; stc_proc_value_s proc_value; @@ -646,19 +643,21 @@ stc_error_e stc_plugin_procfs_status_changed(stc_cmd_type_e cmd, bg_app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, NULL); app_value.type = app_type; + app_value.state = STC_APP_STATE_BACKGROUND; app_value.processes = NULL; proc_value.pid = pid; proc_value.ground = STC_APP_STATE_BACKGROUND; - classid = get_classid_by_app_id(app_id, FALSE); - stc_monitor_proc_remove(classid, pid); + fg_classid = get_classid_by_app_id(app_id, FALSE); + bg_classid = get_classid_by_app_id(bg_app_id, TRUE); + + stc_monitor_app_add(bg_classid, bg_app_id, pkg_id, app_value); - classid = get_classid_by_app_id(bg_app_id, TRUE); + stc_monitor_proc_move(fg_classid, bg_classid); - stc_monitor_app_add(classid, bg_app_id, pkg_id, app_value); - stc_monitor_proc_add(classid, bg_app_id, proc_value); - stc_monitor_proc_update_ground(classid, bg_app_id, proc_value); + stc_monitor_proc_add(bg_classid, bg_app_id, proc_value); + stc_monitor_proc_update_ground(bg_classid, bg_app_id, proc_value); FREE(bg_app_id); break; @@ -669,24 +668,39 @@ stc_error_e stc_plugin_procfs_status_changed(stc_cmd_type_e cmd, char *bg_app_id; stc_app_value_s app_value; stc_proc_value_s proc_value; + gboolean is_exist; memset(&app_value, 0, sizeof(stc_app_value_s)); memset(&proc_value, 0, sizeof(stc_proc_value_s)); - bg_app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, NULL); + classid = get_classid_by_app_id(app_id, FALSE); + is_exist = stc_monitor_app_lookup(classid); + if (is_exist) { + app_value.type = app_type; + app_value.state = STC_APP_STATE_FOREGROUND; + app_value.processes = NULL; - app_value.type = app_type; - app_value.processes = NULL; + proc_value.pid = pid; + proc_value.ground = STC_APP_STATE_FOREGROUND; - proc_value.pid = pid; - proc_value.ground = STC_APP_STATE_BACKGROUND; + stc_monitor_app_add(classid, app_id, pkg_id, app_value); + stc_monitor_proc_add(classid, app_id, proc_value); + } else { + bg_app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, NULL); + classid = get_classid_by_app_id(bg_app_id, TRUE); - classid = get_classid_by_app_id(bg_app_id, TRUE); + app_value.type = app_type; + app_value.state = STC_APP_STATE_BACKGROUND; + app_value.processes = NULL; - stc_monitor_app_add(classid, bg_app_id, pkg_id, app_value); - stc_monitor_proc_add(classid, bg_app_id, proc_value); + proc_value.pid = pid; + proc_value.ground = STC_APP_STATE_BACKGROUND; - FREE(bg_app_id); + stc_monitor_app_add(classid, bg_app_id, pkg_id, app_value); + stc_monitor_proc_add(classid, bg_app_id, proc_value); + + FREE(bg_app_id); + } break; } case STC_CMD_SET_TERMINATED: diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c old mode 100755 new mode 100644 diff --git a/src/database/tables/table-statistics.c b/src/database/tables/table-statistics.c index f0fd084..5983ad7 100644 --- a/src/database/tables/table-statistics.c +++ b/src/database/tables/table-statistics.c @@ -585,6 +585,8 @@ stc_error_e table_statistics_insert(stc_db_classid_iftype_key *stat_key, stc_error_e error_code = STC_ERROR_NONE; sqlite3_stmt *stmt = update_statistics_query; stc_hw_net_protocol_type_e hw_net_protocol_type = STC_PROTOCOL_UNKNOWN; + int64_t rcv; + int64_t snd; if (!stat->rcv_count && !stat->snd_count) { error_code = STC_ERROR_INVALID_PARAMETER; @@ -607,6 +609,8 @@ stc_error_e table_statistics_insert(stc_db_classid_iftype_key *stat_key, DB_ACTION(sqlite3_bind_int(stmt, 10, (int)stat->ground)); /*we want to reuse tree*/ + rcv = stat->rcv_count; + snd = stat->snd_count; stat->rcv_count = 0; stat->snd_count = 0; if (sqlite3_step(stmt) != SQLITE_DONE) { @@ -618,7 +622,8 @@ stc_error_e table_statistics_insert(stc_db_classid_iftype_key *stat_key, } if (STC_DEBUG_LOG) - STC_LOGD("App stat recorded [\033[0;34m%s\033[0;m]", stat->app_id); + STC_LOGD("App stat recorded [\033[0;34m%s\033[0;m] " + "rcv[%lld] snd[%lld]", stat->app_id, rcv, snd); handle_error: sqlite3_reset(stmt); diff --git a/src/helper/helper-cgroup.c b/src/helper/helper-cgroup.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-file.c b/src/helper/helper-file.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-file.h b/src/helper/helper-file.h old mode 100755 new mode 100644 diff --git a/src/helper/helper-firewall.c b/src/helper/helper-firewall.c old mode 100755 new mode 100644 diff --git a/src/helper/helper-firewall.h b/src/helper/helper-firewall.h old mode 100755 new mode 100644 diff --git a/src/helper/helper-iptables.c b/src/helper/helper-iptables.c index 445b627..9a2cde8 100644 --- a/src/helper/helper-iptables.c +++ b/src/helper/helper-iptables.c @@ -397,6 +397,454 @@ static int __iptables_add_chain_jump_rule(const char *chain, return ret; } +static stc_error_e _iptables_add_in_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_add_chain(stc->connection, STC_IN_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_IN_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_IN_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_IN_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_IN_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_IN_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _iptables_add_out_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_add_chain(stc->connection, STC_OUT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_OUT_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_OUT_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_OUT_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_OUT_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain(stc->connection, STC_OUT_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _ip6tables_add_in_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __ip6tables_add_chain(stc->connection, STC_IN_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_IN_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_IN_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_IN_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_IN_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_IN_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _ip6tables_add_out_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __ip6tables_add_chain(stc->connection, STC_OUT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_OUT_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_OUT_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_OUT_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_OUT_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_add_chain(stc->connection, STC_OUT_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _iptables_add_in_chain_jump_rule(void) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _iptables_add_out_chain_jump_rule(void) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _iptables_remove_in_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_remove_chain(stc->connection, STC_IN_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_IN_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_IN_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_IN_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_IN_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_IN_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _iptables_remove_out_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_remove_chain(stc->connection, STC_OUT_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_OUT_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_OUT_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_OUT_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_OUT_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_remove_chain(stc->connection, STC_OUT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _ip6tables_remove_in_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __ip6tables_remove_chain(stc->connection, STC_IN_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_IN_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_IN_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_IN_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_IN_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_IN_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _ip6tables_remove_out_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __ip6tables_remove_chain(stc->connection, STC_OUT_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_OUT_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_OUT_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_OUT_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_OUT_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_remove_chain(stc->connection, STC_OUT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _iptables_flush_in_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_flush_chain(stc->connection, STC_IN_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_IN_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_IN_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_IN_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_IN_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_IN_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _iptables_flush_out_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __iptables_flush_chain(stc->connection, STC_OUT_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_OUT_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_OUT_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_OUT_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_OUT_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __iptables_flush_chain(stc->connection, STC_OUT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _ip6tables_flush_in_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __ip6tables_flush_chain(stc->connection, STC_IN_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_IN_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_IN_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_IN_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_IN_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_IN_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + +static stc_error_e _ip6tables_flush_out_chain(stc_s *stc) +{ + stc_error_e ret = STC_ERROR_NONE; + + ret = __ip6tables_flush_chain(stc->connection, STC_OUT_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_OUT_FG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_OUT_ACCEPT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_OUT_BG_DROP_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_OUT_BG_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + + ret = __ip6tables_flush_chain(stc->connection, STC_OUT_CHAIN); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + +done: + return ret; +} + stc_error_e iptables_add(iptables_rule_s *rule, iptables_ip_type_e iptype) { stc_error_e ret = STC_ERROR_NONE; @@ -451,11 +899,11 @@ stc_error_e iptables_flush_chains(void) if (!stc || !stc->connection) return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE - ret = __iptables_flush_chain(stc->connection, STC_IN_CHAIN); + ret = _iptables_flush_in_chain(stc); if (ret != STC_ERROR_NONE) goto done; //LCOV_EXCL_LINE - ret = __iptables_flush_chain(stc->connection, STC_OUT_CHAIN); + ret = _iptables_flush_out_chain(stc); if (ret != STC_ERROR_NONE) goto done; //LCOV_EXCL_LINE @@ -467,11 +915,11 @@ stc_error_e iptables_flush_chains(void) if (ret != STC_ERROR_NONE) goto done; //LCOV_EXCL_LINE - ret = __ip6tables_flush_chain(stc->connection, STC_IN_CHAIN); + ret = _ip6tables_flush_in_chain(stc); if (ret != STC_ERROR_NONE) goto done; //LCOV_EXCL_LINE - ret = __ip6tables_flush_chain(stc->connection, STC_OUT_CHAIN); + ret = _ip6tables_flush_out_chain(stc); if (ret != STC_ERROR_NONE) goto done; //LCOV_EXCL_LINE @@ -492,13 +940,13 @@ stc_error_e iptables_init(void) return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } - ret = __iptables_add_chain(stc->connection, STC_IN_CHAIN); + ret = _iptables_add_in_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE } - ret = __iptables_add_chain(stc->connection, STC_OUT_CHAIN); + ret = _iptables_add_out_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE @@ -516,13 +964,13 @@ stc_error_e iptables_init(void) goto done; //LCOV_EXCL_LINE } - ret = __ip6tables_add_chain(stc->connection, STC_IN_CHAIN); + ret = _ip6tables_add_in_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE } - ret = __ip6tables_add_chain(stc->connection, STC_OUT_CHAIN); + ret = _ip6tables_add_out_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE @@ -534,13 +982,13 @@ stc_error_e iptables_init(void) goto done; //LCOV_EXCL_LINE } - ret = __iptables_add_chain_jump_rule("INPUT", STC_IN_CHAIN); + ret = _iptables_add_in_chain_jump_rule(); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE } - ret = __iptables_add_chain_jump_rule("OUTPUT", STC_OUT_CHAIN); + ret = _iptables_add_out_chain_jump_rule(); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE @@ -557,7 +1005,9 @@ stc_error_e iptables_init(void) __STC_LOG_FUNC_EXIT__; goto done; } + done: + __STC_LOG_FUNC_ENTER__; return ret; } @@ -573,13 +1023,13 @@ stc_error_e iptables_deinit(void) return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } - ret = __iptables_remove_chain(stc->connection, STC_IN_CHAIN); + ret = _iptables_remove_in_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE } - ret = __iptables_remove_chain(stc->connection, STC_OUT_CHAIN); + ret = _iptables_remove_out_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE @@ -597,19 +1047,25 @@ stc_error_e iptables_deinit(void) goto done; //LCOV_EXCL_LINE } - ret = __ip6tables_remove_chain(stc->connection, STC_IN_CHAIN); + ret = _ip6tables_remove_in_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE } - ret = __ip6tables_remove_chain(stc->connection, STC_OUT_CHAIN); + ret = _ip6tables_remove_out_chain(stc); if (ret != STC_ERROR_NONE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE goto done; //LCOV_EXCL_LINE } ret = __ip6tables_remove_chain(stc->connection, STC_FRWD_CHAIN); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE + goto done; //LCOV_EXCL_LINE + } + done: + __STC_LOG_FUNC_ENTER__; return ret; } diff --git a/src/helper/helper-iptables.h b/src/helper/helper-iptables.h index 71b057b..6fa7908 100644 --- a/src/helper/helper-iptables.h +++ b/src/helper/helper-iptables.h @@ -21,11 +21,23 @@ #include "stc-manager.h" #include "stc-error.h" -#define STC_IN_CHAIN "STC_IN" -#define STC_OUT_CHAIN "STC_OUT" +#define STC_IN_CHAIN "STC_IN" +#define STC_OUT_CHAIN "STC_OUT" #define STC_FRWD_CHAIN "STC_FRWD" #define STC_TETHER_CHAIN "STC_TETHER" +#define STC_IN_DROP_CHAIN "STC_IN_DROP" +#define STC_IN_FG_CHAIN "STC_IN_FG" +#define STC_IN_ACCEPT_CHAIN "STC_IN_ACCEPT" +#define STC_IN_BG_DROP_CHAIN "STC_IN_BG_DROP" +#define STC_IN_BG_CHAIN "STC_IN_BG" + +#define STC_OUT_DROP_CHAIN "STC_OUT_DROP" +#define STC_OUT_FG_CHAIN "STC_OUT_FG" +#define STC_OUT_ACCEPT_CHAIN "STC_OUT_ACCEPT" +#define STC_OUT_BG_DROP_CHAIN "STC_OUT_BG_DROP" +#define STC_OUT_BG_CHAIN "STC_OUT_BG" + typedef enum { IPTABLES_DIRECTION_NONE, IPTABLES_DIRECTION_IN, diff --git a/src/helper/helper-net-cls.c b/src/helper/helper-net-cls.c index f9d59e6..faa5942 100644 --- a/src/helper/helper-net-cls.c +++ b/src/helper/helper-net-cls.c @@ -117,7 +117,7 @@ API uint32_t get_classid_by_app_id(const char *app_id, int create) return STC_UNKNOWN_CLASSID; //LCOV_EXCL_LINE } - if (!strcmp(app_id, STC_BACKGROUND_APP_ID)) + if (!strcmp(app_id, STC_TOTAL_BACKGROUND)) return STC_BACKGROUND_APP_CLASSID; if (!strcmp(app_id, STC_TOTAL_DATACALL)) @@ -190,9 +190,7 @@ stc_error_e place_pids_to_net_cgroup(const int pid, const char *app_id) return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } - if (!strcmp(app_id, STC_BACKGROUND_APP_ID)) - path_to_net_cgroup_dir = STC_CGROUP_NETWORK; - else if (strstr(app_id, STC_BACKGROUND_APP_SUFFIX)) + if (strstr(app_id, STC_BACKGROUND_APP_SUFFIX)) path_to_net_cgroup_dir = BACKGROUND_CGROUP_NETWORK; else if (strstr(app_id, STC_TETHERING_APP_SUFFIX)) path_to_net_cgroup_dir = TETHERING_CGROUP_NETWORK; diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index 0ae07b7..4a80fca 100644 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -417,14 +417,51 @@ static char *get_iptables_cmd(const nfacct_rule_action action) return ""; } -static char *get_iptables_chain(const nfacct_rule_direction iotype) +static char *get_iptables_chain(uint32_t classid, + const nfacct_rule_direction iotype, + const stc_app_state_e app_state, + const nfacct_rule_intend intend) { - if (iotype == NFACCT_COUNTER_IN) - return STC_IN_CHAIN; - else if (iotype == NFACCT_COUNTER_OUT) - return STC_OUT_CHAIN; - else if (iotype == NFACCT_COUNTER_FORWARD) //LCOV_EXCL_LINE - return STC_FRWD_CHAIN; //LCOV_EXCL_LINE + if (iotype == NFACCT_COUNTER_IN) { + if (intend == NFACCT_COUNTER || + intend == NFACCT_TETH_COUNTER) { + if (app_state == STC_APP_STATE_FOREGROUND) { + if (intend == NFACCT_ALLOW) + return STC_IN_ACCEPT_CHAIN; + else + return STC_IN_FG_CHAIN; + } else + return STC_IN_BG_CHAIN; + } else if (intend == NFACCT_ALLOW || + intend == NFACCT_TETH_ALLOW) { + return STC_IN_ACCEPT_CHAIN; + } else { + if (classid == STC_BACKGROUND_APP_CLASSID) + return STC_IN_BG_DROP_CHAIN; + else + return STC_IN_DROP_CHAIN; + } + } else if (iotype == NFACCT_COUNTER_OUT) { + if (intend == NFACCT_COUNTER || + intend == NFACCT_TETH_COUNTER) { + if (app_state == STC_APP_STATE_FOREGROUND) { + if (intend == NFACCT_ALLOW) + return STC_OUT_ACCEPT_CHAIN; + else + return STC_OUT_FG_CHAIN; + } else + return STC_OUT_BG_CHAIN; + } else if (intend == NFACCT_ALLOW || + intend == NFACCT_TETH_ALLOW) { + return STC_OUT_ACCEPT_CHAIN; + } else { + if (classid == STC_BACKGROUND_APP_CLASSID) + return STC_OUT_BG_DROP_CHAIN; + else + return STC_OUT_DROP_CHAIN; + } + } else if (iotype == NFACCT_COUNTER_FORWARD) + return STC_FRWD_CHAIN; return ""; } @@ -464,9 +501,13 @@ static stc_error_e exec_iptables_cmd(nfacct_rule_s *rule) rule->intend == NFACCT_TETH_BLOCK) iptables_rule.chain = g_strdup(STC_TETHER_CHAIN); else - iptables_rule.chain = g_strdup(get_iptables_chain(rule->iotype)); + iptables_rule.chain = g_strdup(get_iptables_chain(rule->classid, + rule->iotype, rule->app_state, rule->intend)); - iptables_rule.classid = rule->classid; + if (rule->classid < STC_RESERVED_CLASSID_MAX) + iptables_rule.classid = STC_UNKNOWN_CLASSID; + else + iptables_rule.classid = rule->classid; iptables_rule.direction = (rule->iotype & NFACCT_COUNTER_IN) ? IPTABLES_DIRECTION_IN : IPTABLES_DIRECTION_OUT; iptype = (iptables_ip_type_e)rule->iptype; @@ -646,7 +687,6 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) char *jump_cmd = get_iptables_jump(rule->jump); char nfacct_buf[sizeof(NFACCT_NAME_MOD) + 3*MAX_DEC_SIZE(int) + 4 + 1]; - uint32_t classid = rule->classid; stc_error_e ret; if (rule->iotype & NFACCT_COUNTER_IN) { @@ -674,9 +714,6 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0, STC_ERROR_FAIL, "Not enought buffer"); - classid = rule->classid; - rule->classid = 0; - ret = exec_iptables_cmd(rule); ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL, "Can't set conditional block for ingress" @@ -711,8 +748,6 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) //LCOV_EXCL_STOP } - rule->classid = classid; - if (rule->iotype & NFACCT_COUNTER_OUT) { /* outcome part */ rule->iotype = NFACCT_COUNTER_OUT; @@ -738,9 +773,6 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0, STC_ERROR_FAIL, "Not enough buffer"); - classid = rule->classid; - rule->classid = 0; - ret = exec_iptables_cmd(rule); ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL, "Can't set conditional block for " @@ -774,8 +806,6 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) //LCOV_EXCL_STOP } - rule->classid = classid; - return STC_ERROR_NONE; } @@ -793,6 +823,7 @@ stc_error_e produce_net_rule(nfacct_rule_s *rule) if (rule->classid != STC_ALL_APP_CLASSID && rule->classid != STC_TETHERING_APP_CLASSID && + rule->classid != STC_BACKGROUND_APP_CLASSID && rule->classid != STC_TOTAL_DATACALL_CLASSID && rule->classid != STC_TOTAL_WIFI_CLASSID && rule->classid != STC_TOTAL_BLUETOOTH_CLASSID && diff --git a/src/helper/helper-nfacct-rule.h b/src/helper/helper-nfacct-rule.h index 7520709..4506f0e 100644 --- a/src/helper/helper-nfacct-rule.h +++ b/src/helper/helper-nfacct-rule.h @@ -105,6 +105,7 @@ struct nfacct_rule { nfacct_rule_direction iotype; nfacct_rule_intend intend; nfacct_rule_jump jump; /* in most cases jump is evalutation based on intend, but not always */ + stc_app_state_e app_state; stc_rstn_state_e rstn_state; nfacct_rule_iptype iptype; nfacct_rule_iprange_type src_iprange_type; diff --git a/src/monitor/include/stc-monitor-app.h b/src/monitor/include/stc-monitor-app.h old mode 100755 new mode 100644 index 17016a0..a00d262 --- a/src/monitor/include/stc-monitor-app.h +++ b/src/monitor/include/stc-monitor-app.h @@ -32,6 +32,7 @@ typedef struct { gchar *pkg_id; /**< package id */ gchar *app_id; /**< application id */ stc_app_type_e type; /**< type of application */ + stc_app_state_e state; stc_data_counter_s data_usage; stc_data_counter_s counter; GHashTable *processes; /**< applications instances */ @@ -57,6 +58,9 @@ void stc_monitor_app_add_monitor(gpointer key, void stc_monitor_app_add_by_connection(default_connection_s *conn); +void stc_monitor_app_add_accept(gpointer key, + gpointer value, gpointer data); + stc_error_e stc_monitor_app_remove(uint32_t classid, const char *app_id); void stc_monitor_app_remove_monitor(gpointer key, @@ -64,6 +68,11 @@ void stc_monitor_app_remove_monitor(gpointer key, void stc_monitor_app_remove_by_connection(default_connection_s *conn); +void stc_monitor_app_remove_accept(gpointer key, + gpointer value, gpointer data); + +gboolean stc_monitor_app_lookup(uint32_t classid); + GHashTable *stc_monitor_apps_init(void); #endif /* __STC_MONITOR_APP_H__ */ diff --git a/src/monitor/include/stc-monitor-context.h b/src/monitor/include/stc-monitor-context.h old mode 100755 new mode 100644 diff --git a/src/monitor/include/stc-monitor-ipt.h b/src/monitor/include/stc-monitor-ipt.h old mode 100755 new mode 100644 diff --git a/src/monitor/include/stc-monitor-proc.h b/src/monitor/include/stc-monitor-proc.h old mode 100755 new mode 100644 index 6152c56..602912b --- a/src/monitor/include/stc-monitor-proc.h +++ b/src/monitor/include/stc-monitor-proc.h @@ -44,4 +44,7 @@ stc_error_e stc_monitor_proc_add(uint32_t classid, stc_error_e stc_monitor_proc_remove(uint32_t classid, pid_t pid); +stc_error_e stc_monitor_proc_move(uint32_t from, + uint32_t to); + #endif /* __STC_MONITOR_PROC_H__ */ diff --git a/src/monitor/include/stc-monitor-rstn.h b/src/monitor/include/stc-monitor-rstn.h old mode 100755 new mode 100644 diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h old mode 100755 new mode 100644 diff --git a/src/monitor/stc-monitor-app.c b/src/monitor/stc-monitor-app.c old mode 100755 new mode 100644 index 22405b9..16f0f72 --- a/src/monitor/stc-monitor-app.c +++ b/src/monitor/stc-monitor-app.c @@ -32,10 +32,11 @@ static void __print_app(gpointer key, gpointer value, stc_app_value_s *app_value = (stc_app_value_s *)value; STC_LOGD("PkgID[%s] AppID[\033[0;32m%s\033[0;m] " - "type[%d] classid[\033[1;36m%d\033[0;m] " + "type[%d] state[%d] classid[\033[1;36m%d\033[0;m] " "counter[in(%lld) out(%lld)]", app_value->pkg_id, app_value->app_id, - app_value->type, app_value->classid, + app_value->type, app_value->state, + app_value->classid, app_value->data_usage.in_bytes, app_value->data_usage.out_bytes); } @@ -246,6 +247,13 @@ static void __app_update_counter(classid_bytes_context_s *context, GHashTable *apps = stc_monitor_get_system_apps(); GHashTable *rstns = stc_monitor_get_system_rstns(); + if (!apps) + return; + + lookup_app = g_hash_table_lookup(apps, GUINT_TO_POINTER(classid)); + if (lookup_app) + stc_monitor_app_update_counter(lookup_app, context); + if (!rstns) return; @@ -258,13 +266,6 @@ static void __app_update_counter(classid_bytes_context_s *context, if (limit_exceeded != 0) return; } - - if (!apps) - return; - - lookup_app = g_hash_table_lookup(apps, GUINT_TO_POINTER(classid)); - if (lookup_app) - stc_monitor_app_update_counter(lookup_app, context); } void stc_monitor_app_update_counter(stc_app_value_s *value, @@ -375,6 +376,7 @@ API stc_error_e stc_monitor_app_add(uint32_t classid, app_value->pkg_id = g_strdup(pkg_id); app_value->type = value.type; + app_value->state = value.state; app_value->data_usage.in_bytes = value.data_usage.in_bytes; app_value->data_usage.out_bytes = value.data_usage.out_bytes; g_strlcpy(app_value->mac, value.mac, MAC_ADDRESS_LEN); @@ -392,6 +394,11 @@ API stc_error_e stc_monitor_app_add(uint32_t classid, /* add nfacct rule for this classid */ stc_monitor_app_add_monitor(GUINT_TO_POINTER(classid), app_value, stc_get_default_connection()); + + if (app_value->state == STC_APP_STATE_FOREGROUND) + stc_monitor_app_add_accept(GUINT_TO_POINTER(classid), + app_value, stc_get_default_connection()); + stc_monitor_rstn_add_for_app(classid); if (STC_DEBUG_LOG) { @@ -447,6 +454,7 @@ void stc_monitor_app_add_monitor(gpointer key, counter.carg = stc->carg; counter.classid = app_value->classid; + counter.app_state = app_value->state; counter.intend = NFACCT_COUNTER; if (connection->tether_state == TRUE && @@ -487,6 +495,54 @@ void stc_monitor_app_add_by_connection(default_connection_s *conn) g_hash_table_foreach(apps, stc_monitor_app_add_monitor, conn); } +void stc_monitor_app_add_accept(gpointer key, + gpointer value, gpointer data) +{ + stc_app_value_s *app_value = (stc_app_value_s *)value; + default_connection_s *connection = (default_connection_s *)data; + stc_s *stc = stc_get_manager(); + + if (app_value->classid == STC_TOTAL_DATACALL_CLASSID || + app_value->classid == STC_TOTAL_WIFI_CLASSID || + app_value->classid == STC_TOTAL_BLUETOOTH_CLASSID) + return; + + if (stc && connection && connection->ifname) { + struct nfacct_rule counter; + + if (!stc->carg) { + stc->carg = MALLOC0(counter_arg_s, 1); + if (stc->carg == NULL) + return; + + stc->carg->sock = stc_monitor_get_contr_sock(); + } + + memset(&counter, 0, sizeof(struct nfacct_rule)); + + counter.carg = stc->carg; + counter.classid = app_value->classid; + counter.app_state = app_value->state; + counter.intend = NFACCT_ALLOW; + + counter.iftype = connection->type; + g_strlcpy(counter.ifname, connection->ifname, MAX_IFACE_LENGTH); + + if (app_value->classid == STC_TOTAL_IPV4_CLASSID) { + stc_monitor_ipt_add_in(&counter); + stc_monitor_ipt_add_out(&counter); + } else if (app_value->classid == STC_TOTAL_IPV6_CLASSID) { + stc_monitor_ip6t_add_in(&counter); + stc_monitor_ip6t_add_out(&counter); + } else { + stc_monitor_ipt_add_in(&counter); + stc_monitor_ipt_add_out(&counter); + stc_monitor_ip6t_add_in(&counter); + stc_monitor_ip6t_add_out(&counter); + } + } +} + API stc_error_e stc_monitor_app_remove(uint32_t classid, const char *app_id) { stc_app_value_s *app_lookup; @@ -542,6 +598,7 @@ void stc_monitor_app_remove_monitor(gpointer key, counter.carg = stc->carg; counter.classid = app_value->classid; + counter.app_state = app_value->state; counter.intend = NFACCT_COUNTER; if (g_str_has_suffix(app_value->app_id, STC_TETHERING_APP_SUFFIX) && @@ -558,10 +615,18 @@ void stc_monitor_app_remove_monitor(gpointer key, g_strlcpy(counter.ifname, connection->ifname, MAX_IFACE_LENGTH); } - stc_monitor_ipt_del_in(&counter); - stc_monitor_ipt_del_out(&counter); - stc_monitor_ip6t_del_in(&counter); - stc_monitor_ip6t_del_out(&counter); + if (app_value->classid == STC_TOTAL_IPV4_CLASSID) { + stc_monitor_ipt_del_in(&counter); + stc_monitor_ipt_del_out(&counter); + } else if (app_value->classid == STC_TOTAL_IPV6_CLASSID) { + stc_monitor_ip6t_del_in(&counter); + stc_monitor_ip6t_del_out(&counter); + } else { + stc_monitor_ipt_del_in(&counter); + stc_monitor_ipt_del_out(&counter); + stc_monitor_ip6t_del_in(&counter); + stc_monitor_ip6t_del_out(&counter); + } } return; @@ -577,6 +642,70 @@ void stc_monitor_app_remove_by_connection(default_connection_s *conn) g_hash_table_foreach(apps, stc_monitor_app_remove_monitor, conn); } +void stc_monitor_app_remove_accept(gpointer key, + gpointer value, gpointer data) +{ + stc_app_value_s *app_value = (stc_app_value_s *)value; + default_connection_s *connection = (default_connection_s *)data; + stc_s *stc = stc_get_manager(); + + if (stc && connection && connection->ifname) { + struct nfacct_rule counter; + + if (!stc->carg) { + stc->carg = MALLOC0(counter_arg_s, 1); + if (stc->carg == NULL) + return; + + stc->carg->sock = stc_monitor_get_contr_sock(); + } + + memset(&counter, 0, sizeof(struct nfacct_rule)); + + counter.carg = stc->carg; + counter.classid = app_value->classid; + counter.app_state = app_value->state; + counter.intend = NFACCT_ALLOW; + + counter.iftype = connection->type; + g_strlcpy(counter.ifname, connection->ifname, MAX_IFACE_LENGTH); + + if (app_value->classid == STC_TOTAL_IPV4_CLASSID) { + stc_monitor_ipt_del_in(&counter); + stc_monitor_ipt_del_out(&counter); + } else if (app_value->classid == STC_TOTAL_IPV6_CLASSID) { + stc_monitor_ip6t_del_in(&counter); + stc_monitor_ip6t_del_out(&counter); + } else { + stc_monitor_ipt_del_in(&counter); + stc_monitor_ipt_del_out(&counter); + stc_monitor_ip6t_del_in(&counter); + stc_monitor_ip6t_del_out(&counter); + } + } + + return; +} + +API gboolean stc_monitor_app_lookup(uint32_t classid) +{ + stc_app_value_s *lookup_value; + + GHashTable *apps = stc_monitor_get_system_apps(); + + if (!apps) + return FALSE; + + if (classid == STC_UNKNOWN_CLASSID) + return FALSE; + + lookup_value = g_hash_table_lookup(apps, GUINT_TO_POINTER(classid)); + if (lookup_value) + return TRUE; + + return FALSE; +} + GHashTable *stc_monitor_apps_init(void) { return g_hash_table_new_full(g_direct_hash, g_direct_equal, diff --git a/src/monitor/stc-monitor-ipt.c b/src/monitor/stc-monitor-ipt.c old mode 100755 new mode 100644 diff --git a/src/monitor/stc-monitor-proc.c b/src/monitor/stc-monitor-proc.c old mode 100755 new mode 100644 index e3d2457..8b9dfdd --- a/src/monitor/stc-monitor-proc.c +++ b/src/monitor/stc-monitor-proc.c @@ -52,6 +52,28 @@ static void __proc_remove_pid(gpointer key, gpointer value, context->app_value = app_value; } +static void __proc_move_pid(gpointer key, gpointer value, + gpointer data) +{ + stc_proc_value_s *from_value = (stc_proc_value_s *)value; + stc_app_value_s *to_app_value = (stc_app_value_s *)data; + stc_proc_value_s *to_value; + + to_value = MALLOC0(stc_proc_value_s, 1); + if (!to_value) + return; + + to_value->pid = from_value->pid; + to_value->ground = to_app_value->state; + + g_hash_table_insert(to_app_value->processes, + GUINT_TO_POINTER(to_value->pid), + to_value); + + /* add pid to application cgroup */ + place_pids_to_net_cgroup(to_value->pid, to_app_value->app_id); +} + API stc_error_e stc_monitor_proc_update_ground(uint32_t classid, const char *app_id, const stc_proc_value_s value) @@ -200,6 +222,11 @@ API stc_error_e stc_monitor_proc_remove(uint32_t classid, /* remove nfacct rule for this classid */ stc_monitor_app_remove_monitor(GUINT_TO_POINTER(classid), app_lookup, stc_get_default_connection()); + + if (app_lookup->state == STC_APP_STATE_FOREGROUND) + stc_monitor_app_remove_accept(GUINT_TO_POINTER(classid), + app_lookup, stc_get_default_connection()); + stc_monitor_rstn_remove_for_app(classid); g_hash_table_remove(apps, GUINT_TO_POINTER(classid)); @@ -211,3 +238,67 @@ API stc_error_e stc_monitor_proc_remove(uint32_t classid, return ret; } + +API stc_error_e stc_monitor_proc_move(uint32_t from, + uint32_t to) +{ + stc_error_e ret = STC_ERROR_NONE; + stc_app_value_s *from_lookup = NULL; + stc_app_value_s *to_lookup = NULL; + GHashTable *apps = stc_monitor_get_system_apps(); + + if (!apps) + return STC_ERROR_NO_DATA; + + if (from != STC_UNKNOWN_CLASSID && + to != STC_UNKNOWN_CLASSID) { + from_lookup = g_hash_table_lookup(apps, GUINT_TO_POINTER(from)); + if (!from_lookup) { + if (STC_DEBUG_LOG) + STC_LOGD("Application not found [\033[1;36m%d\033[0;m]", from); + return STC_ERROR_NO_DATA; + } + + to_lookup = g_hash_table_lookup(apps, GUINT_TO_POINTER(to)); + if (!to_lookup) { + if (STC_DEBUG_LOG) + STC_LOGD("Application not found [\033[1;36m%d\033[0;m]", to); + return STC_ERROR_NO_DATA; + } + + g_hash_table_foreach(from_lookup->processes, + __proc_move_pid, to_lookup); + + if (STC_DEBUG_LOG) { + __print_proc_all(to_lookup->processes); + STC_LOGD("\033[1;34mProcesses moved\033[0;m " + "[\033[1;36m%d\033[0;m] -> [\033[1;36m%d\033[0;m]", + from, to); + } + + g_hash_table_remove_all(from_lookup->processes); + + if (STC_DEBUG_LOG) { + __print_proc_all(from_lookup->processes); + STC_LOGD("\033[1;31mProcesses removed\033[0;m " + "[\033[1;36m%d\033[0;m]", from); + } + + stc_monitor_app_remove_monitor(GUINT_TO_POINTER(from), + from_lookup, stc_get_default_connection()); + + if (from_lookup->state == STC_APP_STATE_FOREGROUND) + stc_monitor_app_remove_accept(GUINT_TO_POINTER(from), + from_lookup, stc_get_default_connection()); + + stc_monitor_rstn_remove_for_app(from); + + g_hash_table_remove(apps, GUINT_TO_POINTER(from)); + + if (STC_DEBUG_LOG) + STC_LOGD("\033[1;31mApplication removed\033[0;m " + "[\033[1;36m%d\033[0;m]", from); + } + + return ret; +} diff --git a/src/monitor/stc-monitor-rstn.c b/src/monitor/stc-monitor-rstn.c old mode 100755 new mode 100644 index 1bd6704..d717326 --- a/src/monitor/stc-monitor-rstn.c +++ b/src/monitor/stc-monitor-rstn.c @@ -550,6 +550,9 @@ static void __rstn_process(enum traffic_restriction_type rstn_type, __rstn_add_ipt_rule(rstn_data->classid, NFACCT_BLOCK, rstn_data->iftype); } + if (rstn_data->classid == STC_BACKGROUND_APP_CLASSID) + __rstn_add_ipt_rule(rstn_data->classid, NFACCT_BLOCK, rstn_data->iftype); + rstn_data->rstn_state = STC_RSTN_STATE_ACTIVATED; if (STC_DEBUG_LOG) { @@ -1372,7 +1375,7 @@ stc_error_e stc_monitor_rstn_remove(const table_restrictions_info *info) data.subscriber_id = info->subscriber_id; data.roaming = info->roaming; - if (g_strcmp0(info->app_id, STC_BACKGROUND_APP_ID) == 0) { + if (g_strcmp0(info->app_id, STC_TOTAL_BACKGROUND) == 0) { stc_monitor_set_background_state(FALSE); __vconf_set_int(VCONFKEY_STC_BACKGROUND_STATE, FALSE); } diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c old mode 100755 new mode 100644 index f81cf7c..5d60749 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -150,6 +150,11 @@ static void __fill_nfacct_result(char *cnt_name, int64_t bytes, stc_monitor_app_update_iface_counter(&context); + lookup_app = g_hash_table_lookup(g_system->apps, + GUINT_TO_POINTER(context.counter->classid)); + if (lookup_app) + stc_monitor_app_update_counter(lookup_app, &context); + lookup_rstn = g_hash_table_lookup(g_system->rstns, GUINT_TO_POINTER(context.counter->classid)); if (lookup_rstn) { @@ -160,11 +165,6 @@ static void __fill_nfacct_result(char *cnt_name, int64_t bytes, if (limit_exceeded != 0) return; } - - lookup_app = g_hash_table_lookup(g_system->apps, - GUINT_TO_POINTER(context.counter->classid)); - if (lookup_app) - stc_monitor_app_update_counter(lookup_app, &context); } if (g_system->rstns) {