Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 17 | // THREAD-SAFETY |
| 18 | // ------------- |
| 19 | // The methods in this file are called from multiple threads (from CommandListener, FwmarkServer |
| 20 | // and DnsProxyListener). So, all accesses to shared state are guarded by a lock. |
| 21 | // |
| 22 | // In some cases, a single non-const method acquires and releases the lock several times, like so: |
| 23 | // if (isValidNetwork(...)) { // isValidNetwork() acquires and releases the lock. |
| 24 | // setDefaultNetwork(...); // setDefaultNetwork() also acquires and releases the lock. |
| 25 | // |
| 26 | // It might seem that this allows races where the state changes between the two statements, but in |
| 27 | // fact there are no races because: |
| 28 | // 1. This pattern only occurs in non-const methods (i.e., those that mutate state). |
| 29 | // 2. Only CommandListener calls these non-const methods. The others call only const methods. |
| 30 | // 3. CommandListener only processes one command at a time. I.e., it's serialized. |
| 31 | // Thus, no other mutation can occur in between the two statements above. |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 32 | |
| 33 | #include "NetworkController.h" |
| 34 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 35 | #include "PhysicalNetwork.h" |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 36 | #include "RouteController.h" |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 37 | #include "VirtualNetwork.h" |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 38 | |
Sreeram Ramachandran | ed4bd1f | 2014-07-05 12:31:05 -0700 | [diff] [blame] | 39 | #include "cutils/misc.h" |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 40 | #define LOG_TAG "Netd" |
| 41 | #include "log/log.h" |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 42 | #include "resolv_netid.h" |
| 43 | |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 44 | namespace { |
| 45 | |
| 46 | // Keep these in sync with ConnectivityService.java. |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 47 | const unsigned MIN_NET_ID = 10; |
| 48 | const unsigned MAX_NET_ID = 65535; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 49 | |
| 50 | } // namespace |
| 51 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 52 | NetworkController::NetworkController() : mDefaultNetId(NETID_UNSET) { |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 53 | } |
| 54 | |
| 55 | unsigned NetworkController::getDefaultNetwork() const { |
Sreeram Ramachandran | 9c0d313 | 2014-04-10 20:35:04 -0700 | [diff] [blame] | 56 | android::RWLock::AutoRLock lock(mRWLock); |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 57 | return mDefaultNetId; |
| 58 | } |
| 59 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 60 | int NetworkController::setDefaultNetwork(unsigned netId) { |
| 61 | android::RWLock::AutoWLock lock(mRWLock); |
| 62 | |
| 63 | if (netId == mDefaultNetId) { |
| 64 | return 0; |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 65 | } |
| 66 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 67 | if (netId != NETID_UNSET) { |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 68 | Network* network = getNetworkLocked(netId); |
| 69 | if (!network || network->getType() != Network::PHYSICAL) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 70 | ALOGE("invalid netId %u", netId); |
| 71 | return -EINVAL; |
| 72 | } |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 73 | if (int ret = static_cast<PhysicalNetwork*>(network)->addAsDefault()) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 74 | return ret; |
Sreeram Ramachandran | 9c0d313 | 2014-04-10 20:35:04 -0700 | [diff] [blame] | 75 | } |
| 76 | } |
| 77 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 78 | if (mDefaultNetId != NETID_UNSET) { |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 79 | Network* network = getNetworkLocked(mDefaultNetId); |
| 80 | if (!network || network->getType() != Network::PHYSICAL) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 81 | ALOGE("cannot find previously set default network with netId %u", mDefaultNetId); |
| 82 | return -ESRCH; |
| 83 | } |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 84 | if (int ret = static_cast<PhysicalNetwork*>(network)->removeAsDefault()) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 85 | return ret; |
Sreeram Ramachandran | 9c0d313 | 2014-04-10 20:35:04 -0700 | [diff] [blame] | 86 | } |
| 87 | } |
| 88 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 89 | mDefaultNetId = netId; |
| 90 | return 0; |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 91 | } |
| 92 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 93 | unsigned NetworkController::getNetworkForUser(uid_t uid, unsigned requestedNetId, |
| 94 | bool forDns) const { |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 95 | android::RWLock::AutoRLock lock(mRWLock); |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 96 | VirtualNetwork* virtualNetwork = getVirtualNetworkForUserLocked(uid); |
| 97 | if (virtualNetwork && (!forDns || virtualNetwork->getHasDns())) { |
| 98 | return virtualNetwork->getNetId(); |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 99 | } |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 100 | return getNetworkLocked(requestedNetId) ? requestedNetId : mDefaultNetId; |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 101 | } |
| 102 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 103 | unsigned NetworkController::getNetworkForInterface(const char* interface) const { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 104 | android::RWLock::AutoRLock lock(mRWLock); |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 105 | for (const auto& entry : mNetworks) { |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 106 | if (entry.second->hasInterface(interface)) { |
| 107 | return entry.first; |
| 108 | } |
| 109 | } |
Paul Jensen | 35c77e3 | 2014-04-10 14:57:54 -0400 | [diff] [blame] | 110 | return NETID_UNSET; |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 111 | } |
| 112 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 113 | int NetworkController::createPhysicalNetwork(unsigned netId, Permission permission) { |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 114 | if (netId < MIN_NET_ID || netId > MAX_NET_ID) { |
Paul Jensen | ae37e8a | 2014-04-28 10:35:51 -0400 | [diff] [blame] | 115 | ALOGE("invalid netId %u", netId); |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 116 | return -EINVAL; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 117 | } |
| 118 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 119 | if (isValidNetwork(netId)) { |
| 120 | ALOGE("duplicate netId %u", netId); |
| 121 | return -EEXIST; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 122 | } |
| 123 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 124 | PhysicalNetwork* physicalNetwork = new PhysicalNetwork(netId); |
| 125 | if (int ret = physicalNetwork->setPermission(permission)) { |
| 126 | ALOGE("inconceivable! setPermission cannot fail on an empty network"); |
| 127 | delete physicalNetwork; |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 128 | return ret; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 129 | } |
| 130 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 131 | android::RWLock::AutoWLock lock(mRWLock); |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 132 | mNetworks[netId] = physicalNetwork; |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 133 | return 0; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 134 | } |
| 135 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 136 | int NetworkController::createVirtualNetwork(unsigned netId, bool hasDns) { |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 137 | if (netId < MIN_NET_ID || netId > MAX_NET_ID) { |
| 138 | ALOGE("invalid netId %u", netId); |
| 139 | return -EINVAL; |
| 140 | } |
| 141 | |
| 142 | if (isValidNetwork(netId)) { |
| 143 | ALOGE("duplicate netId %u", netId); |
| 144 | return -EEXIST; |
| 145 | } |
| 146 | |
| 147 | android::RWLock::AutoWLock lock(mRWLock); |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 148 | mNetworks[netId] = new VirtualNetwork(netId, hasDns); |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 149 | return 0; |
| 150 | } |
| 151 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 152 | int NetworkController::destroyNetwork(unsigned netId) { |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 153 | if (!isValidNetwork(netId)) { |
Sreeram Ramachandran | 379bd33 | 2014-04-10 19:58:06 -0700 | [diff] [blame] | 154 | ALOGE("invalid netId %u", netId); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 155 | return -EINVAL; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 156 | } |
| 157 | |
Sreeram Ramachandran | 379bd33 | 2014-04-10 19:58:06 -0700 | [diff] [blame] | 158 | // TODO: ioctl(SIOCKILLADDR, ...) to kill all sockets on the old network. |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 159 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 160 | android::RWLock::AutoWLock lock(mRWLock); |
| 161 | Network* network = getNetworkLocked(netId); |
| 162 | if (int ret = network->clearInterfaces()) { |
| 163 | return ret; |
| 164 | } |
| 165 | if (mDefaultNetId == netId) { |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 166 | if (int ret = static_cast<PhysicalNetwork*>(network)->removeAsDefault()) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 167 | ALOGE("inconceivable! removeAsDefault cannot fail on an empty network"); |
| 168 | return ret; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 169 | } |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 170 | mDefaultNetId = NETID_UNSET; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 171 | } |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 172 | mNetworks.erase(netId); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 173 | delete network; |
Sreeram Ramachandran | 3ced069 | 2014-04-18 09:49:13 -0700 | [diff] [blame] | 174 | _resolv_delete_cache_for_net(netId); |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 175 | return 0; |
Sreeram Ramachandran | 379bd33 | 2014-04-10 19:58:06 -0700 | [diff] [blame] | 176 | } |
| 177 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 178 | int NetworkController::addInterfaceToNetwork(unsigned netId, const char* interface) { |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 179 | if (!isValidNetwork(netId)) { |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 180 | ALOGE("invalid netId %u", netId); |
Lorenzo Colitti | f7fc8ec | 2014-06-18 00:41:58 +0900 | [diff] [blame] | 181 | return -EINVAL; |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 182 | } |
| 183 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 184 | unsigned existingNetId = getNetworkForInterface(interface); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 185 | if (existingNetId != NETID_UNSET && existingNetId != netId) { |
| 186 | ALOGE("interface %s already assigned to netId %u", interface, existingNetId); |
| 187 | return -EBUSY; |
| 188 | } |
| 189 | |
| 190 | android::RWLock::AutoWLock lock(mRWLock); |
| 191 | return getNetworkLocked(netId)->addInterface(interface); |
| 192 | } |
| 193 | |
| 194 | int NetworkController::removeInterfaceFromNetwork(unsigned netId, const char* interface) { |
| 195 | if (!isValidNetwork(netId)) { |
| 196 | ALOGE("invalid netId %u", netId); |
| 197 | return -EINVAL; |
| 198 | } |
| 199 | |
| 200 | android::RWLock::AutoWLock lock(mRWLock); |
| 201 | return getNetworkLocked(netId)->removeInterface(interface); |
| 202 | } |
| 203 | |
| 204 | Permission NetworkController::getPermissionForUser(uid_t uid) const { |
| 205 | android::RWLock::AutoRLock lock(mRWLock); |
Sreeram Ramachandran | ed4bd1f | 2014-07-05 12:31:05 -0700 | [diff] [blame] | 206 | return getPermissionForUserLocked(uid); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 207 | } |
| 208 | |
| 209 | void NetworkController::setPermissionForUsers(Permission permission, |
| 210 | const std::vector<uid_t>& uids) { |
| 211 | android::RWLock::AutoWLock lock(mRWLock); |
| 212 | for (uid_t uid : uids) { |
Sreeram Ramachandran | ed4bd1f | 2014-07-05 12:31:05 -0700 | [diff] [blame] | 213 | mUsers[uid] = permission; |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 214 | } |
| 215 | } |
| 216 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 217 | bool NetworkController::canUserSelectNetwork(uid_t uid, unsigned netId) const { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 218 | android::RWLock::AutoRLock lock(mRWLock); |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 219 | Network* network = getNetworkLocked(netId); |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 220 | if (!network || uid == INVALID_UID) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 221 | return false; |
| 222 | } |
Sreeram Ramachandran | ed4bd1f | 2014-07-05 12:31:05 -0700 | [diff] [blame] | 223 | Permission userPermission = getPermissionForUserLocked(uid); |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 224 | if ((userPermission & PERMISSION_SYSTEM) == PERMISSION_SYSTEM) { |
| 225 | return true; |
| 226 | } |
| 227 | if (network->getType() == Network::VIRTUAL) { |
| 228 | return static_cast<VirtualNetwork*>(network)->appliesToUser(uid); |
| 229 | } |
| 230 | VirtualNetwork* virtualNetwork = getVirtualNetworkForUserLocked(uid); |
| 231 | if (virtualNetwork && mProtectableUsers.find(uid) == mProtectableUsers.end()) { |
| 232 | return false; |
| 233 | } |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 234 | Permission networkPermission = static_cast<PhysicalNetwork*>(network)->getPermission(); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 235 | return (userPermission & networkPermission) == networkPermission; |
| 236 | } |
| 237 | |
| 238 | int NetworkController::setPermissionForNetworks(Permission permission, |
| 239 | const std::vector<unsigned>& netIds) { |
| 240 | android::RWLock::AutoWLock lock(mRWLock); |
| 241 | for (unsigned netId : netIds) { |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 242 | Network* network = getNetworkLocked(netId); |
| 243 | if (!network || network->getType() != Network::PHYSICAL) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 244 | ALOGE("invalid netId %u", netId); |
| 245 | return -EINVAL; |
| 246 | } |
| 247 | |
| 248 | // TODO: ioctl(SIOCKILLADDR, ...) to kill socets on the network that don't have permission. |
| 249 | |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 250 | if (int ret = static_cast<PhysicalNetwork*>(network)->setPermission(permission)) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 251 | return ret; |
| 252 | } |
| 253 | } |
| 254 | return 0; |
| 255 | } |
| 256 | |
Sreeram Ramachandran | b1425cc | 2014-06-23 18:54:27 -0700 | [diff] [blame] | 257 | int NetworkController::addUsersToNetwork(unsigned netId, const UidRanges& uidRanges) { |
| 258 | android::RWLock::AutoWLock lock(mRWLock); |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 259 | Network* network = getNetworkLocked(netId); |
| 260 | if (!network || network->getType() != Network::VIRTUAL) { |
Sreeram Ramachandran | b1425cc | 2014-06-23 18:54:27 -0700 | [diff] [blame] | 261 | ALOGE("invalid netId %u", netId); |
| 262 | return -EINVAL; |
| 263 | } |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 264 | if (int ret = static_cast<VirtualNetwork*>(network)->addUsers(uidRanges)) { |
Sreeram Ramachandran | b1425cc | 2014-06-23 18:54:27 -0700 | [diff] [blame] | 265 | return ret; |
| 266 | } |
| 267 | return 0; |
| 268 | } |
| 269 | |
| 270 | int NetworkController::removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges) { |
| 271 | android::RWLock::AutoWLock lock(mRWLock); |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 272 | Network* network = getNetworkLocked(netId); |
| 273 | if (!network || network->getType() != Network::VIRTUAL) { |
Sreeram Ramachandran | b1425cc | 2014-06-23 18:54:27 -0700 | [diff] [blame] | 274 | ALOGE("invalid netId %u", netId); |
| 275 | return -EINVAL; |
| 276 | } |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 277 | if (int ret = static_cast<VirtualNetwork*>(network)->removeUsers(uidRanges)) { |
Sreeram Ramachandran | b1425cc | 2014-06-23 18:54:27 -0700 | [diff] [blame] | 278 | return ret; |
| 279 | } |
| 280 | return 0; |
| 281 | } |
| 282 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 283 | int NetworkController::addRoute(unsigned netId, const char* interface, const char* destination, |
| 284 | const char* nexthop, bool legacy, uid_t uid) { |
| 285 | return modifyRoute(netId, interface, destination, nexthop, true, legacy, uid); |
| 286 | } |
| 287 | |
| 288 | int NetworkController::removeRoute(unsigned netId, const char* interface, const char* destination, |
| 289 | const char* nexthop, bool legacy, uid_t uid) { |
| 290 | return modifyRoute(netId, interface, destination, nexthop, false, legacy, uid); |
| 291 | } |
| 292 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 293 | bool NetworkController::canProtect(uid_t uid) const { |
| 294 | android::RWLock::AutoRLock lock(mRWLock); |
| 295 | return ((getPermissionForUserLocked(uid) & PERMISSION_SYSTEM) == PERMISSION_SYSTEM) || |
| 296 | mProtectableUsers.find(uid) != mProtectableUsers.end(); |
| 297 | } |
| 298 | |
Sreeram Ramachandran | 89dad01 | 2014-07-02 10:09:49 -0700 | [diff] [blame] | 299 | void NetworkController::allowProtect(const std::vector<uid_t>& uids) { |
| 300 | android::RWLock::AutoWLock lock(mRWLock); |
| 301 | mProtectableUsers.insert(uids.begin(), uids.end()); |
| 302 | } |
| 303 | |
| 304 | void NetworkController::denyProtect(const std::vector<uid_t>& uids) { |
| 305 | android::RWLock::AutoWLock lock(mRWLock); |
| 306 | for (uid_t uid : uids) { |
| 307 | mProtectableUsers.erase(uid); |
| 308 | } |
| 309 | } |
| 310 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 311 | bool NetworkController::isValidNetwork(unsigned netId) const { |
| 312 | android::RWLock::AutoRLock lock(mRWLock); |
| 313 | return getNetworkLocked(netId); |
| 314 | } |
| 315 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 316 | Network* NetworkController::getNetworkLocked(unsigned netId) const { |
Sreeram Ramachandran | 36ed53e | 2014-07-01 19:01:56 -0700 | [diff] [blame] | 317 | auto iter = mNetworks.find(netId); |
| 318 | return iter == mNetworks.end() ? NULL : iter->second; |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 319 | } |
| 320 | |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 321 | VirtualNetwork* NetworkController::getVirtualNetworkForUserLocked(uid_t uid) const { |
| 322 | for (const auto& entry : mNetworks) { |
| 323 | if (entry.second->getType() == Network::VIRTUAL) { |
| 324 | VirtualNetwork* virtualNetwork = static_cast<VirtualNetwork*>(entry.second); |
| 325 | if (virtualNetwork->appliesToUser(uid)) { |
| 326 | return virtualNetwork; |
| 327 | } |
| 328 | } |
| 329 | } |
| 330 | return NULL; |
| 331 | } |
| 332 | |
Sreeram Ramachandran | ed4bd1f | 2014-07-05 12:31:05 -0700 | [diff] [blame] | 333 | Permission NetworkController::getPermissionForUserLocked(uid_t uid) const { |
| 334 | auto iter = mUsers.find(uid); |
| 335 | if (iter != mUsers.end()) { |
| 336 | return iter->second; |
| 337 | } |
| 338 | return uid < FIRST_APPLICATION_UID ? PERMISSION_SYSTEM : PERMISSION_NONE; |
| 339 | } |
| 340 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 341 | int NetworkController::modifyRoute(unsigned netId, const char* interface, const char* destination, |
| 342 | const char* nexthop, bool add, bool legacy, uid_t uid) { |
Sreeram Ramachandran | e09b20a | 2014-07-05 17:15:14 -0700 | [diff] [blame^] | 343 | unsigned existingNetId = getNetworkForInterface(interface); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 344 | if (netId == NETID_UNSET || existingNetId != netId) { |
| 345 | ALOGE("interface %s assigned to netId %u, not %u", interface, existingNetId, netId); |
Lorenzo Colitti | f7fc8ec | 2014-06-18 00:41:58 +0900 | [diff] [blame] | 346 | return -ENOENT; |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 347 | } |
| 348 | |
Sreeram Ramachandran | 38b7af1 | 2014-05-22 14:21:49 -0700 | [diff] [blame] | 349 | RouteController::TableType tableType; |
| 350 | if (legacy) { |
Sreeram Ramachandran | ed4bd1f | 2014-07-05 12:31:05 -0700 | [diff] [blame] | 351 | if ((getPermissionForUser(uid) & PERMISSION_SYSTEM) == PERMISSION_SYSTEM) { |
Sreeram Ramachandran | 5009d5e | 2014-07-03 12:20:48 -0700 | [diff] [blame] | 352 | tableType = RouteController::LEGACY_SYSTEM; |
Sreeram Ramachandran | 38b7af1 | 2014-05-22 14:21:49 -0700 | [diff] [blame] | 353 | } else { |
Sreeram Ramachandran | 5009d5e | 2014-07-03 12:20:48 -0700 | [diff] [blame] | 354 | tableType = RouteController::LEGACY_NETWORK; |
Sreeram Ramachandran | 38b7af1 | 2014-05-22 14:21:49 -0700 | [diff] [blame] | 355 | } |
| 356 | } else { |
| 357 | tableType = RouteController::INTERFACE; |
| 358 | } |
| 359 | |
Sreeram Ramachandran | eb27b7e | 2014-07-01 14:30:30 -0700 | [diff] [blame] | 360 | return add ? RouteController::addRoute(interface, destination, nexthop, tableType) : |
| 361 | RouteController::removeRoute(interface, destination, nexthop, tableType); |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 362 | } |