Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 17 | // THREAD-SAFETY |
| 18 | // ------------- |
| 19 | // The methods in this file are called from multiple threads (from CommandListener, FwmarkServer |
| 20 | // and DnsProxyListener). So, all accesses to shared state are guarded by a lock. |
| 21 | // |
| 22 | // In some cases, a single non-const method acquires and releases the lock several times, like so: |
| 23 | // if (isValidNetwork(...)) { // isValidNetwork() acquires and releases the lock. |
| 24 | // setDefaultNetwork(...); // setDefaultNetwork() also acquires and releases the lock. |
| 25 | // |
| 26 | // It might seem that this allows races where the state changes between the two statements, but in |
| 27 | // fact there are no races because: |
| 28 | // 1. This pattern only occurs in non-const methods (i.e., those that mutate state). |
| 29 | // 2. Only CommandListener calls these non-const methods. The others call only const methods. |
| 30 | // 3. CommandListener only processes one command at a time. I.e., it's serialized. |
| 31 | // Thus, no other mutation can occur in between the two statements above. |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 32 | |
| 33 | #include "NetworkController.h" |
| 34 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 35 | #include "PhysicalNetwork.h" |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 36 | #include "RouteController.h" |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 37 | #include "VirtualNetwork.h" |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 38 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 39 | #define LOG_TAG "Netd" |
| 40 | #include "log/log.h" |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 41 | #include "resolv_netid.h" |
| 42 | |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 43 | namespace { |
| 44 | |
| 45 | // Keep these in sync with ConnectivityService.java. |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 46 | const unsigned MIN_NET_ID = 10; |
| 47 | const unsigned MAX_NET_ID = 65535; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 48 | |
| 49 | } // namespace |
| 50 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 51 | NetworkController::NetworkController() : mDefaultNetId(NETID_UNSET) { |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 52 | } |
| 53 | |
| 54 | unsigned NetworkController::getDefaultNetwork() const { |
Sreeram Ramachandran | 9c0d313 | 2014-04-10 20:35:04 -0700 | [diff] [blame] | 55 | android::RWLock::AutoRLock lock(mRWLock); |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 56 | return mDefaultNetId; |
| 57 | } |
| 58 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 59 | int NetworkController::setDefaultNetwork(unsigned netId) { |
| 60 | android::RWLock::AutoWLock lock(mRWLock); |
| 61 | |
| 62 | if (netId == mDefaultNetId) { |
| 63 | return 0; |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 64 | } |
| 65 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 66 | if (netId != NETID_UNSET) { |
| 67 | auto iter = mPhysicalNetworks.find(netId); |
| 68 | if (iter == mPhysicalNetworks.end()) { |
| 69 | ALOGE("invalid netId %u", netId); |
| 70 | return -EINVAL; |
| 71 | } |
| 72 | if (int ret = iter->second->addAsDefault()) { |
| 73 | return ret; |
Sreeram Ramachandran | 9c0d313 | 2014-04-10 20:35:04 -0700 | [diff] [blame] | 74 | } |
| 75 | } |
| 76 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 77 | if (mDefaultNetId != NETID_UNSET) { |
| 78 | auto iter = mPhysicalNetworks.find(mDefaultNetId); |
| 79 | if (iter == mPhysicalNetworks.end()) { |
| 80 | ALOGE("cannot find previously set default network with netId %u", mDefaultNetId); |
| 81 | return -ESRCH; |
| 82 | } |
| 83 | if (int ret = iter->second->removeAsDefault()) { |
| 84 | return ret; |
Sreeram Ramachandran | 9c0d313 | 2014-04-10 20:35:04 -0700 | [diff] [blame] | 85 | } |
| 86 | } |
| 87 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 88 | mDefaultNetId = netId; |
| 89 | return 0; |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 90 | } |
| 91 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 92 | bool NetworkController::setNetworkForUidRange(uid_t uidStart, uid_t uidEnd, unsigned netId, |
| 93 | bool forwardDns) { |
| 94 | if (uidStart > uidEnd || !isValidNetwork(netId)) { |
Lorenzo Colitti | ce8f583 | 2014-05-29 12:20:55 +0900 | [diff] [blame] | 95 | errno = EINVAL; |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 96 | return false; |
Lorenzo Colitti | ce8f583 | 2014-05-29 12:20:55 +0900 | [diff] [blame] | 97 | } |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 98 | |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 99 | android::RWLock::AutoWLock lock(mRWLock); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 100 | for (UidEntry& entry : mUidMap) { |
| 101 | if (entry.uidStart == uidStart && entry.uidEnd == uidEnd && entry.netId == netId) { |
| 102 | entry.forwardDns = forwardDns; |
| 103 | return true; |
| 104 | } |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 105 | } |
| 106 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 107 | mUidMap.push_front(UidEntry(uidStart, uidEnd, netId, forwardDns)); |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 108 | return true; |
| 109 | } |
| 110 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 111 | bool NetworkController::clearNetworkForUidRange(uid_t uidStart, uid_t uidEnd, unsigned netId) { |
| 112 | if (uidStart > uidEnd || !isValidNetwork(netId)) { |
Lorenzo Colitti | ce8f583 | 2014-05-29 12:20:55 +0900 | [diff] [blame] | 113 | errno = EINVAL; |
Paul Jensen | 5b49ab9 | 2014-04-03 19:06:00 -0400 | [diff] [blame] | 114 | return false; |
Lorenzo Colitti | ce8f583 | 2014-05-29 12:20:55 +0900 | [diff] [blame] | 115 | } |
Paul Jensen | 5b49ab9 | 2014-04-03 19:06:00 -0400 | [diff] [blame] | 116 | |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 117 | android::RWLock::AutoWLock lock(mRWLock); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 118 | for (auto iter = mUidMap.begin(); iter != mUidMap.end(); ++iter) { |
| 119 | if (iter->uidStart == uidStart && iter->uidEnd == uidEnd && iter->netId == netId) { |
| 120 | mUidMap.erase(iter); |
| 121 | return true; |
| 122 | } |
Paul Jensen | 5b49ab9 | 2014-04-03 19:06:00 -0400 | [diff] [blame] | 123 | } |
Lorenzo Colitti | ce8f583 | 2014-05-29 12:20:55 +0900 | [diff] [blame] | 124 | |
| 125 | errno = ENOENT; |
Paul Jensen | 5b49ab9 | 2014-04-03 19:06:00 -0400 | [diff] [blame] | 126 | return false; |
| 127 | } |
| 128 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 129 | unsigned NetworkController::getNetwork(uid_t uid, unsigned requestedNetId, bool forDns) const { |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 130 | android::RWLock::AutoRLock lock(mRWLock); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 131 | for (const UidEntry& entry : mUidMap) { |
| 132 | if (entry.uidStart <= uid && uid <= entry.uidEnd) { |
| 133 | if (forDns && !entry.forwardDns) { |
| 134 | break; |
| 135 | } |
| 136 | return entry.netId; |
| 137 | } |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 138 | } |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 139 | return getNetworkLocked(requestedNetId) ? requestedNetId : mDefaultNetId; |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 140 | } |
| 141 | |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 142 | unsigned NetworkController::getNetworkId(const char* interface) const { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 143 | android::RWLock::AutoRLock lock(mRWLock); |
| 144 | for (const auto& entry : mPhysicalNetworks) { |
| 145 | if (entry.second->hasInterface(interface)) { |
| 146 | return entry.first; |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 147 | } |
| 148 | } |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 149 | for (const auto& entry : mVirtualNetworks) { |
| 150 | if (entry.second->hasInterface(interface)) { |
| 151 | return entry.first; |
| 152 | } |
| 153 | } |
Paul Jensen | 35c77e3 | 2014-04-10 14:57:54 -0400 | [diff] [blame] | 154 | return NETID_UNSET; |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 155 | } |
| 156 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 157 | bool NetworkController::isValidNetwork(unsigned netId) const { |
| 158 | android::RWLock::AutoRLock lock(mRWLock); |
| 159 | return getNetworkLocked(netId); |
| 160 | } |
| 161 | |
| 162 | int NetworkController::createNetwork(unsigned netId, Permission permission) { |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 163 | if (netId < MIN_NET_ID || netId > MAX_NET_ID) { |
Paul Jensen | ae37e8a | 2014-04-28 10:35:51 -0400 | [diff] [blame] | 164 | ALOGE("invalid netId %u", netId); |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 165 | return -EINVAL; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 166 | } |
| 167 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 168 | if (isValidNetwork(netId)) { |
| 169 | ALOGE("duplicate netId %u", netId); |
| 170 | return -EEXIST; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 171 | } |
| 172 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 173 | PhysicalNetwork* physicalNetwork = new PhysicalNetwork(netId); |
| 174 | if (int ret = physicalNetwork->setPermission(permission)) { |
| 175 | ALOGE("inconceivable! setPermission cannot fail on an empty network"); |
| 176 | delete physicalNetwork; |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 177 | return ret; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 178 | } |
| 179 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 180 | android::RWLock::AutoWLock lock(mRWLock); |
| 181 | mPhysicalNetworks[netId] = physicalNetwork; |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 182 | return 0; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 183 | } |
| 184 | |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 185 | int NetworkController::createVpn(unsigned netId, uid_t ownerUid) { |
| 186 | if (netId < MIN_NET_ID || netId > MAX_NET_ID) { |
| 187 | ALOGE("invalid netId %u", netId); |
| 188 | return -EINVAL; |
| 189 | } |
| 190 | |
| 191 | if (isValidNetwork(netId)) { |
| 192 | ALOGE("duplicate netId %u", netId); |
| 193 | return -EEXIST; |
| 194 | } |
| 195 | |
| 196 | android::RWLock::AutoWLock lock(mRWLock); |
| 197 | mVirtualNetworks[netId] = new VirtualNetwork(netId, ownerUid); |
| 198 | return 0; |
| 199 | } |
| 200 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 201 | int NetworkController::destroyNetwork(unsigned netId) { |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 202 | if (!isValidNetwork(netId)) { |
Sreeram Ramachandran | 379bd33 | 2014-04-10 19:58:06 -0700 | [diff] [blame] | 203 | ALOGE("invalid netId %u", netId); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 204 | return -EINVAL; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 205 | } |
| 206 | |
Sreeram Ramachandran | 379bd33 | 2014-04-10 19:58:06 -0700 | [diff] [blame] | 207 | // TODO: ioctl(SIOCKILLADDR, ...) to kill all sockets on the old network. |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 208 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 209 | android::RWLock::AutoWLock lock(mRWLock); |
| 210 | Network* network = getNetworkLocked(netId); |
| 211 | if (int ret = network->clearInterfaces()) { |
| 212 | return ret; |
| 213 | } |
| 214 | if (mDefaultNetId == netId) { |
| 215 | PhysicalNetwork* physicalNetwork = static_cast<PhysicalNetwork*>(network); |
| 216 | if (int ret = physicalNetwork->removeAsDefault()) { |
| 217 | ALOGE("inconceivable! removeAsDefault cannot fail on an empty network"); |
| 218 | return ret; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 219 | } |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 220 | mDefaultNetId = NETID_UNSET; |
Sreeram Ramachandran | 5c181bf | 2014-04-07 14:10:04 -0700 | [diff] [blame] | 221 | } |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 222 | mPhysicalNetworks.erase(netId); |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 223 | mVirtualNetworks.erase(netId); |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 224 | delete network; |
Sreeram Ramachandran | 3ced069 | 2014-04-18 09:49:13 -0700 | [diff] [blame] | 225 | _resolv_delete_cache_for_net(netId); |
Lorenzo Colitti | 96f261e | 2014-06-23 15:09:54 +0900 | [diff] [blame] | 226 | return 0; |
Sreeram Ramachandran | 379bd33 | 2014-04-10 19:58:06 -0700 | [diff] [blame] | 227 | } |
| 228 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 229 | int NetworkController::addInterfaceToNetwork(unsigned netId, const char* interface) { |
Sreeram Ramachandran | 7260407 | 2014-05-21 13:19:43 -0700 | [diff] [blame] | 230 | if (!isValidNetwork(netId)) { |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 231 | ALOGE("invalid netId %u", netId); |
Lorenzo Colitti | f7fc8ec | 2014-06-18 00:41:58 +0900 | [diff] [blame] | 232 | return -EINVAL; |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 233 | } |
| 234 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 235 | unsigned existingNetId = getNetworkId(interface); |
| 236 | if (existingNetId != NETID_UNSET && existingNetId != netId) { |
| 237 | ALOGE("interface %s already assigned to netId %u", interface, existingNetId); |
| 238 | return -EBUSY; |
| 239 | } |
| 240 | |
| 241 | android::RWLock::AutoWLock lock(mRWLock); |
| 242 | return getNetworkLocked(netId)->addInterface(interface); |
| 243 | } |
| 244 | |
| 245 | int NetworkController::removeInterfaceFromNetwork(unsigned netId, const char* interface) { |
| 246 | if (!isValidNetwork(netId)) { |
| 247 | ALOGE("invalid netId %u", netId); |
| 248 | return -EINVAL; |
| 249 | } |
| 250 | |
| 251 | android::RWLock::AutoWLock lock(mRWLock); |
| 252 | return getNetworkLocked(netId)->removeInterface(interface); |
| 253 | } |
| 254 | |
| 255 | Permission NetworkController::getPermissionForUser(uid_t uid) const { |
| 256 | android::RWLock::AutoRLock lock(mRWLock); |
| 257 | auto iter = mUsers.find(uid); |
| 258 | return iter != mUsers.end() ? iter->second : PERMISSION_NONE; |
| 259 | } |
| 260 | |
| 261 | void NetworkController::setPermissionForUsers(Permission permission, |
| 262 | const std::vector<uid_t>& uids) { |
| 263 | android::RWLock::AutoWLock lock(mRWLock); |
| 264 | for (uid_t uid : uids) { |
| 265 | if (permission == PERMISSION_NONE) { |
| 266 | mUsers.erase(uid); |
| 267 | } else { |
| 268 | mUsers[uid] = permission; |
| 269 | } |
| 270 | } |
| 271 | } |
| 272 | |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 273 | // TODO: Handle VPNs. |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 274 | bool NetworkController::isUserPermittedOnNetwork(uid_t uid, unsigned netId) const { |
| 275 | android::RWLock::AutoRLock lock(mRWLock); |
| 276 | auto userIter = mUsers.find(uid); |
| 277 | Permission userPermission = (userIter != mUsers.end() ? userIter->second : PERMISSION_NONE); |
| 278 | auto networkIter = mPhysicalNetworks.find(netId); |
| 279 | if (networkIter == mPhysicalNetworks.end()) { |
| 280 | return false; |
| 281 | } |
| 282 | Permission networkPermission = networkIter->second->getPermission(); |
| 283 | return (userPermission & networkPermission) == networkPermission; |
| 284 | } |
| 285 | |
| 286 | int NetworkController::setPermissionForNetworks(Permission permission, |
| 287 | const std::vector<unsigned>& netIds) { |
| 288 | android::RWLock::AutoWLock lock(mRWLock); |
| 289 | for (unsigned netId : netIds) { |
| 290 | auto iter = mPhysicalNetworks.find(netId); |
| 291 | if (iter == mPhysicalNetworks.end()) { |
| 292 | ALOGE("invalid netId %u", netId); |
| 293 | return -EINVAL; |
| 294 | } |
| 295 | |
| 296 | // TODO: ioctl(SIOCKILLADDR, ...) to kill socets on the network that don't have permission. |
| 297 | |
| 298 | if (int ret = iter->second->setPermission(permission)) { |
| 299 | return ret; |
| 300 | } |
| 301 | } |
| 302 | return 0; |
| 303 | } |
| 304 | |
Sreeram Ramachandran | b1425cc | 2014-06-23 18:54:27 -0700 | [diff] [blame] | 305 | int NetworkController::addUsersToNetwork(unsigned netId, const UidRanges& uidRanges) { |
| 306 | android::RWLock::AutoWLock lock(mRWLock); |
| 307 | auto iter = mVirtualNetworks.find(netId); |
| 308 | if (iter == mVirtualNetworks.end()) { |
| 309 | ALOGE("invalid netId %u", netId); |
| 310 | return -EINVAL; |
| 311 | } |
| 312 | if (int ret = iter->second->addUsers(uidRanges)) { |
| 313 | return ret; |
| 314 | } |
| 315 | return 0; |
| 316 | } |
| 317 | |
| 318 | int NetworkController::removeUsersFromNetwork(unsigned netId, const UidRanges& uidRanges) { |
| 319 | android::RWLock::AutoWLock lock(mRWLock); |
| 320 | auto iter = mVirtualNetworks.find(netId); |
| 321 | if (iter == mVirtualNetworks.end()) { |
| 322 | ALOGE("invalid netId %u", netId); |
| 323 | return -EINVAL; |
| 324 | } |
| 325 | if (int ret = iter->second->removeUsers(uidRanges)) { |
| 326 | return ret; |
| 327 | } |
| 328 | return 0; |
| 329 | } |
| 330 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 331 | int NetworkController::addRoute(unsigned netId, const char* interface, const char* destination, |
| 332 | const char* nexthop, bool legacy, uid_t uid) { |
| 333 | return modifyRoute(netId, interface, destination, nexthop, true, legacy, uid); |
| 334 | } |
| 335 | |
| 336 | int NetworkController::removeRoute(unsigned netId, const char* interface, const char* destination, |
| 337 | const char* nexthop, bool legacy, uid_t uid) { |
| 338 | return modifyRoute(netId, interface, destination, nexthop, false, legacy, uid); |
| 339 | } |
| 340 | |
| 341 | Network* NetworkController::getNetworkLocked(unsigned netId) const { |
| 342 | auto physicalNetworkIter = mPhysicalNetworks.find(netId); |
| 343 | if (physicalNetworkIter != mPhysicalNetworks.end()) { |
| 344 | return physicalNetworkIter->second; |
| 345 | } |
Sreeram Ramachandran | 4043f01 | 2014-06-23 12:41:37 -0700 | [diff] [blame] | 346 | { |
| 347 | auto iter = mVirtualNetworks.find(netId); |
| 348 | if (iter != mVirtualNetworks.end()) { |
| 349 | return iter->second; |
| 350 | } |
| 351 | } |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 352 | return NULL; |
| 353 | } |
| 354 | |
| 355 | int NetworkController::modifyRoute(unsigned netId, const char* interface, const char* destination, |
| 356 | const char* nexthop, bool add, bool legacy, uid_t uid) { |
| 357 | unsigned existingNetId = getNetworkId(interface); |
| 358 | if (netId == NETID_UNSET || existingNetId != netId) { |
| 359 | ALOGE("interface %s assigned to netId %u, not %u", interface, existingNetId, netId); |
Lorenzo Colitti | f7fc8ec | 2014-06-18 00:41:58 +0900 | [diff] [blame] | 360 | return -ENOENT; |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 361 | } |
| 362 | |
Sreeram Ramachandran | 38b7af1 | 2014-05-22 14:21:49 -0700 | [diff] [blame] | 363 | RouteController::TableType tableType; |
| 364 | if (legacy) { |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 365 | if (getPermissionForUser(uid) & PERMISSION_CONNECTIVITY_INTERNAL) { |
Sreeram Ramachandran | 38b7af1 | 2014-05-22 14:21:49 -0700 | [diff] [blame] | 366 | tableType = RouteController::PRIVILEGED_LEGACY; |
| 367 | } else { |
| 368 | tableType = RouteController::LEGACY; |
| 369 | } |
| 370 | } else { |
| 371 | tableType = RouteController::INTERFACE; |
| 372 | } |
| 373 | |
Sreeram Ramachandran | eb27b7e | 2014-07-01 14:30:30 -0700 | [diff] [blame^] | 374 | return add ? RouteController::addRoute(interface, destination, nexthop, tableType) : |
| 375 | RouteController::removeRoute(interface, destination, nexthop, tableType); |
Sreeram Ramachandran | 7619e1b | 2014-04-15 14:23:08 -0700 | [diff] [blame] | 376 | } |
| 377 | |
Sreeram Ramachandran | f4f6c8d | 2014-06-23 09:54:06 -0700 | [diff] [blame] | 378 | NetworkController::UidEntry::UidEntry(uid_t uidStart, uid_t uidEnd, unsigned netId, |
| 379 | bool forwardDns) : |
| 380 | uidStart(uidStart), uidEnd(uidEnd), netId(netId), forwardDns(forwardDns) { |
Szymon Jakubczak | a0efaec | 2014-02-14 17:09:43 -0500 | [diff] [blame] | 381 | } |