Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / d8b6a38997944e92eccbaa3071fe06f7034fd435 / . / server / NetdNativeService.cpp
blob: ebf1788e59b4b69545f0dec1e1370e11770a2e0c [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]25#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]26#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]27#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]29#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]30
31#include <binder/IPCThreadState.h>
32#include <binder/IServiceManager.h>
33#include "android/net/BnNetd.h"
34
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]35#include <openssl/base64.h>
36
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]37#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]38#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]39#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]43#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]44#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]46#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]47#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]48#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]51using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]52using android::net::UidRangeParcel;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]53
54namespace android {
55namespace net {
56
57namespace {
58
59const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]60const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]61const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]62const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]63
64binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]65 pid_t pid = IPCThreadState::self()->getCallingPid();
66 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]67
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]68 // If the caller is the system UID, don't check permissions.
69 // Otherwise, if the system server's binder thread pool is full, and all the threads are
70 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
71 //
72 // From a security perspective, there is currently no difference, because:
73 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
74 // and NETWORK_STACK, which the system server will always need to have.
75 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
76 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]77 return binder::Status::ok();
78 } else {
79 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
80 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
81 }
82}
83
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]84#define ENFORCE_DEBUGGABLE() { \
85 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]86 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]87 || value[0] != '1') { \
88 return binder::Status::fromExceptionCode( \
89 binder::Status::EX_SECURITY, \
90 String8("Not available in production builds.") \
91 ); \
92 } \
93}
94
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]95#define ENFORCE_PERMISSION(permission) { \
96 binder::Status status = checkPermission((permission)); \
97 if (!status.isOk()) { \
98 return status; \
99 } \
100}
101
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]102#define NETD_LOCKING_RPC(permission, lock) \
103 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]104 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]105
106#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]107
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]108#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
109 do { \
110 if (!isOk((res))) { \
111 logErrorStatus((logEntry), (res)); \
112 return asBinderStatus((res)); \
113 } \
114 } while (0)
115
116void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
117 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
118}
119
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]120binder::Status asBinderStatus(const netdutils::Status& status) {
121 if (isOk(status)) {
122 return binder::Status::ok();
123 }
124 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
125}
126
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]127inline binder::Status statusFromErrcode(int ret) {
128 if (ret) {
129 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
130 }
131 return binder::Status::ok();
132}
133
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]134bool contains(const Vector<String16>& words, const String16& word) {
135 for (const auto& w : words) {
136 if (w == word) return true;
137 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]138
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]139 return false;
140}
141
142} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]143
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]144status_t NetdNativeService::start() {
145 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]146 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]147 if (ret != android::OK) {
148 return ret;
149 }
150 sp<ProcessState> ps(ProcessState::self());
151 ps->startThreadPool();
152 ps->giveThreadPoolName();
153 return android::OK;
154}
155
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]156status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]157 const binder::Status dump_permission = checkPermission(DUMP);
158 if (!dump_permission.isOk()) {
159 const String8 msg(dump_permission.toString8());
160 write(fd, msg.string(), msg.size());
161 return PERMISSION_DENIED;
162 }
163
164 // This method does not grab any locks. If individual classes need locking
165 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]166
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]167 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]168
169 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
170 dw.blankline();
171 gCtls->tcpSocketMonitor.dump(dw);
172 dw.blankline();
173 return NO_ERROR;
174 }
175
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]176 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
177 dw.blankline();
178 gCtls->trafficCtrl.dump(dw, true);
179 dw.blankline();
180 return NO_ERROR;
181 }
182
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]183 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]184 dw.blankline();
185 gCtls->netCtrl.dump(dw);
186 dw.blankline();
187
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]188 gCtls->trafficCtrl.dump(dw, false);
189 dw.blankline();
190
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]191 {
192 ScopedIndent indentLog(dw);
193 if (contains(args, String16(OPT_SHORT))) {
194 dw.println("Log: <omitted>");
195 } else {
196 dw.println("Log:");
197 ScopedIndent indentLogEntries(dw);
198 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
199 }
200 dw.blankline();
201 }
202
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]203 return NO_ERROR;
204}
205
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]206binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]207 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]208 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]209
210 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]211
212 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]213 return binder::Status::ok();
214}
215
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]216binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]217 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
218 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]219 auto entry = gLog.newEntry()
220 .prettyFunction(__PRETTY_FUNCTION__)
221 .arg(chainName)
222 .arg(isWhitelist)
223 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]224
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]225 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]226 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]227
228 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]229 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]230}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]231
232binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
233 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]234 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]235
236 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
237 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]238 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]239 return binder::Status::ok();
240}
241
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]242binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
243 int64_t bytes) {
244 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
245 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
246
247 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
248
249 gLog.log(entry.returns(res).withAutomaticDuration());
250 return statusFromErrcode(res);
251}
252
253binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
254 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
255 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
256
257 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
258
259 gLog.log(entry.returns(res).withAutomaticDuration());
260 return statusFromErrcode(res);
261}
262
263binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
264 int64_t bytes) {
265 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
266 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
267
268 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
269
270 gLog.log(entry.returns(res).withAutomaticDuration());
271 return statusFromErrcode(res);
272}
273
274binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
275 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
276 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
277
278 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
279
280 gLog.log(entry.returns(res).withAutomaticDuration());
281 return statusFromErrcode(res);
282}
283
284binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
285 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
286 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
287
288 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
289
290 gLog.log(entry.returns(res).withAutomaticDuration());
291 return statusFromErrcode(res);
292}
293
294binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
295 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
296 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
297
298 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
299 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
300
301 gLog.log(entry.returns(res).withAutomaticDuration());
302 return statusFromErrcode(res);
303}
304
305binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
306 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
307 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
308
309 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
310 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
311
312 gLog.log(entry.returns(res).withAutomaticDuration());
313 return statusFromErrcode(res);
314}
315
316binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
317 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
318 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
319
320 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
321 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
322
323 gLog.log(entry.returns(res).withAutomaticDuration());
324 return statusFromErrcode(res);
325}
326
327binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
328 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
329 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
330
331 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
332 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
333
334 gLog.log(entry.returns(res).withAutomaticDuration());
335 return statusFromErrcode(res);
336}
337
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]338binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]339 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]340 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]341 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]342 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]343 return statusFromErrcode(ret);
344}
345
346binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
347 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
348 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
349 return statusFromErrcode(ret);
350}
351
352binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]353 ENFORCE_PERMISSION(NETWORK_STACK);
354 // Both of these functions manage their own locking internally.
355 const int ret = gCtls->netCtrl.destroyNetwork(netId);
356 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]357 return statusFromErrcode(ret);
358}
359
360binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
361 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
362 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
363 return statusFromErrcode(ret);
364}
365
366binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
367 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
368 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
369 return statusFromErrcode(ret);
370}
371
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]372namespace {
373
374std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
375 std::vector<std::string> result;
376 result.reserve(uidRangeArray.size());
377 for (const auto& uidRange : uidRangeArray) {
378 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
379 }
380
381 return base::Join(result, ", ");
382}
383
384} // namespace
385
386binder::Status NetdNativeService::networkAddUidRanges(
387 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]388 // NetworkController::addUsersToNetwork is thread-safe.
389 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]390 auto entry = gLog.newEntry()
391 .prettyFunction(__PRETTY_FUNCTION__)
392 .args(netId, uidRangeParcelVecToString(uidRangeArray));
393
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]394 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]395 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]396 return statusFromErrcode(ret);
397}
398
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]399binder::Status NetdNativeService::networkRemoveUidRanges(
400 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]401 // NetworkController::removeUsersFromNetwork is thread-safe.
402 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]403 auto entry = gLog.newEntry()
404 .prettyFunction(__PRETTY_FUNCTION__)
405 .args(netId, uidRangeParcelVecToString(uidRangeArray));
406
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]407 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]408 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]409 return statusFromErrcode(ret);
410}
411
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]412binder::Status NetdNativeService::networkRejectNonSecureVpn(
413 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]414 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
415 // it should be possible to use the same lock as NetworkController. However, every call through
416 // the CommandListener "network" command will need to hold this lock too, not just the ones that
417 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
418 // look at routes, but it's not enough here).
419 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]420 auto entry = gLog.newEntry()
421 .prettyFunction(__PRETTY_FUNCTION__)
422 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]423 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]424
425 int err;
426 if (add) {
427 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
428 } else {
429 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
430 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]431 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]432 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]433}
434
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]435binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
436 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]437 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
438
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]439 auto entry = gLog.newEntry()
440 .prettyFunction(__PRETTY_FUNCTION__)
441 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]442 SockDiag sd;
443 if (!sd.open()) {
444 return binder::Status::fromServiceSpecificError(EIO,
445 String8("Could not open SOCK_DIAG socket"));
446 }
447
448 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]449 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
450 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]451
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]452 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]453 if (err) {
454 return binder::Status::fromServiceSpecificError(-err,
455 String8::format("destroySockets: %s", strerror(-err)));
456 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]457 return binder::Status::ok();
458}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]459
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]460// Parse a base64 encoded string into a vector of bytes.
461// On failure, return an empty vector.
462static std::vector<uint8_t> parseBase64(const std::string& input) {
463 std::vector<uint8_t> decoded;
464 size_t out_len;
465 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
466 return decoded;
467 }
468 // out_len is now an upper bound on the output length.
469 decoded.resize(out_len);
470 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
471 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
472 // Possibly shrink the vector if the actual output was smaller than the bound.
473 decoded.resize(out_len);
474 } else {
475 decoded.clear();
476 }
477 if (out_len != SHA256_SIZE) {
478 decoded.clear();
479 }
480 return decoded;
481}
482
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]483binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
484 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]485 const std::vector<int32_t>& params, const std::string& tlsName,
486 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]487 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]488 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
489 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]490 auto entry = gLog.newEntry()
491 .prettyFunction(__PRETTY_FUNCTION__)
492 .arg(netId)
493 .arg(servers)
494 .arg(domains)
495 .arg(params)
496 .arg(tlsName)
497 .arg(tlsServers)
498 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]499
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]500 std::set<std::vector<uint8_t>> decoded_fingerprints;
501 for (const std::string& fingerprint : tlsFingerprints) {
502 std::vector<uint8_t> decoded = parseBase64(fingerprint);
503 if (decoded.empty()) {
504 return binder::Status::fromServiceSpecificError(EINVAL,
505 String8::format("ResolverController error: bad fingerprint"));
506 }
507 decoded_fingerprints.emplace(decoded);
508 }
509
510 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]511 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]512 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]513 if (err != 0) {
514 return binder::Status::fromServiceSpecificError(-err,
515 String8::format("ResolverController error: %s", strerror(-err)));
516 }
517 return binder::Status::ok();
518}
519
520binder::Status NetdNativeService::getResolverInfo(int32_t netId,
521 std::vector<std::string>* servers, std::vector<std::string>* domains,
522 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
523 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
524 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
525
526 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
527 if (err != 0) {
528 return binder::Status::fromServiceSpecificError(-err,
529 String8::format("ResolverController error: %s", strerror(-err)));
530 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]531 return binder::Status::ok();
532}
533
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]534binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]535 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]536
537 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
538 return binder::Status::ok();
539}
540
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]541namespace {
542
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]543void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
544 const TetherController::TetherStats& tetherStats) {
545 if (tetherStatsParcel->extIface == tetherStats.extIface) {
546 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
547 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
548 tetherStatsParcel->txBytes += tetherStats.txBytes;
549 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]550 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]551}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]552
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]553TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
554 TetherStatsParcel result;
555 result.iface = stats.extIface;
556 result.rxBytes = stats.rxBytes;
557 result.rxPackets = stats.rxPackets;
558 result.txBytes = stats.txBytes;
559 result.txPackets = stats.txPackets;
560 return result;
561}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]562
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]563void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
564 const TetherController::TetherStatsList& statsList) {
565 std::map<std::string, TetherController::TetherStats> statsMap;
566 for (const auto& stats : statsList) {
567 auto iter = statsMap.find(stats.extIface);
568 if (iter != statsMap.end()) {
569 tetherAddStatsByInterface(&(iter->second), stats);
570 } else {
571 statsMap.insert(
572 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
573 }
574 }
575 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
576 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
577 }
578}
579
580std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
581 std::vector<std::string> result;
582 for (const auto& t : *tVec) {
583 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
584 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
585 t.txPackets));
586 }
587 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]588}
589
590} // namespace
591
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]592binder::Status NetdNativeService::tetherGetStats(
593 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]594 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]595
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]596 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
597
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]598 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]599 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]600 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]601 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]602 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
603 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
604 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]605 return binder::Status::ok();
606}
607
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]608binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
609 const std::string &addrString, int prefixLength) {
610 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
611
612 const int err = InterfaceController::addAddress(
613 ifName.c_str(), addrString.c_str(), prefixLength);
614 if (err != 0) {
615 return binder::Status::fromServiceSpecificError(-err,
616 String8::format("InterfaceController error: %s", strerror(-err)));
617 }
618 return binder::Status::ok();
619}
620
621binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
622 const std::string &addrString, int prefixLength) {
623 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
624
625 const int err = InterfaceController::delAddress(
626 ifName.c_str(), addrString.c_str(), prefixLength);
627 if (err != 0) {
628 return binder::Status::fromServiceSpecificError(-err,
629 String8::format("InterfaceController error: %s", strerror(-err)));
630 }
631 return binder::Status::ok();
632}
633
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]634namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]635
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]636std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
637 int32_t category) {
638 const char* ipversionStr = nullptr;
639 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]640 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]641 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]642 break;
643 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]644 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]645 break;
646 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]647 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
648 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]649 }
650
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]651 const char* whichStr = nullptr;
652 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]653 case INetd::CONF:
654 whichStr = "conf";
655 break;
656 case INetd::NEIGH:
657 whichStr = "neigh";
658 break;
659 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]660 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
661 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]662 }
663
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]664 return {binder::Status::ok(), ipversionStr, whichStr};
665}
666
667} // namespace
668
669binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
670 const std::string& ifname,
671 const std::string& parameter, std::string* value) {
672 ENFORCE_PERMISSION(NETWORK_STACK);
673 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
674 .args(ipversion, which, ifname, parameter);
675
676 const auto pathParts = getPathComponents(ipversion, which);
677 const auto& pathStatus = std::get<0>(pathParts);
678 if (!pathStatus.isOk()) {
679 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
680 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]681 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]682
683 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
684 std::get<2>(pathParts), ifname.c_str(),
685 parameter.c_str(), value);
686 entry.returns(err);
687 if (err == 0) entry.returns(*value);
688 gLog.log(entry.withAutomaticDuration());
689 return statusFromErrcode(err);
690}
691
692binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
693 const std::string& ifname,
694 const std::string& parameter,
695 const std::string& value) {
696 ENFORCE_PERMISSION(NETWORK_STACK);
697 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
698 .args(ipversion, which, ifname, parameter, value);
699
700 const auto pathParts = getPathComponents(ipversion, which);
701 const auto& pathStatus = std::get<0>(pathParts);
702 if (!pathStatus.isOk()) {
703 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
704 return pathStatus;
705 }
706
707 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
708 std::get<2>(pathParts), ifname.c_str(),
709 parameter.c_str(), value.c_str());
710 gLog.log(entry.returns(err).withAutomaticDuration());
711 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]712}
713
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]714binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
715 // This function intentionally does not lock, since the only thing it does is one read from an
716 // atomic_int.
717 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
718 ENFORCE_DEBUGGABLE();
719
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]720 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]721 return binder::Status::ok();
722}
723
724binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
725 // This function intentionally does not lock, since the only thing it does is one write to an
726 // atomic_int.
727 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
728 ENFORCE_DEBUGGABLE();
729
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]730 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
731 ? binder::Status::ok()
732 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]733}
734
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]735binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
736 int newUid) {
737 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]738 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]739
740 uid_t callerUid = IPCThreadState::self()->getCallingUid();
741 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
742}
743
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]744binder::Status NetdNativeService::ipSecAllocateSpi(
745 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]746 const std::string& sourceAddress,
747 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]748 int32_t inSpi,
749 int32_t* outSpi) {
750 // Necessary locking done in IpSecService and kernel
751 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]752 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]753 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]754 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]755 sourceAddress,
756 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]757 inSpi,
758 outSpi));
759}
760
761binder::Status NetdNativeService::ipSecAddSecurityAssociation(
762 int32_t transformId,
763 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]764 const std::string& sourceAddress,
765 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]766 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]767 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]768 int32_t markValue,
769 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]770 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
771 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]772 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]773 int32_t encapType,
774 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]775 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]776 // Necessary locking done in IpSecService and kernel
777 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]778 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]779 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]780 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
781 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
782 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]783}
784
785binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
786 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]787 const std::string& sourceAddress,
788 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]789 int32_t spi,
790 int32_t markValue,
791 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]792 // Necessary locking done in IpSecService and kernel
793 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]794 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]795 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]796 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]797 sourceAddress,
798 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]799 spi,
800 markValue,
801 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]802}
803
804binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
805 const android::base::unique_fd& socket,
806 int32_t transformId,
807 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]808 const std::string& sourceAddress,
809 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]810 int32_t spi) {
811 // Necessary locking done in IpSecService and kernel
812 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]813 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]814 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]815 socket,
816 transformId,
817 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]818 sourceAddress,
819 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]820 spi));
821}
822
823binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
824 const android::base::unique_fd& socket) {
825 // Necessary locking done in IpSecService and kernel
826 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]827 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]828 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]829 socket));
830}
831
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]832binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
833 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]834 const std::string& tmplSrcAddress,
835 const std::string& tmplDstAddress,
836 int32_t spi, int32_t markValue,
837 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]838 // Necessary locking done in IpSecService and kernel
839 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]840 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]841 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]842 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
843 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]844}
845
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]846binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(int32_t transformId,
847 int32_t selAddrFamily,
848 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]849 const std::string& tmplSrcAddress,
850 const std::string& tmplDstAddress,
851 int32_t spi, int32_t markValue,
852 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]853 // Necessary locking done in IpSecService and kernel
854 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]855 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]856 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]857 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
858 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]859}
860
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]861binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
862 int32_t selAddrFamily,
863 int32_t direction, int32_t markValue,
864 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]865 // Necessary locking done in IpSecService and kernel
866 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]867 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]868 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]869 transformId, selAddrFamily, direction, markValue, markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]870}
871
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]872binder::Status NetdNativeService::addVirtualTunnelInterface(
873 const std::string& deviceName,
874 const std::string& localAddress,
875 const std::string& remoteAddress,
876 int32_t iKey,
877 int32_t oKey) {
878 // Necessary locking done in IpSecService and kernel
879 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]880 gLog.log("addVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]881 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
882 deviceName,
883 localAddress,
884 remoteAddress,
885 iKey,
886 oKey,
887 false);
888
889 return (ret == 0) ? binder::Status::ok() :
890 asBinderStatus(netdutils::statusFromErrno(
891 ret, "Error in creating virtual tunnel interface."));
892}
893
894binder::Status NetdNativeService::updateVirtualTunnelInterface(
895 const std::string& deviceName,
896 const std::string& localAddress,
897 const std::string& remoteAddress,
898 int32_t iKey,
899 int32_t oKey) {
900 // Necessary locking done in IpSecService and kernel
901 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]902 gLog.log("updateVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]903 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
904 deviceName,
905 localAddress,
906 remoteAddress,
907 iKey,
908 oKey,
909 true);
910
911 return (ret == 0) ? binder::Status::ok() :
912 asBinderStatus(netdutils::statusFromErrno(
913 ret, "Error in updating virtual tunnel interface."));
914}
915
916binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
917 // Necessary locking done in IpSecService and kernel
918 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]919 gLog.log("removeVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]920 int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
921
922 return (ret == 0) ? binder::Status::ok() :
923 asBinderStatus(netdutils::statusFromErrno(
924 ret, "Error in removing virtual tunnel interface."));
925}
926
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]927binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
928 int32_t mode) {
929 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]930 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]931}
932
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]933binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
934 const std::string& prefix, int32_t mark,
935 int32_t mask) {
936 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]937 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]938}
939
940binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
941 const std::string& prefix, int32_t mark,
942 int32_t mask) {
943 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]944 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]945}
946
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]947binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
948 ENFORCE_PERMISSION(NETWORK_STACK);
949 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
950 return binder::Status::ok();
951}
952
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]953binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
954 const std::string& classLabel) {
955 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
956 auto entry = gLog.newEntry()
957 .prettyFunction(__PRETTY_FUNCTION__)
958 .arg(ifName)
959 .arg(timeout)
960 .arg(classLabel);
961 int res =
962 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
963 gLog.log(entry.returns(res).withAutomaticDuration());
964 return statusFromErrcode(res);
965}
966
967binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
968 int32_t timeout,
969 const std::string& classLabel) {
970 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
971 auto entry = gLog.newEntry()
972 .prettyFunction(__PRETTY_FUNCTION__)
973 .arg(ifName)
974 .arg(timeout)
975 .arg(classLabel);
976 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
977 classLabel.c_str());
978 gLog.log(entry.returns(res).withAutomaticDuration());
979 return statusFromErrcode(res);
980}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]981
982binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
983 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
984 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
985 StrictPenalty penalty;
986 switch (policyPenalty) {
987 case INetd::PENALTY_POLICY_REJECT:
988 penalty = REJECT;
989 break;
990 case INetd::PENALTY_POLICY_LOG:
991 penalty = LOG;
992 break;
993 case INetd::PENALTY_POLICY_ACCEPT:
994 penalty = ACCEPT;
995 break;
996 default:
997 return statusFromErrcode(-EINVAL);
998 break;
999 }
1000 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
1001 gLog.log(entry.returns(res).withAutomaticDuration());
1002 return statusFromErrcode(res);
1003}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1004
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]1005binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
1006 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
1007 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1008 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
1009 gLog.log(entry.returns(res).withAutomaticDuration());
1010 return statusFromErrcode(res);
1011}
1012
1013binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
1014 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
1015 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1016 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
1017 gLog.log(entry.returns(res).withAutomaticDuration());
1018 return statusFromErrcode(res);
1019}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]1020
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]1021binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
1022 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1023 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1024 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
1025 gLog.log(entry.returns(*status).withAutomaticDuration());
1026 return binder::Status::ok();
1027}
1028
1029binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1030 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1031 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1032 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1033 gLog.log(entry.returns(res).withAutomaticDuration());
1034 return statusFromErrcode(res);
1035}
1036
1037binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1038 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1039 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1040 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1041 gLog.log(entry.returns(res).withAutomaticDuration());
1042 return statusFromErrcode(res);
1043}
1044
1045binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1046 const std::string& toIface) {
1047 ENFORCE_PERMISSION(NETWORK_STACK);
1048 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1049 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1050 gLog.log(entry.returns(res).withAutomaticDuration());
1051 return statusFromErrcode(res);
1052}
1053
1054binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1055 const std::string& toIface) {
1056 ENFORCE_PERMISSION(NETWORK_STACK);
1057 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1058 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1059 gLog.log(entry.returns(res).withAutomaticDuration());
1060 return statusFromErrcode(res);
1061}
1062
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1063namespace {
1064std::string addSquareBrackets(const std::string& s) {
1065 return "[" + s + "]";
1066}
1067
1068std::string addCurlyBrackets(const std::string& s) {
1069 return "{" + s + "}";
1070}
1071
1072} // namespace
1073binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1074 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1075 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1076
1077 const auto& ifaceList = InterfaceController::getIfaceNames();
1078 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1079
1080 interfaceListResult->clear();
1081 interfaceListResult->reserve(ifaceList.value().size());
1082 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1083 end(ifaceList.value()));
1084
1085 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1086 .withAutomaticDuration());
1087 return binder::Status::ok();
1088}
1089
1090std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1091 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1092 std::to_string(cfg.prefixLength)};
1093 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1094 return addCurlyBrackets(base::Join(result, ", "));
1095}
1096
1097binder::Status NetdNativeService::interfaceGetCfg(
1098 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1099 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1100 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1101
1102 const auto& cfgRes = InterfaceController::getCfg(ifName);
1103 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1104
1105 *interfaceGetCfgResult = cfgRes.value();
1106 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1107 .withAutomaticDuration());
1108 return binder::Status::ok();
1109}
1110
1111binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1112 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1113 auto entry = gLog.newEntry()
1114 .prettyFunction(__PRETTY_FUNCTION__)
1115 .arg(interfaceConfigurationParcelToString(cfg));
1116
1117 const auto& res = InterfaceController::setCfg(cfg);
1118 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1119
1120 gLog.log(entry.withAutomaticDuration());
1121 return binder::Status::ok();
1122}
1123
1124binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1125 bool enable) {
1126 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1127 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1128 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1129 gLog.log(entry.returns(res).withAutomaticDuration());
1130 return statusFromErrcode(res);
1131}
1132
1133binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1134 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1135 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1136 int res = InterfaceController::clearAddrs(ifName.c_str());
1137 gLog.log(entry.returns(res).withAutomaticDuration());
1138 return statusFromErrcode(res);
1139}
1140
1141binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1142 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1143 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1144 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1145 gLog.log(entry.returns(res).withAutomaticDuration());
1146 return statusFromErrcode(res);
1147}
1148
1149binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1150 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1151 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1152 std::string mtu = std::to_string(mtuValue);
1153 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1154 gLog.log(entry.returns(res).withAutomaticDuration());
1155 return statusFromErrcode(res);
1156}
1157
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1158binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1159 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1160 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1161 if (dhcpRanges.size() % 2 == 1) {
1162 return statusFromErrcode(-EINVAL);
1163 }
1164 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1165 gLog.log(entry.returns(res).withAutomaticDuration());
1166 return statusFromErrcode(res);
1167}
1168
1169binder::Status NetdNativeService::tetherStop() {
1170 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1171 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1172 int res = gCtls->tetherCtrl.stopTethering();
1173 gLog.log(entry.returns(res).withAutomaticDuration());
1174 return statusFromErrcode(res);
1175}
1176
1177binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1178 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1179 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1180 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1181 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1182 return binder::Status::ok();
1183}
1184
1185binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1186 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1187 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1188 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1189 gLog.log(entry.returns(res).withAutomaticDuration());
1190 return statusFromErrcode(res);
1191}
1192
1193binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1194 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1195 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1196 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1197 gLog.log(entry.returns(res).withAutomaticDuration());
1198 return statusFromErrcode(res);
1199}
1200
1201binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1202 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1203 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1204 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1205 ifList->push_back(ifname);
1206 }
1207 gLog.log(entry.returns(true).withAutomaticDuration());
1208 return binder::Status::ok();
1209}
1210
1211binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1212 const std::vector<std::string>& dnsAddrs) {
1213 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1214 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1215 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1216 gLog.log(entry.returns(res).withAutomaticDuration());
1217 return statusFromErrcode(res);
1218}
1219
1220binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1221 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1222 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1223 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1224 dnsList->push_back(fwdr);
1225 }
1226 gLog.log(entry.returns(true).withAutomaticDuration());
1227 return binder::Status::ok();
1228}
1229
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1230binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1231 const std::string& destination,
1232 const std::string& nextHop) {
1233 // Public methods of NetworkController are thread-safe.
1234 ENFORCE_PERMISSION(NETWORK_STACK);
1235 auto entry = gLog.newEntry()
1236 .prettyFunction(__PRETTY_FUNCTION__)
1237 .arg(netId)
1238 .arg(ifName)
1239 .arg(destination)
1240 .arg(nextHop);
1241 bool legacy = false;
1242 uid_t uid = 0; // UID is only meaningful for legacy routes.
1243 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1244 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1245 gLog.log(entry.returns(res).withAutomaticDuration());
1246 return statusFromErrcode(res);
1247}
1248
1249binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1250 const std::string& destination,
1251 const std::string& nextHop) {
1252 ENFORCE_PERMISSION(NETWORK_STACK);
1253 auto entry = gLog.newEntry()
1254 .prettyFunction(__PRETTY_FUNCTION__)
1255 .arg(netId)
1256 .arg(ifName)
1257 .arg(destination)
1258 .arg(nextHop);
1259 bool legacy = false;
1260 uid_t uid = 0; // UID is only meaningful for legacy routes.
1261 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1262 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1263 gLog.log(entry.returns(res).withAutomaticDuration());
1264 return statusFromErrcode(res);
1265}
1266
1267binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1268 const std::string& destination,
1269 const std::string& nextHop, int32_t uid) {
1270 ENFORCE_PERMISSION(NETWORK_STACK);
1271 auto entry = gLog.newEntry()
1272 .prettyFunction(__PRETTY_FUNCTION__)
1273 .arg(netId)
1274 .arg(ifName)
1275 .arg(destination)
1276 .arg(nextHop)
1277 .arg(uid);
1278 bool legacy = true;
1279 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1280 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1281 (uid_t) uid);
1282 gLog.log(entry.returns(res).withAutomaticDuration());
1283 return statusFromErrcode(res);
1284}
1285
1286binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1287 const std::string& destination,
1288 const std::string& nextHop,
1289 int32_t uid) {
1290 ENFORCE_PERMISSION(NETWORK_STACK);
1291 auto entry = gLog.newEntry()
1292 .prettyFunction(__PRETTY_FUNCTION__)
1293 .arg(netId)
1294 .arg(ifName)
1295 .arg(destination)
1296 .arg(nextHop)
1297 .arg(uid);
1298 bool legacy = true;
1299 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1300 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1301 (uid_t) uid);
1302 gLog.log(entry.returns(res).withAutomaticDuration());
1303 return statusFromErrcode(res);
1304}
1305
1306binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1307 ENFORCE_PERMISSION(NETWORK_STACK);
1308 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1309 *netId = gCtls->netCtrl.getDefaultNetwork();
1310 gLog.log(entry.returns(*netId).withAutomaticDuration());
1311 return binder::Status::ok();
1312}
1313
1314binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1315 ENFORCE_PERMISSION(NETWORK_STACK);
1316 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1317 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1318 gLog.log(entry.returns(res).withAutomaticDuration());
1319 return statusFromErrcode(res);
1320}
1321
1322binder::Status NetdNativeService::networkClearDefault() {
1323 ENFORCE_PERMISSION(NETWORK_STACK);
1324 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1325 unsigned netId = NETID_UNSET;
1326 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1327 gLog.log(entry.returns(res).withAutomaticDuration());
1328 return statusFromErrcode(res);
1329}
1330
1331std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1332 return {begin(intUids), end(intUids)};
1333}
1334
1335Permission NetdNativeService::convertPermission(int32_t permission) {
1336 switch (permission) {
1337 case INetd::PERMISSION_NETWORK:
1338 return Permission::PERMISSION_NETWORK;
1339 case INetd::PERMISSION_SYSTEM:
1340 return Permission::PERMISSION_SYSTEM;
1341 default:
1342 return Permission::PERMISSION_NONE;
1343 }
1344}
1345
1346binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1347 int32_t permission) {
1348 ENFORCE_PERMISSION(NETWORK_STACK);
1349 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1350 std::vector<unsigned> netIds = {(unsigned) netId};
1351 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1352 gLog.log(entry.returns(res).withAutomaticDuration());
1353 return statusFromErrcode(res);
1354}
1355
1356binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1357 const std::vector<int32_t>& uids) {
1358 ENFORCE_PERMISSION(NETWORK_STACK);
1359 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1360 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1361 gLog.log(entry.withAutomaticDuration());
1362 return binder::Status::ok();
1363}
1364
1365binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1366 ENFORCE_PERMISSION(NETWORK_STACK);
1367 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1368 Permission permission = Permission::PERMISSION_NONE;
1369 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1370 gLog.log(entry.withAutomaticDuration());
1371 return binder::Status::ok();
1372}
1373
1374binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1375 ENFORCE_PERMISSION(NETWORK_STACK);
1376 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1377 std::vector<uid_t> uids = {(uid_t) uid};
1378 gCtls->netCtrl.allowProtect(uids);
1379 gLog.log(entry.withAutomaticDuration());
1380 return binder::Status::ok();
1381}
1382
1383binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1384 ENFORCE_PERMISSION(NETWORK_STACK);
1385 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1386 std::vector<uid_t> uids = {(uid_t) uid};
1387 gCtls->netCtrl.denyProtect(uids);
1388 gLog.log(entry.withAutomaticDuration());
1389 return binder::Status::ok();
1390}
1391
1392binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1393 ENFORCE_PERMISSION(NETWORK_STACK);
1394 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1395 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1396 gLog.log(entry.returns(*ret).withAutomaticDuration());
1397 return binder::Status::ok();
1398}
1399
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1400namespace {
1401std::string ruleToString(int32_t rule) {
1402 switch (rule) {
1403 case INetd::FIREWALL_RULE_DENY:
1404 return "DENY";
1405 case INetd::FIREWALL_RULE_ALLOW:
1406 return "ALLOW";
1407 default:
1408 return "INVALID";
1409 }
1410}
1411
1412std::string typeToString(int32_t type) {
1413 switch (type) {
1414 case INetd::FIREWALL_WHITELIST:
1415 return "WHITELIST";
1416 case INetd::FIREWALL_BLACKLIST:
1417 return "BLACKLIST";
1418 default:
1419 return "INVALID";
1420 }
1421}
1422
1423std::string chainToString(int32_t chain) {
1424 switch (chain) {
1425 case INetd::FIREWALL_CHAIN_NONE:
1426 return "NONE";
1427 case INetd::FIREWALL_CHAIN_DOZABLE:
1428 return "DOZABLE";
1429 case INetd::FIREWALL_CHAIN_STANDBY:
1430 return "STANDBY";
1431 case INetd::FIREWALL_CHAIN_POWERSAVE:
1432 return "POWERSAVE";
1433 default:
1434 return "INVALID";
1435 }
1436}
1437
1438} // namespace
1439
1440binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1441 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1442 auto entry =
1443 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1444 auto type = static_cast<FirewallType>(firewallType);
1445
1446 int res = gCtls->firewallCtrl.setFirewallType(type);
1447 gLog.log(entry.returns(res).withAutomaticDuration());
1448 return statusFromErrcode(res);
1449}
1450
1451binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1452 int32_t firewallRule) {
1453 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1454 auto entry = gLog.newEntry()
1455 .prettyFunction(__PRETTY_FUNCTION__)
1456 .args(ifName, ruleToString(firewallRule));
1457 auto rule = static_cast<FirewallRule>(firewallRule);
1458
1459 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1460 gLog.log(entry.returns(res).withAutomaticDuration());
1461 return statusFromErrcode(res);
1462}
1463
1464binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1465 int32_t firewallRule) {
1466 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1467 auto entry = gLog.newEntry()
1468 .prettyFunction(__PRETTY_FUNCTION__)
1469 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1470 auto chain = static_cast<ChildChain>(childChain);
1471 auto rule = static_cast<FirewallRule>(firewallRule);
1472
1473 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1474 gLog.log(entry.returns(res).withAutomaticDuration());
1475 return statusFromErrcode(res);
1476}
1477
1478binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1479 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1480 auto entry = gLog.newEntry()
1481 .prettyFunction(__PRETTY_FUNCTION__)
1482 .args(chainToString(childChain), enable);
1483 auto chain = static_cast<ChildChain>(childChain);
1484
1485 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1486 gLog.log(entry.returns(res).withAutomaticDuration());
1487 return statusFromErrcode(res);
1488}
1489
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1490binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1491 const std::string& extIface) {
1492 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1493 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1494
1495 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1496 gLog.log(entry.returns(res).withAutomaticDuration());
1497 return statusFromErrcode(res);
1498}
1499
1500binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1501 const std::string& extIface) {
1502 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1503 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1504
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1505 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1506 gLog.log(entry.returns(res).withAutomaticDuration());
1507 return statusFromErrcode(res);
1508}
1509
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1510} // namespace net
1511} // namespace android