Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 65b53079d7f84188be8c2554d42658732d28ec2b / . / server / NetdNativeService.cpp
blob: 902c8f56700592c280871fe123bcb23e48a7f7f1 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]24#include <android-base/file.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]25#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]26#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]27#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]28#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]29#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]30#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]31
32#include <binder/IPCThreadState.h>
33#include <binder/IServiceManager.h>
34#include "android/net/BnNetd.h"
35
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]36#include <openssl/base64.h>
37
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]38#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]39#include "DumpWriter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]43#include "NetdPermissions.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]44#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]45#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]46#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]47#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]48#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]49#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]50
51using android::base::StringPrintf;
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]52using android::base::WriteStringToFile;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]53using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]54using android::net::UidRangeParcel;
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]55using android::os::ParcelFileDescriptor;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]56
57namespace android {
58namespace net {
59
60namespace {
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]61const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]62
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]63binder::Status checkAnyPermission(const std::vector<const char*>& permissions) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]64 pid_t pid = IPCThreadState::self()->getCallingPid();
65 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]66
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]67 // If the caller is the system UID, don't check permissions.
68 // Otherwise, if the system server's binder thread pool is full, and all the threads are
69 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
70 //
71 // From a security perspective, there is currently no difference, because:
72 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]73 // and NETWORK_STACK, which the system server always has (or MAINLINE_NETWORK_STACK, which
74 // is equivalent to having both CONNECTIVITY_INTERNAL and NETWORK_STACK).
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]75 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]76 if (uid == AID_SYSTEM) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]77 return binder::Status::ok();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]78 }
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]79
80 for (const char* permission : permissions) {
81 if (checkPermission(String16(permission), pid, uid)) {
82 return binder::Status::ok();
83 }
84 }
85
86 auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s",
87 uid, pid, android::base::Join(permissions, ',').c_str());
88 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, err.c_str());
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]89}
90
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]91#define ENFORCE_ANY_PERMISSION(...) \
92 do { \
93 binder::Status status = checkAnyPermission({__VA_ARGS__}); \
94 if (!status.isOk()) { \
95 return status; \
96 } \
97 } while (0)
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]98
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]99#define NETD_LOCKING_RPC(lock, ... /* permissions */) \
100 ENFORCE_ANY_PERMISSION(__VA_ARGS__); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]101 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]102
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]103#define NETD_BIG_LOCK_RPC(... /* permissions */) NETD_LOCKING_RPC(gBigNetdLock, __VA_ARGS__)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]104
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]105#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
106 do { \
107 if (!isOk((res))) { \
108 logErrorStatus((logEntry), (res)); \
109 return asBinderStatus((res)); \
110 } \
111 } while (0)
112
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]113#define ENFORCE_INTERNAL_PERMISSIONS() \
114 ENFORCE_ANY_PERMISSION(PERM_CONNECTIVITY_INTERNAL, PERM_MAINLINE_NETWORK_STACK)
115
116#define ENFORCE_NETWORK_STACK_PERMISSIONS() \
117 ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK)
118
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]119void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
120 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
121}
122
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]123binder::Status asBinderStatus(const netdutils::Status& status) {
124 if (isOk(status)) {
125 return binder::Status::ok();
126 }
127 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
128}
129
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]130inline binder::Status statusFromErrcode(int ret) {
131 if (ret) {
132 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
133 }
134 return binder::Status::ok();
135}
136
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]137bool contains(const Vector<String16>& words, const String16& word) {
138 for (const auto& w : words) {
139 if (w == word) return true;
140 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]141
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]142 return false;
143}
144
145} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]146
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]147status_t NetdNativeService::start() {
148 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]149 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]150 if (ret != android::OK) {
151 return ret;
152 }
153 sp<ProcessState> ps(ProcessState::self());
154 ps->startThreadPool();
155 ps->giveThreadPoolName();
156 return android::OK;
157}
158
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]159status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]160 const binder::Status dump_permission = checkAnyPermission({PERM_DUMP});
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]161 if (!dump_permission.isOk()) {
162 const String8 msg(dump_permission.toString8());
163 write(fd, msg.string(), msg.size());
164 return PERMISSION_DENIED;
165 }
166
167 // This method does not grab any locks. If individual classes need locking
168 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]169
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]170 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]171
172 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
173 dw.blankline();
174 gCtls->tcpSocketMonitor.dump(dw);
175 dw.blankline();
176 return NO_ERROR;
177 }
178
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]179 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
180 dw.blankline();
181 gCtls->trafficCtrl.dump(dw, true);
182 dw.blankline();
183 return NO_ERROR;
184 }
185
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]186 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]187 dw.blankline();
188 gCtls->netCtrl.dump(dw);
189 dw.blankline();
190
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]191 gCtls->trafficCtrl.dump(dw, false);
192 dw.blankline();
193
Benedict Wongaf855432018-05-10 17:07:37 -0700[diff] [blame]194 gCtls->xfrmCtrl.dump(dw);
195 dw.blankline();
196
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]197 {
198 ScopedIndent indentLog(dw);
199 if (contains(args, String16(OPT_SHORT))) {
200 dw.println("Log: <omitted>");
201 } else {
202 dw.println("Log:");
203 ScopedIndent indentLogEntries(dw);
204 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
205 }
206 dw.blankline();
207 }
208
Luke Huang528af602018-08-29 19:06:05 +0800[diff] [blame]209 {
210 ScopedIndent indentLog(dw);
211 if (contains(args, String16(OPT_SHORT))) {
212 dw.println("UnsolicitedLog: <omitted>");
213 } else {
214 dw.println("UnsolicitedLog:");
215 ScopedIndent indentLogEntries(dw);
216 gUnsolicitedLog.forEachEntry(
217 [&dw](const std::string& entry) mutable { dw.println(entry); });
218 }
219 dw.blankline();
220 }
221
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]222 return NO_ERROR;
223}
224
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]225binder::Status NetdNativeService::isAlive(bool *alive) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]226 NETD_BIG_LOCK_RPC(PERM_CONNECTIVITY_INTERNAL, PERM_MAINLINE_NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]227 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]228
229 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]230
231 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]232 return binder::Status::ok();
233}
234
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]235binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]236 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]237 NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_CONNECTIVITY_INTERNAL,
238 PERM_MAINLINE_NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]239 auto entry = gLog.newEntry()
240 .prettyFunction(__PRETTY_FUNCTION__)
241 .arg(chainName)
242 .arg(isWhitelist)
243 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]244
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]245 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]246 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]247
248 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]249 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]250}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]251
252binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]253 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_CONNECTIVITY_INTERNAL,
254 PERM_MAINLINE_NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]255 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]256
257 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
258 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]259 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]260 return binder::Status::ok();
261}
262
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]263binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
264 int64_t bytes) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]265 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]266 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
267
268 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
269
270 gLog.log(entry.returns(res).withAutomaticDuration());
271 return statusFromErrcode(res);
272}
273
274binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]275 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]276 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
277
278 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
279
280 gLog.log(entry.returns(res).withAutomaticDuration());
281 return statusFromErrcode(res);
282}
283
284binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
285 int64_t bytes) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]286 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]287 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
288
289 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
290
291 gLog.log(entry.returns(res).withAutomaticDuration());
292 return statusFromErrcode(res);
293}
294
295binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]296 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]297 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
298
299 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
300
301 gLog.log(entry.returns(res).withAutomaticDuration());
302 return statusFromErrcode(res);
303}
304
305binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]306 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]307 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
308
309 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
310
311 gLog.log(entry.returns(res).withAutomaticDuration());
312 return statusFromErrcode(res);
313}
314
315binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]316 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]317 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
318
319 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
320 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
321
322 gLog.log(entry.returns(res).withAutomaticDuration());
323 return statusFromErrcode(res);
324}
325
326binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]327 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]328 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
329
330 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
331 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
332
333 gLog.log(entry.returns(res).withAutomaticDuration());
334 return statusFromErrcode(res);
335}
336
337binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]338 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]339 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
340
341 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
342 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
343
344 gLog.log(entry.returns(res).withAutomaticDuration());
345 return statusFromErrcode(res);
346}
347
348binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]349 NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]350 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
351
352 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
353 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
354
355 gLog.log(entry.returns(res).withAutomaticDuration());
356 return statusFromErrcode(res);
357}
358
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]359binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]360 ENFORCE_INTERNAL_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]361 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]362 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]363 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]364 return statusFromErrcode(ret);
365}
366
cken67cd14c2018-12-05 17:26:59 +0900[diff] [blame]367binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]368 ENFORCE_NETWORK_STACK_PERMISSIONS();
cken67cd14c2018-12-05 17:26:59 +0900[diff] [blame]369 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(netId, secure);
370 int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure);
371 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]372 return statusFromErrcode(ret);
373}
374
375binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]376 ENFORCE_NETWORK_STACK_PERMISSIONS();
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]377 // Both of these functions manage their own locking internally.
Mike Yu4fe1b9c2019-01-29 17:50:19 +0800[diff] [blame]378 // Clear DNS servers before delete the cache to avoid the cache being created again.
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]379 gCtls->resolverCtrl.clearDnsServers(netId);
Mike Yu4fe1b9c2019-01-29 17:50:19 +0800[diff] [blame]380 const int ret = gCtls->netCtrl.destroyNetwork(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]381 return statusFromErrcode(ret);
382}
383
384binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]385 ENFORCE_INTERNAL_PERMISSIONS();
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]386 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
387 return statusFromErrcode(ret);
388}
389
390binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]391 ENFORCE_INTERNAL_PERMISSIONS();
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]392 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
393 return statusFromErrcode(ret);
394}
395
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]396namespace {
397
398std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
399 std::vector<std::string> result;
400 result.reserve(uidRangeArray.size());
401 for (const auto& uidRange : uidRangeArray) {
402 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
403 }
404
405 return base::Join(result, ", ");
406}
407
408} // namespace
409
410binder::Status NetdNativeService::networkAddUidRanges(
411 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]412 // NetworkController::addUsersToNetwork is thread-safe.
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]413 ENFORCE_INTERNAL_PERMISSIONS();
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]414 auto entry = gLog.newEntry()
415 .prettyFunction(__PRETTY_FUNCTION__)
416 .args(netId, uidRangeParcelVecToString(uidRangeArray));
417
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]418 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]419 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]420 return statusFromErrcode(ret);
421}
422
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]423binder::Status NetdNativeService::networkRemoveUidRanges(
424 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]425 // NetworkController::removeUsersFromNetwork is thread-safe.
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]426 ENFORCE_INTERNAL_PERMISSIONS();
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]427 auto entry = gLog.newEntry()
428 .prettyFunction(__PRETTY_FUNCTION__)
429 .args(netId, uidRangeParcelVecToString(uidRangeArray));
430
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]431 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]432 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]433 return statusFromErrcode(ret);
434}
435
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]436binder::Status NetdNativeService::networkRejectNonSecureVpn(
437 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]438 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
439 // it should be possible to use the same lock as NetworkController. However, every call through
440 // the CommandListener "network" command will need to hold this lock too, not just the ones that
441 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
442 // look at routes, but it's not enough here).
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]443 NETD_BIG_LOCK_RPC(PERM_CONNECTIVITY_INTERNAL, PERM_MAINLINE_NETWORK_STACK);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]444 auto entry = gLog.newEntry()
445 .prettyFunction(__PRETTY_FUNCTION__)
446 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]447 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]448
449 int err;
450 if (add) {
451 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
452 } else {
453 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
454 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]455 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]456 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]457}
458
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]459binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
460 const std::vector<int32_t>& skipUids) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]461 ENFORCE_INTERNAL_PERMISSIONS();
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]462
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]463 auto entry = gLog.newEntry()
464 .prettyFunction(__PRETTY_FUNCTION__)
465 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]466 SockDiag sd;
467 if (!sd.open()) {
468 return binder::Status::fromServiceSpecificError(EIO,
469 String8("Could not open SOCK_DIAG socket"));
470 }
471
472 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]473 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
474 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]475
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]476 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]477 if (err) {
478 return binder::Status::fromServiceSpecificError(-err,
479 String8::format("destroySockets: %s", strerror(-err)));
480 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]481 return binder::Status::ok();
482}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]483
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]484// Parse a base64 encoded string into a vector of bytes.
485// On failure, return an empty vector.
486static std::vector<uint8_t> parseBase64(const std::string& input) {
487 std::vector<uint8_t> decoded;
488 size_t out_len;
489 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
490 return decoded;
491 }
492 // out_len is now an upper bound on the output length.
493 decoded.resize(out_len);
494 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
495 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
496 // Possibly shrink the vector if the actual output was smaller than the bound.
497 decoded.resize(out_len);
498 } else {
499 decoded.clear();
500 }
501 if (out_len != SHA256_SIZE) {
502 decoded.clear();
503 }
504 return decoded;
505}
506
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]507binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
508 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]509 const std::vector<int32_t>& params, const std::string& tlsName,
510 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]511 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]512 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]513 ENFORCE_INTERNAL_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]514 auto entry = gLog.newEntry()
515 .prettyFunction(__PRETTY_FUNCTION__)
516 .arg(netId)
517 .arg(servers)
518 .arg(domains)
519 .arg(params)
520 .arg(tlsName)
521 .arg(tlsServers)
522 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]523
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]524 std::set<std::vector<uint8_t>> decoded_fingerprints;
525 for (const std::string& fingerprint : tlsFingerprints) {
526 std::vector<uint8_t> decoded = parseBase64(fingerprint);
527 if (decoded.empty()) {
528 return binder::Status::fromServiceSpecificError(EINVAL,
529 String8::format("ResolverController error: bad fingerprint"));
530 }
531 decoded_fingerprints.emplace(decoded);
532 }
533
534 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]535 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]536 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]537 if (err != 0) {
538 return binder::Status::fromServiceSpecificError(-err,
539 String8::format("ResolverController error: %s", strerror(-err)));
540 }
541 return binder::Status::ok();
542}
543
Ken Chen2a429352018-12-22 21:46:55 +0800[diff] [blame]544binder::Status NetdNativeService::getResolverInfo(
545 int32_t netId, std::vector<std::string>* servers, std::vector<std::string>* domains,
546 std::vector<std::string>* tlsServers, std::vector<int32_t>* params,
547 std::vector<int32_t>* stats, std::vector<int32_t>* wait_for_pending_req_timeout_count) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]548 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]549 ENFORCE_NETWORK_STACK_PERMISSIONS();
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]550
Ken Chen2a429352018-12-22 21:46:55 +0800[diff] [blame]551 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, tlsServers, params,
552 stats, wait_for_pending_req_timeout_count);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]553 if (err != 0) {
554 return binder::Status::fromServiceSpecificError(-err,
555 String8::format("ResolverController error: %s", strerror(-err)));
556 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]557 return binder::Status::ok();
558}
559
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]560binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]561 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]562
563 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
564 return binder::Status::ok();
565}
566
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]567namespace {
568
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]569void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
570 const TetherController::TetherStats& tetherStats) {
571 if (tetherStatsParcel->extIface == tetherStats.extIface) {
572 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
573 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
574 tetherStatsParcel->txBytes += tetherStats.txBytes;
575 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]576 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]577}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]578
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]579TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
580 TetherStatsParcel result;
581 result.iface = stats.extIface;
582 result.rxBytes = stats.rxBytes;
583 result.rxPackets = stats.rxPackets;
584 result.txBytes = stats.txBytes;
585 result.txPackets = stats.txPackets;
586 return result;
587}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]588
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]589void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
590 const TetherController::TetherStatsList& statsList) {
591 std::map<std::string, TetherController::TetherStats> statsMap;
592 for (const auto& stats : statsList) {
593 auto iter = statsMap.find(stats.extIface);
594 if (iter != statsMap.end()) {
595 tetherAddStatsByInterface(&(iter->second), stats);
596 } else {
597 statsMap.insert(
598 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
599 }
600 }
601 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
602 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
603 }
604}
605
606std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
607 std::vector<std::string> result;
608 for (const auto& t : *tVec) {
609 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
610 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
611 t.txPackets));
612 }
613 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]614}
615
616} // namespace
617
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]618binder::Status NetdNativeService::tetherGetStats(
619 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]620 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]621
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]622 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
623
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]624 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]625 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]626 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]627 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]628 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
629 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
630 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]631 return binder::Status::ok();
632}
633
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]634binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
635 const std::string &addrString, int prefixLength) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]636 ENFORCE_INTERNAL_PERMISSIONS();
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]637
638 const int err = InterfaceController::addAddress(
639 ifName.c_str(), addrString.c_str(), prefixLength);
640 if (err != 0) {
641 return binder::Status::fromServiceSpecificError(-err,
642 String8::format("InterfaceController error: %s", strerror(-err)));
643 }
644 return binder::Status::ok();
645}
646
647binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
648 const std::string &addrString, int prefixLength) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]649 ENFORCE_INTERNAL_PERMISSIONS();
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]650
651 const int err = InterfaceController::delAddress(
652 ifName.c_str(), addrString.c_str(), prefixLength);
653 if (err != 0) {
654 return binder::Status::fromServiceSpecificError(-err,
655 String8::format("InterfaceController error: %s", strerror(-err)));
656 }
657 return binder::Status::ok();
658}
659
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]660namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]661
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]662std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
663 int32_t category) {
664 const char* ipversionStr = nullptr;
665 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]666 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]667 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]668 break;
669 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]670 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]671 break;
672 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]673 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
674 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]675 }
676
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]677 const char* whichStr = nullptr;
678 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]679 case INetd::CONF:
680 whichStr = "conf";
681 break;
682 case INetd::NEIGH:
683 whichStr = "neigh";
684 break;
685 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]686 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
687 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]688 }
689
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]690 return {binder::Status::ok(), ipversionStr, whichStr};
691}
692
693} // namespace
694
695binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
696 const std::string& ifname,
697 const std::string& parameter, std::string* value) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]698 ENFORCE_NETWORK_STACK_PERMISSIONS();
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]699 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
700 .args(ipversion, which, ifname, parameter);
701
702 const auto pathParts = getPathComponents(ipversion, which);
703 const auto& pathStatus = std::get<0>(pathParts);
704 if (!pathStatus.isOk()) {
705 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
706 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]707 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]708
709 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
710 std::get<2>(pathParts), ifname.c_str(),
711 parameter.c_str(), value);
712 entry.returns(err);
713 if (err == 0) entry.returns(*value);
714 gLog.log(entry.withAutomaticDuration());
715 return statusFromErrcode(err);
716}
717
718binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
719 const std::string& ifname,
720 const std::string& parameter,
721 const std::string& value) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]722 ENFORCE_NETWORK_STACK_PERMISSIONS();
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]723 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
724 .args(ipversion, which, ifname, parameter, value);
725
726 const auto pathParts = getPathComponents(ipversion, which);
727 const auto& pathStatus = std::get<0>(pathParts);
728 if (!pathStatus.isOk()) {
729 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
730 return pathStatus;
731 }
732
733 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
734 std::get<2>(pathParts), ifname.c_str(),
735 parameter.c_str(), value.c_str());
736 gLog.log(entry.returns(err).withAutomaticDuration());
737 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]738}
739
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]740binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,
741 int newUid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]742 ENFORCE_NETWORK_STACK_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]743 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]744
745 uid_t callerUid = IPCThreadState::self()->getCallingUid();
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]746 return asBinderStatus(
747 gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]748}
749
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]750binder::Status NetdNativeService::ipSecAllocateSpi(
751 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]752 const std::string& sourceAddress,
753 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]754 int32_t inSpi,
755 int32_t* outSpi) {
756 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]757 ENFORCE_INTERNAL_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]758 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]759 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]760 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]761 sourceAddress,
762 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]763 inSpi,
764 outSpi));
765}
766
767binder::Status NetdNativeService::ipSecAddSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]768 int32_t transformId, int32_t mode, const std::string& sourceAddress,
769 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
770 int32_t markValue, int32_t markMask, const std::string& authAlgo,
771 const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
772 const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
773 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
774 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]775 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]776 ENFORCE_INTERNAL_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]777 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]778 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]779 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
780 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]781 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
782 interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]783}
784
785binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]786 int32_t transformId, const std::string& sourceAddress,
787 const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
788 int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]789 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]790 ENFORCE_INTERNAL_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]791 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]792 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]793 transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]794}
795
796binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]797 const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,
798 const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]799 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]800 ENFORCE_INTERNAL_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]801 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]802 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]803 socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]804}
805
806binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]807 const ParcelFileDescriptor& socket) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]808 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]809 ENFORCE_INTERNAL_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]810 gLog.log("ipSecRemoveTransportModeTransform()");
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]811 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]812}
813
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]814binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
815 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]816 const std::string& tmplSrcAddress,
817 const std::string& tmplDstAddress,
818 int32_t spi, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]819 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]820 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]821 ENFORCE_NETWORK_STACK_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]822 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]823 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]824 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]825 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]826}
827
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]828binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
829 int32_t transformId, int32_t selAddrFamily, int32_t direction,
830 const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
831 int32_t markValue, int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]832 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]833 ENFORCE_NETWORK_STACK_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]834 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]835 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]836 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]837 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]838}
839
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]840binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
841 int32_t selAddrFamily,
842 int32_t direction, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]843 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]844 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]845 ENFORCE_NETWORK_STACK_PERMISSIONS();
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]846 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]847 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]848 transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]849}
850
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]851binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
852 const std::string& localAddress,
853 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]854 int32_t iKey, int32_t oKey,
855 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]856 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]857 ENFORCE_NETWORK_STACK_PERMISSIONS();
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]858 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]859
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]860 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]861 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]862 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
863
864 gLog.log(entry.returns(result).withAutomaticDuration());
865 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]866}
867
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]868binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
869 const std::string& localAddress,
870 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]871 int32_t iKey, int32_t oKey,
872 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]873 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]874 ENFORCE_NETWORK_STACK_PERMISSIONS();
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]875 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]876
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]877 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]878 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]879 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
880
881 gLog.log(entry.returns(result).withAutomaticDuration());
882 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]883}
884
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]885binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]886 // Necessary locking done in IpSecService and kernel
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]887 ENFORCE_NETWORK_STACK_PERMISSIONS();
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]888 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]889
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]890 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
891 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
892
893 gLog.log(entry.returns(result).withAutomaticDuration());
894 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]895}
896
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]897binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
898 int32_t mode) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]899 ENFORCE_NETWORK_STACK_PERMISSIONS();
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]900 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]901}
902
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]903binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
904 const std::string& prefix, int32_t mark,
905 int32_t mask) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]906 ENFORCE_NETWORK_STACK_PERMISSIONS();
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]907 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]908}
909
910binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
911 const std::string& prefix, int32_t mark,
912 int32_t mask) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]913 ENFORCE_NETWORK_STACK_PERMISSIONS();
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]914 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]915}
916
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]917binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
918 const std::string& classLabel) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]919 NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]920 auto entry = gLog.newEntry()
921 .prettyFunction(__PRETTY_FUNCTION__)
922 .arg(ifName)
923 .arg(timeout)
924 .arg(classLabel);
925 int res =
926 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
927 gLog.log(entry.returns(res).withAutomaticDuration());
928 return statusFromErrcode(res);
929}
930
931binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
932 int32_t timeout,
933 const std::string& classLabel) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]934 NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]935 auto entry = gLog.newEntry()
936 .prettyFunction(__PRETTY_FUNCTION__)
937 .arg(ifName)
938 .arg(timeout)
939 .arg(classLabel);
940 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
941 classLabel.c_str());
942 gLog.log(entry.returns(res).withAutomaticDuration());
943 return statusFromErrcode(res);
944}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]945
946binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]947 NETD_LOCKING_RPC(gCtls->strictCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]948 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
949 StrictPenalty penalty;
950 switch (policyPenalty) {
951 case INetd::PENALTY_POLICY_REJECT:
952 penalty = REJECT;
953 break;
954 case INetd::PENALTY_POLICY_LOG:
955 penalty = LOG;
956 break;
957 case INetd::PENALTY_POLICY_ACCEPT:
958 penalty = ACCEPT;
959 break;
960 default:
961 return statusFromErrcode(-EINVAL);
962 break;
963 }
964 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
965 gLog.log(entry.returns(res).withAutomaticDuration());
966 return statusFromErrcode(res);
967}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]968
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]969binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]970 NETD_LOCKING_RPC(gCtls->clatdCtrl.mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]971 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
972 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
973 gLog.log(entry.returns(res).withAutomaticDuration());
974 return statusFromErrcode(res);
975}
976
977binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]978 NETD_LOCKING_RPC(gCtls->clatdCtrl.mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]979 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
980 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
981 gLog.log(entry.returns(res).withAutomaticDuration());
982 return statusFromErrcode(res);
983}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]984
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]985binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]986 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]987 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
988 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
989 gLog.log(entry.returns(*status).withAutomaticDuration());
990 return binder::Status::ok();
991}
992
993binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]994 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]995 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
996 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
997 gLog.log(entry.returns(res).withAutomaticDuration());
998 return statusFromErrcode(res);
999}
1000
1001binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1002 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]1003 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1004 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1005 gLog.log(entry.returns(res).withAutomaticDuration());
1006 return statusFromErrcode(res);
1007}
1008
1009binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1010 const std::string& toIface) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1011 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]1012 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1013 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1014 gLog.log(entry.returns(res).withAutomaticDuration());
1015 return statusFromErrcode(res);
1016}
1017
1018binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1019 const std::string& toIface) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1020 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]1021 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1022 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1023 gLog.log(entry.returns(res).withAutomaticDuration());
1024 return statusFromErrcode(res);
1025}
1026
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1027namespace {
1028std::string addSquareBrackets(const std::string& s) {
1029 return "[" + s + "]";
1030}
1031
1032std::string addCurlyBrackets(const std::string& s) {
1033 return "{" + s + "}";
1034}
1035
1036} // namespace
1037binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1038 NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1039 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1040
1041 const auto& ifaceList = InterfaceController::getIfaceNames();
1042 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1043
1044 interfaceListResult->clear();
1045 interfaceListResult->reserve(ifaceList.value().size());
1046 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1047 end(ifaceList.value()));
1048
1049 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1050 .withAutomaticDuration());
1051 return binder::Status::ok();
1052}
1053
1054std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1055 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1056 std::to_string(cfg.prefixLength)};
1057 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1058 return addCurlyBrackets(base::Join(result, ", "));
1059}
1060
1061binder::Status NetdNativeService::interfaceGetCfg(
1062 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1063 NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1064 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1065
1066 const auto& cfgRes = InterfaceController::getCfg(ifName);
1067 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1068
1069 *interfaceGetCfgResult = cfgRes.value();
1070 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1071 .withAutomaticDuration());
1072 return binder::Status::ok();
1073}
1074
1075binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1076 NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1077 auto entry = gLog.newEntry()
1078 .prettyFunction(__PRETTY_FUNCTION__)
1079 .arg(interfaceConfigurationParcelToString(cfg));
1080
1081 const auto& res = InterfaceController::setCfg(cfg);
1082 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1083
1084 gLog.log(entry.withAutomaticDuration());
1085 return binder::Status::ok();
1086}
1087
1088binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1089 bool enable) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1090 NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1091 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1092 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1093 gLog.log(entry.returns(res).withAutomaticDuration());
1094 return statusFromErrcode(res);
1095}
1096
1097binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1098 NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1099 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1100 int res = InterfaceController::clearAddrs(ifName.c_str());
1101 gLog.log(entry.returns(res).withAutomaticDuration());
1102 return statusFromErrcode(res);
1103}
1104
1105binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1106 NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1107 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1108 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1109 gLog.log(entry.returns(res).withAutomaticDuration());
1110 return statusFromErrcode(res);
1111}
1112
1113binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1114 NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1115 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1116 std::string mtu = std::to_string(mtuValue);
1117 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1118 gLog.log(entry.returns(res).withAutomaticDuration());
1119 return statusFromErrcode(res);
1120}
1121
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1122binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1123 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1124 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1125 if (dhcpRanges.size() % 2 == 1) {
1126 return statusFromErrcode(-EINVAL);
1127 }
1128 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1129 gLog.log(entry.returns(res).withAutomaticDuration());
1130 return statusFromErrcode(res);
1131}
1132
1133binder::Status NetdNativeService::tetherStop() {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1134 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1135 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1136 int res = gCtls->tetherCtrl.stopTethering();
1137 gLog.log(entry.returns(res).withAutomaticDuration());
1138 return statusFromErrcode(res);
1139}
1140
1141binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1142 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1143 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1144 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1145 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1146 return binder::Status::ok();
1147}
1148
1149binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1150 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1151 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1152 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1153 gLog.log(entry.returns(res).withAutomaticDuration());
1154 return statusFromErrcode(res);
1155}
1156
1157binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1158 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1159 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1160 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1161 gLog.log(entry.returns(res).withAutomaticDuration());
1162 return statusFromErrcode(res);
1163}
1164
1165binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1166 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1167 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1168 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1169 ifList->push_back(ifname);
1170 }
1171 gLog.log(entry.returns(true).withAutomaticDuration());
1172 return binder::Status::ok();
1173}
1174
1175binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1176 const std::vector<std::string>& dnsAddrs) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1177 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1178 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1179 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1180 gLog.log(entry.returns(res).withAutomaticDuration());
1181 return statusFromErrcode(res);
1182}
1183
1184binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1185 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1186 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1187 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1188 dnsList->push_back(fwdr);
1189 }
1190 gLog.log(entry.returns(true).withAutomaticDuration());
1191 return binder::Status::ok();
1192}
1193
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1194binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1195 const std::string& destination,
1196 const std::string& nextHop) {
1197 // Public methods of NetworkController are thread-safe.
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1198 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1199 auto entry = gLog.newEntry()
1200 .prettyFunction(__PRETTY_FUNCTION__)
1201 .arg(netId)
1202 .arg(ifName)
1203 .arg(destination)
1204 .arg(nextHop);
1205 bool legacy = false;
1206 uid_t uid = 0; // UID is only meaningful for legacy routes.
1207 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1208 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1209 gLog.log(entry.returns(res).withAutomaticDuration());
1210 return statusFromErrcode(res);
1211}
1212
1213binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1214 const std::string& destination,
1215 const std::string& nextHop) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1216 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1217 auto entry = gLog.newEntry()
1218 .prettyFunction(__PRETTY_FUNCTION__)
1219 .arg(netId)
1220 .arg(ifName)
1221 .arg(destination)
1222 .arg(nextHop);
1223 bool legacy = false;
1224 uid_t uid = 0; // UID is only meaningful for legacy routes.
1225 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1226 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1227 gLog.log(entry.returns(res).withAutomaticDuration());
1228 return statusFromErrcode(res);
1229}
1230
1231binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1232 const std::string& destination,
1233 const std::string& nextHop, int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1234 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1235 auto entry = gLog.newEntry()
1236 .prettyFunction(__PRETTY_FUNCTION__)
1237 .arg(netId)
1238 .arg(ifName)
1239 .arg(destination)
1240 .arg(nextHop)
1241 .arg(uid);
1242 bool legacy = true;
1243 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1244 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1245 (uid_t) uid);
1246 gLog.log(entry.returns(res).withAutomaticDuration());
1247 return statusFromErrcode(res);
1248}
1249
1250binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1251 const std::string& destination,
1252 const std::string& nextHop,
1253 int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1254 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1255 auto entry = gLog.newEntry()
1256 .prettyFunction(__PRETTY_FUNCTION__)
1257 .arg(netId)
1258 .arg(ifName)
1259 .arg(destination)
1260 .arg(nextHop)
1261 .arg(uid);
1262 bool legacy = true;
1263 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1264 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1265 (uid_t) uid);
1266 gLog.log(entry.returns(res).withAutomaticDuration());
1267 return statusFromErrcode(res);
1268}
1269
1270binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1271 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1272 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1273 *netId = gCtls->netCtrl.getDefaultNetwork();
1274 gLog.log(entry.returns(*netId).withAutomaticDuration());
1275 return binder::Status::ok();
1276}
1277
1278binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1279 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1280 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1281 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1282 gLog.log(entry.returns(res).withAutomaticDuration());
1283 return statusFromErrcode(res);
1284}
1285
1286binder::Status NetdNativeService::networkClearDefault() {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1287 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1288 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1289 unsigned netId = NETID_UNSET;
1290 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1291 gLog.log(entry.returns(res).withAutomaticDuration());
1292 return statusFromErrcode(res);
1293}
1294
1295std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1296 return {begin(intUids), end(intUids)};
1297}
1298
1299Permission NetdNativeService::convertPermission(int32_t permission) {
1300 switch (permission) {
1301 case INetd::PERMISSION_NETWORK:
1302 return Permission::PERMISSION_NETWORK;
1303 case INetd::PERMISSION_SYSTEM:
1304 return Permission::PERMISSION_SYSTEM;
1305 default:
1306 return Permission::PERMISSION_NONE;
1307 }
1308}
1309
1310binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1311 int32_t permission) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1312 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1313 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1314 std::vector<unsigned> netIds = {(unsigned) netId};
1315 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1316 gLog.log(entry.returns(res).withAutomaticDuration());
1317 return statusFromErrcode(res);
1318}
1319
1320binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1321 const std::vector<int32_t>& uids) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1322 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1323 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1324 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1325 gLog.log(entry.withAutomaticDuration());
1326 return binder::Status::ok();
1327}
1328
1329binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1330 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1331 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1332 Permission permission = Permission::PERMISSION_NONE;
1333 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1334 gLog.log(entry.withAutomaticDuration());
1335 return binder::Status::ok();
1336}
1337
1338binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1339 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1340 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1341 std::vector<uid_t> uids = {(uid_t) uid};
1342 gCtls->netCtrl.allowProtect(uids);
1343 gLog.log(entry.withAutomaticDuration());
1344 return binder::Status::ok();
1345}
1346
1347binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1348 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1349 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1350 std::vector<uid_t> uids = {(uid_t) uid};
1351 gCtls->netCtrl.denyProtect(uids);
1352 gLog.log(entry.withAutomaticDuration());
1353 return binder::Status::ok();
1354}
1355
1356binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1357 ENFORCE_NETWORK_STACK_PERMISSIONS();
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1358 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1359 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1360 gLog.log(entry.returns(*ret).withAutomaticDuration());
1361 return binder::Status::ok();
1362}
1363
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]1364binder::Status NetdNativeService::trafficSetNetPermForUids(int32_t permission,
1365 const std::vector<int32_t>& uids) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1366 ENFORCE_NETWORK_STACK_PERMISSIONS();
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]1367 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1368 gCtls->trafficCtrl.setPermissionForUids(permission, intsToUids(uids));
1369 gLog.log(entry.withAutomaticDuration());
1370 return binder::Status::ok();
1371}
1372
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1373namespace {
1374std::string ruleToString(int32_t rule) {
1375 switch (rule) {
1376 case INetd::FIREWALL_RULE_DENY:
1377 return "DENY";
1378 case INetd::FIREWALL_RULE_ALLOW:
1379 return "ALLOW";
1380 default:
1381 return "INVALID";
1382 }
1383}
1384
1385std::string typeToString(int32_t type) {
1386 switch (type) {
1387 case INetd::FIREWALL_WHITELIST:
1388 return "WHITELIST";
1389 case INetd::FIREWALL_BLACKLIST:
1390 return "BLACKLIST";
1391 default:
1392 return "INVALID";
1393 }
1394}
1395
1396std::string chainToString(int32_t chain) {
1397 switch (chain) {
1398 case INetd::FIREWALL_CHAIN_NONE:
1399 return "NONE";
1400 case INetd::FIREWALL_CHAIN_DOZABLE:
1401 return "DOZABLE";
1402 case INetd::FIREWALL_CHAIN_STANDBY:
1403 return "STANDBY";
1404 case INetd::FIREWALL_CHAIN_POWERSAVE:
1405 return "POWERSAVE";
1406 default:
1407 return "INVALID";
1408 }
1409}
1410
1411} // namespace
1412
1413binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1414 NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1415 auto entry =
1416 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1417 auto type = static_cast<FirewallType>(firewallType);
1418
1419 int res = gCtls->firewallCtrl.setFirewallType(type);
1420 gLog.log(entry.returns(res).withAutomaticDuration());
1421 return statusFromErrcode(res);
1422}
1423
1424binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1425 int32_t firewallRule) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1426 NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1427 auto entry = gLog.newEntry()
1428 .prettyFunction(__PRETTY_FUNCTION__)
1429 .args(ifName, ruleToString(firewallRule));
1430 auto rule = static_cast<FirewallRule>(firewallRule);
1431
1432 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1433 gLog.log(entry.returns(res).withAutomaticDuration());
1434 return statusFromErrcode(res);
1435}
1436
1437binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1438 int32_t firewallRule) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1439 NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1440 auto entry = gLog.newEntry()
1441 .prettyFunction(__PRETTY_FUNCTION__)
1442 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1443 auto chain = static_cast<ChildChain>(childChain);
1444 auto rule = static_cast<FirewallRule>(firewallRule);
1445
1446 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1447 gLog.log(entry.returns(res).withAutomaticDuration());
1448 return statusFromErrcode(res);
1449}
1450
1451binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1452 NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1453 auto entry = gLog.newEntry()
1454 .prettyFunction(__PRETTY_FUNCTION__)
1455 .args(chainToString(childChain), enable);
1456 auto chain = static_cast<ChildChain>(childChain);
1457
1458 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1459 gLog.log(entry.returns(res).withAutomaticDuration());
1460 return statusFromErrcode(res);
1461}
1462
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1463binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1464 const std::string& extIface) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1465 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1466 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1467
1468 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1469 gLog.log(entry.returns(res).withAutomaticDuration());
1470 return statusFromErrcode(res);
1471}
1472
1473binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1474 const std::string& extIface) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1475 NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1476 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1477
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1478 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1479 gLog.log(entry.returns(res).withAutomaticDuration());
1480 return statusFromErrcode(res);
1481}
1482
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]1483binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,
1484 const std::string& wmemValues) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1485 ENFORCE_NETWORK_STACK_PERMISSIONS();
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]1486 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(rmemValues, wmemValues);
1487 if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {
1488 int ret = -errno;
1489 gLog.log(entry.returns(ret).withAutomaticDuration());
1490 return statusFromErrcode(ret);
1491 }
1492
1493 if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {
1494 int ret = -errno;
1495 gLog.log(entry.returns(ret).withAutomaticDuration());
1496 return statusFromErrcode(ret);
1497 }
1498 gLog.log(entry.withAutomaticDuration());
1499 return binder::Status::ok();
1500}
1501
nuccachenf52f7a52018-07-17 18:07:23 +0800[diff] [blame]1502binder::Status NetdNativeService::getPrefix64(int netId, std::string* _aidl_return) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1503 ENFORCE_NETWORK_STACK_PERMISSIONS();
nuccachenf52f7a52018-07-17 18:07:23 +0800[diff] [blame]1504
1505 netdutils::IPPrefix prefix{};
1506 int err = gCtls->resolverCtrl.getPrefix64(netId, &prefix);
1507 if (err != 0) {
1508 return binder::Status::fromServiceSpecificError(
1509 -err, String8::format("ResolverController error: %s", strerror(-err)));
1510 }
1511 *_aidl_return = prefix.toString();
1512 return binder::Status::ok();
1513}
1514
Luke Huang528af602018-08-29 19:06:05 +0800[diff] [blame]1515binder::Status NetdNativeService::registerUnsolicitedEventListener(
1516 const android::sp<android::net::INetdUnsolicitedEventListener>& listener) {
Remi NGUYEN VANa686ebc2019-02-07 12:25:23 +0900[diff] [blame]1517 ENFORCE_NETWORK_STACK_PERMISSIONS();
Bernie Innocenti9ee088d2019-02-01 17:14:32 +0900[diff] [blame]1518 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1519 gCtls->eventReporter.registerUnsolEventListener(listener);
Luke Huang528af602018-08-29 19:06:05 +0800[diff] [blame]1520 gLog.log(entry.withAutomaticDuration());
1521 return binder::Status::ok();
1522}
1523
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1524} // namespace net
1525} // namespace android