Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 6ad3988c447c489692a7cd9cdd119d24b3c65040 / . / server / NetdNativeService.cpp
blob: d4e559dd98c025d89f559154991634a8d5f8fee8 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]19#include <vector>
20
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]21#include <android-base/stringprintf.h>
22#include <cutils/log.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]23#include <cutils/properties.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]25#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]26
27#include <binder/IPCThreadState.h>
28#include <binder/IServiceManager.h>
29#include "android/net/BnNetd.h"
30
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]31#include <openssl/base64.h>
32
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]33#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]34#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]35#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]36#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]37#include "NetdConstants.h"
38#include "NetdNativeService.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]39#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]40#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]41#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42
43using android::base::StringPrintf;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]44using android::os::PersistableBundle;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]45
46namespace android {
47namespace net {
48
49namespace {
50
51const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]52const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]53const char DUMP[] = "android.permission.DUMP";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]54
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]55binder::Status toBinderStatus(const netdutils::Status s) {
56 if (isOk(s)) {
57 return binder::Status::ok();
58 }
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]59 return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str());
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]60}
61
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]62binder::Status checkPermission(const char *permission) {
63 pid_t pid;
64 uid_t uid;
65
66 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
67 return binder::Status::ok();
68 } else {
69 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
70 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
71 }
72}
73
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]74#define ENFORCE_DEBUGGABLE() { \
75 char value[PROPERTY_VALUE_MAX + 1]; \
76 if (property_get("ro.debuggable", value, NULL) != 1 \
77 || value[0] != '1') { \
78 return binder::Status::fromExceptionCode( \
79 binder::Status::EX_SECURITY, \
80 String8("Not available in production builds.") \
81 ); \
82 } \
83}
84
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]85#define ENFORCE_PERMISSION(permission) { \
86 binder::Status status = checkPermission((permission)); \
87 if (!status.isOk()) { \
88 return status; \
89 } \
90}
91
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]92#define NETD_LOCKING_RPC(permission, lock) \
93 ENFORCE_PERMISSION(permission); \
94 android::RWLock::AutoWLock _lock(lock);
95
96#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]97} // namespace
98
99
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]100status_t NetdNativeService::start() {
101 IPCThreadState::self()->disableBackgroundScheduling(true);
102 status_t ret = BinderService<NetdNativeService>::publish();
103 if (ret != android::OK) {
104 return ret;
105 }
106 sp<ProcessState> ps(ProcessState::self());
107 ps->startThreadPool();
108 ps->giveThreadPoolName();
109 return android::OK;
110}
111
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]112status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
113 const binder::Status dump_permission = checkPermission(DUMP);
114 if (!dump_permission.isOk()) {
115 const String8 msg(dump_permission.toString8());
116 write(fd, msg.string(), msg.size());
117 return PERMISSION_DENIED;
118 }
119
120 // This method does not grab any locks. If individual classes need locking
121 // their dump() methods MUST handle locking appropriately.
122 DumpWriter dw(fd);
123 dw.blankline();
124 gCtls->netCtrl.dump(dw);
125 dw.blankline();
126
127 return NO_ERROR;
128}
129
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]130binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]131 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]132
133 *alive = true;
134 return binder::Status::ok();
135}
136
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]137binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
138 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
139 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
140
141 android::String8 name = android::String8(chainName);
142 int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
143 *ret = (err == 0);
144 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]145}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]146
147binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
148 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
149
150 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
151 *ret = (err == 0);
152 return binder::Status::ok();
153}
154
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]155binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
156 const std::vector<UidRange>& uidRangeArray) {
157 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
158 // it should be possible to use the same lock as NetworkController. However, every call through
159 // the CommandListener "network" command will need to hold this lock too, not just the ones that
160 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
161 // look at routes, but it's not enough here).
162 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
163
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]164 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]165
166 int err;
167 if (add) {
168 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
169 } else {
170 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
171 }
172
173 if (err != 0) {
174 return binder::Status::fromServiceSpecificError(-err,
175 String8::format("RouteController error: %s", strerror(-err)));
176 }
177 return binder::Status::ok();
178}
179
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]180binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
181 const std::vector<int32_t>& skipUids) {
182
183 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
184
185 SockDiag sd;
186 if (!sd.open()) {
187 return binder::Status::fromServiceSpecificError(EIO,
188 String8("Could not open SOCK_DIAG socket"));
189 }
190
191 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]192 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
193 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]194
195 if (err) {
196 return binder::Status::fromServiceSpecificError(-err,
197 String8::format("destroySockets: %s", strerror(-err)));
198 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]199 return binder::Status::ok();
200}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]201
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]202binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
203 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
204 const std::vector<int32_t>& params) {
205 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
206 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
207
208 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params);
209 if (err != 0) {
210 return binder::Status::fromServiceSpecificError(-err,
211 String8::format("ResolverController error: %s", strerror(-err)));
212 }
213 return binder::Status::ok();
214}
215
216binder::Status NetdNativeService::getResolverInfo(int32_t netId,
217 std::vector<std::string>* servers, std::vector<std::string>* domains,
218 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
219 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
220 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
221
222 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
223 if (err != 0) {
224 return binder::Status::fromServiceSpecificError(-err,
225 String8::format("ResolverController error: %s", strerror(-err)));
226 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]227 return binder::Status::ok();
228}
229
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]230binder::Status NetdNativeService::addPrivateDnsServer(const std::string& server, int32_t port,
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]231 const std::string& name,
232 const std::string& fingerprintAlgorithm,
233 const std::vector<std::string>& fingerprints) {
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]234 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
235 std::set<std::vector<uint8_t>> decoded_fingerprints;
236 for (const std::string& input : fingerprints) {
237 size_t out_len;
238 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
239 return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT,
240 "ResolverController error: bad fingerprint length");
241 }
242 // out_len is now an upper bound on the output length.
243 std::vector<uint8_t> decoded(out_len);
244 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
245 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
246 // Possibly shrink the vector if the actual output was smaller than the bound.
247 decoded.resize(out_len);
248 } else {
249 return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT,
250 "ResolverController error: Base64 parsing failed");
251 }
252 decoded_fingerprints.insert(decoded);
253 }
Ben Schwartz1691bc42017-08-16 12:53:09 -0400[diff] [blame]254 const int err = gCtls->resolverCtrl.addPrivateDnsServer(server, port, name,
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]255 fingerprintAlgorithm, decoded_fingerprints);
256 if (err != INetd::PRIVATE_DNS_SUCCESS) {
257 return binder::Status::fromServiceSpecificError(err,
258 String8::format("ResolverController error: %d", err));
259 }
260 return binder::Status::ok();
261}
262
263binder::Status NetdNativeService::removePrivateDnsServer(const std::string& server) {
264 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
265 const int err = gCtls->resolverCtrl.removePrivateDnsServer(server);
266 if (err != INetd::PRIVATE_DNS_SUCCESS) {
267 return binder::Status::fromServiceSpecificError(err,
268 String8::format("ResolverController error: %d", err));
269 }
270 return binder::Status::ok();
271}
272
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]273binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]274 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]275
276 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
277 return binder::Status::ok();
278}
279
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]280namespace {
281
282void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
283 String16 iface = String16(stats.extIface.c_str());
284 std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
285
286 bundle->getLongVector(iface, &statsVector);
287 if (statsVector.size() == 0) {
288 for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
289 }
290
Lorenzo Colitti9a65ac62017-09-04 18:07:56 +0900[diff] [blame]291 statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
292 statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
293 statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
294 statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]295
296 bundle->putLongVector(iface, statsVector);
297}
298
299} // namespace
300
301binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
302 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
303
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]304 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]305 if (!isOk(statsList)) {
306 return toBinderStatus(statsList);
307 }
308
309 for (const auto& stats : statsList.value()) {
310 tetherAddStats(bundle, stats);
311 }
312
313 return binder::Status::ok();
314}
315
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]316binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
317 const std::string &addrString, int prefixLength) {
318 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
319
320 const int err = InterfaceController::addAddress(
321 ifName.c_str(), addrString.c_str(), prefixLength);
322 if (err != 0) {
323 return binder::Status::fromServiceSpecificError(-err,
324 String8::format("InterfaceController error: %s", strerror(-err)));
325 }
326 return binder::Status::ok();
327}
328
329binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
330 const std::string &addrString, int prefixLength) {
331 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
332
333 const int err = InterfaceController::delAddress(
334 ifName.c_str(), addrString.c_str(), prefixLength);
335 if (err != 0) {
336 return binder::Status::fromServiceSpecificError(-err,
337 String8::format("InterfaceController error: %s", strerror(-err)));
338 }
339 return binder::Status::ok();
340}
341
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]342binder::Status NetdNativeService::setProcSysNet(
343 int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
344 const std::string &value) {
345 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
346
347 const char *familyStr;
348 switch (family) {
349 case INetd::IPV4:
350 familyStr = "ipv4";
351 break;
352 case INetd::IPV6:
353 familyStr = "ipv6";
354 break;
355 default:
356 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
357 }
358
359 const char *whichStr;
360 switch (which) {
361 case INetd::CONF:
362 whichStr = "conf";
363 break;
364 case INetd::NEIGH:
365 whichStr = "neigh";
366 break;
367 default:
368 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
369 }
370
371 const int err = InterfaceController::setParameter(
372 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
373 value.c_str());
374 if (err != 0) {
375 return binder::Status::fromServiceSpecificError(-err,
376 String8::format("ResolverController error: %s", strerror(-err)));
377 }
378 return binder::Status::ok();
379}
380
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]381binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
382 // This function intentionally does not lock, since the only thing it does is one read from an
383 // atomic_int.
384 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
385 ENFORCE_DEBUGGABLE();
386
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]387 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]388 return binder::Status::ok();
389}
390
391binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
392 // This function intentionally does not lock, since the only thing it does is one write to an
393 // atomic_int.
394 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
395 ENFORCE_DEBUGGABLE();
396
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]397 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
398 ? binder::Status::ok()
399 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]400}
401
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]402binder::Status NetdNativeService::ipSecAllocateSpi(
403 int32_t transformId,
404 int32_t direction,
405 const std::string& localAddress,
406 const std::string& remoteAddress,
407 int32_t inSpi,
408 int32_t* outSpi) {
409 // Necessary locking done in IpSecService and kernel
410 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
411 ALOGD("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]412 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]413 transformId,
414 direction,
415 localAddress,
416 remoteAddress,
417 inSpi,
418 outSpi));
419}
420
421binder::Status NetdNativeService::ipSecAddSecurityAssociation(
422 int32_t transformId,
423 int32_t mode,
424 int32_t direction,
425 const std::string& localAddress,
426 const std::string& remoteAddress,
427 int64_t underlyingNetworkHandle,
428 int32_t spi,
429 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
430 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
431 int32_t encapType,
432 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]433 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]434 // Necessary locking done in IpSecService and kernel
435 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
436 ALOGD("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]437 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]438 transformId, mode, direction, localAddress, remoteAddress,
439 underlyingNetworkHandle,
440 spi,
441 authAlgo, authKey, authTruncBits,
442 cryptAlgo, cryptKey, cryptTruncBits,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]443 encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]444}
445
446binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
447 int32_t transformId,
448 int32_t direction,
449 const std::string& localAddress,
450 const std::string& remoteAddress,
451 int32_t spi) {
452 // Necessary locking done in IpSecService and kernel
453 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
454 ALOGD("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]455 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]456 transformId,
457 direction,
458 localAddress,
459 remoteAddress,
460 spi));
461}
462
463binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
464 const android::base::unique_fd& socket,
465 int32_t transformId,
466 int32_t direction,
467 const std::string& localAddress,
468 const std::string& remoteAddress,
469 int32_t spi) {
470 // Necessary locking done in IpSecService and kernel
471 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
472 ALOGD("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]473 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]474 socket,
475 transformId,
476 direction,
477 localAddress,
478 remoteAddress,
479 spi));
480}
481
482binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
483 const android::base::unique_fd& socket) {
484 // Necessary locking done in IpSecService and kernel
485 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
486 ALOGD("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]487 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]488 socket));
489}
490
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]491binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
492 int32_t mode) {
493 ENFORCE_PERMISSION(NETWORK_STACK);
494 return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
495}
496
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]497binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
498 const std::string& prefix, int32_t mark,
499 int32_t mask) {
500 ENFORCE_PERMISSION(NETWORK_STACK);
501 return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
502}
503
504binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
505 const std::string& prefix, int32_t mark,
506 int32_t mask) {
507 ENFORCE_PERMISSION(NETWORK_STACK);
508 return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
509}
510
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]511} // namespace net
512} // namespace android