Blame - server/NetdNativeService.cpp - platform/system/netd

blob: ec4360a3e7b08b353b28e19db42e0d490d92d2ce [file] [log] [blame]

Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	1	/**
				2	* Copyright (c) 2016, The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	#define LOG_TAG "Netd"
				18
Lorenzo Colitti	89faa34	2016-02-26 11:38:47 +0900	[diff] [blame]	19	#include <vector>
				20
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	21	#include <android-base/stringprintf.h>
				22	#include <cutils/log.h>
Robin Lee	2cf5617	2016-09-13 18:55:42 +0900	[diff] [blame]	23	#include <cutils/properties.h>
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	24	#include <utils/Errors.h>
Pierre Imai	beedec3	2016-04-13 06:44:51 +0900	[diff] [blame]	25	#include <utils/String16.h>
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	26
				27	#include <binder/IPCThreadState.h>
				28	#include <binder/IServiceManager.h>
				29	#include "android/net/BnNetd.h"
				30
Ben Schwartz	e760181	2017-04-28 16:38:29 -0400	[diff] [blame]	31	#include <openssl/base64.h>
				32
Lorenzo Colitti	89faa34	2016-02-26 11:38:47 +0900	[diff] [blame]	33	#include "Controllers.h"
Erik Kline	2d3a163	2016-03-15 16:33:48 +0900	[diff] [blame]	34	#include "DumpWriter.h"
Michal Karpinski	d544011	2016-10-06 16:56:04 +0100	[diff] [blame]	35	#include "EventReporter.h"
Erik Kline	55b06f8	2016-07-04 09:57:18 +0900	[diff] [blame]	36	#include "InterfaceController.h"
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	37	#include "NetdConstants.h"
				38	#include "NetdNativeService.h"
Robin Lee	b808736	2016-03-30 18:43:08 +0100	[diff] [blame]	39	#include "RouteController.h"
Lorenzo Colitti	563d98b	2016-04-24 13:13:14 +0900	[diff] [blame]	40	#include "SockDiag.h"
Robin Lee	b808736	2016-03-30 18:43:08 +0100	[diff] [blame]	41	#include "UidRanges.h"
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	42
				43	using android::base::StringPrintf;
Lorenzo Colitti	9a8a9ff	2017-01-31 19:06:59 +0900	[diff] [blame]	44	using android::os::PersistableBundle;
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	45
				46	namespace android {
				47	namespace net {
				48
				49	namespace {
				50
				51	const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz	08b84cd	2017-05-22 13:11:54 +0900	[diff] [blame]	52	const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline	2d3a163	2016-03-15 16:33:48 +0900	[diff] [blame]	53	const char DUMP[] = "android.permission.DUMP";
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	54
Joel Scherpelz	08b84cd	2017-05-22 13:11:54 +0900	[diff] [blame]	55	binder::Status toBinderStatus(const netdutils::Status s) {
				56	if (isOk(s)) {
				57	return binder::Status::ok();
				58	}
Joel Scherpelz	de93796	2017-06-01 13:20:21 +0900	[diff] [blame]	59	return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str());
Joel Scherpelz	08b84cd	2017-05-22 13:11:54 +0900	[diff] [blame]	60	}
				61
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	62	binder::Status checkPermission(const char *permission) {
				63	pid_t pid;
				64	uid_t uid;
				65
				66	if (checkCallingPermission(String16(permission), (int32_t ) &pid, (int32_t ) &uid)) {
				67	return binder::Status::ok();
				68	} else {
				69	auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
				70	return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
				71	}
				72	}
				73
Nathan Harold	1a37153	2017-01-30 12:30:48 -0800	[diff] [blame]	74	binder::Status getXfrmStatus(int xfrmCode) {
				75	switch(xfrmCode) {
				76	case 0:
				77	return binder::Status::ok();
				78	case -ENOENT:
				79	return binder::Status::fromServiceSpecificError(xfrmCode);
				80	}
				81	return binder::Status::fromExceptionCode(xfrmCode);
				82	}
				83
Robin Lee	2cf5617	2016-09-13 18:55:42 +0900	[diff] [blame]	84	#define ENFORCE_DEBUGGABLE() { \
				85	char value[PROPERTY_VALUE_MAX + 1]; \
				86	if (property_get("ro.debuggable", value, NULL) != 1 \
				87	\|\| value[0] != '1') { \
				88	return binder::Status::fromExceptionCode( \
				89	binder::Status::EX_SECURITY, \
				90	String8("Not available in production builds.") \
				91	); \
				92	} \
				93	}
				94
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	95	#define ENFORCE_PERMISSION(permission) { \
				96	binder::Status status = checkPermission((permission)); \
				97	if (!status.isOk()) { \
				98	return status; \
				99	} \
				100	}
				101
Lorenzo Colitti	89faa34	2016-02-26 11:38:47 +0900	[diff] [blame]	102	#define NETD_LOCKING_RPC(permission, lock) \
				103	ENFORCE_PERMISSION(permission); \
				104	android::RWLock::AutoWLock _lock(lock);
				105
				106	#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	107	} // namespace
				108
				109
Lorenzo Colitti	e4851de	2016-03-17 13:23:28 +0900	[diff] [blame]	110	status_t NetdNativeService::start() {
				111	IPCThreadState::self()->disableBackgroundScheduling(true);
				112	status_t ret = BinderService<NetdNativeService>::publish();
				113	if (ret != android::OK) {
				114	return ret;
				115	}
				116	sp<ProcessState> ps(ProcessState::self());
				117	ps->startThreadPool();
				118	ps->giveThreadPoolName();
				119	return android::OK;
				120	}
				121
Erik Kline	2d3a163	2016-03-15 16:33:48 +0900	[diff] [blame]	122	status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
				123	const binder::Status dump_permission = checkPermission(DUMP);
				124	if (!dump_permission.isOk()) {
				125	const String8 msg(dump_permission.toString8());
				126	write(fd, msg.string(), msg.size());
				127	return PERMISSION_DENIED;
				128	}
				129
				130	// This method does not grab any locks. If individual classes need locking
				131	// their dump() methods MUST handle locking appropriately.
				132	DumpWriter dw(fd);
				133	dw.blankline();
				134	gCtls->netCtrl.dump(dw);
				135	dw.blankline();
				136
				137	return NO_ERROR;
				138	}
				139
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	140	binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti	89faa34	2016-02-26 11:38:47 +0900	[diff] [blame]	141	NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	142
				143	*alive = true;
				144	return binder::Status::ok();
				145	}
				146
Lorenzo Colitti	89faa34	2016-02-26 11:38:47 +0900	[diff] [blame]	147	binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
				148	bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
				149	NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
				150
				151	android::String8 name = android::String8(chainName);
				152	int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
				153	*ret = (err == 0);
				154	return binder::Status::ok();
Lorenzo Colitti	89faa34	2016-02-26 11:38:47 +0900	[diff] [blame]	155	}
Lorenzo Colitti	dedd271	2016-03-22 12:36:29 +0900	[diff] [blame]	156
				157	binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
				158	NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
				159
				160	int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
				161	*ret = (err == 0);
				162	return binder::Status::ok();
				163	}
				164
Robin Lee	b808736	2016-03-30 18:43:08 +0100	[diff] [blame]	165	binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
				166	const std::vector<UidRange>& uidRangeArray) {
				167	// TODO: elsewhere RouteController is only used from the tethering and network controllers, so
				168	// it should be possible to use the same lock as NetworkController. However, every call through
				169	// the CommandListener "network" command will need to hold this lock too, not just the ones that
				170	// read/modify network internal state (that is sufficient for ::dump() because it doesn't
				171	// look at routes, but it's not enough here).
				172	NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
				173
Lorenzo Colitti	563d98b	2016-04-24 13:13:14 +0900	[diff] [blame]	174	UidRanges uidRanges(uidRangeArray);
Robin Lee	b808736	2016-03-30 18:43:08 +0100	[diff] [blame]	175
				176	int err;
				177	if (add) {
				178	err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
				179	} else {
				180	err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
				181	}
				182
				183	if (err != 0) {
				184	return binder::Status::fromServiceSpecificError(-err,
				185	String8::format("RouteController error: %s", strerror(-err)));
				186	}
				187	return binder::Status::ok();
				188	}
				189
Lorenzo Colitti	563d98b	2016-04-24 13:13:14 +0900	[diff] [blame]	190	binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
				191	const std::vector<int32_t>& skipUids) {
				192
				193	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				194
				195	SockDiag sd;
				196	if (!sd.open()) {
				197	return binder::Status::fromServiceSpecificError(EIO,
				198	String8("Could not open SOCK_DIAG socket"));
				199	}
				200
				201	UidRanges uidRanges(uids);
Lorenzo Colitti	e5c3c99	2016-07-26 17:53:50 +0900	[diff] [blame]	202	int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
				203	true /* excludeLoopback */);
Lorenzo Colitti	563d98b	2016-04-24 13:13:14 +0900	[diff] [blame]	204
				205	if (err) {
				206	return binder::Status::fromServiceSpecificError(-err,
				207	String8::format("destroySockets: %s", strerror(-err)));
				208	}
Pierre Imai	beedec3	2016-04-13 06:44:51 +0900	[diff] [blame]	209	return binder::Status::ok();
				210	}
Lorenzo Colitti	563d98b	2016-04-24 13:13:14 +0900	[diff] [blame]	211
Pierre Imai	beedec3	2016-04-13 06:44:51 +0900	[diff] [blame]	212	binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
				213	const std::vector<std::string>& servers, const std::vector<std::string>& domains,
				214	const std::vector<int32_t>& params) {
				215	// This function intentionally does not lock within Netd, as Bionic is thread-safe.
				216	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				217
				218	int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params);
				219	if (err != 0) {
				220	return binder::Status::fromServiceSpecificError(-err,
				221	String8::format("ResolverController error: %s", strerror(-err)));
				222	}
				223	return binder::Status::ok();
				224	}
				225
				226	binder::Status NetdNativeService::getResolverInfo(int32_t netId,
				227	std::vector<std::string>* servers, std::vector<std::string>* domains,
				228	std::vector<int32_t>* params, std::vector<int32_t>* stats) {
				229	// This function intentionally does not lock within Netd, as Bionic is thread-safe.
				230	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				231
				232	int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
				233	if (err != 0) {
				234	return binder::Status::fromServiceSpecificError(-err,
				235	String8::format("ResolverController error: %s", strerror(-err)));
				236	}
Lorenzo Colitti	563d98b	2016-04-24 13:13:14 +0900	[diff] [blame]	237	return binder::Status::ok();
				238	}
				239
Ben Schwartz	e760181	2017-04-28 16:38:29 -0400	[diff] [blame]	240	binder::Status NetdNativeService::addPrivateDnsServer(const std::string& server, int32_t port,
				241	const std::string& fingerprintAlgorithm, const std::vector<std::string>& fingerprints) {
				242	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				243	std::set<std::vector<uint8_t>> decoded_fingerprints;
				244	for (const std::string& input : fingerprints) {
				245	size_t out_len;
				246	if (EVP_DecodedLength(&out_len, input.size()) != 1) {
				247	return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT,
				248	"ResolverController error: bad fingerprint length");
				249	}
				250	// out_len is now an upper bound on the output length.
				251	std::vector<uint8_t> decoded(out_len);
				252	if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
				253	reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
				254	// Possibly shrink the vector if the actual output was smaller than the bound.
				255	decoded.resize(out_len);
				256	} else {
				257	return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT,
				258	"ResolverController error: Base64 parsing failed");
				259	}
				260	decoded_fingerprints.insert(decoded);
				261	}
				262	const int err = gCtls->resolverCtrl.addPrivateDnsServer(server, port,
				263	fingerprintAlgorithm, decoded_fingerprints);
				264	if (err != INetd::PRIVATE_DNS_SUCCESS) {
				265	return binder::Status::fromServiceSpecificError(err,
				266	String8::format("ResolverController error: %d", err));
				267	}
				268	return binder::Status::ok();
				269	}
				270
				271	binder::Status NetdNativeService::removePrivateDnsServer(const std::string& server) {
				272	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				273	const int err = gCtls->resolverCtrl.removePrivateDnsServer(server);
				274	if (err != INetd::PRIVATE_DNS_SUCCESS) {
				275	return binder::Status::fromServiceSpecificError(err,
				276	String8::format("ResolverController error: %d", err));
				277	}
				278	return binder::Status::ok();
				279	}
				280
Erik Kline	f48e4dd	2016-07-18 04:02:07 +0900	[diff] [blame]	281	binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Lorenzo Colitti	9a8a9ff	2017-01-31 19:06:59 +0900	[diff] [blame]	282	NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
Erik Kline	f48e4dd	2016-07-18 04:02:07 +0900	[diff] [blame]	283
				284	*ret = gCtls->tetherCtrl.applyDnsInterfaces();
				285	return binder::Status::ok();
				286	}
				287
Lorenzo Colitti	9a8a9ff	2017-01-31 19:06:59 +0900	[diff] [blame]	288	namespace {
				289
				290	void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
				291	String16 iface = String16(stats.extIface.c_str());
				292	std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
				293
				294	bundle->getLongVector(iface, &statsVector);
				295	if (statsVector.size() == 0) {
				296	for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
				297	}
				298
				299	// Note: currently, TetherController::addForwardChainStats swaps TX and RX counters.
				300	// Specifically, when parsing iptables counters like this:
				301	//
				302	// Chain tetherctrl_counters (0 references)
				303	// pkts bytes target prot opt in out source destination
				304	// 4107 214602 RETURN all -- rndis0 rmnet_data0 0.0.0.0/0 0.0.0.0/0
				305	// 6937 10361624 RETURN all -- rmnet_data0 rndis0 0.0.0.0/0 0.0.0.0/0
				306	//
				307	// it will return a TetherStatsList with one element that has intIface rndis0 and extIface
				308	// rmnet_data0 (correct) but with rxBytes=214602 and txBytes=10361624 (swapped). Because the
				309	// code in getTetherStats and the corresponding code in NetworkManagementService swaps the
				310	// counters again, this all works.
				311	//
				312	// TODO: once "bandwidth gettetherstats" is gone, swap the counters in addForwardChainStats.
				313	statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.txBytes;
				314	statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.txPackets;
				315	statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.rxBytes;
				316	statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.rxPackets;
				317
				318	bundle->putLongVector(iface, statsVector);
				319	}
				320
				321	} // namespace
				322
				323	binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
				324	NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
				325
Lorenzo Colitti	5192bf7	2017-09-04 13:30:59 +0900	[diff] [blame^]	326	const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti	9a8a9ff	2017-01-31 19:06:59 +0900	[diff] [blame]	327	if (!isOk(statsList)) {
				328	return toBinderStatus(statsList);
				329	}
				330
				331	for (const auto& stats : statsList.value()) {
				332	tetherAddStats(bundle, stats);
				333	}
				334
				335	return binder::Status::ok();
				336	}
				337
Erik Kline	53c2088	2016-08-02 15:22:53 +0900	[diff] [blame]	338	binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
				339	const std::string &addrString, int prefixLength) {
				340	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				341
				342	const int err = InterfaceController::addAddress(
				343	ifName.c_str(), addrString.c_str(), prefixLength);
				344	if (err != 0) {
				345	return binder::Status::fromServiceSpecificError(-err,
				346	String8::format("InterfaceController error: %s", strerror(-err)));
				347	}
				348	return binder::Status::ok();
				349	}
				350
				351	binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
				352	const std::string &addrString, int prefixLength) {
				353	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				354
				355	const int err = InterfaceController::delAddress(
				356	ifName.c_str(), addrString.c_str(), prefixLength);
				357	if (err != 0) {
				358	return binder::Status::fromServiceSpecificError(-err,
				359	String8::format("InterfaceController error: %s", strerror(-err)));
				360	}
				361	return binder::Status::ok();
				362	}
				363
Erik Kline	55b06f8	2016-07-04 09:57:18 +0900	[diff] [blame]	364	binder::Status NetdNativeService::setProcSysNet(
				365	int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
				366	const std::string &value) {
				367	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				368
				369	const char *familyStr;
				370	switch (family) {
				371	case INetd::IPV4:
				372	familyStr = "ipv4";
				373	break;
				374	case INetd::IPV6:
				375	familyStr = "ipv6";
				376	break;
				377	default:
				378	return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
				379	}
				380
				381	const char *whichStr;
				382	switch (which) {
				383	case INetd::CONF:
				384	whichStr = "conf";
				385	break;
				386	case INetd::NEIGH:
				387	whichStr = "neigh";
				388	break;
				389	default:
				390	return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
				391	}
				392
				393	const int err = InterfaceController::setParameter(
				394	familyStr, whichStr, ifname.c_str(), parameter.c_str(),
				395	value.c_str());
				396	if (err != 0) {
				397	return binder::Status::fromServiceSpecificError(-err,
				398	String8::format("ResolverController error: %s", strerror(-err)));
				399	}
				400	return binder::Status::ok();
				401	}
				402
Robin Lee	2cf5617	2016-09-13 18:55:42 +0900	[diff] [blame]	403	binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
				404	// This function intentionally does not lock, since the only thing it does is one read from an
				405	// atomic_int.
				406	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				407	ENFORCE_DEBUGGABLE();
				408
Michal Karpinski	d544011	2016-10-06 16:56:04 +0100	[diff] [blame]	409	*reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee	2cf5617	2016-09-13 18:55:42 +0900	[diff] [blame]	410	return binder::Status::ok();
				411	}
				412
				413	binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
				414	// This function intentionally does not lock, since the only thing it does is one write to an
				415	// atomic_int.
				416	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				417	ENFORCE_DEBUGGABLE();
				418
Michal Karpinski	d544011	2016-10-06 16:56:04 +0100	[diff] [blame]	419	return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
				420	? binder::Status::ok()
				421	: binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee	2cf5617	2016-09-13 18:55:42 +0900	[diff] [blame]	422	}
				423
Nathan Harold	1a37153	2017-01-30 12:30:48 -0800	[diff] [blame]	424	binder::Status NetdNativeService::ipSecAllocateSpi(
				425	int32_t transformId,
				426	int32_t direction,
				427	const std::string& localAddress,
				428	const std::string& remoteAddress,
				429	int32_t inSpi,
				430	int32_t* outSpi) {
				431	// Necessary locking done in IpSecService and kernel
				432	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				433	ALOGD("ipSecAllocateSpi()");
				434	return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
				435	transformId,
				436	direction,
				437	localAddress,
				438	remoteAddress,
				439	inSpi,
				440	outSpi));
				441	}
				442
				443	binder::Status NetdNativeService::ipSecAddSecurityAssociation(
				444	int32_t transformId,
				445	int32_t mode,
				446	int32_t direction,
				447	const std::string& localAddress,
				448	const std::string& remoteAddress,
				449	int64_t underlyingNetworkHandle,
				450	int32_t spi,
				451	const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
				452	const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
				453	int32_t encapType,
				454	int32_t encapLocalPort,
ludi	ec83605	2017-05-20 14:17:05 -0700	[diff] [blame]	455	int32_t encapRemotePort) {
Nathan Harold	1a37153	2017-01-30 12:30:48 -0800	[diff] [blame]	456	// Necessary locking done in IpSecService and kernel
				457	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				458	ALOGD("ipSecAddSecurityAssociation()");
				459	return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
				460	transformId, mode, direction, localAddress, remoteAddress,
				461	underlyingNetworkHandle,
				462	spi,
				463	authAlgo, authKey, authTruncBits,
				464	cryptAlgo, cryptKey, cryptTruncBits,
ludi	ec83605	2017-05-20 14:17:05 -0700	[diff] [blame]	465	encapType, encapLocalPort, encapRemotePort));
Nathan Harold	1a37153	2017-01-30 12:30:48 -0800	[diff] [blame]	466	}
				467
				468	binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
				469	int32_t transformId,
				470	int32_t direction,
				471	const std::string& localAddress,
				472	const std::string& remoteAddress,
				473	int32_t spi) {
				474	// Necessary locking done in IpSecService and kernel
				475	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				476	ALOGD("ipSecDeleteSecurityAssociation()");
				477	return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
				478	transformId,
				479	direction,
				480	localAddress,
				481	remoteAddress,
				482	spi));
				483	}
				484
				485	binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
				486	const android::base::unique_fd& socket,
				487	int32_t transformId,
				488	int32_t direction,
				489	const std::string& localAddress,
				490	const std::string& remoteAddress,
				491	int32_t spi) {
				492	// Necessary locking done in IpSecService and kernel
				493	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				494	ALOGD("ipSecApplyTransportModeTransform()");
				495	return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
				496	socket,
				497	transformId,
				498	direction,
				499	localAddress,
				500	remoteAddress,
				501	spi));
				502	}
				503
				504	binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
				505	const android::base::unique_fd& socket) {
				506	// Necessary locking done in IpSecService and kernel
				507	ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
				508	ALOGD("ipSecRemoveTransportModeTransform()");
				509	return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
				510	socket));
				511	}
				512
Joel Scherpelz	de93796	2017-06-01 13:20:21 +0900	[diff] [blame]	513	binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
				514	int32_t mode) {
				515	ENFORCE_PERMISSION(NETWORK_STACK);
				516	return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
				517	}
				518
Joel Scherpelz	08b84cd	2017-05-22 13:11:54 +0900	[diff] [blame]	519	binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
				520	const std::string& prefix, int32_t mark,
				521	int32_t mask) {
				522	ENFORCE_PERMISSION(NETWORK_STACK);
				523	return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
				524	}
				525
				526	binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
				527	const std::string& prefix, int32_t mark,
				528	int32_t mask) {
				529	ENFORCE_PERMISSION(NETWORK_STACK);
				530	return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
				531	}
				532
Lorenzo Colitti	e4d626e	2016-02-02 17:19:04 +0900	[diff] [blame]	533	} // namespace net
				534	} // namespace android