Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / ff591f95466e683fe519845a5c8711313d91470b / . / server / NetdNativeService.cpp
blob: 63b8a24a94584e6c00c61d7e4deb642b3762325f [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]24#include <android-base/file.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]25#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]26#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]27#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]28#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]29#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]30#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]31
32#include <binder/IPCThreadState.h>
33#include <binder/IServiceManager.h>
34#include "android/net/BnNetd.h"
35
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]36#include <openssl/base64.h>
37
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]38#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]39#include "DumpWriter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]43#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]44#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]46#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]47#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]48#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]51using android::base::WriteStringToFile;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]52using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]53using android::net::UidRangeParcel;
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]54using android::os::ParcelFileDescriptor;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]55
56namespace android {
57namespace net {
58
59namespace {
60
61const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]62const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]63const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]64const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]65
66binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]67 pid_t pid = IPCThreadState::self()->getCallingPid();
68 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]69
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]70 // If the caller is the system UID, don't check permissions.
71 // Otherwise, if the system server's binder thread pool is full, and all the threads are
72 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
73 //
74 // From a security perspective, there is currently no difference, because:
75 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
76 // and NETWORK_STACK, which the system server will always need to have.
77 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
78 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]79 return binder::Status::ok();
80 } else {
81 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
82 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
83 }
84}
85
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]86#define ENFORCE_DEBUGGABLE() { \
87 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]88 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]89 || value[0] != '1') { \
90 return binder::Status::fromExceptionCode( \
91 binder::Status::EX_SECURITY, \
92 String8("Not available in production builds.") \
93 ); \
94 } \
95}
96
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]97#define ENFORCE_PERMISSION(permission) { \
98 binder::Status status = checkPermission((permission)); \
99 if (!status.isOk()) { \
100 return status; \
101 } \
102}
103
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]104#define NETD_LOCKING_RPC(permission, lock) \
105 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]106 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]107
108#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]109
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]110#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
111 do { \
112 if (!isOk((res))) { \
113 logErrorStatus((logEntry), (res)); \
114 return asBinderStatus((res)); \
115 } \
116 } while (0)
117
118void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
119 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
120}
121
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]122binder::Status asBinderStatus(const netdutils::Status& status) {
123 if (isOk(status)) {
124 return binder::Status::ok();
125 }
126 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
127}
128
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]129inline binder::Status statusFromErrcode(int ret) {
130 if (ret) {
131 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
132 }
133 return binder::Status::ok();
134}
135
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]136bool contains(const Vector<String16>& words, const String16& word) {
137 for (const auto& w : words) {
138 if (w == word) return true;
139 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]140
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]141 return false;
142}
143
144} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]145
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]146status_t NetdNativeService::start() {
147 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]148 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]149 if (ret != android::OK) {
150 return ret;
151 }
152 sp<ProcessState> ps(ProcessState::self());
153 ps->startThreadPool();
154 ps->giveThreadPoolName();
155 return android::OK;
156}
157
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]158status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]159 const binder::Status dump_permission = checkPermission(DUMP);
160 if (!dump_permission.isOk()) {
161 const String8 msg(dump_permission.toString8());
162 write(fd, msg.string(), msg.size());
163 return PERMISSION_DENIED;
164 }
165
166 // This method does not grab any locks. If individual classes need locking
167 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]168
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]169 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]170
171 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
172 dw.blankline();
173 gCtls->tcpSocketMonitor.dump(dw);
174 dw.blankline();
175 return NO_ERROR;
176 }
177
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]178 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
179 dw.blankline();
180 gCtls->trafficCtrl.dump(dw, true);
181 dw.blankline();
182 return NO_ERROR;
183 }
184
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]185 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]186 dw.blankline();
187 gCtls->netCtrl.dump(dw);
188 dw.blankline();
189
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]190 gCtls->trafficCtrl.dump(dw, false);
191 dw.blankline();
192
Benedict Wongaf855432018-05-10 17:07:37 -0700[diff] [blame]193 gCtls->xfrmCtrl.dump(dw);
194 dw.blankline();
195
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]196 {
197 ScopedIndent indentLog(dw);
198 if (contains(args, String16(OPT_SHORT))) {
199 dw.println("Log: <omitted>");
200 } else {
201 dw.println("Log:");
202 ScopedIndent indentLogEntries(dw);
203 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
204 }
205 dw.blankline();
206 }
207
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]208 return NO_ERROR;
209}
210
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]211binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]212 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]213 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]214
215 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]216
217 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]218 return binder::Status::ok();
219}
220
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]221binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]222 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
223 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]224 auto entry = gLog.newEntry()
225 .prettyFunction(__PRETTY_FUNCTION__)
226 .arg(chainName)
227 .arg(isWhitelist)
228 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]229
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]230 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]231 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]232
233 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]234 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]235}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]236
237binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
238 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]239 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]240
241 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
242 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]243 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]244 return binder::Status::ok();
245}
246
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]247binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
248 int64_t bytes) {
249 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
250 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
251
252 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
253
254 gLog.log(entry.returns(res).withAutomaticDuration());
255 return statusFromErrcode(res);
256}
257
258binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
259 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
260 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
261
262 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
263
264 gLog.log(entry.returns(res).withAutomaticDuration());
265 return statusFromErrcode(res);
266}
267
268binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
269 int64_t bytes) {
270 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
271 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
272
273 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
274
275 gLog.log(entry.returns(res).withAutomaticDuration());
276 return statusFromErrcode(res);
277}
278
279binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
280 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
281 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
282
283 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
284
285 gLog.log(entry.returns(res).withAutomaticDuration());
286 return statusFromErrcode(res);
287}
288
289binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
290 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
291 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
292
293 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
294
295 gLog.log(entry.returns(res).withAutomaticDuration());
296 return statusFromErrcode(res);
297}
298
299binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
300 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
301 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
302
303 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
304 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
305
306 gLog.log(entry.returns(res).withAutomaticDuration());
307 return statusFromErrcode(res);
308}
309
310binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
311 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
312 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
313
314 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
315 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
316
317 gLog.log(entry.returns(res).withAutomaticDuration());
318 return statusFromErrcode(res);
319}
320
321binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
322 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
323 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
324
325 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
326 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
327
328 gLog.log(entry.returns(res).withAutomaticDuration());
329 return statusFromErrcode(res);
330}
331
332binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
333 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
334 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
335
336 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
337 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
338
339 gLog.log(entry.returns(res).withAutomaticDuration());
340 return statusFromErrcode(res);
341}
342
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]343binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]344 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]345 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]346 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]347 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]348 return statusFromErrcode(ret);
349}
350
cken67cd14c2018-12-05 17:26:59 +0900[diff] [blame]351binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {
Ken Chen87f1ec92018-12-18 20:15:28 +0800[diff] [blame]352 ENFORCE_PERMISSION(NETWORK_STACK);
cken67cd14c2018-12-05 17:26:59 +0900[diff] [blame]353 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(netId, secure);
354 int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure);
355 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]356 return statusFromErrcode(ret);
357}
358
359binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]360 ENFORCE_PERMISSION(NETWORK_STACK);
361 // Both of these functions manage their own locking internally.
362 const int ret = gCtls->netCtrl.destroyNetwork(netId);
363 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]364 return statusFromErrcode(ret);
365}
366
367binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
368 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
369 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
370 return statusFromErrcode(ret);
371}
372
373binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
374 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
375 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
376 return statusFromErrcode(ret);
377}
378
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]379namespace {
380
381std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
382 std::vector<std::string> result;
383 result.reserve(uidRangeArray.size());
384 for (const auto& uidRange : uidRangeArray) {
385 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
386 }
387
388 return base::Join(result, ", ");
389}
390
391} // namespace
392
393binder::Status NetdNativeService::networkAddUidRanges(
394 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]395 // NetworkController::addUsersToNetwork is thread-safe.
396 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]397 auto entry = gLog.newEntry()
398 .prettyFunction(__PRETTY_FUNCTION__)
399 .args(netId, uidRangeParcelVecToString(uidRangeArray));
400
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]401 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]402 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]403 return statusFromErrcode(ret);
404}
405
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]406binder::Status NetdNativeService::networkRemoveUidRanges(
407 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]408 // NetworkController::removeUsersFromNetwork is thread-safe.
409 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]410 auto entry = gLog.newEntry()
411 .prettyFunction(__PRETTY_FUNCTION__)
412 .args(netId, uidRangeParcelVecToString(uidRangeArray));
413
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]414 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]415 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]416 return statusFromErrcode(ret);
417}
418
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]419binder::Status NetdNativeService::networkRejectNonSecureVpn(
420 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]421 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
422 // it should be possible to use the same lock as NetworkController. However, every call through
423 // the CommandListener "network" command will need to hold this lock too, not just the ones that
424 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
425 // look at routes, but it's not enough here).
426 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]427 auto entry = gLog.newEntry()
428 .prettyFunction(__PRETTY_FUNCTION__)
429 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]430 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]431
432 int err;
433 if (add) {
434 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
435 } else {
436 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
437 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]438 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]439 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]440}
441
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]442binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
443 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]444 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
445
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]446 auto entry = gLog.newEntry()
447 .prettyFunction(__PRETTY_FUNCTION__)
448 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]449 SockDiag sd;
450 if (!sd.open()) {
451 return binder::Status::fromServiceSpecificError(EIO,
452 String8("Could not open SOCK_DIAG socket"));
453 }
454
455 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]456 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
457 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]458
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]459 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]460 if (err) {
461 return binder::Status::fromServiceSpecificError(-err,
462 String8::format("destroySockets: %s", strerror(-err)));
463 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]464 return binder::Status::ok();
465}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]466
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]467// Parse a base64 encoded string into a vector of bytes.
468// On failure, return an empty vector.
469static std::vector<uint8_t> parseBase64(const std::string& input) {
470 std::vector<uint8_t> decoded;
471 size_t out_len;
472 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
473 return decoded;
474 }
475 // out_len is now an upper bound on the output length.
476 decoded.resize(out_len);
477 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
478 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
479 // Possibly shrink the vector if the actual output was smaller than the bound.
480 decoded.resize(out_len);
481 } else {
482 decoded.clear();
483 }
484 if (out_len != SHA256_SIZE) {
485 decoded.clear();
486 }
487 return decoded;
488}
489
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]490binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
491 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]492 const std::vector<int32_t>& params, const std::string& tlsName,
493 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]494 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]495 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
496 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]497 auto entry = gLog.newEntry()
498 .prettyFunction(__PRETTY_FUNCTION__)
499 .arg(netId)
500 .arg(servers)
501 .arg(domains)
502 .arg(params)
503 .arg(tlsName)
504 .arg(tlsServers)
505 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]506
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]507 std::set<std::vector<uint8_t>> decoded_fingerprints;
508 for (const std::string& fingerprint : tlsFingerprints) {
509 std::vector<uint8_t> decoded = parseBase64(fingerprint);
510 if (decoded.empty()) {
511 return binder::Status::fromServiceSpecificError(EINVAL,
512 String8::format("ResolverController error: bad fingerprint"));
513 }
514 decoded_fingerprints.emplace(decoded);
515 }
516
517 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]518 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]519 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]520 if (err != 0) {
521 return binder::Status::fromServiceSpecificError(-err,
522 String8::format("ResolverController error: %s", strerror(-err)));
523 }
524 return binder::Status::ok();
525}
526
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]527binder::Status NetdNativeService::getResolverInfo(int32_t netId, std::vector<std::string>* servers,
528 std::vector<std::string>* domains,
529 std::vector<std::string>* tlsServers,
530 std::vector<int32_t>* params,
531 std::vector<int32_t>* stats) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]532 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]533 ENFORCE_PERMISSION(NETWORK_STACK);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]534
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]535 int err =
536 gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, tlsServers, params, stats);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]537 if (err != 0) {
538 return binder::Status::fromServiceSpecificError(-err,
539 String8::format("ResolverController error: %s", strerror(-err)));
540 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]541 return binder::Status::ok();
542}
543
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]544binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]545 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]546
547 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
548 return binder::Status::ok();
549}
550
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]551namespace {
552
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]553void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
554 const TetherController::TetherStats& tetherStats) {
555 if (tetherStatsParcel->extIface == tetherStats.extIface) {
556 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
557 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
558 tetherStatsParcel->txBytes += tetherStats.txBytes;
559 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]560 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]561}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]562
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]563TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
564 TetherStatsParcel result;
565 result.iface = stats.extIface;
566 result.rxBytes = stats.rxBytes;
567 result.rxPackets = stats.rxPackets;
568 result.txBytes = stats.txBytes;
569 result.txPackets = stats.txPackets;
570 return result;
571}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]572
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]573void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
574 const TetherController::TetherStatsList& statsList) {
575 std::map<std::string, TetherController::TetherStats> statsMap;
576 for (const auto& stats : statsList) {
577 auto iter = statsMap.find(stats.extIface);
578 if (iter != statsMap.end()) {
579 tetherAddStatsByInterface(&(iter->second), stats);
580 } else {
581 statsMap.insert(
582 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
583 }
584 }
585 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
586 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
587 }
588}
589
590std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
591 std::vector<std::string> result;
592 for (const auto& t : *tVec) {
593 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
594 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
595 t.txPackets));
596 }
597 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]598}
599
600} // namespace
601
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]602binder::Status NetdNativeService::tetherGetStats(
603 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]604 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]605
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]606 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
607
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]608 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]609 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]610 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]611 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]612 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
613 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
614 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]615 return binder::Status::ok();
616}
617
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]618binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
619 const std::string &addrString, int prefixLength) {
620 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
621
622 const int err = InterfaceController::addAddress(
623 ifName.c_str(), addrString.c_str(), prefixLength);
624 if (err != 0) {
625 return binder::Status::fromServiceSpecificError(-err,
626 String8::format("InterfaceController error: %s", strerror(-err)));
627 }
628 return binder::Status::ok();
629}
630
631binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
632 const std::string &addrString, int prefixLength) {
633 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
634
635 const int err = InterfaceController::delAddress(
636 ifName.c_str(), addrString.c_str(), prefixLength);
637 if (err != 0) {
638 return binder::Status::fromServiceSpecificError(-err,
639 String8::format("InterfaceController error: %s", strerror(-err)));
640 }
641 return binder::Status::ok();
642}
643
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]644namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]645
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]646std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
647 int32_t category) {
648 const char* ipversionStr = nullptr;
649 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]650 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]651 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]652 break;
653 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]654 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]655 break;
656 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]657 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
658 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]659 }
660
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]661 const char* whichStr = nullptr;
662 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]663 case INetd::CONF:
664 whichStr = "conf";
665 break;
666 case INetd::NEIGH:
667 whichStr = "neigh";
668 break;
669 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]670 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
671 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]672 }
673
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]674 return {binder::Status::ok(), ipversionStr, whichStr};
675}
676
677} // namespace
678
679binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
680 const std::string& ifname,
681 const std::string& parameter, std::string* value) {
682 ENFORCE_PERMISSION(NETWORK_STACK);
683 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
684 .args(ipversion, which, ifname, parameter);
685
686 const auto pathParts = getPathComponents(ipversion, which);
687 const auto& pathStatus = std::get<0>(pathParts);
688 if (!pathStatus.isOk()) {
689 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
690 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]691 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]692
693 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
694 std::get<2>(pathParts), ifname.c_str(),
695 parameter.c_str(), value);
696 entry.returns(err);
697 if (err == 0) entry.returns(*value);
698 gLog.log(entry.withAutomaticDuration());
699 return statusFromErrcode(err);
700}
701
702binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
703 const std::string& ifname,
704 const std::string& parameter,
705 const std::string& value) {
706 ENFORCE_PERMISSION(NETWORK_STACK);
707 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
708 .args(ipversion, which, ifname, parameter, value);
709
710 const auto pathParts = getPathComponents(ipversion, which);
711 const auto& pathStatus = std::get<0>(pathParts);
712 if (!pathStatus.isOk()) {
713 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
714 return pathStatus;
715 }
716
717 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
718 std::get<2>(pathParts), ifname.c_str(),
719 parameter.c_str(), value.c_str());
720 gLog.log(entry.returns(err).withAutomaticDuration());
721 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]722}
723
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]724binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,
725 int newUid) {
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]726 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]727 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]728
729 uid_t callerUid = IPCThreadState::self()->getCallingUid();
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]730 return asBinderStatus(
731 gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]732}
733
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]734binder::Status NetdNativeService::ipSecAllocateSpi(
735 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]736 const std::string& sourceAddress,
737 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]738 int32_t inSpi,
739 int32_t* outSpi) {
740 // Necessary locking done in IpSecService and kernel
741 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]742 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]743 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]744 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]745 sourceAddress,
746 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]747 inSpi,
748 outSpi));
749}
750
751binder::Status NetdNativeService::ipSecAddSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]752 int32_t transformId, int32_t mode, const std::string& sourceAddress,
753 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
754 int32_t markValue, int32_t markMask, const std::string& authAlgo,
755 const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
756 const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
757 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
758 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]759 // Necessary locking done in IpSecService and kernel
760 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]761 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]762 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]763 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
764 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]765 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
766 interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]767}
768
769binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]770 int32_t transformId, const std::string& sourceAddress,
771 const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
772 int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]773 // Necessary locking done in IpSecService and kernel
774 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]775 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]776 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]777 transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]778}
779
780binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]781 const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,
782 const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]783 // Necessary locking done in IpSecService and kernel
784 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]785 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]786 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]787 socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]788}
789
790binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]791 const ParcelFileDescriptor& socket) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]792 // Necessary locking done in IpSecService and kernel
793 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]794 gLog.log("ipSecRemoveTransportModeTransform()");
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]795 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]796}
797
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]798binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
799 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]800 const std::string& tmplSrcAddress,
801 const std::string& tmplDstAddress,
802 int32_t spi, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]803 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]804 // Necessary locking done in IpSecService and kernel
805 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]806 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]807 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]808 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]809 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]810}
811
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]812binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
813 int32_t transformId, int32_t selAddrFamily, int32_t direction,
814 const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
815 int32_t markValue, int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]816 // Necessary locking done in IpSecService and kernel
817 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]818 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]819 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]820 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]821 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]822}
823
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]824binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
825 int32_t selAddrFamily,
826 int32_t direction, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]827 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]828 // Necessary locking done in IpSecService and kernel
829 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]830 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]831 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]832 transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]833}
834
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]835binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
836 const std::string& localAddress,
837 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]838 int32_t iKey, int32_t oKey,
839 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]840 // Necessary locking done in IpSecService and kernel
841 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]842 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]843
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]844 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]845 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]846 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
847
848 gLog.log(entry.returns(result).withAutomaticDuration());
849 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]850}
851
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]852binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
853 const std::string& localAddress,
854 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]855 int32_t iKey, int32_t oKey,
856 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]857 // Necessary locking done in IpSecService and kernel
858 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]859 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]860
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]861 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]862 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]863 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
864
865 gLog.log(entry.returns(result).withAutomaticDuration());
866 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]867}
868
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]869binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]870 // Necessary locking done in IpSecService and kernel
871 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]872 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]873
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]874 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
875 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
876
877 gLog.log(entry.returns(result).withAutomaticDuration());
878 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]879}
880
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]881binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
882 int32_t mode) {
883 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]884 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]885}
886
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]887binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
888 const std::string& prefix, int32_t mark,
889 int32_t mask) {
890 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]891 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]892}
893
894binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
895 const std::string& prefix, int32_t mark,
896 int32_t mask) {
897 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]898 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]899}
900
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]901binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
902 ENFORCE_PERMISSION(NETWORK_STACK);
903 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
904 return binder::Status::ok();
905}
906
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]907binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
908 const std::string& classLabel) {
909 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
910 auto entry = gLog.newEntry()
911 .prettyFunction(__PRETTY_FUNCTION__)
912 .arg(ifName)
913 .arg(timeout)
914 .arg(classLabel);
915 int res =
916 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
917 gLog.log(entry.returns(res).withAutomaticDuration());
918 return statusFromErrcode(res);
919}
920
921binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
922 int32_t timeout,
923 const std::string& classLabel) {
924 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
925 auto entry = gLog.newEntry()
926 .prettyFunction(__PRETTY_FUNCTION__)
927 .arg(ifName)
928 .arg(timeout)
929 .arg(classLabel);
930 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
931 classLabel.c_str());
932 gLog.log(entry.returns(res).withAutomaticDuration());
933 return statusFromErrcode(res);
934}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]935
936binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
937 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
938 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
939 StrictPenalty penalty;
940 switch (policyPenalty) {
941 case INetd::PENALTY_POLICY_REJECT:
942 penalty = REJECT;
943 break;
944 case INetd::PENALTY_POLICY_LOG:
945 penalty = LOG;
946 break;
947 case INetd::PENALTY_POLICY_ACCEPT:
948 penalty = ACCEPT;
949 break;
950 default:
951 return statusFromErrcode(-EINVAL);
952 break;
953 }
954 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
955 gLog.log(entry.returns(res).withAutomaticDuration());
956 return statusFromErrcode(res);
957}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]958
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]959binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
960 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
961 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
962 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
963 gLog.log(entry.returns(res).withAutomaticDuration());
964 return statusFromErrcode(res);
965}
966
967binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
968 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
969 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
970 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
971 gLog.log(entry.returns(res).withAutomaticDuration());
972 return statusFromErrcode(res);
973}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]974
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]975binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
976 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
977 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
978 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
979 gLog.log(entry.returns(*status).withAutomaticDuration());
980 return binder::Status::ok();
981}
982
983binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
984 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
985 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
986 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
987 gLog.log(entry.returns(res).withAutomaticDuration());
988 return statusFromErrcode(res);
989}
990
991binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
992 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
993 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
994 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
995 gLog.log(entry.returns(res).withAutomaticDuration());
996 return statusFromErrcode(res);
997}
998
999binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1000 const std::string& toIface) {
1001 ENFORCE_PERMISSION(NETWORK_STACK);
1002 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1003 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1004 gLog.log(entry.returns(res).withAutomaticDuration());
1005 return statusFromErrcode(res);
1006}
1007
1008binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1009 const std::string& toIface) {
1010 ENFORCE_PERMISSION(NETWORK_STACK);
1011 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1012 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1013 gLog.log(entry.returns(res).withAutomaticDuration());
1014 return statusFromErrcode(res);
1015}
1016
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1017namespace {
1018std::string addSquareBrackets(const std::string& s) {
1019 return "[" + s + "]";
1020}
1021
1022std::string addCurlyBrackets(const std::string& s) {
1023 return "{" + s + "}";
1024}
1025
1026} // namespace
1027binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1028 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1029 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1030
1031 const auto& ifaceList = InterfaceController::getIfaceNames();
1032 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1033
1034 interfaceListResult->clear();
1035 interfaceListResult->reserve(ifaceList.value().size());
1036 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1037 end(ifaceList.value()));
1038
1039 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1040 .withAutomaticDuration());
1041 return binder::Status::ok();
1042}
1043
1044std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1045 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1046 std::to_string(cfg.prefixLength)};
1047 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1048 return addCurlyBrackets(base::Join(result, ", "));
1049}
1050
1051binder::Status NetdNativeService::interfaceGetCfg(
1052 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1053 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1054 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1055
1056 const auto& cfgRes = InterfaceController::getCfg(ifName);
1057 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1058
1059 *interfaceGetCfgResult = cfgRes.value();
1060 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1061 .withAutomaticDuration());
1062 return binder::Status::ok();
1063}
1064
1065binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1066 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1067 auto entry = gLog.newEntry()
1068 .prettyFunction(__PRETTY_FUNCTION__)
1069 .arg(interfaceConfigurationParcelToString(cfg));
1070
1071 const auto& res = InterfaceController::setCfg(cfg);
1072 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1073
1074 gLog.log(entry.withAutomaticDuration());
1075 return binder::Status::ok();
1076}
1077
1078binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1079 bool enable) {
1080 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1081 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1082 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1083 gLog.log(entry.returns(res).withAutomaticDuration());
1084 return statusFromErrcode(res);
1085}
1086
1087binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1088 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1089 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1090 int res = InterfaceController::clearAddrs(ifName.c_str());
1091 gLog.log(entry.returns(res).withAutomaticDuration());
1092 return statusFromErrcode(res);
1093}
1094
1095binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1096 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1097 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1098 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1099 gLog.log(entry.returns(res).withAutomaticDuration());
1100 return statusFromErrcode(res);
1101}
1102
1103binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1104 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1105 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1106 std::string mtu = std::to_string(mtuValue);
1107 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1108 gLog.log(entry.returns(res).withAutomaticDuration());
1109 return statusFromErrcode(res);
1110}
1111
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1112binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1113 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1114 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1115 if (dhcpRanges.size() % 2 == 1) {
1116 return statusFromErrcode(-EINVAL);
1117 }
1118 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1119 gLog.log(entry.returns(res).withAutomaticDuration());
1120 return statusFromErrcode(res);
1121}
1122
1123binder::Status NetdNativeService::tetherStop() {
1124 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1125 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1126 int res = gCtls->tetherCtrl.stopTethering();
1127 gLog.log(entry.returns(res).withAutomaticDuration());
1128 return statusFromErrcode(res);
1129}
1130
1131binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1132 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1133 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1134 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1135 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1136 return binder::Status::ok();
1137}
1138
1139binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1140 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1141 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1142 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1143 gLog.log(entry.returns(res).withAutomaticDuration());
1144 return statusFromErrcode(res);
1145}
1146
1147binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1148 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1149 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1150 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1151 gLog.log(entry.returns(res).withAutomaticDuration());
1152 return statusFromErrcode(res);
1153}
1154
1155binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1156 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1157 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1158 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1159 ifList->push_back(ifname);
1160 }
1161 gLog.log(entry.returns(true).withAutomaticDuration());
1162 return binder::Status::ok();
1163}
1164
1165binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1166 const std::vector<std::string>& dnsAddrs) {
1167 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1168 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1169 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1170 gLog.log(entry.returns(res).withAutomaticDuration());
1171 return statusFromErrcode(res);
1172}
1173
1174binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1175 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1176 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1177 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1178 dnsList->push_back(fwdr);
1179 }
1180 gLog.log(entry.returns(true).withAutomaticDuration());
1181 return binder::Status::ok();
1182}
1183
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1184binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1185 const std::string& destination,
1186 const std::string& nextHop) {
1187 // Public methods of NetworkController are thread-safe.
1188 ENFORCE_PERMISSION(NETWORK_STACK);
1189 auto entry = gLog.newEntry()
1190 .prettyFunction(__PRETTY_FUNCTION__)
1191 .arg(netId)
1192 .arg(ifName)
1193 .arg(destination)
1194 .arg(nextHop);
1195 bool legacy = false;
1196 uid_t uid = 0; // UID is only meaningful for legacy routes.
1197 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1198 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1199 gLog.log(entry.returns(res).withAutomaticDuration());
1200 return statusFromErrcode(res);
1201}
1202
1203binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1204 const std::string& destination,
1205 const std::string& nextHop) {
1206 ENFORCE_PERMISSION(NETWORK_STACK);
1207 auto entry = gLog.newEntry()
1208 .prettyFunction(__PRETTY_FUNCTION__)
1209 .arg(netId)
1210 .arg(ifName)
1211 .arg(destination)
1212 .arg(nextHop);
1213 bool legacy = false;
1214 uid_t uid = 0; // UID is only meaningful for legacy routes.
1215 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1216 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1217 gLog.log(entry.returns(res).withAutomaticDuration());
1218 return statusFromErrcode(res);
1219}
1220
1221binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1222 const std::string& destination,
1223 const std::string& nextHop, int32_t uid) {
1224 ENFORCE_PERMISSION(NETWORK_STACK);
1225 auto entry = gLog.newEntry()
1226 .prettyFunction(__PRETTY_FUNCTION__)
1227 .arg(netId)
1228 .arg(ifName)
1229 .arg(destination)
1230 .arg(nextHop)
1231 .arg(uid);
1232 bool legacy = true;
1233 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1234 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1235 (uid_t) uid);
1236 gLog.log(entry.returns(res).withAutomaticDuration());
1237 return statusFromErrcode(res);
1238}
1239
1240binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1241 const std::string& destination,
1242 const std::string& nextHop,
1243 int32_t uid) {
1244 ENFORCE_PERMISSION(NETWORK_STACK);
1245 auto entry = gLog.newEntry()
1246 .prettyFunction(__PRETTY_FUNCTION__)
1247 .arg(netId)
1248 .arg(ifName)
1249 .arg(destination)
1250 .arg(nextHop)
1251 .arg(uid);
1252 bool legacy = true;
1253 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1254 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1255 (uid_t) uid);
1256 gLog.log(entry.returns(res).withAutomaticDuration());
1257 return statusFromErrcode(res);
1258}
1259
1260binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1261 ENFORCE_PERMISSION(NETWORK_STACK);
1262 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1263 *netId = gCtls->netCtrl.getDefaultNetwork();
1264 gLog.log(entry.returns(*netId).withAutomaticDuration());
1265 return binder::Status::ok();
1266}
1267
1268binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1269 ENFORCE_PERMISSION(NETWORK_STACK);
1270 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1271 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1272 gLog.log(entry.returns(res).withAutomaticDuration());
1273 return statusFromErrcode(res);
1274}
1275
1276binder::Status NetdNativeService::networkClearDefault() {
1277 ENFORCE_PERMISSION(NETWORK_STACK);
1278 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1279 unsigned netId = NETID_UNSET;
1280 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1281 gLog.log(entry.returns(res).withAutomaticDuration());
1282 return statusFromErrcode(res);
1283}
1284
1285std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1286 return {begin(intUids), end(intUids)};
1287}
1288
1289Permission NetdNativeService::convertPermission(int32_t permission) {
1290 switch (permission) {
1291 case INetd::PERMISSION_NETWORK:
1292 return Permission::PERMISSION_NETWORK;
1293 case INetd::PERMISSION_SYSTEM:
1294 return Permission::PERMISSION_SYSTEM;
1295 default:
1296 return Permission::PERMISSION_NONE;
1297 }
1298}
1299
1300binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1301 int32_t permission) {
1302 ENFORCE_PERMISSION(NETWORK_STACK);
1303 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1304 std::vector<unsigned> netIds = {(unsigned) netId};
1305 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1306 gLog.log(entry.returns(res).withAutomaticDuration());
1307 return statusFromErrcode(res);
1308}
1309
1310binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1311 const std::vector<int32_t>& uids) {
1312 ENFORCE_PERMISSION(NETWORK_STACK);
1313 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1314 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1315 gLog.log(entry.withAutomaticDuration());
1316 return binder::Status::ok();
1317}
1318
1319binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1320 ENFORCE_PERMISSION(NETWORK_STACK);
1321 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1322 Permission permission = Permission::PERMISSION_NONE;
1323 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1324 gLog.log(entry.withAutomaticDuration());
1325 return binder::Status::ok();
1326}
1327
1328binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1329 ENFORCE_PERMISSION(NETWORK_STACK);
1330 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1331 std::vector<uid_t> uids = {(uid_t) uid};
1332 gCtls->netCtrl.allowProtect(uids);
1333 gLog.log(entry.withAutomaticDuration());
1334 return binder::Status::ok();
1335}
1336
1337binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1338 ENFORCE_PERMISSION(NETWORK_STACK);
1339 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1340 std::vector<uid_t> uids = {(uid_t) uid};
1341 gCtls->netCtrl.denyProtect(uids);
1342 gLog.log(entry.withAutomaticDuration());
1343 return binder::Status::ok();
1344}
1345
1346binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1347 ENFORCE_PERMISSION(NETWORK_STACK);
1348 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1349 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1350 gLog.log(entry.returns(*ret).withAutomaticDuration());
1351 return binder::Status::ok();
1352}
1353
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1354namespace {
1355std::string ruleToString(int32_t rule) {
1356 switch (rule) {
1357 case INetd::FIREWALL_RULE_DENY:
1358 return "DENY";
1359 case INetd::FIREWALL_RULE_ALLOW:
1360 return "ALLOW";
1361 default:
1362 return "INVALID";
1363 }
1364}
1365
1366std::string typeToString(int32_t type) {
1367 switch (type) {
1368 case INetd::FIREWALL_WHITELIST:
1369 return "WHITELIST";
1370 case INetd::FIREWALL_BLACKLIST:
1371 return "BLACKLIST";
1372 default:
1373 return "INVALID";
1374 }
1375}
1376
1377std::string chainToString(int32_t chain) {
1378 switch (chain) {
1379 case INetd::FIREWALL_CHAIN_NONE:
1380 return "NONE";
1381 case INetd::FIREWALL_CHAIN_DOZABLE:
1382 return "DOZABLE";
1383 case INetd::FIREWALL_CHAIN_STANDBY:
1384 return "STANDBY";
1385 case INetd::FIREWALL_CHAIN_POWERSAVE:
1386 return "POWERSAVE";
1387 default:
1388 return "INVALID";
1389 }
1390}
1391
1392} // namespace
1393
1394binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1395 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1396 auto entry =
1397 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1398 auto type = static_cast<FirewallType>(firewallType);
1399
1400 int res = gCtls->firewallCtrl.setFirewallType(type);
1401 gLog.log(entry.returns(res).withAutomaticDuration());
1402 return statusFromErrcode(res);
1403}
1404
1405binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1406 int32_t firewallRule) {
1407 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1408 auto entry = gLog.newEntry()
1409 .prettyFunction(__PRETTY_FUNCTION__)
1410 .args(ifName, ruleToString(firewallRule));
1411 auto rule = static_cast<FirewallRule>(firewallRule);
1412
1413 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1414 gLog.log(entry.returns(res).withAutomaticDuration());
1415 return statusFromErrcode(res);
1416}
1417
1418binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1419 int32_t firewallRule) {
1420 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1421 auto entry = gLog.newEntry()
1422 .prettyFunction(__PRETTY_FUNCTION__)
1423 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1424 auto chain = static_cast<ChildChain>(childChain);
1425 auto rule = static_cast<FirewallRule>(firewallRule);
1426
1427 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1428 gLog.log(entry.returns(res).withAutomaticDuration());
1429 return statusFromErrcode(res);
1430}
1431
1432binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1433 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1434 auto entry = gLog.newEntry()
1435 .prettyFunction(__PRETTY_FUNCTION__)
1436 .args(chainToString(childChain), enable);
1437 auto chain = static_cast<ChildChain>(childChain);
1438
1439 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1440 gLog.log(entry.returns(res).withAutomaticDuration());
1441 return statusFromErrcode(res);
1442}
1443
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1444binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1445 const std::string& extIface) {
1446 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1447 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1448
1449 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1450 gLog.log(entry.returns(res).withAutomaticDuration());
1451 return statusFromErrcode(res);
1452}
1453
1454binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1455 const std::string& extIface) {
1456 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1457 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1458
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1459 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1460 gLog.log(entry.returns(res).withAutomaticDuration());
1461 return statusFromErrcode(res);
1462}
1463
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]1464binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,
1465 const std::string& wmemValues) {
1466 ENFORCE_PERMISSION(NETWORK_STACK);
1467 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(rmemValues, wmemValues);
1468 if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {
1469 int ret = -errno;
1470 gLog.log(entry.returns(ret).withAutomaticDuration());
1471 return statusFromErrcode(ret);
1472 }
1473
1474 if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {
1475 int ret = -errno;
1476 gLog.log(entry.returns(ret).withAutomaticDuration());
1477 return statusFromErrcode(ret);
1478 }
1479 gLog.log(entry.withAutomaticDuration());
1480 return binder::Status::ok();
1481}
1482
nuccachenf52f7a52018-07-17 18:07:23 +0800[diff] [blame]1483binder::Status NetdNativeService::getPrefix64(int netId, std::string* _aidl_return) {
1484 ENFORCE_PERMISSION(NETWORK_STACK);
1485
1486 netdutils::IPPrefix prefix{};
1487 int err = gCtls->resolverCtrl.getPrefix64(netId, &prefix);
1488 if (err != 0) {
1489 return binder::Status::fromServiceSpecificError(
1490 -err, String8::format("ResolverController error: %s", strerror(-err)));
1491 }
1492 *_aidl_return = prefix.toString();
1493 return binder::Status::ok();
1494}
1495
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1496} // namespace net
1497} // namespace android