Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / b1a69a477d28923bd3ba43cadcd9cc82945abd60 / . / server / NetdNativeService.cpp
blob: 33314383ea3921d65c4920e33c681237203d9672 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]24#include <android-base/file.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]25#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]26#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]27#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]28#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]29#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]30#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]31
32#include <binder/IPCThreadState.h>
33#include <binder/IServiceManager.h>
34#include "android/net/BnNetd.h"
35
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]36#include <openssl/base64.h>
37
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]38#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]39#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]40#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]41#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]42#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]43#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]44#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]45#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]46#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]47#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]48#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]49#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]50
51using android::base::StringPrintf;
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]52using android::base::WriteStringToFile;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]53using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]54using android::net::UidRangeParcel;
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]55using android::os::ParcelFileDescriptor;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]56
57namespace android {
58namespace net {
59
60namespace {
61
62const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]63const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]64const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]65const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]66
67binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]68 pid_t pid = IPCThreadState::self()->getCallingPid();
69 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]70
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]71 // If the caller is the system UID, don't check permissions.
72 // Otherwise, if the system server's binder thread pool is full, and all the threads are
73 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
74 //
75 // From a security perspective, there is currently no difference, because:
76 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
77 // and NETWORK_STACK, which the system server will always need to have.
78 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
79 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]80 return binder::Status::ok();
81 } else {
82 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
83 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
84 }
85}
86
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]87#define ENFORCE_DEBUGGABLE() { \
88 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]89 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]90 || value[0] != '1') { \
91 return binder::Status::fromExceptionCode( \
92 binder::Status::EX_SECURITY, \
93 String8("Not available in production builds.") \
94 ); \
95 } \
96}
97
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]98#define ENFORCE_PERMISSION(permission) { \
99 binder::Status status = checkPermission((permission)); \
100 if (!status.isOk()) { \
101 return status; \
102 } \
103}
104
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]105#define NETD_LOCKING_RPC(permission, lock) \
106 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]107 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]108
109#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]110
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]111#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
112 do { \
113 if (!isOk((res))) { \
114 logErrorStatus((logEntry), (res)); \
115 return asBinderStatus((res)); \
116 } \
117 } while (0)
118
119void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
120 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
121}
122
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]123binder::Status asBinderStatus(const netdutils::Status& status) {
124 if (isOk(status)) {
125 return binder::Status::ok();
126 }
127 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
128}
129
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]130inline binder::Status statusFromErrcode(int ret) {
131 if (ret) {
132 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
133 }
134 return binder::Status::ok();
135}
136
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]137bool contains(const Vector<String16>& words, const String16& word) {
138 for (const auto& w : words) {
139 if (w == word) return true;
140 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]141
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]142 return false;
143}
144
145} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]146
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]147status_t NetdNativeService::start() {
148 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]149 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]150 if (ret != android::OK) {
151 return ret;
152 }
153 sp<ProcessState> ps(ProcessState::self());
154 ps->startThreadPool();
155 ps->giveThreadPoolName();
156 return android::OK;
157}
158
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]159status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]160 const binder::Status dump_permission = checkPermission(DUMP);
161 if (!dump_permission.isOk()) {
162 const String8 msg(dump_permission.toString8());
163 write(fd, msg.string(), msg.size());
164 return PERMISSION_DENIED;
165 }
166
167 // This method does not grab any locks. If individual classes need locking
168 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]169
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]170 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]171
172 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
173 dw.blankline();
174 gCtls->tcpSocketMonitor.dump(dw);
175 dw.blankline();
176 return NO_ERROR;
177 }
178
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]179 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
180 dw.blankline();
181 gCtls->trafficCtrl.dump(dw, true);
182 dw.blankline();
183 return NO_ERROR;
184 }
185
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]186 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]187 dw.blankline();
188 gCtls->netCtrl.dump(dw);
189 dw.blankline();
190
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]191 gCtls->trafficCtrl.dump(dw, false);
192 dw.blankline();
193
Benedict Wongaf855432018-05-10 17:07:37 -0700[diff] [blame]194 gCtls->xfrmCtrl.dump(dw);
195 dw.blankline();
196
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]197 {
198 ScopedIndent indentLog(dw);
199 if (contains(args, String16(OPT_SHORT))) {
200 dw.println("Log: <omitted>");
201 } else {
202 dw.println("Log:");
203 ScopedIndent indentLogEntries(dw);
204 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
205 }
206 dw.blankline();
207 }
208
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]209 return NO_ERROR;
210}
211
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]212binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]213 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]214 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]215
216 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]217
218 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]219 return binder::Status::ok();
220}
221
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]222binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]223 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
224 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]225 auto entry = gLog.newEntry()
226 .prettyFunction(__PRETTY_FUNCTION__)
227 .arg(chainName)
228 .arg(isWhitelist)
229 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]230
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]231 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]232 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]233
234 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]235 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]236}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]237
238binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
239 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]240 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]241
242 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
243 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]244 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]245 return binder::Status::ok();
246}
247
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]248binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
249 int64_t bytes) {
250 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
251 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
252
253 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
254
255 gLog.log(entry.returns(res).withAutomaticDuration());
256 return statusFromErrcode(res);
257}
258
259binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
260 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
261 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
262
263 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
264
265 gLog.log(entry.returns(res).withAutomaticDuration());
266 return statusFromErrcode(res);
267}
268
269binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
270 int64_t bytes) {
271 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
272 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
273
274 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
275
276 gLog.log(entry.returns(res).withAutomaticDuration());
277 return statusFromErrcode(res);
278}
279
280binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
281 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
282 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
283
284 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
285
286 gLog.log(entry.returns(res).withAutomaticDuration());
287 return statusFromErrcode(res);
288}
289
290binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
291 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
292 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
293
294 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
295
296 gLog.log(entry.returns(res).withAutomaticDuration());
297 return statusFromErrcode(res);
298}
299
300binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
301 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
302 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
303
304 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
305 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
306
307 gLog.log(entry.returns(res).withAutomaticDuration());
308 return statusFromErrcode(res);
309}
310
311binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
312 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
313 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
314
315 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
316 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
317
318 gLog.log(entry.returns(res).withAutomaticDuration());
319 return statusFromErrcode(res);
320}
321
322binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
323 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
324 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
325
326 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
327 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
328
329 gLog.log(entry.returns(res).withAutomaticDuration());
330 return statusFromErrcode(res);
331}
332
333binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
334 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
335 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
336
337 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
338 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
339
340 gLog.log(entry.returns(res).withAutomaticDuration());
341 return statusFromErrcode(res);
342}
343
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]344binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]345 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]346 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]347 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]348 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]349 return statusFromErrcode(ret);
350}
351
352binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
353 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
354 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
355 return statusFromErrcode(ret);
356}
357
358binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]359 ENFORCE_PERMISSION(NETWORK_STACK);
360 // Both of these functions manage their own locking internally.
361 const int ret = gCtls->netCtrl.destroyNetwork(netId);
362 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]363 return statusFromErrcode(ret);
364}
365
366binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
367 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
368 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
369 return statusFromErrcode(ret);
370}
371
372binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
373 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
374 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
375 return statusFromErrcode(ret);
376}
377
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]378namespace {
379
380std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
381 std::vector<std::string> result;
382 result.reserve(uidRangeArray.size());
383 for (const auto& uidRange : uidRangeArray) {
384 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
385 }
386
387 return base::Join(result, ", ");
388}
389
390} // namespace
391
392binder::Status NetdNativeService::networkAddUidRanges(
393 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]394 // NetworkController::addUsersToNetwork is thread-safe.
395 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]396 auto entry = gLog.newEntry()
397 .prettyFunction(__PRETTY_FUNCTION__)
398 .args(netId, uidRangeParcelVecToString(uidRangeArray));
399
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]400 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]401 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]402 return statusFromErrcode(ret);
403}
404
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]405binder::Status NetdNativeService::networkRemoveUidRanges(
406 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]407 // NetworkController::removeUsersFromNetwork is thread-safe.
408 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]409 auto entry = gLog.newEntry()
410 .prettyFunction(__PRETTY_FUNCTION__)
411 .args(netId, uidRangeParcelVecToString(uidRangeArray));
412
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]413 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]414 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]415 return statusFromErrcode(ret);
416}
417
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]418binder::Status NetdNativeService::networkRejectNonSecureVpn(
419 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]420 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
421 // it should be possible to use the same lock as NetworkController. However, every call through
422 // the CommandListener "network" command will need to hold this lock too, not just the ones that
423 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
424 // look at routes, but it's not enough here).
425 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]426 auto entry = gLog.newEntry()
427 .prettyFunction(__PRETTY_FUNCTION__)
428 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]429 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]430
431 int err;
432 if (add) {
433 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
434 } else {
435 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
436 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]437 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]438 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]439}
440
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]441binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
442 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]443 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
444
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]445 auto entry = gLog.newEntry()
446 .prettyFunction(__PRETTY_FUNCTION__)
447 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]448 SockDiag sd;
449 if (!sd.open()) {
450 return binder::Status::fromServiceSpecificError(EIO,
451 String8("Could not open SOCK_DIAG socket"));
452 }
453
454 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]455 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
456 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]457
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]458 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]459 if (err) {
460 return binder::Status::fromServiceSpecificError(-err,
461 String8::format("destroySockets: %s", strerror(-err)));
462 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]463 return binder::Status::ok();
464}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]465
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]466// Parse a base64 encoded string into a vector of bytes.
467// On failure, return an empty vector.
468static std::vector<uint8_t> parseBase64(const std::string& input) {
469 std::vector<uint8_t> decoded;
470 size_t out_len;
471 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
472 return decoded;
473 }
474 // out_len is now an upper bound on the output length.
475 decoded.resize(out_len);
476 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
477 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
478 // Possibly shrink the vector if the actual output was smaller than the bound.
479 decoded.resize(out_len);
480 } else {
481 decoded.clear();
482 }
483 if (out_len != SHA256_SIZE) {
484 decoded.clear();
485 }
486 return decoded;
487}
488
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]489binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
490 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]491 const std::vector<int32_t>& params, const std::string& tlsName,
492 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]493 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]494 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
495 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]496 auto entry = gLog.newEntry()
497 .prettyFunction(__PRETTY_FUNCTION__)
498 .arg(netId)
499 .arg(servers)
500 .arg(domains)
501 .arg(params)
502 .arg(tlsName)
503 .arg(tlsServers)
504 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]505
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]506 std::set<std::vector<uint8_t>> decoded_fingerprints;
507 for (const std::string& fingerprint : tlsFingerprints) {
508 std::vector<uint8_t> decoded = parseBase64(fingerprint);
509 if (decoded.empty()) {
510 return binder::Status::fromServiceSpecificError(EINVAL,
511 String8::format("ResolverController error: bad fingerprint"));
512 }
513 decoded_fingerprints.emplace(decoded);
514 }
515
516 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]517 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]518 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]519 if (err != 0) {
520 return binder::Status::fromServiceSpecificError(-err,
521 String8::format("ResolverController error: %s", strerror(-err)));
522 }
523 return binder::Status::ok();
524}
525
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]526binder::Status NetdNativeService::getResolverInfo(int32_t netId, std::vector<std::string>* servers,
527 std::vector<std::string>* domains,
528 std::vector<std::string>* tlsServers,
529 std::vector<int32_t>* params,
530 std::vector<int32_t>* stats) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]531 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]532 ENFORCE_PERMISSION(NETWORK_STACK);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]533
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]534 int err =
535 gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, tlsServers, params, stats);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]536 if (err != 0) {
537 return binder::Status::fromServiceSpecificError(-err,
538 String8::format("ResolverController error: %s", strerror(-err)));
539 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]540 return binder::Status::ok();
541}
542
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]543binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]544 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]545
546 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
547 return binder::Status::ok();
548}
549
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]550namespace {
551
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]552void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
553 const TetherController::TetherStats& tetherStats) {
554 if (tetherStatsParcel->extIface == tetherStats.extIface) {
555 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
556 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
557 tetherStatsParcel->txBytes += tetherStats.txBytes;
558 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]559 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]560}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]561
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]562TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
563 TetherStatsParcel result;
564 result.iface = stats.extIface;
565 result.rxBytes = stats.rxBytes;
566 result.rxPackets = stats.rxPackets;
567 result.txBytes = stats.txBytes;
568 result.txPackets = stats.txPackets;
569 return result;
570}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]571
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]572void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
573 const TetherController::TetherStatsList& statsList) {
574 std::map<std::string, TetherController::TetherStats> statsMap;
575 for (const auto& stats : statsList) {
576 auto iter = statsMap.find(stats.extIface);
577 if (iter != statsMap.end()) {
578 tetherAddStatsByInterface(&(iter->second), stats);
579 } else {
580 statsMap.insert(
581 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
582 }
583 }
584 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
585 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
586 }
587}
588
589std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
590 std::vector<std::string> result;
591 for (const auto& t : *tVec) {
592 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
593 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
594 t.txPackets));
595 }
596 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]597}
598
599} // namespace
600
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]601binder::Status NetdNativeService::tetherGetStats(
602 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]603 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]604
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]605 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
606
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]607 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]608 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]609 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]610 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]611 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
612 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
613 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]614 return binder::Status::ok();
615}
616
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]617binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
618 const std::string &addrString, int prefixLength) {
619 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
620
621 const int err = InterfaceController::addAddress(
622 ifName.c_str(), addrString.c_str(), prefixLength);
623 if (err != 0) {
624 return binder::Status::fromServiceSpecificError(-err,
625 String8::format("InterfaceController error: %s", strerror(-err)));
626 }
627 return binder::Status::ok();
628}
629
630binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
631 const std::string &addrString, int prefixLength) {
632 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
633
634 const int err = InterfaceController::delAddress(
635 ifName.c_str(), addrString.c_str(), prefixLength);
636 if (err != 0) {
637 return binder::Status::fromServiceSpecificError(-err,
638 String8::format("InterfaceController error: %s", strerror(-err)));
639 }
640 return binder::Status::ok();
641}
642
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]643namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]644
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]645std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
646 int32_t category) {
647 const char* ipversionStr = nullptr;
648 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]649 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]650 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]651 break;
652 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]653 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]654 break;
655 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]656 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
657 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]658 }
659
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]660 const char* whichStr = nullptr;
661 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]662 case INetd::CONF:
663 whichStr = "conf";
664 break;
665 case INetd::NEIGH:
666 whichStr = "neigh";
667 break;
668 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]669 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
670 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]671 }
672
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]673 return {binder::Status::ok(), ipversionStr, whichStr};
674}
675
676} // namespace
677
678binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
679 const std::string& ifname,
680 const std::string& parameter, std::string* value) {
681 ENFORCE_PERMISSION(NETWORK_STACK);
682 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
683 .args(ipversion, which, ifname, parameter);
684
685 const auto pathParts = getPathComponents(ipversion, which);
686 const auto& pathStatus = std::get<0>(pathParts);
687 if (!pathStatus.isOk()) {
688 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
689 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]690 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]691
692 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
693 std::get<2>(pathParts), ifname.c_str(),
694 parameter.c_str(), value);
695 entry.returns(err);
696 if (err == 0) entry.returns(*value);
697 gLog.log(entry.withAutomaticDuration());
698 return statusFromErrcode(err);
699}
700
701binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
702 const std::string& ifname,
703 const std::string& parameter,
704 const std::string& value) {
705 ENFORCE_PERMISSION(NETWORK_STACK);
706 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
707 .args(ipversion, which, ifname, parameter, value);
708
709 const auto pathParts = getPathComponents(ipversion, which);
710 const auto& pathStatus = std::get<0>(pathParts);
711 if (!pathStatus.isOk()) {
712 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
713 return pathStatus;
714 }
715
716 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
717 std::get<2>(pathParts), ifname.c_str(),
718 parameter.c_str(), value.c_str());
719 gLog.log(entry.returns(err).withAutomaticDuration());
720 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]721}
722
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]723binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
724 // This function intentionally does not lock, since the only thing it does is one read from an
725 // atomic_int.
726 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
727 ENFORCE_DEBUGGABLE();
728
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]729 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]730 return binder::Status::ok();
731}
732
733binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
734 // This function intentionally does not lock, since the only thing it does is one write to an
735 // atomic_int.
736 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
737 ENFORCE_DEBUGGABLE();
738
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]739 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
740 ? binder::Status::ok()
741 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]742}
743
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]744binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,
745 int newUid) {
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]746 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]747 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]748
749 uid_t callerUid = IPCThreadState::self()->getCallingUid();
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]750 return asBinderStatus(
751 gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]752}
753
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]754binder::Status NetdNativeService::ipSecAllocateSpi(
755 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]756 const std::string& sourceAddress,
757 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]758 int32_t inSpi,
759 int32_t* outSpi) {
760 // Necessary locking done in IpSecService and kernel
761 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]762 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]763 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]764 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]765 sourceAddress,
766 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]767 inSpi,
768 outSpi));
769}
770
771binder::Status NetdNativeService::ipSecAddSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]772 int32_t transformId, int32_t mode, const std::string& sourceAddress,
773 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
774 int32_t markValue, int32_t markMask, const std::string& authAlgo,
775 const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
776 const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
777 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
778 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]779 // Necessary locking done in IpSecService and kernel
780 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]781 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]782 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]783 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
784 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]785 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
786 interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]787}
788
789binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]790 int32_t transformId, const std::string& sourceAddress,
791 const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
792 int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]793 // Necessary locking done in IpSecService and kernel
794 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]795 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]796 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]797 transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]798}
799
800binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]801 const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,
802 const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]803 // Necessary locking done in IpSecService and kernel
804 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]805 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]806 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]807 socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]808}
809
810binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]811 const ParcelFileDescriptor& socket) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]812 // Necessary locking done in IpSecService and kernel
813 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]814 gLog.log("ipSecRemoveTransportModeTransform()");
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]815 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]816}
817
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]818binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
819 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]820 const std::string& tmplSrcAddress,
821 const std::string& tmplDstAddress,
822 int32_t spi, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]823 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]824 // Necessary locking done in IpSecService and kernel
825 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]826 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]827 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]828 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]829 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]830}
831
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]832binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
833 int32_t transformId, int32_t selAddrFamily, int32_t direction,
834 const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
835 int32_t markValue, int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]836 // Necessary locking done in IpSecService and kernel
837 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]838 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]839 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]840 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]841 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]842}
843
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]844binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
845 int32_t selAddrFamily,
846 int32_t direction, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]847 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]848 // Necessary locking done in IpSecService and kernel
849 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]850 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]851 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]852 transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]853}
854
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]855binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
856 const std::string& localAddress,
857 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]858 int32_t iKey, int32_t oKey,
859 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]860 // Necessary locking done in IpSecService and kernel
861 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]862 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]863
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]864 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]865 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]866 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
867
868 gLog.log(entry.returns(result).withAutomaticDuration());
869 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]870}
871
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]872binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
873 const std::string& localAddress,
874 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]875 int32_t iKey, int32_t oKey,
876 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]877 // Necessary locking done in IpSecService and kernel
878 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]879 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]880
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]881 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]882 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]883 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
884
885 gLog.log(entry.returns(result).withAutomaticDuration());
886 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]887}
888
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]889binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]890 // Necessary locking done in IpSecService and kernel
891 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]892 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]893
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]894 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
895 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
896
897 gLog.log(entry.returns(result).withAutomaticDuration());
898 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]899}
900
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]901binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
902 int32_t mode) {
903 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]904 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]905}
906
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]907binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
908 const std::string& prefix, int32_t mark,
909 int32_t mask) {
910 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]911 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]912}
913
914binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
915 const std::string& prefix, int32_t mark,
916 int32_t mask) {
917 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]918 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]919}
920
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]921binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
922 ENFORCE_PERMISSION(NETWORK_STACK);
923 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
924 return binder::Status::ok();
925}
926
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]927binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
928 const std::string& classLabel) {
929 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
930 auto entry = gLog.newEntry()
931 .prettyFunction(__PRETTY_FUNCTION__)
932 .arg(ifName)
933 .arg(timeout)
934 .arg(classLabel);
935 int res =
936 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
937 gLog.log(entry.returns(res).withAutomaticDuration());
938 return statusFromErrcode(res);
939}
940
941binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
942 int32_t timeout,
943 const std::string& classLabel) {
944 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
945 auto entry = gLog.newEntry()
946 .prettyFunction(__PRETTY_FUNCTION__)
947 .arg(ifName)
948 .arg(timeout)
949 .arg(classLabel);
950 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
951 classLabel.c_str());
952 gLog.log(entry.returns(res).withAutomaticDuration());
953 return statusFromErrcode(res);
954}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]955
956binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
957 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
958 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
959 StrictPenalty penalty;
960 switch (policyPenalty) {
961 case INetd::PENALTY_POLICY_REJECT:
962 penalty = REJECT;
963 break;
964 case INetd::PENALTY_POLICY_LOG:
965 penalty = LOG;
966 break;
967 case INetd::PENALTY_POLICY_ACCEPT:
968 penalty = ACCEPT;
969 break;
970 default:
971 return statusFromErrcode(-EINVAL);
972 break;
973 }
974 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
975 gLog.log(entry.returns(res).withAutomaticDuration());
976 return statusFromErrcode(res);
977}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]978
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]979binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
980 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
981 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
982 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
983 gLog.log(entry.returns(res).withAutomaticDuration());
984 return statusFromErrcode(res);
985}
986
987binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
988 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
989 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
990 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
991 gLog.log(entry.returns(res).withAutomaticDuration());
992 return statusFromErrcode(res);
993}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]994
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]995binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
996 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
997 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
998 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
999 gLog.log(entry.returns(*status).withAutomaticDuration());
1000 return binder::Status::ok();
1001}
1002
1003binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1004 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1005 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1006 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1007 gLog.log(entry.returns(res).withAutomaticDuration());
1008 return statusFromErrcode(res);
1009}
1010
1011binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1012 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1013 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1014 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1015 gLog.log(entry.returns(res).withAutomaticDuration());
1016 return statusFromErrcode(res);
1017}
1018
1019binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1020 const std::string& toIface) {
1021 ENFORCE_PERMISSION(NETWORK_STACK);
1022 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1023 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1024 gLog.log(entry.returns(res).withAutomaticDuration());
1025 return statusFromErrcode(res);
1026}
1027
1028binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1029 const std::string& toIface) {
1030 ENFORCE_PERMISSION(NETWORK_STACK);
1031 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1032 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1033 gLog.log(entry.returns(res).withAutomaticDuration());
1034 return statusFromErrcode(res);
1035}
1036
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1037namespace {
1038std::string addSquareBrackets(const std::string& s) {
1039 return "[" + s + "]";
1040}
1041
1042std::string addCurlyBrackets(const std::string& s) {
1043 return "{" + s + "}";
1044}
1045
1046} // namespace
1047binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1048 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1049 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1050
1051 const auto& ifaceList = InterfaceController::getIfaceNames();
1052 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1053
1054 interfaceListResult->clear();
1055 interfaceListResult->reserve(ifaceList.value().size());
1056 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1057 end(ifaceList.value()));
1058
1059 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1060 .withAutomaticDuration());
1061 return binder::Status::ok();
1062}
1063
1064std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1065 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1066 std::to_string(cfg.prefixLength)};
1067 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1068 return addCurlyBrackets(base::Join(result, ", "));
1069}
1070
1071binder::Status NetdNativeService::interfaceGetCfg(
1072 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1073 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1074 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1075
1076 const auto& cfgRes = InterfaceController::getCfg(ifName);
1077 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1078
1079 *interfaceGetCfgResult = cfgRes.value();
1080 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1081 .withAutomaticDuration());
1082 return binder::Status::ok();
1083}
1084
1085binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1086 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1087 auto entry = gLog.newEntry()
1088 .prettyFunction(__PRETTY_FUNCTION__)
1089 .arg(interfaceConfigurationParcelToString(cfg));
1090
1091 const auto& res = InterfaceController::setCfg(cfg);
1092 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1093
1094 gLog.log(entry.withAutomaticDuration());
1095 return binder::Status::ok();
1096}
1097
1098binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1099 bool enable) {
1100 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1101 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1102 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1103 gLog.log(entry.returns(res).withAutomaticDuration());
1104 return statusFromErrcode(res);
1105}
1106
1107binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1108 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1109 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1110 int res = InterfaceController::clearAddrs(ifName.c_str());
1111 gLog.log(entry.returns(res).withAutomaticDuration());
1112 return statusFromErrcode(res);
1113}
1114
1115binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1116 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1117 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1118 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1119 gLog.log(entry.returns(res).withAutomaticDuration());
1120 return statusFromErrcode(res);
1121}
1122
1123binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1124 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1125 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1126 std::string mtu = std::to_string(mtuValue);
1127 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1128 gLog.log(entry.returns(res).withAutomaticDuration());
1129 return statusFromErrcode(res);
1130}
1131
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1132binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1133 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1134 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1135 if (dhcpRanges.size() % 2 == 1) {
1136 return statusFromErrcode(-EINVAL);
1137 }
1138 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1139 gLog.log(entry.returns(res).withAutomaticDuration());
1140 return statusFromErrcode(res);
1141}
1142
1143binder::Status NetdNativeService::tetherStop() {
1144 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1145 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1146 int res = gCtls->tetherCtrl.stopTethering();
1147 gLog.log(entry.returns(res).withAutomaticDuration());
1148 return statusFromErrcode(res);
1149}
1150
1151binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1152 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1153 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1154 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1155 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1156 return binder::Status::ok();
1157}
1158
1159binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1160 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1161 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1162 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1163 gLog.log(entry.returns(res).withAutomaticDuration());
1164 return statusFromErrcode(res);
1165}
1166
1167binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1168 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1169 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1170 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1171 gLog.log(entry.returns(res).withAutomaticDuration());
1172 return statusFromErrcode(res);
1173}
1174
1175binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1176 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1177 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1178 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1179 ifList->push_back(ifname);
1180 }
1181 gLog.log(entry.returns(true).withAutomaticDuration());
1182 return binder::Status::ok();
1183}
1184
1185binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1186 const std::vector<std::string>& dnsAddrs) {
1187 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1188 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1189 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1190 gLog.log(entry.returns(res).withAutomaticDuration());
1191 return statusFromErrcode(res);
1192}
1193
1194binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1195 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1196 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1197 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1198 dnsList->push_back(fwdr);
1199 }
1200 gLog.log(entry.returns(true).withAutomaticDuration());
1201 return binder::Status::ok();
1202}
1203
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1204binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1205 const std::string& destination,
1206 const std::string& nextHop) {
1207 // Public methods of NetworkController are thread-safe.
1208 ENFORCE_PERMISSION(NETWORK_STACK);
1209 auto entry = gLog.newEntry()
1210 .prettyFunction(__PRETTY_FUNCTION__)
1211 .arg(netId)
1212 .arg(ifName)
1213 .arg(destination)
1214 .arg(nextHop);
1215 bool legacy = false;
1216 uid_t uid = 0; // UID is only meaningful for legacy routes.
1217 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1218 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1219 gLog.log(entry.returns(res).withAutomaticDuration());
1220 return statusFromErrcode(res);
1221}
1222
1223binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1224 const std::string& destination,
1225 const std::string& nextHop) {
1226 ENFORCE_PERMISSION(NETWORK_STACK);
1227 auto entry = gLog.newEntry()
1228 .prettyFunction(__PRETTY_FUNCTION__)
1229 .arg(netId)
1230 .arg(ifName)
1231 .arg(destination)
1232 .arg(nextHop);
1233 bool legacy = false;
1234 uid_t uid = 0; // UID is only meaningful for legacy routes.
1235 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1236 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1237 gLog.log(entry.returns(res).withAutomaticDuration());
1238 return statusFromErrcode(res);
1239}
1240
1241binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1242 const std::string& destination,
1243 const std::string& nextHop, int32_t uid) {
1244 ENFORCE_PERMISSION(NETWORK_STACK);
1245 auto entry = gLog.newEntry()
1246 .prettyFunction(__PRETTY_FUNCTION__)
1247 .arg(netId)
1248 .arg(ifName)
1249 .arg(destination)
1250 .arg(nextHop)
1251 .arg(uid);
1252 bool legacy = true;
1253 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1254 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1255 (uid_t) uid);
1256 gLog.log(entry.returns(res).withAutomaticDuration());
1257 return statusFromErrcode(res);
1258}
1259
1260binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1261 const std::string& destination,
1262 const std::string& nextHop,
1263 int32_t uid) {
1264 ENFORCE_PERMISSION(NETWORK_STACK);
1265 auto entry = gLog.newEntry()
1266 .prettyFunction(__PRETTY_FUNCTION__)
1267 .arg(netId)
1268 .arg(ifName)
1269 .arg(destination)
1270 .arg(nextHop)
1271 .arg(uid);
1272 bool legacy = true;
1273 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1274 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1275 (uid_t) uid);
1276 gLog.log(entry.returns(res).withAutomaticDuration());
1277 return statusFromErrcode(res);
1278}
1279
1280binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1281 ENFORCE_PERMISSION(NETWORK_STACK);
1282 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1283 *netId = gCtls->netCtrl.getDefaultNetwork();
1284 gLog.log(entry.returns(*netId).withAutomaticDuration());
1285 return binder::Status::ok();
1286}
1287
1288binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1289 ENFORCE_PERMISSION(NETWORK_STACK);
1290 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1291 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1292 gLog.log(entry.returns(res).withAutomaticDuration());
1293 return statusFromErrcode(res);
1294}
1295
1296binder::Status NetdNativeService::networkClearDefault() {
1297 ENFORCE_PERMISSION(NETWORK_STACK);
1298 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1299 unsigned netId = NETID_UNSET;
1300 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1301 gLog.log(entry.returns(res).withAutomaticDuration());
1302 return statusFromErrcode(res);
1303}
1304
1305std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1306 return {begin(intUids), end(intUids)};
1307}
1308
1309Permission NetdNativeService::convertPermission(int32_t permission) {
1310 switch (permission) {
1311 case INetd::PERMISSION_NETWORK:
1312 return Permission::PERMISSION_NETWORK;
1313 case INetd::PERMISSION_SYSTEM:
1314 return Permission::PERMISSION_SYSTEM;
1315 default:
1316 return Permission::PERMISSION_NONE;
1317 }
1318}
1319
1320binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1321 int32_t permission) {
1322 ENFORCE_PERMISSION(NETWORK_STACK);
1323 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1324 std::vector<unsigned> netIds = {(unsigned) netId};
1325 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1326 gLog.log(entry.returns(res).withAutomaticDuration());
1327 return statusFromErrcode(res);
1328}
1329
1330binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1331 const std::vector<int32_t>& uids) {
1332 ENFORCE_PERMISSION(NETWORK_STACK);
1333 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1334 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1335 gLog.log(entry.withAutomaticDuration());
1336 return binder::Status::ok();
1337}
1338
1339binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1340 ENFORCE_PERMISSION(NETWORK_STACK);
1341 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1342 Permission permission = Permission::PERMISSION_NONE;
1343 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1344 gLog.log(entry.withAutomaticDuration());
1345 return binder::Status::ok();
1346}
1347
1348binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1349 ENFORCE_PERMISSION(NETWORK_STACK);
1350 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1351 std::vector<uid_t> uids = {(uid_t) uid};
1352 gCtls->netCtrl.allowProtect(uids);
1353 gLog.log(entry.withAutomaticDuration());
1354 return binder::Status::ok();
1355}
1356
1357binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1358 ENFORCE_PERMISSION(NETWORK_STACK);
1359 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1360 std::vector<uid_t> uids = {(uid_t) uid};
1361 gCtls->netCtrl.denyProtect(uids);
1362 gLog.log(entry.withAutomaticDuration());
1363 return binder::Status::ok();
1364}
1365
1366binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1367 ENFORCE_PERMISSION(NETWORK_STACK);
1368 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1369 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1370 gLog.log(entry.returns(*ret).withAutomaticDuration());
1371 return binder::Status::ok();
1372}
1373
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1374namespace {
1375std::string ruleToString(int32_t rule) {
1376 switch (rule) {
1377 case INetd::FIREWALL_RULE_DENY:
1378 return "DENY";
1379 case INetd::FIREWALL_RULE_ALLOW:
1380 return "ALLOW";
1381 default:
1382 return "INVALID";
1383 }
1384}
1385
1386std::string typeToString(int32_t type) {
1387 switch (type) {
1388 case INetd::FIREWALL_WHITELIST:
1389 return "WHITELIST";
1390 case INetd::FIREWALL_BLACKLIST:
1391 return "BLACKLIST";
1392 default:
1393 return "INVALID";
1394 }
1395}
1396
1397std::string chainToString(int32_t chain) {
1398 switch (chain) {
1399 case INetd::FIREWALL_CHAIN_NONE:
1400 return "NONE";
1401 case INetd::FIREWALL_CHAIN_DOZABLE:
1402 return "DOZABLE";
1403 case INetd::FIREWALL_CHAIN_STANDBY:
1404 return "STANDBY";
1405 case INetd::FIREWALL_CHAIN_POWERSAVE:
1406 return "POWERSAVE";
1407 default:
1408 return "INVALID";
1409 }
1410}
1411
1412} // namespace
1413
1414binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1415 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1416 auto entry =
1417 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1418 auto type = static_cast<FirewallType>(firewallType);
1419
1420 int res = gCtls->firewallCtrl.setFirewallType(type);
1421 gLog.log(entry.returns(res).withAutomaticDuration());
1422 return statusFromErrcode(res);
1423}
1424
1425binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1426 int32_t firewallRule) {
1427 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1428 auto entry = gLog.newEntry()
1429 .prettyFunction(__PRETTY_FUNCTION__)
1430 .args(ifName, ruleToString(firewallRule));
1431 auto rule = static_cast<FirewallRule>(firewallRule);
1432
1433 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1434 gLog.log(entry.returns(res).withAutomaticDuration());
1435 return statusFromErrcode(res);
1436}
1437
1438binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1439 int32_t firewallRule) {
1440 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1441 auto entry = gLog.newEntry()
1442 .prettyFunction(__PRETTY_FUNCTION__)
1443 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1444 auto chain = static_cast<ChildChain>(childChain);
1445 auto rule = static_cast<FirewallRule>(firewallRule);
1446
1447 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1448 gLog.log(entry.returns(res).withAutomaticDuration());
1449 return statusFromErrcode(res);
1450}
1451
1452binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1453 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1454 auto entry = gLog.newEntry()
1455 .prettyFunction(__PRETTY_FUNCTION__)
1456 .args(chainToString(childChain), enable);
1457 auto chain = static_cast<ChildChain>(childChain);
1458
1459 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1460 gLog.log(entry.returns(res).withAutomaticDuration());
1461 return statusFromErrcode(res);
1462}
1463
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1464binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1465 const std::string& extIface) {
1466 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1467 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1468
1469 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1470 gLog.log(entry.returns(res).withAutomaticDuration());
1471 return statusFromErrcode(res);
1472}
1473
1474binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1475 const std::string& extIface) {
1476 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1477 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1478
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1479 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1480 gLog.log(entry.returns(res).withAutomaticDuration());
1481 return statusFromErrcode(res);
1482}
1483
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]1484binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,
1485 const std::string& wmemValues) {
1486 ENFORCE_PERMISSION(NETWORK_STACK);
1487 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(rmemValues, wmemValues);
1488 if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {
1489 int ret = -errno;
1490 gLog.log(entry.returns(ret).withAutomaticDuration());
1491 return statusFromErrcode(ret);
1492 }
1493
1494 if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {
1495 int ret = -errno;
1496 gLog.log(entry.returns(ret).withAutomaticDuration());
1497 return statusFromErrcode(ret);
1498 }
1499 gLog.log(entry.withAutomaticDuration());
1500 return binder::Status::ok();
1501}
1502
nuccachenf52f7a52018-07-17 18:07:23 +0800[diff] [blame]1503binder::Status NetdNativeService::getPrefix64(int netId, std::string* _aidl_return) {
1504 ENFORCE_PERMISSION(NETWORK_STACK);
1505
1506 netdutils::IPPrefix prefix{};
1507 int err = gCtls->resolverCtrl.getPrefix64(netId, &prefix);
1508 if (err != 0) {
1509 return binder::Status::fromServiceSpecificError(
1510 -err, String8::format("ResolverController error: %s", strerror(-err)));
1511 }
1512 *_aidl_return = prefix.toString();
1513 return binder::Status::ok();
1514}
1515
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1516} // namespace net
1517} // namespace android