Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 67cd14ce46a4ff740d42aa444bc4e69215fe8d99 / . / server / NetdNativeService.cpp
blob: f9a83e43ea9d78eb07035ce79d95de6447d5f5d2 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]24#include <android-base/file.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]25#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]26#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]27#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]28#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]29#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]30#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]31
32#include <binder/IPCThreadState.h>
33#include <binder/IServiceManager.h>
34#include "android/net/BnNetd.h"
35
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]36#include <openssl/base64.h>
37
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]38#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]39#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]40#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]41#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]42#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]43#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]44#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]45#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]46#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]47#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]48#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]49#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]50
51using android::base::StringPrintf;
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]52using android::base::WriteStringToFile;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]53using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]54using android::net::UidRangeParcel;
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]55using android::os::ParcelFileDescriptor;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]56
57namespace android {
58namespace net {
59
60namespace {
61
62const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]63const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]64const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]65const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]66
67binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]68 pid_t pid = IPCThreadState::self()->getCallingPid();
69 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]70
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]71 // If the caller is the system UID, don't check permissions.
72 // Otherwise, if the system server's binder thread pool is full, and all the threads are
73 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
74 //
75 // From a security perspective, there is currently no difference, because:
76 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
77 // and NETWORK_STACK, which the system server will always need to have.
78 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
79 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]80 return binder::Status::ok();
81 } else {
82 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
83 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
84 }
85}
86
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]87#define ENFORCE_DEBUGGABLE() { \
88 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]89 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]90 || value[0] != '1') { \
91 return binder::Status::fromExceptionCode( \
92 binder::Status::EX_SECURITY, \
93 String8("Not available in production builds.") \
94 ); \
95 } \
96}
97
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]98#define ENFORCE_PERMISSION(permission) { \
99 binder::Status status = checkPermission((permission)); \
100 if (!status.isOk()) { \
101 return status; \
102 } \
103}
104
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]105#define NETD_LOCKING_RPC(permission, lock) \
106 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]107 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]108
109#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]110
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]111#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
112 do { \
113 if (!isOk((res))) { \
114 logErrorStatus((logEntry), (res)); \
115 return asBinderStatus((res)); \
116 } \
117 } while (0)
118
119void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
120 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
121}
122
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]123binder::Status asBinderStatus(const netdutils::Status& status) {
124 if (isOk(status)) {
125 return binder::Status::ok();
126 }
127 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
128}
129
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]130inline binder::Status statusFromErrcode(int ret) {
131 if (ret) {
132 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
133 }
134 return binder::Status::ok();
135}
136
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]137bool contains(const Vector<String16>& words, const String16& word) {
138 for (const auto& w : words) {
139 if (w == word) return true;
140 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]141
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]142 return false;
143}
144
145} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]146
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]147status_t NetdNativeService::start() {
148 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]149 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]150 if (ret != android::OK) {
151 return ret;
152 }
153 sp<ProcessState> ps(ProcessState::self());
154 ps->startThreadPool();
155 ps->giveThreadPoolName();
156 return android::OK;
157}
158
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]159status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]160 const binder::Status dump_permission = checkPermission(DUMP);
161 if (!dump_permission.isOk()) {
162 const String8 msg(dump_permission.toString8());
163 write(fd, msg.string(), msg.size());
164 return PERMISSION_DENIED;
165 }
166
167 // This method does not grab any locks. If individual classes need locking
168 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]169
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]170 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]171
172 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
173 dw.blankline();
174 gCtls->tcpSocketMonitor.dump(dw);
175 dw.blankline();
176 return NO_ERROR;
177 }
178
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]179 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
180 dw.blankline();
181 gCtls->trafficCtrl.dump(dw, true);
182 dw.blankline();
183 return NO_ERROR;
184 }
185
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]186 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]187 dw.blankline();
188 gCtls->netCtrl.dump(dw);
189 dw.blankline();
190
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]191 gCtls->trafficCtrl.dump(dw, false);
192 dw.blankline();
193
Benedict Wongaf855432018-05-10 17:07:37 -0700[diff] [blame]194 gCtls->xfrmCtrl.dump(dw);
195 dw.blankline();
196
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]197 {
198 ScopedIndent indentLog(dw);
199 if (contains(args, String16(OPT_SHORT))) {
200 dw.println("Log: <omitted>");
201 } else {
202 dw.println("Log:");
203 ScopedIndent indentLogEntries(dw);
204 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
205 }
206 dw.blankline();
207 }
208
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]209 return NO_ERROR;
210}
211
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]212binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]213 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]214 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]215
216 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]217
218 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]219 return binder::Status::ok();
220}
221
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]222binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]223 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
224 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]225 auto entry = gLog.newEntry()
226 .prettyFunction(__PRETTY_FUNCTION__)
227 .arg(chainName)
228 .arg(isWhitelist)
229 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]230
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]231 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]232 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]233
234 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]235 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]236}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]237
238binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
239 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]240 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]241
242 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
243 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]244 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]245 return binder::Status::ok();
246}
247
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]248binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
249 int64_t bytes) {
250 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
251 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
252
253 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
254
255 gLog.log(entry.returns(res).withAutomaticDuration());
256 return statusFromErrcode(res);
257}
258
259binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
260 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
261 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
262
263 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
264
265 gLog.log(entry.returns(res).withAutomaticDuration());
266 return statusFromErrcode(res);
267}
268
269binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
270 int64_t bytes) {
271 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
272 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
273
274 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
275
276 gLog.log(entry.returns(res).withAutomaticDuration());
277 return statusFromErrcode(res);
278}
279
280binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
281 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
282 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
283
284 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
285
286 gLog.log(entry.returns(res).withAutomaticDuration());
287 return statusFromErrcode(res);
288}
289
290binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
291 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
292 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
293
294 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
295
296 gLog.log(entry.returns(res).withAutomaticDuration());
297 return statusFromErrcode(res);
298}
299
300binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
301 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
302 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
303
304 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
305 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
306
307 gLog.log(entry.returns(res).withAutomaticDuration());
308 return statusFromErrcode(res);
309}
310
311binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
312 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
313 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
314
315 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
316 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
317
318 gLog.log(entry.returns(res).withAutomaticDuration());
319 return statusFromErrcode(res);
320}
321
322binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
323 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
324 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
325
326 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
327 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
328
329 gLog.log(entry.returns(res).withAutomaticDuration());
330 return statusFromErrcode(res);
331}
332
333binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
334 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
335 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
336
337 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
338 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
339
340 gLog.log(entry.returns(res).withAutomaticDuration());
341 return statusFromErrcode(res);
342}
343
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]344binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]345 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]346 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]347 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]348 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]349 return statusFromErrcode(ret);
350}
351
cken67cd14c2018-12-05 17:26:59 +0900[diff] [blame^]352binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]353 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
cken67cd14c2018-12-05 17:26:59 +0900[diff] [blame^]354 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(netId, secure);
355 int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure);
356 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]357 return statusFromErrcode(ret);
358}
359
360binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]361 ENFORCE_PERMISSION(NETWORK_STACK);
362 // Both of these functions manage their own locking internally.
363 const int ret = gCtls->netCtrl.destroyNetwork(netId);
364 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]365 return statusFromErrcode(ret);
366}
367
368binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
369 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
370 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
371 return statusFromErrcode(ret);
372}
373
374binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
375 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
376 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
377 return statusFromErrcode(ret);
378}
379
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]380namespace {
381
382std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
383 std::vector<std::string> result;
384 result.reserve(uidRangeArray.size());
385 for (const auto& uidRange : uidRangeArray) {
386 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
387 }
388
389 return base::Join(result, ", ");
390}
391
392} // namespace
393
394binder::Status NetdNativeService::networkAddUidRanges(
395 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]396 // NetworkController::addUsersToNetwork is thread-safe.
397 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]398 auto entry = gLog.newEntry()
399 .prettyFunction(__PRETTY_FUNCTION__)
400 .args(netId, uidRangeParcelVecToString(uidRangeArray));
401
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]402 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]403 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]404 return statusFromErrcode(ret);
405}
406
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]407binder::Status NetdNativeService::networkRemoveUidRanges(
408 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]409 // NetworkController::removeUsersFromNetwork is thread-safe.
410 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]411 auto entry = gLog.newEntry()
412 .prettyFunction(__PRETTY_FUNCTION__)
413 .args(netId, uidRangeParcelVecToString(uidRangeArray));
414
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]415 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]416 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]417 return statusFromErrcode(ret);
418}
419
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]420binder::Status NetdNativeService::networkRejectNonSecureVpn(
421 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]422 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
423 // it should be possible to use the same lock as NetworkController. However, every call through
424 // the CommandListener "network" command will need to hold this lock too, not just the ones that
425 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
426 // look at routes, but it's not enough here).
427 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]428 auto entry = gLog.newEntry()
429 .prettyFunction(__PRETTY_FUNCTION__)
430 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]431 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]432
433 int err;
434 if (add) {
435 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
436 } else {
437 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
438 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]439 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]440 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]441}
442
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]443binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
444 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]445 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
446
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]447 auto entry = gLog.newEntry()
448 .prettyFunction(__PRETTY_FUNCTION__)
449 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]450 SockDiag sd;
451 if (!sd.open()) {
452 return binder::Status::fromServiceSpecificError(EIO,
453 String8("Could not open SOCK_DIAG socket"));
454 }
455
456 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]457 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
458 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]459
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]460 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]461 if (err) {
462 return binder::Status::fromServiceSpecificError(-err,
463 String8::format("destroySockets: %s", strerror(-err)));
464 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]465 return binder::Status::ok();
466}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]467
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]468// Parse a base64 encoded string into a vector of bytes.
469// On failure, return an empty vector.
470static std::vector<uint8_t> parseBase64(const std::string& input) {
471 std::vector<uint8_t> decoded;
472 size_t out_len;
473 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
474 return decoded;
475 }
476 // out_len is now an upper bound on the output length.
477 decoded.resize(out_len);
478 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
479 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
480 // Possibly shrink the vector if the actual output was smaller than the bound.
481 decoded.resize(out_len);
482 } else {
483 decoded.clear();
484 }
485 if (out_len != SHA256_SIZE) {
486 decoded.clear();
487 }
488 return decoded;
489}
490
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]491binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
492 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]493 const std::vector<int32_t>& params, const std::string& tlsName,
494 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]495 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]496 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
497 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]498 auto entry = gLog.newEntry()
499 .prettyFunction(__PRETTY_FUNCTION__)
500 .arg(netId)
501 .arg(servers)
502 .arg(domains)
503 .arg(params)
504 .arg(tlsName)
505 .arg(tlsServers)
506 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]507
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]508 std::set<std::vector<uint8_t>> decoded_fingerprints;
509 for (const std::string& fingerprint : tlsFingerprints) {
510 std::vector<uint8_t> decoded = parseBase64(fingerprint);
511 if (decoded.empty()) {
512 return binder::Status::fromServiceSpecificError(EINVAL,
513 String8::format("ResolverController error: bad fingerprint"));
514 }
515 decoded_fingerprints.emplace(decoded);
516 }
517
518 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]519 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]520 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]521 if (err != 0) {
522 return binder::Status::fromServiceSpecificError(-err,
523 String8::format("ResolverController error: %s", strerror(-err)));
524 }
525 return binder::Status::ok();
526}
527
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]528binder::Status NetdNativeService::getResolverInfo(int32_t netId, std::vector<std::string>* servers,
529 std::vector<std::string>* domains,
530 std::vector<std::string>* tlsServers,
531 std::vector<int32_t>* params,
532 std::vector<int32_t>* stats) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]533 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]534 ENFORCE_PERMISSION(NETWORK_STACK);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]535
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]536 int err =
537 gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, tlsServers, params, stats);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]538 if (err != 0) {
539 return binder::Status::fromServiceSpecificError(-err,
540 String8::format("ResolverController error: %s", strerror(-err)));
541 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]542 return binder::Status::ok();
543}
544
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]545binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]546 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]547
548 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
549 return binder::Status::ok();
550}
551
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]552namespace {
553
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]554void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
555 const TetherController::TetherStats& tetherStats) {
556 if (tetherStatsParcel->extIface == tetherStats.extIface) {
557 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
558 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
559 tetherStatsParcel->txBytes += tetherStats.txBytes;
560 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]561 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]562}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]563
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]564TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
565 TetherStatsParcel result;
566 result.iface = stats.extIface;
567 result.rxBytes = stats.rxBytes;
568 result.rxPackets = stats.rxPackets;
569 result.txBytes = stats.txBytes;
570 result.txPackets = stats.txPackets;
571 return result;
572}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]573
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]574void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
575 const TetherController::TetherStatsList& statsList) {
576 std::map<std::string, TetherController::TetherStats> statsMap;
577 for (const auto& stats : statsList) {
578 auto iter = statsMap.find(stats.extIface);
579 if (iter != statsMap.end()) {
580 tetherAddStatsByInterface(&(iter->second), stats);
581 } else {
582 statsMap.insert(
583 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
584 }
585 }
586 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
587 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
588 }
589}
590
591std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
592 std::vector<std::string> result;
593 for (const auto& t : *tVec) {
594 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
595 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
596 t.txPackets));
597 }
598 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]599}
600
601} // namespace
602
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]603binder::Status NetdNativeService::tetherGetStats(
604 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]605 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]606
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]607 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
608
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]609 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]610 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]611 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]612 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]613 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
614 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
615 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]616 return binder::Status::ok();
617}
618
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]619binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
620 const std::string &addrString, int prefixLength) {
621 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
622
623 const int err = InterfaceController::addAddress(
624 ifName.c_str(), addrString.c_str(), prefixLength);
625 if (err != 0) {
626 return binder::Status::fromServiceSpecificError(-err,
627 String8::format("InterfaceController error: %s", strerror(-err)));
628 }
629 return binder::Status::ok();
630}
631
632binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
633 const std::string &addrString, int prefixLength) {
634 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
635
636 const int err = InterfaceController::delAddress(
637 ifName.c_str(), addrString.c_str(), prefixLength);
638 if (err != 0) {
639 return binder::Status::fromServiceSpecificError(-err,
640 String8::format("InterfaceController error: %s", strerror(-err)));
641 }
642 return binder::Status::ok();
643}
644
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]645namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]646
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]647std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
648 int32_t category) {
649 const char* ipversionStr = nullptr;
650 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]651 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]652 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]653 break;
654 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]655 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]656 break;
657 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]658 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
659 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]660 }
661
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]662 const char* whichStr = nullptr;
663 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]664 case INetd::CONF:
665 whichStr = "conf";
666 break;
667 case INetd::NEIGH:
668 whichStr = "neigh";
669 break;
670 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]671 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
672 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]673 }
674
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]675 return {binder::Status::ok(), ipversionStr, whichStr};
676}
677
678} // namespace
679
680binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
681 const std::string& ifname,
682 const std::string& parameter, std::string* value) {
683 ENFORCE_PERMISSION(NETWORK_STACK);
684 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
685 .args(ipversion, which, ifname, parameter);
686
687 const auto pathParts = getPathComponents(ipversion, which);
688 const auto& pathStatus = std::get<0>(pathParts);
689 if (!pathStatus.isOk()) {
690 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
691 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]692 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]693
694 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
695 std::get<2>(pathParts), ifname.c_str(),
696 parameter.c_str(), value);
697 entry.returns(err);
698 if (err == 0) entry.returns(*value);
699 gLog.log(entry.withAutomaticDuration());
700 return statusFromErrcode(err);
701}
702
703binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
704 const std::string& ifname,
705 const std::string& parameter,
706 const std::string& value) {
707 ENFORCE_PERMISSION(NETWORK_STACK);
708 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
709 .args(ipversion, which, ifname, parameter, value);
710
711 const auto pathParts = getPathComponents(ipversion, which);
712 const auto& pathStatus = std::get<0>(pathParts);
713 if (!pathStatus.isOk()) {
714 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
715 return pathStatus;
716 }
717
718 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
719 std::get<2>(pathParts), ifname.c_str(),
720 parameter.c_str(), value.c_str());
721 gLog.log(entry.returns(err).withAutomaticDuration());
722 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]723}
724
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]725binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
726 // This function intentionally does not lock, since the only thing it does is one read from an
727 // atomic_int.
728 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
729 ENFORCE_DEBUGGABLE();
730
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]731 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]732 return binder::Status::ok();
733}
734
735binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
736 // This function intentionally does not lock, since the only thing it does is one write to an
737 // atomic_int.
738 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
739 ENFORCE_DEBUGGABLE();
740
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]741 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
742 ? binder::Status::ok()
743 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]744}
745
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]746binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,
747 int newUid) {
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]748 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]749 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]750
751 uid_t callerUid = IPCThreadState::self()->getCallingUid();
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]752 return asBinderStatus(
753 gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]754}
755
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]756binder::Status NetdNativeService::ipSecAllocateSpi(
757 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]758 const std::string& sourceAddress,
759 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]760 int32_t inSpi,
761 int32_t* outSpi) {
762 // Necessary locking done in IpSecService and kernel
763 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]764 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]765 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]766 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]767 sourceAddress,
768 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]769 inSpi,
770 outSpi));
771}
772
773binder::Status NetdNativeService::ipSecAddSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]774 int32_t transformId, int32_t mode, const std::string& sourceAddress,
775 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
776 int32_t markValue, int32_t markMask, const std::string& authAlgo,
777 const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
778 const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
779 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
780 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]781 // Necessary locking done in IpSecService and kernel
782 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]783 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]784 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]785 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
786 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]787 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
788 interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]789}
790
791binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]792 int32_t transformId, const std::string& sourceAddress,
793 const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
794 int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]795 // Necessary locking done in IpSecService and kernel
796 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]797 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]798 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]799 transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]800}
801
802binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]803 const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,
804 const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]805 // Necessary locking done in IpSecService and kernel
806 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]807 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]808 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]809 socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]810}
811
812binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]813 const ParcelFileDescriptor& socket) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]814 // Necessary locking done in IpSecService and kernel
815 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]816 gLog.log("ipSecRemoveTransportModeTransform()");
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]817 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]818}
819
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]820binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
821 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]822 const std::string& tmplSrcAddress,
823 const std::string& tmplDstAddress,
824 int32_t spi, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]825 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]826 // Necessary locking done in IpSecService and kernel
827 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]828 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]829 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]830 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]831 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]832}
833
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]834binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
835 int32_t transformId, int32_t selAddrFamily, int32_t direction,
836 const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
837 int32_t markValue, int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]838 // Necessary locking done in IpSecService and kernel
839 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]840 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]841 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]842 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]843 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]844}
845
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]846binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
847 int32_t selAddrFamily,
848 int32_t direction, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]849 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]850 // Necessary locking done in IpSecService and kernel
851 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]852 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]853 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]854 transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]855}
856
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]857binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
858 const std::string& localAddress,
859 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]860 int32_t iKey, int32_t oKey,
861 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]862 // Necessary locking done in IpSecService and kernel
863 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]864 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]865
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]866 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]867 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]868 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
869
870 gLog.log(entry.returns(result).withAutomaticDuration());
871 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]872}
873
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]874binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
875 const std::string& localAddress,
876 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]877 int32_t iKey, int32_t oKey,
878 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]879 // Necessary locking done in IpSecService and kernel
880 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]881 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]882
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]883 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]884 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]885 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
886
887 gLog.log(entry.returns(result).withAutomaticDuration());
888 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]889}
890
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]891binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]892 // Necessary locking done in IpSecService and kernel
893 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]894 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]895
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]896 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
897 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
898
899 gLog.log(entry.returns(result).withAutomaticDuration());
900 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]901}
902
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]903binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
904 int32_t mode) {
905 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]906 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]907}
908
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]909binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
910 const std::string& prefix, int32_t mark,
911 int32_t mask) {
912 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]913 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]914}
915
916binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
917 const std::string& prefix, int32_t mark,
918 int32_t mask) {
919 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]920 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]921}
922
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]923binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
924 ENFORCE_PERMISSION(NETWORK_STACK);
925 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
926 return binder::Status::ok();
927}
928
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]929binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
930 const std::string& classLabel) {
931 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
932 auto entry = gLog.newEntry()
933 .prettyFunction(__PRETTY_FUNCTION__)
934 .arg(ifName)
935 .arg(timeout)
936 .arg(classLabel);
937 int res =
938 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
939 gLog.log(entry.returns(res).withAutomaticDuration());
940 return statusFromErrcode(res);
941}
942
943binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
944 int32_t timeout,
945 const std::string& classLabel) {
946 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
947 auto entry = gLog.newEntry()
948 .prettyFunction(__PRETTY_FUNCTION__)
949 .arg(ifName)
950 .arg(timeout)
951 .arg(classLabel);
952 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
953 classLabel.c_str());
954 gLog.log(entry.returns(res).withAutomaticDuration());
955 return statusFromErrcode(res);
956}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]957
958binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
959 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
960 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
961 StrictPenalty penalty;
962 switch (policyPenalty) {
963 case INetd::PENALTY_POLICY_REJECT:
964 penalty = REJECT;
965 break;
966 case INetd::PENALTY_POLICY_LOG:
967 penalty = LOG;
968 break;
969 case INetd::PENALTY_POLICY_ACCEPT:
970 penalty = ACCEPT;
971 break;
972 default:
973 return statusFromErrcode(-EINVAL);
974 break;
975 }
976 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
977 gLog.log(entry.returns(res).withAutomaticDuration());
978 return statusFromErrcode(res);
979}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]980
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]981binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
982 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
983 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
984 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
985 gLog.log(entry.returns(res).withAutomaticDuration());
986 return statusFromErrcode(res);
987}
988
989binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
990 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
991 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
992 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
993 gLog.log(entry.returns(res).withAutomaticDuration());
994 return statusFromErrcode(res);
995}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]996
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]997binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
998 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
999 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1000 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
1001 gLog.log(entry.returns(*status).withAutomaticDuration());
1002 return binder::Status::ok();
1003}
1004
1005binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1006 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1007 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1008 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1009 gLog.log(entry.returns(res).withAutomaticDuration());
1010 return statusFromErrcode(res);
1011}
1012
1013binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1014 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1015 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1016 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1017 gLog.log(entry.returns(res).withAutomaticDuration());
1018 return statusFromErrcode(res);
1019}
1020
1021binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1022 const std::string& toIface) {
1023 ENFORCE_PERMISSION(NETWORK_STACK);
1024 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1025 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1026 gLog.log(entry.returns(res).withAutomaticDuration());
1027 return statusFromErrcode(res);
1028}
1029
1030binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1031 const std::string& toIface) {
1032 ENFORCE_PERMISSION(NETWORK_STACK);
1033 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1034 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1035 gLog.log(entry.returns(res).withAutomaticDuration());
1036 return statusFromErrcode(res);
1037}
1038
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1039namespace {
1040std::string addSquareBrackets(const std::string& s) {
1041 return "[" + s + "]";
1042}
1043
1044std::string addCurlyBrackets(const std::string& s) {
1045 return "{" + s + "}";
1046}
1047
1048} // namespace
1049binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1050 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1051 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1052
1053 const auto& ifaceList = InterfaceController::getIfaceNames();
1054 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1055
1056 interfaceListResult->clear();
1057 interfaceListResult->reserve(ifaceList.value().size());
1058 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1059 end(ifaceList.value()));
1060
1061 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1062 .withAutomaticDuration());
1063 return binder::Status::ok();
1064}
1065
1066std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1067 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1068 std::to_string(cfg.prefixLength)};
1069 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1070 return addCurlyBrackets(base::Join(result, ", "));
1071}
1072
1073binder::Status NetdNativeService::interfaceGetCfg(
1074 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1075 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1076 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1077
1078 const auto& cfgRes = InterfaceController::getCfg(ifName);
1079 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1080
1081 *interfaceGetCfgResult = cfgRes.value();
1082 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1083 .withAutomaticDuration());
1084 return binder::Status::ok();
1085}
1086
1087binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1088 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1089 auto entry = gLog.newEntry()
1090 .prettyFunction(__PRETTY_FUNCTION__)
1091 .arg(interfaceConfigurationParcelToString(cfg));
1092
1093 const auto& res = InterfaceController::setCfg(cfg);
1094 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1095
1096 gLog.log(entry.withAutomaticDuration());
1097 return binder::Status::ok();
1098}
1099
1100binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1101 bool enable) {
1102 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1103 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1104 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1105 gLog.log(entry.returns(res).withAutomaticDuration());
1106 return statusFromErrcode(res);
1107}
1108
1109binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1110 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1111 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1112 int res = InterfaceController::clearAddrs(ifName.c_str());
1113 gLog.log(entry.returns(res).withAutomaticDuration());
1114 return statusFromErrcode(res);
1115}
1116
1117binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1118 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1119 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1120 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1121 gLog.log(entry.returns(res).withAutomaticDuration());
1122 return statusFromErrcode(res);
1123}
1124
1125binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1126 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1127 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1128 std::string mtu = std::to_string(mtuValue);
1129 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1130 gLog.log(entry.returns(res).withAutomaticDuration());
1131 return statusFromErrcode(res);
1132}
1133
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1134binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1135 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1136 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1137 if (dhcpRanges.size() % 2 == 1) {
1138 return statusFromErrcode(-EINVAL);
1139 }
1140 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1141 gLog.log(entry.returns(res).withAutomaticDuration());
1142 return statusFromErrcode(res);
1143}
1144
1145binder::Status NetdNativeService::tetherStop() {
1146 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1147 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1148 int res = gCtls->tetherCtrl.stopTethering();
1149 gLog.log(entry.returns(res).withAutomaticDuration());
1150 return statusFromErrcode(res);
1151}
1152
1153binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1154 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1155 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1156 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1157 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1158 return binder::Status::ok();
1159}
1160
1161binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1162 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1163 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1164 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1165 gLog.log(entry.returns(res).withAutomaticDuration());
1166 return statusFromErrcode(res);
1167}
1168
1169binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1170 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1171 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1172 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1173 gLog.log(entry.returns(res).withAutomaticDuration());
1174 return statusFromErrcode(res);
1175}
1176
1177binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1178 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1179 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1180 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1181 ifList->push_back(ifname);
1182 }
1183 gLog.log(entry.returns(true).withAutomaticDuration());
1184 return binder::Status::ok();
1185}
1186
1187binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1188 const std::vector<std::string>& dnsAddrs) {
1189 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1190 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1191 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1192 gLog.log(entry.returns(res).withAutomaticDuration());
1193 return statusFromErrcode(res);
1194}
1195
1196binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1197 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1198 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1199 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1200 dnsList->push_back(fwdr);
1201 }
1202 gLog.log(entry.returns(true).withAutomaticDuration());
1203 return binder::Status::ok();
1204}
1205
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1206binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1207 const std::string& destination,
1208 const std::string& nextHop) {
1209 // Public methods of NetworkController are thread-safe.
1210 ENFORCE_PERMISSION(NETWORK_STACK);
1211 auto entry = gLog.newEntry()
1212 .prettyFunction(__PRETTY_FUNCTION__)
1213 .arg(netId)
1214 .arg(ifName)
1215 .arg(destination)
1216 .arg(nextHop);
1217 bool legacy = false;
1218 uid_t uid = 0; // UID is only meaningful for legacy routes.
1219 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1220 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1221 gLog.log(entry.returns(res).withAutomaticDuration());
1222 return statusFromErrcode(res);
1223}
1224
1225binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1226 const std::string& destination,
1227 const std::string& nextHop) {
1228 ENFORCE_PERMISSION(NETWORK_STACK);
1229 auto entry = gLog.newEntry()
1230 .prettyFunction(__PRETTY_FUNCTION__)
1231 .arg(netId)
1232 .arg(ifName)
1233 .arg(destination)
1234 .arg(nextHop);
1235 bool legacy = false;
1236 uid_t uid = 0; // UID is only meaningful for legacy routes.
1237 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1238 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1239 gLog.log(entry.returns(res).withAutomaticDuration());
1240 return statusFromErrcode(res);
1241}
1242
1243binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1244 const std::string& destination,
1245 const std::string& nextHop, int32_t uid) {
1246 ENFORCE_PERMISSION(NETWORK_STACK);
1247 auto entry = gLog.newEntry()
1248 .prettyFunction(__PRETTY_FUNCTION__)
1249 .arg(netId)
1250 .arg(ifName)
1251 .arg(destination)
1252 .arg(nextHop)
1253 .arg(uid);
1254 bool legacy = true;
1255 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1256 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1257 (uid_t) uid);
1258 gLog.log(entry.returns(res).withAutomaticDuration());
1259 return statusFromErrcode(res);
1260}
1261
1262binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1263 const std::string& destination,
1264 const std::string& nextHop,
1265 int32_t uid) {
1266 ENFORCE_PERMISSION(NETWORK_STACK);
1267 auto entry = gLog.newEntry()
1268 .prettyFunction(__PRETTY_FUNCTION__)
1269 .arg(netId)
1270 .arg(ifName)
1271 .arg(destination)
1272 .arg(nextHop)
1273 .arg(uid);
1274 bool legacy = true;
1275 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1276 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1277 (uid_t) uid);
1278 gLog.log(entry.returns(res).withAutomaticDuration());
1279 return statusFromErrcode(res);
1280}
1281
1282binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1283 ENFORCE_PERMISSION(NETWORK_STACK);
1284 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1285 *netId = gCtls->netCtrl.getDefaultNetwork();
1286 gLog.log(entry.returns(*netId).withAutomaticDuration());
1287 return binder::Status::ok();
1288}
1289
1290binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1291 ENFORCE_PERMISSION(NETWORK_STACK);
1292 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1293 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1294 gLog.log(entry.returns(res).withAutomaticDuration());
1295 return statusFromErrcode(res);
1296}
1297
1298binder::Status NetdNativeService::networkClearDefault() {
1299 ENFORCE_PERMISSION(NETWORK_STACK);
1300 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1301 unsigned netId = NETID_UNSET;
1302 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1303 gLog.log(entry.returns(res).withAutomaticDuration());
1304 return statusFromErrcode(res);
1305}
1306
1307std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1308 return {begin(intUids), end(intUids)};
1309}
1310
1311Permission NetdNativeService::convertPermission(int32_t permission) {
1312 switch (permission) {
1313 case INetd::PERMISSION_NETWORK:
1314 return Permission::PERMISSION_NETWORK;
1315 case INetd::PERMISSION_SYSTEM:
1316 return Permission::PERMISSION_SYSTEM;
1317 default:
1318 return Permission::PERMISSION_NONE;
1319 }
1320}
1321
1322binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1323 int32_t permission) {
1324 ENFORCE_PERMISSION(NETWORK_STACK);
1325 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1326 std::vector<unsigned> netIds = {(unsigned) netId};
1327 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1328 gLog.log(entry.returns(res).withAutomaticDuration());
1329 return statusFromErrcode(res);
1330}
1331
1332binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1333 const std::vector<int32_t>& uids) {
1334 ENFORCE_PERMISSION(NETWORK_STACK);
1335 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1336 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1337 gLog.log(entry.withAutomaticDuration());
1338 return binder::Status::ok();
1339}
1340
1341binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1342 ENFORCE_PERMISSION(NETWORK_STACK);
1343 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1344 Permission permission = Permission::PERMISSION_NONE;
1345 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1346 gLog.log(entry.withAutomaticDuration());
1347 return binder::Status::ok();
1348}
1349
1350binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1351 ENFORCE_PERMISSION(NETWORK_STACK);
1352 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1353 std::vector<uid_t> uids = {(uid_t) uid};
1354 gCtls->netCtrl.allowProtect(uids);
1355 gLog.log(entry.withAutomaticDuration());
1356 return binder::Status::ok();
1357}
1358
1359binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1360 ENFORCE_PERMISSION(NETWORK_STACK);
1361 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1362 std::vector<uid_t> uids = {(uid_t) uid};
1363 gCtls->netCtrl.denyProtect(uids);
1364 gLog.log(entry.withAutomaticDuration());
1365 return binder::Status::ok();
1366}
1367
1368binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1369 ENFORCE_PERMISSION(NETWORK_STACK);
1370 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1371 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1372 gLog.log(entry.returns(*ret).withAutomaticDuration());
1373 return binder::Status::ok();
1374}
1375
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1376namespace {
1377std::string ruleToString(int32_t rule) {
1378 switch (rule) {
1379 case INetd::FIREWALL_RULE_DENY:
1380 return "DENY";
1381 case INetd::FIREWALL_RULE_ALLOW:
1382 return "ALLOW";
1383 default:
1384 return "INVALID";
1385 }
1386}
1387
1388std::string typeToString(int32_t type) {
1389 switch (type) {
1390 case INetd::FIREWALL_WHITELIST:
1391 return "WHITELIST";
1392 case INetd::FIREWALL_BLACKLIST:
1393 return "BLACKLIST";
1394 default:
1395 return "INVALID";
1396 }
1397}
1398
1399std::string chainToString(int32_t chain) {
1400 switch (chain) {
1401 case INetd::FIREWALL_CHAIN_NONE:
1402 return "NONE";
1403 case INetd::FIREWALL_CHAIN_DOZABLE:
1404 return "DOZABLE";
1405 case INetd::FIREWALL_CHAIN_STANDBY:
1406 return "STANDBY";
1407 case INetd::FIREWALL_CHAIN_POWERSAVE:
1408 return "POWERSAVE";
1409 default:
1410 return "INVALID";
1411 }
1412}
1413
1414} // namespace
1415
1416binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1417 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1418 auto entry =
1419 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1420 auto type = static_cast<FirewallType>(firewallType);
1421
1422 int res = gCtls->firewallCtrl.setFirewallType(type);
1423 gLog.log(entry.returns(res).withAutomaticDuration());
1424 return statusFromErrcode(res);
1425}
1426
1427binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1428 int32_t firewallRule) {
1429 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1430 auto entry = gLog.newEntry()
1431 .prettyFunction(__PRETTY_FUNCTION__)
1432 .args(ifName, ruleToString(firewallRule));
1433 auto rule = static_cast<FirewallRule>(firewallRule);
1434
1435 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1436 gLog.log(entry.returns(res).withAutomaticDuration());
1437 return statusFromErrcode(res);
1438}
1439
1440binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1441 int32_t firewallRule) {
1442 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1443 auto entry = gLog.newEntry()
1444 .prettyFunction(__PRETTY_FUNCTION__)
1445 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1446 auto chain = static_cast<ChildChain>(childChain);
1447 auto rule = static_cast<FirewallRule>(firewallRule);
1448
1449 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1450 gLog.log(entry.returns(res).withAutomaticDuration());
1451 return statusFromErrcode(res);
1452}
1453
1454binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1455 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1456 auto entry = gLog.newEntry()
1457 .prettyFunction(__PRETTY_FUNCTION__)
1458 .args(chainToString(childChain), enable);
1459 auto chain = static_cast<ChildChain>(childChain);
1460
1461 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1462 gLog.log(entry.returns(res).withAutomaticDuration());
1463 return statusFromErrcode(res);
1464}
1465
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1466binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1467 const std::string& extIface) {
1468 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1469 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1470
1471 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1472 gLog.log(entry.returns(res).withAutomaticDuration());
1473 return statusFromErrcode(res);
1474}
1475
1476binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1477 const std::string& extIface) {
1478 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1479 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1480
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1481 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1482 gLog.log(entry.returns(res).withAutomaticDuration());
1483 return statusFromErrcode(res);
1484}
1485
Chenbo Fengf5663d82018-11-08 16:10:48 -0800[diff] [blame]1486binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,
1487 const std::string& wmemValues) {
1488 ENFORCE_PERMISSION(NETWORK_STACK);
1489 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(rmemValues, wmemValues);
1490 if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {
1491 int ret = -errno;
1492 gLog.log(entry.returns(ret).withAutomaticDuration());
1493 return statusFromErrcode(ret);
1494 }
1495
1496 if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {
1497 int ret = -errno;
1498 gLog.log(entry.returns(ret).withAutomaticDuration());
1499 return statusFromErrcode(ret);
1500 }
1501 gLog.log(entry.withAutomaticDuration());
1502 return binder::Status::ok();
1503}
1504
nuccachenf52f7a52018-07-17 18:07:23 +0800[diff] [blame]1505binder::Status NetdNativeService::getPrefix64(int netId, std::string* _aidl_return) {
1506 ENFORCE_PERMISSION(NETWORK_STACK);
1507
1508 netdutils::IPPrefix prefix{};
1509 int err = gCtls->resolverCtrl.getPrefix64(netId, &prefix);
1510 if (err != 0) {
1511 return binder::Status::fromServiceSpecificError(
1512 -err, String8::format("ResolverController error: %s", strerror(-err)));
1513 }
1514 *_aidl_return = prefix.toString();
1515 return binder::Status::ok();
1516}
1517
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1518} // namespace net
1519} // namespace android