Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 94090052df4ba99f5e9133afb48ccf08a7244c32 / . / server / NetdNativeService.cpp
blob: c0ca209512d9730db7073d51188913b0eb3f5922 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]19#include <set>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]20#include <vector>
21
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]22#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]23#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]24#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]25#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]26#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]27#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28
29#include <binder/IPCThreadState.h>
30#include <binder/IServiceManager.h>
31#include "android/net/BnNetd.h"
32
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]33#include <openssl/base64.h>
34
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]35#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]36#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]37#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]38#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]39#include "NetdConstants.h"
40#include "NetdNativeService.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]41#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]42#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]43#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]44#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]45
46using android::base::StringPrintf;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]47using android::os::PersistableBundle;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]48
49namespace android {
50namespace net {
51
52namespace {
53
54const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]55const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]56const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]57const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]58
59binder::Status checkPermission(const char *permission) {
60 pid_t pid;
61 uid_t uid;
62
63 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
64 return binder::Status::ok();
65 } else {
66 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
67 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
68 }
69}
70
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]71#define ENFORCE_DEBUGGABLE() { \
72 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]73 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]74 || value[0] != '1') { \
75 return binder::Status::fromExceptionCode( \
76 binder::Status::EX_SECURITY, \
77 String8("Not available in production builds.") \
78 ); \
79 } \
80}
81
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]82#define ENFORCE_PERMISSION(permission) { \
83 binder::Status status = checkPermission((permission)); \
84 if (!status.isOk()) { \
85 return status; \
86 } \
87}
88
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]89#define NETD_LOCKING_RPC(permission, lock) \
90 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]91 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]92
93#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]94
95inline binder::Status statusFromErrcode(int ret) {
96 if (ret) {
97 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
98 }
99 return binder::Status::ok();
100}
101
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]102bool contains(const Vector<String16>& words, const String16& word) {
103 for (const auto& w : words) {
104 if (w == word) return true;
105 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]106
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]107 return false;
108}
109
110} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]111
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]112status_t NetdNativeService::start() {
113 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]114 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]115 if (ret != android::OK) {
116 return ret;
117 }
118 sp<ProcessState> ps(ProcessState::self());
119 ps->startThreadPool();
120 ps->giveThreadPoolName();
121 return android::OK;
122}
123
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]124status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]125 const binder::Status dump_permission = checkPermission(DUMP);
126 if (!dump_permission.isOk()) {
127 const String8 msg(dump_permission.toString8());
128 write(fd, msg.string(), msg.size());
129 return PERMISSION_DENIED;
130 }
131
132 // This method does not grab any locks. If individual classes need locking
133 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]134
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]135 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]136
137 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
138 dw.blankline();
139 gCtls->tcpSocketMonitor.dump(dw);
140 dw.blankline();
141 return NO_ERROR;
142 }
143
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]144 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
145 dw.blankline();
146 gCtls->trafficCtrl.dump(dw, true);
147 dw.blankline();
148 return NO_ERROR;
149 }
150
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]151 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]152 dw.blankline();
153 gCtls->netCtrl.dump(dw);
154 dw.blankline();
155
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]156 gCtls->trafficCtrl.dump(dw, false);
157 dw.blankline();
158
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]159 {
160 ScopedIndent indentLog(dw);
161 if (contains(args, String16(OPT_SHORT))) {
162 dw.println("Log: <omitted>");
163 } else {
164 dw.println("Log:");
165 ScopedIndent indentLogEntries(dw);
166 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
167 }
168 dw.blankline();
169 }
170
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]171 return NO_ERROR;
172}
173
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]174binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]175 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]176 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]177
178 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]179
180 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]181 return binder::Status::ok();
182}
183
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]184binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]185 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
186 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]187 auto entry = gLog.newEntry()
188 .prettyFunction(__PRETTY_FUNCTION__)
189 .arg(chainName)
190 .arg(isWhitelist)
191 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]192
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]193 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]194 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]195
196 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]197 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]198}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]199
200binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
201 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]202 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]203
204 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
205 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]206 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]207 return binder::Status::ok();
208}
209
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]210binder::Status NetdNativeService::networkCreatePhysical(int32_t netId,
211 const std::string& permission) {
212 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]213 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]214 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, stringToPermission(permission.c_str()));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]215 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]216 return statusFromErrcode(ret);
217}
218
219binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
220 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
221 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
222 return statusFromErrcode(ret);
223}
224
225binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]226 ENFORCE_PERMISSION(NETWORK_STACK);
227 // Both of these functions manage their own locking internally.
228 const int ret = gCtls->netCtrl.destroyNetwork(netId);
229 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]230 return statusFromErrcode(ret);
231}
232
233binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
234 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
235 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
236 return statusFromErrcode(ret);
237}
238
239binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
240 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
241 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
242 return statusFromErrcode(ret);
243}
244
245binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,
246 const std::vector<UidRange>& uidRangeArray) {
247 // NetworkController::addUsersToNetwork is thread-safe.
248 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
249 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
250 return statusFromErrcode(ret);
251}
252
253binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,
254 const std::vector<UidRange>& uidRangeArray) {
255 // NetworkController::removeUsersFromNetwork is thread-safe.
256 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
257 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
258 return statusFromErrcode(ret);
259}
260
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]261binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
262 const std::vector<UidRange>& uidRangeArray) {
263 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
264 // it should be possible to use the same lock as NetworkController. However, every call through
265 // the CommandListener "network" command will need to hold this lock too, not just the ones that
266 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
267 // look at routes, but it's not enough here).
268 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
269
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]270 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]271
272 int err;
273 if (add) {
274 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
275 } else {
276 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
277 }
278
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]279 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]280}
281
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]282binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
283 const std::vector<int32_t>& skipUids) {
284
285 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
286
287 SockDiag sd;
288 if (!sd.open()) {
289 return binder::Status::fromServiceSpecificError(EIO,
290 String8("Could not open SOCK_DIAG socket"));
291 }
292
293 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]294 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
295 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]296
297 if (err) {
298 return binder::Status::fromServiceSpecificError(-err,
299 String8::format("destroySockets: %s", strerror(-err)));
300 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]301 return binder::Status::ok();
302}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]303
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]304// Parse a base64 encoded string into a vector of bytes.
305// On failure, return an empty vector.
306static std::vector<uint8_t> parseBase64(const std::string& input) {
307 std::vector<uint8_t> decoded;
308 size_t out_len;
309 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
310 return decoded;
311 }
312 // out_len is now an upper bound on the output length.
313 decoded.resize(out_len);
314 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
315 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
316 // Possibly shrink the vector if the actual output was smaller than the bound.
317 decoded.resize(out_len);
318 } else {
319 decoded.clear();
320 }
321 if (out_len != SHA256_SIZE) {
322 decoded.clear();
323 }
324 return decoded;
325}
326
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]327binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
328 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]329 const std::vector<int32_t>& params, const std::string& tlsName,
330 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]331 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]332 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
333 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]334 auto entry = gLog.newEntry()
335 .prettyFunction(__PRETTY_FUNCTION__)
336 .arg(netId)
337 .arg(servers)
338 .arg(domains)
339 .arg(params)
340 .arg(tlsName)
341 .arg(tlsServers)
342 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]343
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]344 std::set<std::vector<uint8_t>> decoded_fingerprints;
345 for (const std::string& fingerprint : tlsFingerprints) {
346 std::vector<uint8_t> decoded = parseBase64(fingerprint);
347 if (decoded.empty()) {
348 return binder::Status::fromServiceSpecificError(EINVAL,
349 String8::format("ResolverController error: bad fingerprint"));
350 }
351 decoded_fingerprints.emplace(decoded);
352 }
353
354 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]355 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]356 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]357 if (err != 0) {
358 return binder::Status::fromServiceSpecificError(-err,
359 String8::format("ResolverController error: %s", strerror(-err)));
360 }
361 return binder::Status::ok();
362}
363
364binder::Status NetdNativeService::getResolverInfo(int32_t netId,
365 std::vector<std::string>* servers, std::vector<std::string>* domains,
366 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
367 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
368 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
369
370 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
371 if (err != 0) {
372 return binder::Status::fromServiceSpecificError(-err,
373 String8::format("ResolverController error: %s", strerror(-err)));
374 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]375 return binder::Status::ok();
376}
377
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]378binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]379 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]380
381 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
382 return binder::Status::ok();
383}
384
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]385namespace {
386
387void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
388 String16 iface = String16(stats.extIface.c_str());
389 std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
390
391 bundle->getLongVector(iface, &statsVector);
392 if (statsVector.size() == 0) {
393 for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
394 }
395
Lorenzo Colitti9a65ac62017-09-04 18:07:56 +0900[diff] [blame]396 statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
397 statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
398 statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
399 statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]400
401 bundle->putLongVector(iface, statsVector);
402}
403
404} // namespace
405
406binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]407 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]408
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]409 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]410 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]411 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]412 }
413
414 for (const auto& stats : statsList.value()) {
415 tetherAddStats(bundle, stats);
416 }
417
418 return binder::Status::ok();
419}
420
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]421binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
422 const std::string &addrString, int prefixLength) {
423 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
424
425 const int err = InterfaceController::addAddress(
426 ifName.c_str(), addrString.c_str(), prefixLength);
427 if (err != 0) {
428 return binder::Status::fromServiceSpecificError(-err,
429 String8::format("InterfaceController error: %s", strerror(-err)));
430 }
431 return binder::Status::ok();
432}
433
434binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
435 const std::string &addrString, int prefixLength) {
436 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
437
438 const int err = InterfaceController::delAddress(
439 ifName.c_str(), addrString.c_str(), prefixLength);
440 if (err != 0) {
441 return binder::Status::fromServiceSpecificError(-err,
442 String8::format("InterfaceController error: %s", strerror(-err)));
443 }
444 return binder::Status::ok();
445}
446
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]447binder::Status NetdNativeService::setProcSysNet(
448 int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
449 const std::string &value) {
450 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
451
452 const char *familyStr;
453 switch (family) {
454 case INetd::IPV4:
455 familyStr = "ipv4";
456 break;
457 case INetd::IPV6:
458 familyStr = "ipv6";
459 break;
460 default:
461 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
462 }
463
464 const char *whichStr;
465 switch (which) {
466 case INetd::CONF:
467 whichStr = "conf";
468 break;
469 case INetd::NEIGH:
470 whichStr = "neigh";
471 break;
472 default:
473 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
474 }
475
476 const int err = InterfaceController::setParameter(
477 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
478 value.c_str());
479 if (err != 0) {
480 return binder::Status::fromServiceSpecificError(-err,
481 String8::format("ResolverController error: %s", strerror(-err)));
482 }
483 return binder::Status::ok();
484}
485
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]486binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
487 // This function intentionally does not lock, since the only thing it does is one read from an
488 // atomic_int.
489 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
490 ENFORCE_DEBUGGABLE();
491
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]492 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]493 return binder::Status::ok();
494}
495
496binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
497 // This function intentionally does not lock, since the only thing it does is one write to an
498 // atomic_int.
499 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
500 ENFORCE_DEBUGGABLE();
501
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]502 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
503 ? binder::Status::ok()
504 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]505}
506
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]507binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
508 int newUid) {
509 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]510 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]511
512 uid_t callerUid = IPCThreadState::self()->getCallingUid();
513 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
514}
515
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]516binder::Status NetdNativeService::ipSecAllocateSpi(
517 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]518 const std::string& sourceAddress,
519 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]520 int32_t inSpi,
521 int32_t* outSpi) {
522 // Necessary locking done in IpSecService and kernel
523 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]524 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]525 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]526 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]527 sourceAddress,
528 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]529 inSpi,
530 outSpi));
531}
532
533binder::Status NetdNativeService::ipSecAddSecurityAssociation(
534 int32_t transformId,
535 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]536 const std::string& sourceAddress,
537 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]538 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]539 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]540 int32_t markValue,
541 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]542 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
543 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]544 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]545 int32_t encapType,
546 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]547 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]548 // Necessary locking done in IpSecService and kernel
549 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]550 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]551 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]552 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
553 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
554 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]555}
556
557binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
558 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]559 const std::string& sourceAddress,
560 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]561 int32_t spi,
562 int32_t markValue,
563 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]564 // Necessary locking done in IpSecService and kernel
565 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]566 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]567 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]568 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]569 sourceAddress,
570 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]571 spi,
572 markValue,
573 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]574}
575
576binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
577 const android::base::unique_fd& socket,
578 int32_t transformId,
579 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]580 const std::string& sourceAddress,
581 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]582 int32_t spi) {
583 // Necessary locking done in IpSecService and kernel
584 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]585 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]586 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]587 socket,
588 transformId,
589 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]590 sourceAddress,
591 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]592 spi));
593}
594
595binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
596 const android::base::unique_fd& socket) {
597 // Necessary locking done in IpSecService and kernel
598 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]599 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]600 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]601 socket));
602}
603
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]604binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
605 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]606 const std::string& tmplSrcAddress,
607 const std::string& tmplDstAddress,
608 int32_t spi, int32_t markValue,
609 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]610 // Necessary locking done in IpSecService and kernel
611 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]612 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]613 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]614 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
615 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]616}
617
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]618binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(int32_t transformId,
619 int32_t selAddrFamily,
620 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]621 const std::string& tmplSrcAddress,
622 const std::string& tmplDstAddress,
623 int32_t spi, int32_t markValue,
624 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]625 // Necessary locking done in IpSecService and kernel
626 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]627 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]628 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]629 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
630 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]631}
632
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]633binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
634 int32_t selAddrFamily,
635 int32_t direction, int32_t markValue,
636 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]637 // Necessary locking done in IpSecService and kernel
638 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]639 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]640 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]641 transformId, selAddrFamily, direction, markValue, markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]642}
643
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]644binder::Status NetdNativeService::addVirtualTunnelInterface(
645 const std::string& deviceName,
646 const std::string& localAddress,
647 const std::string& remoteAddress,
648 int32_t iKey,
649 int32_t oKey) {
650 // Necessary locking done in IpSecService and kernel
651 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]652 gLog.log("addVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]653 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
654 deviceName,
655 localAddress,
656 remoteAddress,
657 iKey,
658 oKey,
659 false);
660
661 return (ret == 0) ? binder::Status::ok() :
662 asBinderStatus(netdutils::statusFromErrno(
663 ret, "Error in creating virtual tunnel interface."));
664}
665
666binder::Status NetdNativeService::updateVirtualTunnelInterface(
667 const std::string& deviceName,
668 const std::string& localAddress,
669 const std::string& remoteAddress,
670 int32_t iKey,
671 int32_t oKey) {
672 // Necessary locking done in IpSecService and kernel
673 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]674 gLog.log("updateVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]675 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
676 deviceName,
677 localAddress,
678 remoteAddress,
679 iKey,
680 oKey,
681 true);
682
683 return (ret == 0) ? binder::Status::ok() :
684 asBinderStatus(netdutils::statusFromErrno(
685 ret, "Error in updating virtual tunnel interface."));
686}
687
688binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
689 // Necessary locking done in IpSecService and kernel
690 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]691 gLog.log("removeVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]692 int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
693
694 return (ret == 0) ? binder::Status::ok() :
695 asBinderStatus(netdutils::statusFromErrno(
696 ret, "Error in removing virtual tunnel interface."));
697}
698
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]699binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
700 int32_t mode) {
701 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]702 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]703}
704
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]705binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
706 const std::string& prefix, int32_t mark,
707 int32_t mask) {
708 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]709 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]710}
711
712binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
713 const std::string& prefix, int32_t mark,
714 int32_t mask) {
715 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]716 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]717}
718
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]719binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
720 ENFORCE_PERMISSION(NETWORK_STACK);
721 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
722 return binder::Status::ok();
723}
724
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]725binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
726 const std::string& classLabel) {
727 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
728 auto entry = gLog.newEntry()
729 .prettyFunction(__PRETTY_FUNCTION__)
730 .arg(ifName)
731 .arg(timeout)
732 .arg(classLabel);
733 int res =
734 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
735 gLog.log(entry.returns(res).withAutomaticDuration());
736 return statusFromErrcode(res);
737}
738
739binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
740 int32_t timeout,
741 const std::string& classLabel) {
742 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
743 auto entry = gLog.newEntry()
744 .prettyFunction(__PRETTY_FUNCTION__)
745 .arg(ifName)
746 .arg(timeout)
747 .arg(classLabel);
748 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
749 classLabel.c_str());
750 gLog.log(entry.returns(res).withAutomaticDuration());
751 return statusFromErrcode(res);
752}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]753
754binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
755 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
756 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
757 StrictPenalty penalty;
758 switch (policyPenalty) {
759 case INetd::PENALTY_POLICY_REJECT:
760 penalty = REJECT;
761 break;
762 case INetd::PENALTY_POLICY_LOG:
763 penalty = LOG;
764 break;
765 case INetd::PENALTY_POLICY_ACCEPT:
766 penalty = ACCEPT;
767 break;
768 default:
769 return statusFromErrcode(-EINVAL);
770 break;
771 }
772 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
773 gLog.log(entry.returns(res).withAutomaticDuration());
774 return statusFromErrcode(res);
775}
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]776binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
777 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
778 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
779 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
780 gLog.log(entry.returns(res).withAutomaticDuration());
781 return statusFromErrcode(res);
782}
783
784binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
785 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
786 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
787 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
788 gLog.log(entry.returns(res).withAutomaticDuration());
789 return statusFromErrcode(res);
790}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]791
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]792binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
793 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
794 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
795 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
796 gLog.log(entry.returns(*status).withAutomaticDuration());
797 return binder::Status::ok();
798}
799
800binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
801 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
802 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
803 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
804 gLog.log(entry.returns(res).withAutomaticDuration());
805 return statusFromErrcode(res);
806}
807
808binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
809 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
810 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
811 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
812 gLog.log(entry.returns(res).withAutomaticDuration());
813 return statusFromErrcode(res);
814}
815
816binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
817 const std::string& toIface) {
818 ENFORCE_PERMISSION(NETWORK_STACK);
819 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
820 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
821 gLog.log(entry.returns(res).withAutomaticDuration());
822 return statusFromErrcode(res);
823}
824
825binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
826 const std::string& toIface) {
827 ENFORCE_PERMISSION(NETWORK_STACK);
828 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
829 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
830 gLog.log(entry.returns(res).withAutomaticDuration());
831 return statusFromErrcode(res);
832}
833
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]834} // namespace net
835} // namespace android