Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / a38b65c0743870fb443a335e0a961ce8cd44fff6 / . / server / NetdNativeService.cpp
blob: f2441f766adab5d8ede4b303c13467e36c4668e2 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]19#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]20#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]21#include <vector>
22
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]23#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]24#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]25#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]26#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]27#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]28#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]29
30#include <binder/IPCThreadState.h>
31#include <binder/IServiceManager.h>
32#include "android/net/BnNetd.h"
33
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]34#include <openssl/base64.h>
35
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]36#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]37#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]38#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]39#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]40#include "NetdConstants.h"
41#include "NetdNativeService.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]42#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]43#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]44#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]46
47using android::base::StringPrintf;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]48using android::os::PersistableBundle;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50namespace android {
51namespace net {
52
53namespace {
54
55const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]56const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]57const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]58const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]59
60binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame^]61 pid_t pid = IPCThreadState::self()->getCallingPid();
62 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]63
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame^]64 // If the caller is the system UID, don't check permissions.
65 // Otherwise, if the system server's binder thread pool is full, and all the threads are
66 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
67 //
68 // From a security perspective, there is currently no difference, because:
69 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
70 // and NETWORK_STACK, which the system server will always need to have.
71 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
72 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]73 return binder::Status::ok();
74 } else {
75 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
76 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
77 }
78}
79
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]80#define ENFORCE_DEBUGGABLE() { \
81 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]82 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]83 || value[0] != '1') { \
84 return binder::Status::fromExceptionCode( \
85 binder::Status::EX_SECURITY, \
86 String8("Not available in production builds.") \
87 ); \
88 } \
89}
90
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]91#define ENFORCE_PERMISSION(permission) { \
92 binder::Status status = checkPermission((permission)); \
93 if (!status.isOk()) { \
94 return status; \
95 } \
96}
97
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]98#define NETD_LOCKING_RPC(permission, lock) \
99 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]100 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]101
102#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]103
104inline binder::Status statusFromErrcode(int ret) {
105 if (ret) {
106 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
107 }
108 return binder::Status::ok();
109}
110
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]111bool contains(const Vector<String16>& words, const String16& word) {
112 for (const auto& w : words) {
113 if (w == word) return true;
114 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]115
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]116 return false;
117}
118
119} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]120
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]121status_t NetdNativeService::start() {
122 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]123 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]124 if (ret != android::OK) {
125 return ret;
126 }
127 sp<ProcessState> ps(ProcessState::self());
128 ps->startThreadPool();
129 ps->giveThreadPoolName();
130 return android::OK;
131}
132
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]133status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]134 const binder::Status dump_permission = checkPermission(DUMP);
135 if (!dump_permission.isOk()) {
136 const String8 msg(dump_permission.toString8());
137 write(fd, msg.string(), msg.size());
138 return PERMISSION_DENIED;
139 }
140
141 // This method does not grab any locks. If individual classes need locking
142 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]143
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]144 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]145
146 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
147 dw.blankline();
148 gCtls->tcpSocketMonitor.dump(dw);
149 dw.blankline();
150 return NO_ERROR;
151 }
152
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]153 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
154 dw.blankline();
155 gCtls->trafficCtrl.dump(dw, true);
156 dw.blankline();
157 return NO_ERROR;
158 }
159
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]160 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]161 dw.blankline();
162 gCtls->netCtrl.dump(dw);
163 dw.blankline();
164
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]165 gCtls->trafficCtrl.dump(dw, false);
166 dw.blankline();
167
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]168 {
169 ScopedIndent indentLog(dw);
170 if (contains(args, String16(OPT_SHORT))) {
171 dw.println("Log: <omitted>");
172 } else {
173 dw.println("Log:");
174 ScopedIndent indentLogEntries(dw);
175 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
176 }
177 dw.blankline();
178 }
179
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]180 return NO_ERROR;
181}
182
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]183binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]184 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]185 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]186
187 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]188
189 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]190 return binder::Status::ok();
191}
192
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]193binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]194 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
195 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]196 auto entry = gLog.newEntry()
197 .prettyFunction(__PRETTY_FUNCTION__)
198 .arg(chainName)
199 .arg(isWhitelist)
200 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]201
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]202 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]203 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]204
205 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]206 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]207}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]208
209binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
210 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]211 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]212
213 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
214 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]215 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]216 return binder::Status::ok();
217}
218
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]219binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
220 int64_t bytes) {
221 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
222 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
223
224 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
225
226 gLog.log(entry.returns(res).withAutomaticDuration());
227 return statusFromErrcode(res);
228}
229
230binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
231 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
232 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
233
234 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
235
236 gLog.log(entry.returns(res).withAutomaticDuration());
237 return statusFromErrcode(res);
238}
239
240binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
241 int64_t bytes) {
242 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
243 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
244
245 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
246
247 gLog.log(entry.returns(res).withAutomaticDuration());
248 return statusFromErrcode(res);
249}
250
251binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
252 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
253 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
254
255 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
256
257 gLog.log(entry.returns(res).withAutomaticDuration());
258 return statusFromErrcode(res);
259}
260
261binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
262 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
263 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
264
265 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
266
267 gLog.log(entry.returns(res).withAutomaticDuration());
268 return statusFromErrcode(res);
269}
270
271binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
272 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
273 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
274
275 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
276 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
277
278 gLog.log(entry.returns(res).withAutomaticDuration());
279 return statusFromErrcode(res);
280}
281
282binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
283 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
284 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
285
286 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
287 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
288
289 gLog.log(entry.returns(res).withAutomaticDuration());
290 return statusFromErrcode(res);
291}
292
293binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
294 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
295 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
296
297 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
298 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
299
300 gLog.log(entry.returns(res).withAutomaticDuration());
301 return statusFromErrcode(res);
302}
303
304binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
305 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
306 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
307
308 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
309 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
310
311 gLog.log(entry.returns(res).withAutomaticDuration());
312 return statusFromErrcode(res);
313}
314
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]315binder::Status NetdNativeService::networkCreatePhysical(int32_t netId,
316 const std::string& permission) {
317 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]318 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]319 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, stringToPermission(permission.c_str()));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]320 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]321 return statusFromErrcode(ret);
322}
323
324binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
325 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
326 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
327 return statusFromErrcode(ret);
328}
329
330binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]331 ENFORCE_PERMISSION(NETWORK_STACK);
332 // Both of these functions manage their own locking internally.
333 const int ret = gCtls->netCtrl.destroyNetwork(netId);
334 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]335 return statusFromErrcode(ret);
336}
337
338binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
339 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
340 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
341 return statusFromErrcode(ret);
342}
343
344binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
345 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
346 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
347 return statusFromErrcode(ret);
348}
349
350binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,
351 const std::vector<UidRange>& uidRangeArray) {
352 // NetworkController::addUsersToNetwork is thread-safe.
353 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
354 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
355 return statusFromErrcode(ret);
356}
357
358binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,
359 const std::vector<UidRange>& uidRangeArray) {
360 // NetworkController::removeUsersFromNetwork is thread-safe.
361 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
362 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
363 return statusFromErrcode(ret);
364}
365
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]366binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
367 const std::vector<UidRange>& uidRangeArray) {
368 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
369 // it should be possible to use the same lock as NetworkController. However, every call through
370 // the CommandListener "network" command will need to hold this lock too, not just the ones that
371 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
372 // look at routes, but it's not enough here).
373 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
374
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]375 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]376
377 int err;
378 if (add) {
379 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
380 } else {
381 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
382 }
383
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]384 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]385}
386
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]387binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
388 const std::vector<int32_t>& skipUids) {
389
390 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
391
392 SockDiag sd;
393 if (!sd.open()) {
394 return binder::Status::fromServiceSpecificError(EIO,
395 String8("Could not open SOCK_DIAG socket"));
396 }
397
398 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]399 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
400 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]401
402 if (err) {
403 return binder::Status::fromServiceSpecificError(-err,
404 String8::format("destroySockets: %s", strerror(-err)));
405 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]406 return binder::Status::ok();
407}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]408
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]409// Parse a base64 encoded string into a vector of bytes.
410// On failure, return an empty vector.
411static std::vector<uint8_t> parseBase64(const std::string& input) {
412 std::vector<uint8_t> decoded;
413 size_t out_len;
414 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
415 return decoded;
416 }
417 // out_len is now an upper bound on the output length.
418 decoded.resize(out_len);
419 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
420 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
421 // Possibly shrink the vector if the actual output was smaller than the bound.
422 decoded.resize(out_len);
423 } else {
424 decoded.clear();
425 }
426 if (out_len != SHA256_SIZE) {
427 decoded.clear();
428 }
429 return decoded;
430}
431
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]432binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
433 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]434 const std::vector<int32_t>& params, const std::string& tlsName,
435 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]436 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]437 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
438 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]439 auto entry = gLog.newEntry()
440 .prettyFunction(__PRETTY_FUNCTION__)
441 .arg(netId)
442 .arg(servers)
443 .arg(domains)
444 .arg(params)
445 .arg(tlsName)
446 .arg(tlsServers)
447 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]448
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]449 std::set<std::vector<uint8_t>> decoded_fingerprints;
450 for (const std::string& fingerprint : tlsFingerprints) {
451 std::vector<uint8_t> decoded = parseBase64(fingerprint);
452 if (decoded.empty()) {
453 return binder::Status::fromServiceSpecificError(EINVAL,
454 String8::format("ResolverController error: bad fingerprint"));
455 }
456 decoded_fingerprints.emplace(decoded);
457 }
458
459 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]460 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]461 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]462 if (err != 0) {
463 return binder::Status::fromServiceSpecificError(-err,
464 String8::format("ResolverController error: %s", strerror(-err)));
465 }
466 return binder::Status::ok();
467}
468
469binder::Status NetdNativeService::getResolverInfo(int32_t netId,
470 std::vector<std::string>* servers, std::vector<std::string>* domains,
471 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
472 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
473 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
474
475 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
476 if (err != 0) {
477 return binder::Status::fromServiceSpecificError(-err,
478 String8::format("ResolverController error: %s", strerror(-err)));
479 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]480 return binder::Status::ok();
481}
482
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]483binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]484 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]485
486 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
487 return binder::Status::ok();
488}
489
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]490namespace {
491
492void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
493 String16 iface = String16(stats.extIface.c_str());
494 std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
495
496 bundle->getLongVector(iface, &statsVector);
497 if (statsVector.size() == 0) {
498 for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
499 }
500
Lorenzo Colitti9a65ac62017-09-04 18:07:56 +0900[diff] [blame]501 statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
502 statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
503 statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
504 statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]505
506 bundle->putLongVector(iface, statsVector);
507}
508
509} // namespace
510
511binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]512 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]513
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]514 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]515 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]516 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]517 }
518
519 for (const auto& stats : statsList.value()) {
520 tetherAddStats(bundle, stats);
521 }
522
523 return binder::Status::ok();
524}
525
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]526binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
527 const std::string &addrString, int prefixLength) {
528 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
529
530 const int err = InterfaceController::addAddress(
531 ifName.c_str(), addrString.c_str(), prefixLength);
532 if (err != 0) {
533 return binder::Status::fromServiceSpecificError(-err,
534 String8::format("InterfaceController error: %s", strerror(-err)));
535 }
536 return binder::Status::ok();
537}
538
539binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
540 const std::string &addrString, int prefixLength) {
541 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
542
543 const int err = InterfaceController::delAddress(
544 ifName.c_str(), addrString.c_str(), prefixLength);
545 if (err != 0) {
546 return binder::Status::fromServiceSpecificError(-err,
547 String8::format("InterfaceController error: %s", strerror(-err)));
548 }
549 return binder::Status::ok();
550}
551
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]552namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]553
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]554std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
555 int32_t category) {
556 const char* ipversionStr = nullptr;
557 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]558 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]559 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]560 break;
561 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]562 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]563 break;
564 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]565 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
566 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]567 }
568
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]569 const char* whichStr = nullptr;
570 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]571 case INetd::CONF:
572 whichStr = "conf";
573 break;
574 case INetd::NEIGH:
575 whichStr = "neigh";
576 break;
577 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]578 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
579 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]580 }
581
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]582 return {binder::Status::ok(), ipversionStr, whichStr};
583}
584
585} // namespace
586
587binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
588 const std::string& ifname,
589 const std::string& parameter, std::string* value) {
590 ENFORCE_PERMISSION(NETWORK_STACK);
591 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
592 .args(ipversion, which, ifname, parameter);
593
594 const auto pathParts = getPathComponents(ipversion, which);
595 const auto& pathStatus = std::get<0>(pathParts);
596 if (!pathStatus.isOk()) {
597 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
598 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]599 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]600
601 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
602 std::get<2>(pathParts), ifname.c_str(),
603 parameter.c_str(), value);
604 entry.returns(err);
605 if (err == 0) entry.returns(*value);
606 gLog.log(entry.withAutomaticDuration());
607 return statusFromErrcode(err);
608}
609
610binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
611 const std::string& ifname,
612 const std::string& parameter,
613 const std::string& value) {
614 ENFORCE_PERMISSION(NETWORK_STACK);
615 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
616 .args(ipversion, which, ifname, parameter, value);
617
618 const auto pathParts = getPathComponents(ipversion, which);
619 const auto& pathStatus = std::get<0>(pathParts);
620 if (!pathStatus.isOk()) {
621 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
622 return pathStatus;
623 }
624
625 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
626 std::get<2>(pathParts), ifname.c_str(),
627 parameter.c_str(), value.c_str());
628 gLog.log(entry.returns(err).withAutomaticDuration());
629 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]630}
631
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]632binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
633 // This function intentionally does not lock, since the only thing it does is one read from an
634 // atomic_int.
635 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
636 ENFORCE_DEBUGGABLE();
637
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]638 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]639 return binder::Status::ok();
640}
641
642binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
643 // This function intentionally does not lock, since the only thing it does is one write to an
644 // atomic_int.
645 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
646 ENFORCE_DEBUGGABLE();
647
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]648 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
649 ? binder::Status::ok()
650 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]651}
652
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]653binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
654 int newUid) {
655 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]656 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]657
658 uid_t callerUid = IPCThreadState::self()->getCallingUid();
659 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
660}
661
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]662binder::Status NetdNativeService::ipSecAllocateSpi(
663 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]664 const std::string& sourceAddress,
665 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]666 int32_t inSpi,
667 int32_t* outSpi) {
668 // Necessary locking done in IpSecService and kernel
669 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]670 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]671 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]672 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]673 sourceAddress,
674 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]675 inSpi,
676 outSpi));
677}
678
679binder::Status NetdNativeService::ipSecAddSecurityAssociation(
680 int32_t transformId,
681 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]682 const std::string& sourceAddress,
683 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]684 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]685 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]686 int32_t markValue,
687 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]688 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
689 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]690 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]691 int32_t encapType,
692 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]693 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]694 // Necessary locking done in IpSecService and kernel
695 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]696 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]697 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]698 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
699 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
700 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]701}
702
703binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
704 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]705 const std::string& sourceAddress,
706 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]707 int32_t spi,
708 int32_t markValue,
709 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]710 // Necessary locking done in IpSecService and kernel
711 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]712 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]713 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]714 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]715 sourceAddress,
716 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]717 spi,
718 markValue,
719 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]720}
721
722binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
723 const android::base::unique_fd& socket,
724 int32_t transformId,
725 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]726 const std::string& sourceAddress,
727 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]728 int32_t spi) {
729 // Necessary locking done in IpSecService and kernel
730 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]731 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]732 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]733 socket,
734 transformId,
735 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]736 sourceAddress,
737 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]738 spi));
739}
740
741binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
742 const android::base::unique_fd& socket) {
743 // Necessary locking done in IpSecService and kernel
744 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]745 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]746 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]747 socket));
748}
749
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]750binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
751 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]752 const std::string& tmplSrcAddress,
753 const std::string& tmplDstAddress,
754 int32_t spi, int32_t markValue,
755 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]756 // Necessary locking done in IpSecService and kernel
757 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]758 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]759 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]760 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
761 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]762}
763
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]764binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(int32_t transformId,
765 int32_t selAddrFamily,
766 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]767 const std::string& tmplSrcAddress,
768 const std::string& tmplDstAddress,
769 int32_t spi, int32_t markValue,
770 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]771 // Necessary locking done in IpSecService and kernel
772 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]773 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]774 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]775 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
776 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]777}
778
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]779binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
780 int32_t selAddrFamily,
781 int32_t direction, int32_t markValue,
782 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]783 // Necessary locking done in IpSecService and kernel
784 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]785 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]786 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]787 transformId, selAddrFamily, direction, markValue, markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]788}
789
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]790binder::Status NetdNativeService::addVirtualTunnelInterface(
791 const std::string& deviceName,
792 const std::string& localAddress,
793 const std::string& remoteAddress,
794 int32_t iKey,
795 int32_t oKey) {
796 // Necessary locking done in IpSecService and kernel
797 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]798 gLog.log("addVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]799 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
800 deviceName,
801 localAddress,
802 remoteAddress,
803 iKey,
804 oKey,
805 false);
806
807 return (ret == 0) ? binder::Status::ok() :
808 asBinderStatus(netdutils::statusFromErrno(
809 ret, "Error in creating virtual tunnel interface."));
810}
811
812binder::Status NetdNativeService::updateVirtualTunnelInterface(
813 const std::string& deviceName,
814 const std::string& localAddress,
815 const std::string& remoteAddress,
816 int32_t iKey,
817 int32_t oKey) {
818 // Necessary locking done in IpSecService and kernel
819 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]820 gLog.log("updateVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]821 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
822 deviceName,
823 localAddress,
824 remoteAddress,
825 iKey,
826 oKey,
827 true);
828
829 return (ret == 0) ? binder::Status::ok() :
830 asBinderStatus(netdutils::statusFromErrno(
831 ret, "Error in updating virtual tunnel interface."));
832}
833
834binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
835 // Necessary locking done in IpSecService and kernel
836 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]837 gLog.log("removeVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]838 int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
839
840 return (ret == 0) ? binder::Status::ok() :
841 asBinderStatus(netdutils::statusFromErrno(
842 ret, "Error in removing virtual tunnel interface."));
843}
844
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]845binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
846 int32_t mode) {
847 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]848 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]849}
850
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]851binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
852 const std::string& prefix, int32_t mark,
853 int32_t mask) {
854 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]855 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]856}
857
858binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
859 const std::string& prefix, int32_t mark,
860 int32_t mask) {
861 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]862 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]863}
864
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]865binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
866 ENFORCE_PERMISSION(NETWORK_STACK);
867 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
868 return binder::Status::ok();
869}
870
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]871binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
872 const std::string& classLabel) {
873 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
874 auto entry = gLog.newEntry()
875 .prettyFunction(__PRETTY_FUNCTION__)
876 .arg(ifName)
877 .arg(timeout)
878 .arg(classLabel);
879 int res =
880 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
881 gLog.log(entry.returns(res).withAutomaticDuration());
882 return statusFromErrcode(res);
883}
884
885binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
886 int32_t timeout,
887 const std::string& classLabel) {
888 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
889 auto entry = gLog.newEntry()
890 .prettyFunction(__PRETTY_FUNCTION__)
891 .arg(ifName)
892 .arg(timeout)
893 .arg(classLabel);
894 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
895 classLabel.c_str());
896 gLog.log(entry.returns(res).withAutomaticDuration());
897 return statusFromErrcode(res);
898}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]899
900binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
901 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
902 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
903 StrictPenalty penalty;
904 switch (policyPenalty) {
905 case INetd::PENALTY_POLICY_REJECT:
906 penalty = REJECT;
907 break;
908 case INetd::PENALTY_POLICY_LOG:
909 penalty = LOG;
910 break;
911 case INetd::PENALTY_POLICY_ACCEPT:
912 penalty = ACCEPT;
913 break;
914 default:
915 return statusFromErrcode(-EINVAL);
916 break;
917 }
918 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
919 gLog.log(entry.returns(res).withAutomaticDuration());
920 return statusFromErrcode(res);
921}
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]922binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
923 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
924 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
925 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
926 gLog.log(entry.returns(res).withAutomaticDuration());
927 return statusFromErrcode(res);
928}
929
930binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
931 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
932 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
933 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
934 gLog.log(entry.returns(res).withAutomaticDuration());
935 return statusFromErrcode(res);
936}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]937
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]938binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
939 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
940 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
941 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
942 gLog.log(entry.returns(*status).withAutomaticDuration());
943 return binder::Status::ok();
944}
945
946binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
947 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
948 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
949 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
950 gLog.log(entry.returns(res).withAutomaticDuration());
951 return statusFromErrcode(res);
952}
953
954binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
955 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
956 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
957 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
958 gLog.log(entry.returns(res).withAutomaticDuration());
959 return statusFromErrcode(res);
960}
961
962binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
963 const std::string& toIface) {
964 ENFORCE_PERMISSION(NETWORK_STACK);
965 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
966 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
967 gLog.log(entry.returns(res).withAutomaticDuration());
968 return statusFromErrcode(res);
969}
970
971binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
972 const std::string& toIface) {
973 ENFORCE_PERMISSION(NETWORK_STACK);
974 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
975 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
976 gLog.log(entry.returns(res).withAutomaticDuration());
977 return statusFromErrcode(res);
978}
979
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]980binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
981 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
982 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
983 if (dhcpRanges.size() % 2 == 1) {
984 return statusFromErrcode(-EINVAL);
985 }
986 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
987 gLog.log(entry.returns(res).withAutomaticDuration());
988 return statusFromErrcode(res);
989}
990
991binder::Status NetdNativeService::tetherStop() {
992 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
993 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
994 int res = gCtls->tetherCtrl.stopTethering();
995 gLog.log(entry.returns(res).withAutomaticDuration());
996 return statusFromErrcode(res);
997}
998
999binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1000 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1001 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1002 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1003 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1004 return binder::Status::ok();
1005}
1006
1007binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1008 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1009 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1010 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1011 gLog.log(entry.returns(res).withAutomaticDuration());
1012 return statusFromErrcode(res);
1013}
1014
1015binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1016 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1017 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1018 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1019 gLog.log(entry.returns(res).withAutomaticDuration());
1020 return statusFromErrcode(res);
1021}
1022
1023binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1024 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1025 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1026 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1027 ifList->push_back(ifname);
1028 }
1029 gLog.log(entry.returns(true).withAutomaticDuration());
1030 return binder::Status::ok();
1031}
1032
1033binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1034 const std::vector<std::string>& dnsAddrs) {
1035 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1036 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1037 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1038 gLog.log(entry.returns(res).withAutomaticDuration());
1039 return statusFromErrcode(res);
1040}
1041
1042binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1043 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1044 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1045 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1046 dnsList->push_back(fwdr);
1047 }
1048 gLog.log(entry.returns(true).withAutomaticDuration());
1049 return binder::Status::ok();
1050}
1051
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1052} // namespace net
1053} // namespace android