Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 319f17e3f9a85312627083dff6fbbb43ca022304 / . / server / NetdNativeService.cpp
blob: 7bcc39252cc6a5e8ad23c2dcbe6bceb638746add [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]25#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]26#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]27#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]29#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]30
31#include <binder/IPCThreadState.h>
32#include <binder/IServiceManager.h>
33#include "android/net/BnNetd.h"
34
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]35#include <openssl/base64.h>
36
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]37#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]38#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]39#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]43#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]44#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]46#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]47#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]48#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]51using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]52using android::net::UidRangeParcel;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]53
54namespace android {
55namespace net {
56
57namespace {
58
59const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]60const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]61const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]62const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]63
64binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]65 pid_t pid = IPCThreadState::self()->getCallingPid();
66 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]67
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]68 // If the caller is the system UID, don't check permissions.
69 // Otherwise, if the system server's binder thread pool is full, and all the threads are
70 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
71 //
72 // From a security perspective, there is currently no difference, because:
73 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
74 // and NETWORK_STACK, which the system server will always need to have.
75 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
76 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]77 return binder::Status::ok();
78 } else {
79 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
80 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
81 }
82}
83
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]84#define ENFORCE_DEBUGGABLE() { \
85 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]86 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]87 || value[0] != '1') { \
88 return binder::Status::fromExceptionCode( \
89 binder::Status::EX_SECURITY, \
90 String8("Not available in production builds.") \
91 ); \
92 } \
93}
94
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]95#define ENFORCE_PERMISSION(permission) { \
96 binder::Status status = checkPermission((permission)); \
97 if (!status.isOk()) { \
98 return status; \
99 } \
100}
101
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]102#define NETD_LOCKING_RPC(permission, lock) \
103 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]104 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]105
106#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]107
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]108#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
109 do { \
110 if (!isOk((res))) { \
111 logErrorStatus((logEntry), (res)); \
112 return asBinderStatus((res)); \
113 } \
114 } while (0)
115
116void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
117 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
118}
119
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]120binder::Status asBinderStatus(const netdutils::Status& status) {
121 if (isOk(status)) {
122 return binder::Status::ok();
123 }
124 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
125}
126
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]127inline binder::Status statusFromErrcode(int ret) {
128 if (ret) {
129 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
130 }
131 return binder::Status::ok();
132}
133
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]134bool contains(const Vector<String16>& words, const String16& word) {
135 for (const auto& w : words) {
136 if (w == word) return true;
137 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]138
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]139 return false;
140}
141
142} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]143
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]144status_t NetdNativeService::start() {
145 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]146 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]147 if (ret != android::OK) {
148 return ret;
149 }
150 sp<ProcessState> ps(ProcessState::self());
151 ps->startThreadPool();
152 ps->giveThreadPoolName();
153 return android::OK;
154}
155
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]156status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]157 const binder::Status dump_permission = checkPermission(DUMP);
158 if (!dump_permission.isOk()) {
159 const String8 msg(dump_permission.toString8());
160 write(fd, msg.string(), msg.size());
161 return PERMISSION_DENIED;
162 }
163
164 // This method does not grab any locks. If individual classes need locking
165 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]166
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]167 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]168
169 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
170 dw.blankline();
171 gCtls->tcpSocketMonitor.dump(dw);
172 dw.blankline();
173 return NO_ERROR;
174 }
175
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]176 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
177 dw.blankline();
178 gCtls->trafficCtrl.dump(dw, true);
179 dw.blankline();
180 return NO_ERROR;
181 }
182
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]183 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]184 dw.blankline();
185 gCtls->netCtrl.dump(dw);
186 dw.blankline();
187
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]188 gCtls->trafficCtrl.dump(dw, false);
189 dw.blankline();
190
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]191 {
192 ScopedIndent indentLog(dw);
193 if (contains(args, String16(OPT_SHORT))) {
194 dw.println("Log: <omitted>");
195 } else {
196 dw.println("Log:");
197 ScopedIndent indentLogEntries(dw);
198 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
199 }
200 dw.blankline();
201 }
202
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]203 return NO_ERROR;
204}
205
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]206binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]207 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]208 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]209
210 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]211
212 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]213 return binder::Status::ok();
214}
215
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]216binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]217 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
218 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]219 auto entry = gLog.newEntry()
220 .prettyFunction(__PRETTY_FUNCTION__)
221 .arg(chainName)
222 .arg(isWhitelist)
223 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]224
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]225 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]226 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]227
228 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]229 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]230}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]231
232binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
233 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]234 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]235
236 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
237 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]238 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]239 return binder::Status::ok();
240}
241
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]242binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
243 int64_t bytes) {
244 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
245 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
246
247 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
248
249 gLog.log(entry.returns(res).withAutomaticDuration());
250 return statusFromErrcode(res);
251}
252
253binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
254 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
255 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
256
257 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
258
259 gLog.log(entry.returns(res).withAutomaticDuration());
260 return statusFromErrcode(res);
261}
262
263binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
264 int64_t bytes) {
265 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
266 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
267
268 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
269
270 gLog.log(entry.returns(res).withAutomaticDuration());
271 return statusFromErrcode(res);
272}
273
274binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
275 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
276 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
277
278 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
279
280 gLog.log(entry.returns(res).withAutomaticDuration());
281 return statusFromErrcode(res);
282}
283
284binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
285 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
286 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
287
288 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
289
290 gLog.log(entry.returns(res).withAutomaticDuration());
291 return statusFromErrcode(res);
292}
293
294binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
295 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
296 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
297
298 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
299 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
300
301 gLog.log(entry.returns(res).withAutomaticDuration());
302 return statusFromErrcode(res);
303}
304
305binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
306 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
307 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
308
309 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
310 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
311
312 gLog.log(entry.returns(res).withAutomaticDuration());
313 return statusFromErrcode(res);
314}
315
316binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
317 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
318 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
319
320 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
321 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
322
323 gLog.log(entry.returns(res).withAutomaticDuration());
324 return statusFromErrcode(res);
325}
326
327binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
328 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
329 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
330
331 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
332 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
333
334 gLog.log(entry.returns(res).withAutomaticDuration());
335 return statusFromErrcode(res);
336}
337
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]338binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]339 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]340 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]341 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]342 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]343 return statusFromErrcode(ret);
344}
345
346binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
347 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
348 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
349 return statusFromErrcode(ret);
350}
351
352binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]353 ENFORCE_PERMISSION(NETWORK_STACK);
354 // Both of these functions manage their own locking internally.
355 const int ret = gCtls->netCtrl.destroyNetwork(netId);
356 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]357 return statusFromErrcode(ret);
358}
359
360binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
361 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
362 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
363 return statusFromErrcode(ret);
364}
365
366binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
367 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
368 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
369 return statusFromErrcode(ret);
370}
371
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]372namespace {
373
374std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
375 std::vector<std::string> result;
376 result.reserve(uidRangeArray.size());
377 for (const auto& uidRange : uidRangeArray) {
378 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
379 }
380
381 return base::Join(result, ", ");
382}
383
384} // namespace
385
386binder::Status NetdNativeService::networkAddUidRanges(
387 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]388 // NetworkController::addUsersToNetwork is thread-safe.
389 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]390 auto entry = gLog.newEntry()
391 .prettyFunction(__PRETTY_FUNCTION__)
392 .args(netId, uidRangeParcelVecToString(uidRangeArray));
393
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]394 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]395 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]396 return statusFromErrcode(ret);
397}
398
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]399binder::Status NetdNativeService::networkRemoveUidRanges(
400 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]401 // NetworkController::removeUsersFromNetwork is thread-safe.
402 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]403 auto entry = gLog.newEntry()
404 .prettyFunction(__PRETTY_FUNCTION__)
405 .args(netId, uidRangeParcelVecToString(uidRangeArray));
406
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]407 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]408 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]409 return statusFromErrcode(ret);
410}
411
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]412binder::Status NetdNativeService::networkRejectNonSecureVpn(
413 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]414 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
415 // it should be possible to use the same lock as NetworkController. However, every call through
416 // the CommandListener "network" command will need to hold this lock too, not just the ones that
417 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
418 // look at routes, but it's not enough here).
419 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]420 auto entry = gLog.newEntry()
421 .prettyFunction(__PRETTY_FUNCTION__)
422 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]423 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]424
425 int err;
426 if (add) {
427 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
428 } else {
429 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
430 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]431 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]432 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]433}
434
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]435binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
436 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]437 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
438
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]439 auto entry = gLog.newEntry()
440 .prettyFunction(__PRETTY_FUNCTION__)
441 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]442 SockDiag sd;
443 if (!sd.open()) {
444 return binder::Status::fromServiceSpecificError(EIO,
445 String8("Could not open SOCK_DIAG socket"));
446 }
447
448 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]449 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
450 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]451
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]452 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]453 if (err) {
454 return binder::Status::fromServiceSpecificError(-err,
455 String8::format("destroySockets: %s", strerror(-err)));
456 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]457 return binder::Status::ok();
458}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]459
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]460// Parse a base64 encoded string into a vector of bytes.
461// On failure, return an empty vector.
462static std::vector<uint8_t> parseBase64(const std::string& input) {
463 std::vector<uint8_t> decoded;
464 size_t out_len;
465 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
466 return decoded;
467 }
468 // out_len is now an upper bound on the output length.
469 decoded.resize(out_len);
470 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
471 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
472 // Possibly shrink the vector if the actual output was smaller than the bound.
473 decoded.resize(out_len);
474 } else {
475 decoded.clear();
476 }
477 if (out_len != SHA256_SIZE) {
478 decoded.clear();
479 }
480 return decoded;
481}
482
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]483binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
484 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]485 const std::vector<int32_t>& params, const std::string& tlsName,
486 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]487 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]488 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
489 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]490 auto entry = gLog.newEntry()
491 .prettyFunction(__PRETTY_FUNCTION__)
492 .arg(netId)
493 .arg(servers)
494 .arg(domains)
495 .arg(params)
496 .arg(tlsName)
497 .arg(tlsServers)
498 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]499
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]500 std::set<std::vector<uint8_t>> decoded_fingerprints;
501 for (const std::string& fingerprint : tlsFingerprints) {
502 std::vector<uint8_t> decoded = parseBase64(fingerprint);
503 if (decoded.empty()) {
504 return binder::Status::fromServiceSpecificError(EINVAL,
505 String8::format("ResolverController error: bad fingerprint"));
506 }
507 decoded_fingerprints.emplace(decoded);
508 }
509
510 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]511 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]512 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]513 if (err != 0) {
514 return binder::Status::fromServiceSpecificError(-err,
515 String8::format("ResolverController error: %s", strerror(-err)));
516 }
517 return binder::Status::ok();
518}
519
520binder::Status NetdNativeService::getResolverInfo(int32_t netId,
521 std::vector<std::string>* servers, std::vector<std::string>* domains,
522 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
523 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
524 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
525
526 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
527 if (err != 0) {
528 return binder::Status::fromServiceSpecificError(-err,
529 String8::format("ResolverController error: %s", strerror(-err)));
530 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]531 return binder::Status::ok();
532}
533
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]534binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]535 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]536
537 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
538 return binder::Status::ok();
539}
540
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]541namespace {
542
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]543void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
544 const TetherController::TetherStats& tetherStats) {
545 if (tetherStatsParcel->extIface == tetherStats.extIface) {
546 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
547 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
548 tetherStatsParcel->txBytes += tetherStats.txBytes;
549 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]550 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]551}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]552
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]553TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
554 TetherStatsParcel result;
555 result.iface = stats.extIface;
556 result.rxBytes = stats.rxBytes;
557 result.rxPackets = stats.rxPackets;
558 result.txBytes = stats.txBytes;
559 result.txPackets = stats.txPackets;
560 return result;
561}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]562
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]563void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
564 const TetherController::TetherStatsList& statsList) {
565 std::map<std::string, TetherController::TetherStats> statsMap;
566 for (const auto& stats : statsList) {
567 auto iter = statsMap.find(stats.extIface);
568 if (iter != statsMap.end()) {
569 tetherAddStatsByInterface(&(iter->second), stats);
570 } else {
571 statsMap.insert(
572 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
573 }
574 }
575 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
576 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
577 }
578}
579
580std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
581 std::vector<std::string> result;
582 for (const auto& t : *tVec) {
583 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
584 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
585 t.txPackets));
586 }
587 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]588}
589
590} // namespace
591
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]592binder::Status NetdNativeService::tetherGetStats(
593 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]594 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]595
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]596 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
597
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]598 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]599 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]600 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]601 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]602 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
603 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
604 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]605 return binder::Status::ok();
606}
607
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]608binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
609 const std::string &addrString, int prefixLength) {
610 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
611
612 const int err = InterfaceController::addAddress(
613 ifName.c_str(), addrString.c_str(), prefixLength);
614 if (err != 0) {
615 return binder::Status::fromServiceSpecificError(-err,
616 String8::format("InterfaceController error: %s", strerror(-err)));
617 }
618 return binder::Status::ok();
619}
620
621binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
622 const std::string &addrString, int prefixLength) {
623 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
624
625 const int err = InterfaceController::delAddress(
626 ifName.c_str(), addrString.c_str(), prefixLength);
627 if (err != 0) {
628 return binder::Status::fromServiceSpecificError(-err,
629 String8::format("InterfaceController error: %s", strerror(-err)));
630 }
631 return binder::Status::ok();
632}
633
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]634namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]635
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]636std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
637 int32_t category) {
638 const char* ipversionStr = nullptr;
639 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]640 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]641 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]642 break;
643 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]644 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]645 break;
646 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]647 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
648 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]649 }
650
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]651 const char* whichStr = nullptr;
652 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]653 case INetd::CONF:
654 whichStr = "conf";
655 break;
656 case INetd::NEIGH:
657 whichStr = "neigh";
658 break;
659 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]660 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
661 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]662 }
663
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]664 return {binder::Status::ok(), ipversionStr, whichStr};
665}
666
667} // namespace
668
669binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
670 const std::string& ifname,
671 const std::string& parameter, std::string* value) {
672 ENFORCE_PERMISSION(NETWORK_STACK);
673 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
674 .args(ipversion, which, ifname, parameter);
675
676 const auto pathParts = getPathComponents(ipversion, which);
677 const auto& pathStatus = std::get<0>(pathParts);
678 if (!pathStatus.isOk()) {
679 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
680 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]681 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]682
683 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
684 std::get<2>(pathParts), ifname.c_str(),
685 parameter.c_str(), value);
686 entry.returns(err);
687 if (err == 0) entry.returns(*value);
688 gLog.log(entry.withAutomaticDuration());
689 return statusFromErrcode(err);
690}
691
692binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
693 const std::string& ifname,
694 const std::string& parameter,
695 const std::string& value) {
696 ENFORCE_PERMISSION(NETWORK_STACK);
697 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
698 .args(ipversion, which, ifname, parameter, value);
699
700 const auto pathParts = getPathComponents(ipversion, which);
701 const auto& pathStatus = std::get<0>(pathParts);
702 if (!pathStatus.isOk()) {
703 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
704 return pathStatus;
705 }
706
707 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
708 std::get<2>(pathParts), ifname.c_str(),
709 parameter.c_str(), value.c_str());
710 gLog.log(entry.returns(err).withAutomaticDuration());
711 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]712}
713
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]714binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
715 // This function intentionally does not lock, since the only thing it does is one read from an
716 // atomic_int.
717 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
718 ENFORCE_DEBUGGABLE();
719
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]720 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]721 return binder::Status::ok();
722}
723
724binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
725 // This function intentionally does not lock, since the only thing it does is one write to an
726 // atomic_int.
727 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
728 ENFORCE_DEBUGGABLE();
729
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]730 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
731 ? binder::Status::ok()
732 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]733}
734
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]735binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
736 int newUid) {
737 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]738 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]739
740 uid_t callerUid = IPCThreadState::self()->getCallingUid();
741 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
742}
743
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]744binder::Status NetdNativeService::ipSecAllocateSpi(
745 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]746 const std::string& sourceAddress,
747 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]748 int32_t inSpi,
749 int32_t* outSpi) {
750 // Necessary locking done in IpSecService and kernel
751 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]752 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]753 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]754 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]755 sourceAddress,
756 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]757 inSpi,
758 outSpi));
759}
760
761binder::Status NetdNativeService::ipSecAddSecurityAssociation(
762 int32_t transformId,
763 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]764 const std::string& sourceAddress,
765 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]766 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]767 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]768 int32_t markValue,
769 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]770 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
771 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]772 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]773 int32_t encapType,
774 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]775 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]776 // Necessary locking done in IpSecService and kernel
777 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]778 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]779 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]780 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
781 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
782 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]783}
784
785binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
786 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]787 const std::string& sourceAddress,
788 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]789 int32_t spi,
790 int32_t markValue,
791 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]792 // Necessary locking done in IpSecService and kernel
793 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]794 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]795 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]796 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]797 sourceAddress,
798 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]799 spi,
800 markValue,
801 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]802}
803
804binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
805 const android::base::unique_fd& socket,
806 int32_t transformId,
807 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]808 const std::string& sourceAddress,
809 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]810 int32_t spi) {
811 // Necessary locking done in IpSecService and kernel
812 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]813 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]814 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]815 socket,
816 transformId,
817 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]818 sourceAddress,
819 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]820 spi));
821}
822
823binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
824 const android::base::unique_fd& socket) {
825 // Necessary locking done in IpSecService and kernel
826 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]827 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]828 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]829 socket));
830}
831
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]832binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
833 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]834 const std::string& tmplSrcAddress,
835 const std::string& tmplDstAddress,
836 int32_t spi, int32_t markValue,
837 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]838 // Necessary locking done in IpSecService and kernel
839 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]840 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]841 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]842 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
843 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]844}
845
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]846binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(int32_t transformId,
847 int32_t selAddrFamily,
848 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]849 const std::string& tmplSrcAddress,
850 const std::string& tmplDstAddress,
851 int32_t spi, int32_t markValue,
852 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]853 // Necessary locking done in IpSecService and kernel
854 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]855 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]856 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]857 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
858 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]859}
860
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]861binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
862 int32_t selAddrFamily,
863 int32_t direction, int32_t markValue,
864 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]865 // Necessary locking done in IpSecService and kernel
866 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]867 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]868 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]869 transformId, selAddrFamily, direction, markValue, markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]870}
871
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]872binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
873 const std::string& localAddress,
874 const std::string& remoteAddress,
875 int32_t iKey, int32_t oKey) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]876 // Necessary locking done in IpSecService and kernel
877 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]878 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]879
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]880 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
881 deviceName, localAddress, remoteAddress, iKey, oKey, false);
882 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
883
884 gLog.log(entry.returns(result).withAutomaticDuration());
885 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]886}
887
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]888binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
889 const std::string& localAddress,
890 const std::string& remoteAddress,
891 int32_t iKey, int32_t oKey) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]892 // Necessary locking done in IpSecService and kernel
893 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]894 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]895
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]896 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
897 deviceName, localAddress, remoteAddress, iKey, oKey, true);
898 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
899
900 gLog.log(entry.returns(result).withAutomaticDuration());
901 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]902}
903
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]904binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]905 // Necessary locking done in IpSecService and kernel
906 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]907 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]908
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame^]909 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
910 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
911
912 gLog.log(entry.returns(result).withAutomaticDuration());
913 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]914}
915
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]916binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
917 int32_t mode) {
918 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]919 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]920}
921
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]922binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
923 const std::string& prefix, int32_t mark,
924 int32_t mask) {
925 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]926 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]927}
928
929binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
930 const std::string& prefix, int32_t mark,
931 int32_t mask) {
932 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]933 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]934}
935
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]936binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
937 ENFORCE_PERMISSION(NETWORK_STACK);
938 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
939 return binder::Status::ok();
940}
941
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]942binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
943 const std::string& classLabel) {
944 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
945 auto entry = gLog.newEntry()
946 .prettyFunction(__PRETTY_FUNCTION__)
947 .arg(ifName)
948 .arg(timeout)
949 .arg(classLabel);
950 int res =
951 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
952 gLog.log(entry.returns(res).withAutomaticDuration());
953 return statusFromErrcode(res);
954}
955
956binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
957 int32_t timeout,
958 const std::string& classLabel) {
959 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
960 auto entry = gLog.newEntry()
961 .prettyFunction(__PRETTY_FUNCTION__)
962 .arg(ifName)
963 .arg(timeout)
964 .arg(classLabel);
965 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
966 classLabel.c_str());
967 gLog.log(entry.returns(res).withAutomaticDuration());
968 return statusFromErrcode(res);
969}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]970
971binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
972 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
973 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
974 StrictPenalty penalty;
975 switch (policyPenalty) {
976 case INetd::PENALTY_POLICY_REJECT:
977 penalty = REJECT;
978 break;
979 case INetd::PENALTY_POLICY_LOG:
980 penalty = LOG;
981 break;
982 case INetd::PENALTY_POLICY_ACCEPT:
983 penalty = ACCEPT;
984 break;
985 default:
986 return statusFromErrcode(-EINVAL);
987 break;
988 }
989 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
990 gLog.log(entry.returns(res).withAutomaticDuration());
991 return statusFromErrcode(res);
992}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]993
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]994binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
995 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
996 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
997 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
998 gLog.log(entry.returns(res).withAutomaticDuration());
999 return statusFromErrcode(res);
1000}
1001
1002binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
1003 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
1004 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1005 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
1006 gLog.log(entry.returns(res).withAutomaticDuration());
1007 return statusFromErrcode(res);
1008}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]1009
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]1010binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
1011 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1012 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1013 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
1014 gLog.log(entry.returns(*status).withAutomaticDuration());
1015 return binder::Status::ok();
1016}
1017
1018binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1019 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1020 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1021 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1022 gLog.log(entry.returns(res).withAutomaticDuration());
1023 return statusFromErrcode(res);
1024}
1025
1026binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1027 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1028 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1029 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1030 gLog.log(entry.returns(res).withAutomaticDuration());
1031 return statusFromErrcode(res);
1032}
1033
1034binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1035 const std::string& toIface) {
1036 ENFORCE_PERMISSION(NETWORK_STACK);
1037 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1038 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1039 gLog.log(entry.returns(res).withAutomaticDuration());
1040 return statusFromErrcode(res);
1041}
1042
1043binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1044 const std::string& toIface) {
1045 ENFORCE_PERMISSION(NETWORK_STACK);
1046 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1047 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1048 gLog.log(entry.returns(res).withAutomaticDuration());
1049 return statusFromErrcode(res);
1050}
1051
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1052namespace {
1053std::string addSquareBrackets(const std::string& s) {
1054 return "[" + s + "]";
1055}
1056
1057std::string addCurlyBrackets(const std::string& s) {
1058 return "{" + s + "}";
1059}
1060
1061} // namespace
1062binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1063 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1064 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1065
1066 const auto& ifaceList = InterfaceController::getIfaceNames();
1067 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1068
1069 interfaceListResult->clear();
1070 interfaceListResult->reserve(ifaceList.value().size());
1071 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1072 end(ifaceList.value()));
1073
1074 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1075 .withAutomaticDuration());
1076 return binder::Status::ok();
1077}
1078
1079std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1080 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1081 std::to_string(cfg.prefixLength)};
1082 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1083 return addCurlyBrackets(base::Join(result, ", "));
1084}
1085
1086binder::Status NetdNativeService::interfaceGetCfg(
1087 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1088 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1089 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1090
1091 const auto& cfgRes = InterfaceController::getCfg(ifName);
1092 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1093
1094 *interfaceGetCfgResult = cfgRes.value();
1095 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1096 .withAutomaticDuration());
1097 return binder::Status::ok();
1098}
1099
1100binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1101 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1102 auto entry = gLog.newEntry()
1103 .prettyFunction(__PRETTY_FUNCTION__)
1104 .arg(interfaceConfigurationParcelToString(cfg));
1105
1106 const auto& res = InterfaceController::setCfg(cfg);
1107 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1108
1109 gLog.log(entry.withAutomaticDuration());
1110 return binder::Status::ok();
1111}
1112
1113binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1114 bool enable) {
1115 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1116 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1117 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1118 gLog.log(entry.returns(res).withAutomaticDuration());
1119 return statusFromErrcode(res);
1120}
1121
1122binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1123 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1124 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1125 int res = InterfaceController::clearAddrs(ifName.c_str());
1126 gLog.log(entry.returns(res).withAutomaticDuration());
1127 return statusFromErrcode(res);
1128}
1129
1130binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1131 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1132 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1133 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1134 gLog.log(entry.returns(res).withAutomaticDuration());
1135 return statusFromErrcode(res);
1136}
1137
1138binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1139 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1140 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1141 std::string mtu = std::to_string(mtuValue);
1142 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1143 gLog.log(entry.returns(res).withAutomaticDuration());
1144 return statusFromErrcode(res);
1145}
1146
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1147binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1148 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1149 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1150 if (dhcpRanges.size() % 2 == 1) {
1151 return statusFromErrcode(-EINVAL);
1152 }
1153 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1154 gLog.log(entry.returns(res).withAutomaticDuration());
1155 return statusFromErrcode(res);
1156}
1157
1158binder::Status NetdNativeService::tetherStop() {
1159 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1160 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1161 int res = gCtls->tetherCtrl.stopTethering();
1162 gLog.log(entry.returns(res).withAutomaticDuration());
1163 return statusFromErrcode(res);
1164}
1165
1166binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1167 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1168 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1169 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1170 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1171 return binder::Status::ok();
1172}
1173
1174binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1175 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1176 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1177 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1178 gLog.log(entry.returns(res).withAutomaticDuration());
1179 return statusFromErrcode(res);
1180}
1181
1182binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1183 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1184 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1185 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1186 gLog.log(entry.returns(res).withAutomaticDuration());
1187 return statusFromErrcode(res);
1188}
1189
1190binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1191 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1192 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1193 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1194 ifList->push_back(ifname);
1195 }
1196 gLog.log(entry.returns(true).withAutomaticDuration());
1197 return binder::Status::ok();
1198}
1199
1200binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1201 const std::vector<std::string>& dnsAddrs) {
1202 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1203 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1204 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1205 gLog.log(entry.returns(res).withAutomaticDuration());
1206 return statusFromErrcode(res);
1207}
1208
1209binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1210 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1211 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1212 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1213 dnsList->push_back(fwdr);
1214 }
1215 gLog.log(entry.returns(true).withAutomaticDuration());
1216 return binder::Status::ok();
1217}
1218
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1219binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1220 const std::string& destination,
1221 const std::string& nextHop) {
1222 // Public methods of NetworkController are thread-safe.
1223 ENFORCE_PERMISSION(NETWORK_STACK);
1224 auto entry = gLog.newEntry()
1225 .prettyFunction(__PRETTY_FUNCTION__)
1226 .arg(netId)
1227 .arg(ifName)
1228 .arg(destination)
1229 .arg(nextHop);
1230 bool legacy = false;
1231 uid_t uid = 0; // UID is only meaningful for legacy routes.
1232 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1233 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1234 gLog.log(entry.returns(res).withAutomaticDuration());
1235 return statusFromErrcode(res);
1236}
1237
1238binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1239 const std::string& destination,
1240 const std::string& nextHop) {
1241 ENFORCE_PERMISSION(NETWORK_STACK);
1242 auto entry = gLog.newEntry()
1243 .prettyFunction(__PRETTY_FUNCTION__)
1244 .arg(netId)
1245 .arg(ifName)
1246 .arg(destination)
1247 .arg(nextHop);
1248 bool legacy = false;
1249 uid_t uid = 0; // UID is only meaningful for legacy routes.
1250 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1251 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1252 gLog.log(entry.returns(res).withAutomaticDuration());
1253 return statusFromErrcode(res);
1254}
1255
1256binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1257 const std::string& destination,
1258 const std::string& nextHop, int32_t uid) {
1259 ENFORCE_PERMISSION(NETWORK_STACK);
1260 auto entry = gLog.newEntry()
1261 .prettyFunction(__PRETTY_FUNCTION__)
1262 .arg(netId)
1263 .arg(ifName)
1264 .arg(destination)
1265 .arg(nextHop)
1266 .arg(uid);
1267 bool legacy = true;
1268 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1269 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1270 (uid_t) uid);
1271 gLog.log(entry.returns(res).withAutomaticDuration());
1272 return statusFromErrcode(res);
1273}
1274
1275binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1276 const std::string& destination,
1277 const std::string& nextHop,
1278 int32_t uid) {
1279 ENFORCE_PERMISSION(NETWORK_STACK);
1280 auto entry = gLog.newEntry()
1281 .prettyFunction(__PRETTY_FUNCTION__)
1282 .arg(netId)
1283 .arg(ifName)
1284 .arg(destination)
1285 .arg(nextHop)
1286 .arg(uid);
1287 bool legacy = true;
1288 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1289 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1290 (uid_t) uid);
1291 gLog.log(entry.returns(res).withAutomaticDuration());
1292 return statusFromErrcode(res);
1293}
1294
1295binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1296 ENFORCE_PERMISSION(NETWORK_STACK);
1297 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1298 *netId = gCtls->netCtrl.getDefaultNetwork();
1299 gLog.log(entry.returns(*netId).withAutomaticDuration());
1300 return binder::Status::ok();
1301}
1302
1303binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1304 ENFORCE_PERMISSION(NETWORK_STACK);
1305 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1306 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1307 gLog.log(entry.returns(res).withAutomaticDuration());
1308 return statusFromErrcode(res);
1309}
1310
1311binder::Status NetdNativeService::networkClearDefault() {
1312 ENFORCE_PERMISSION(NETWORK_STACK);
1313 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1314 unsigned netId = NETID_UNSET;
1315 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1316 gLog.log(entry.returns(res).withAutomaticDuration());
1317 return statusFromErrcode(res);
1318}
1319
1320std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1321 return {begin(intUids), end(intUids)};
1322}
1323
1324Permission NetdNativeService::convertPermission(int32_t permission) {
1325 switch (permission) {
1326 case INetd::PERMISSION_NETWORK:
1327 return Permission::PERMISSION_NETWORK;
1328 case INetd::PERMISSION_SYSTEM:
1329 return Permission::PERMISSION_SYSTEM;
1330 default:
1331 return Permission::PERMISSION_NONE;
1332 }
1333}
1334
1335binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1336 int32_t permission) {
1337 ENFORCE_PERMISSION(NETWORK_STACK);
1338 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1339 std::vector<unsigned> netIds = {(unsigned) netId};
1340 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1341 gLog.log(entry.returns(res).withAutomaticDuration());
1342 return statusFromErrcode(res);
1343}
1344
1345binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1346 const std::vector<int32_t>& uids) {
1347 ENFORCE_PERMISSION(NETWORK_STACK);
1348 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1349 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1350 gLog.log(entry.withAutomaticDuration());
1351 return binder::Status::ok();
1352}
1353
1354binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1355 ENFORCE_PERMISSION(NETWORK_STACK);
1356 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1357 Permission permission = Permission::PERMISSION_NONE;
1358 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1359 gLog.log(entry.withAutomaticDuration());
1360 return binder::Status::ok();
1361}
1362
1363binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1364 ENFORCE_PERMISSION(NETWORK_STACK);
1365 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1366 std::vector<uid_t> uids = {(uid_t) uid};
1367 gCtls->netCtrl.allowProtect(uids);
1368 gLog.log(entry.withAutomaticDuration());
1369 return binder::Status::ok();
1370}
1371
1372binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1373 ENFORCE_PERMISSION(NETWORK_STACK);
1374 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1375 std::vector<uid_t> uids = {(uid_t) uid};
1376 gCtls->netCtrl.denyProtect(uids);
1377 gLog.log(entry.withAutomaticDuration());
1378 return binder::Status::ok();
1379}
1380
1381binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1382 ENFORCE_PERMISSION(NETWORK_STACK);
1383 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1384 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1385 gLog.log(entry.returns(*ret).withAutomaticDuration());
1386 return binder::Status::ok();
1387}
1388
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1389namespace {
1390std::string ruleToString(int32_t rule) {
1391 switch (rule) {
1392 case INetd::FIREWALL_RULE_DENY:
1393 return "DENY";
1394 case INetd::FIREWALL_RULE_ALLOW:
1395 return "ALLOW";
1396 default:
1397 return "INVALID";
1398 }
1399}
1400
1401std::string typeToString(int32_t type) {
1402 switch (type) {
1403 case INetd::FIREWALL_WHITELIST:
1404 return "WHITELIST";
1405 case INetd::FIREWALL_BLACKLIST:
1406 return "BLACKLIST";
1407 default:
1408 return "INVALID";
1409 }
1410}
1411
1412std::string chainToString(int32_t chain) {
1413 switch (chain) {
1414 case INetd::FIREWALL_CHAIN_NONE:
1415 return "NONE";
1416 case INetd::FIREWALL_CHAIN_DOZABLE:
1417 return "DOZABLE";
1418 case INetd::FIREWALL_CHAIN_STANDBY:
1419 return "STANDBY";
1420 case INetd::FIREWALL_CHAIN_POWERSAVE:
1421 return "POWERSAVE";
1422 default:
1423 return "INVALID";
1424 }
1425}
1426
1427} // namespace
1428
1429binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1430 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1431 auto entry =
1432 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1433 auto type = static_cast<FirewallType>(firewallType);
1434
1435 int res = gCtls->firewallCtrl.setFirewallType(type);
1436 gLog.log(entry.returns(res).withAutomaticDuration());
1437 return statusFromErrcode(res);
1438}
1439
1440binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1441 int32_t firewallRule) {
1442 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1443 auto entry = gLog.newEntry()
1444 .prettyFunction(__PRETTY_FUNCTION__)
1445 .args(ifName, ruleToString(firewallRule));
1446 auto rule = static_cast<FirewallRule>(firewallRule);
1447
1448 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1449 gLog.log(entry.returns(res).withAutomaticDuration());
1450 return statusFromErrcode(res);
1451}
1452
1453binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1454 int32_t firewallRule) {
1455 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1456 auto entry = gLog.newEntry()
1457 .prettyFunction(__PRETTY_FUNCTION__)
1458 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1459 auto chain = static_cast<ChildChain>(childChain);
1460 auto rule = static_cast<FirewallRule>(firewallRule);
1461
1462 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1463 gLog.log(entry.returns(res).withAutomaticDuration());
1464 return statusFromErrcode(res);
1465}
1466
1467binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1468 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1469 auto entry = gLog.newEntry()
1470 .prettyFunction(__PRETTY_FUNCTION__)
1471 .args(chainToString(childChain), enable);
1472 auto chain = static_cast<ChildChain>(childChain);
1473
1474 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1475 gLog.log(entry.returns(res).withAutomaticDuration());
1476 return statusFromErrcode(res);
1477}
1478
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1479binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1480 const std::string& extIface) {
1481 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1482 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1483
1484 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1485 gLog.log(entry.returns(res).withAutomaticDuration());
1486 return statusFromErrcode(res);
1487}
1488
1489binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1490 const std::string& extIface) {
1491 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1492 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1493
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1494 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1495 gLog.log(entry.returns(res).withAutomaticDuration());
1496 return statusFromErrcode(res);
1497}
1498
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1499} // namespace net
1500} // namespace android