Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / a450e727f492f3153dc2db06468c0c94d5760361 / . / server / NetdNativeService.cpp
blob: 7e1965b1c66133094d617ebe7a864c7a6c908141 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]25#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]26#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]27#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]29#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]30
31#include <binder/IPCThreadState.h>
32#include <binder/IServiceManager.h>
33#include "android/net/BnNetd.h"
34
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]35#include <openssl/base64.h>
36
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]37#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]38#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]39#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]43#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]44#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]46#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]47#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]48#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]51using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]52using android::net::UidRangeParcel;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]53
54namespace android {
55namespace net {
56
57namespace {
58
59const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]60const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]61const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]62const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]63
64binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]65 pid_t pid = IPCThreadState::self()->getCallingPid();
66 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]67
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]68 // If the caller is the system UID, don't check permissions.
69 // Otherwise, if the system server's binder thread pool is full, and all the threads are
70 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
71 //
72 // From a security perspective, there is currently no difference, because:
73 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
74 // and NETWORK_STACK, which the system server will always need to have.
75 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
76 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]77 return binder::Status::ok();
78 } else {
79 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
80 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
81 }
82}
83
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]84#define ENFORCE_DEBUGGABLE() { \
85 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]86 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]87 || value[0] != '1') { \
88 return binder::Status::fromExceptionCode( \
89 binder::Status::EX_SECURITY, \
90 String8("Not available in production builds.") \
91 ); \
92 } \
93}
94
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]95#define ENFORCE_PERMISSION(permission) { \
96 binder::Status status = checkPermission((permission)); \
97 if (!status.isOk()) { \
98 return status; \
99 } \
100}
101
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]102#define NETD_LOCKING_RPC(permission, lock) \
103 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]104 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]105
106#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]107
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]108#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
109 do { \
110 if (!isOk((res))) { \
111 logErrorStatus((logEntry), (res)); \
112 return asBinderStatus((res)); \
113 } \
114 } while (0)
115
116void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
117 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
118}
119
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]120binder::Status asBinderStatus(const netdutils::Status& status) {
121 if (isOk(status)) {
122 return binder::Status::ok();
123 }
124 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
125}
126
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]127inline binder::Status statusFromErrcode(int ret) {
128 if (ret) {
129 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
130 }
131 return binder::Status::ok();
132}
133
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]134bool contains(const Vector<String16>& words, const String16& word) {
135 for (const auto& w : words) {
136 if (w == word) return true;
137 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]138
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]139 return false;
140}
141
142} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]143
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]144status_t NetdNativeService::start() {
145 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]146 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]147 if (ret != android::OK) {
148 return ret;
149 }
150 sp<ProcessState> ps(ProcessState::self());
151 ps->startThreadPool();
152 ps->giveThreadPoolName();
153 return android::OK;
154}
155
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]156status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]157 const binder::Status dump_permission = checkPermission(DUMP);
158 if (!dump_permission.isOk()) {
159 const String8 msg(dump_permission.toString8());
160 write(fd, msg.string(), msg.size());
161 return PERMISSION_DENIED;
162 }
163
164 // This method does not grab any locks. If individual classes need locking
165 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]166
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]167 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]168
169 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
170 dw.blankline();
171 gCtls->tcpSocketMonitor.dump(dw);
172 dw.blankline();
173 return NO_ERROR;
174 }
175
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]176 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
177 dw.blankline();
178 gCtls->trafficCtrl.dump(dw, true);
179 dw.blankline();
180 return NO_ERROR;
181 }
182
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]183 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]184 dw.blankline();
185 gCtls->netCtrl.dump(dw);
186 dw.blankline();
187
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]188 gCtls->trafficCtrl.dump(dw, false);
189 dw.blankline();
190
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]191 {
192 ScopedIndent indentLog(dw);
193 if (contains(args, String16(OPT_SHORT))) {
194 dw.println("Log: <omitted>");
195 } else {
196 dw.println("Log:");
197 ScopedIndent indentLogEntries(dw);
198 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
199 }
200 dw.blankline();
201 }
202
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]203 return NO_ERROR;
204}
205
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]206binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]207 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]208 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]209
210 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]211
212 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]213 return binder::Status::ok();
214}
215
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]216binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]217 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
218 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]219 auto entry = gLog.newEntry()
220 .prettyFunction(__PRETTY_FUNCTION__)
221 .arg(chainName)
222 .arg(isWhitelist)
223 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]224
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]225 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]226 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]227
228 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]229 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]230}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]231
232binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
233 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]234 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]235
236 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
237 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]238 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]239 return binder::Status::ok();
240}
241
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]242binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
243 int64_t bytes) {
244 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
245 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
246
247 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
248
249 gLog.log(entry.returns(res).withAutomaticDuration());
250 return statusFromErrcode(res);
251}
252
253binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
254 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
255 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
256
257 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
258
259 gLog.log(entry.returns(res).withAutomaticDuration());
260 return statusFromErrcode(res);
261}
262
263binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
264 int64_t bytes) {
265 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
266 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
267
268 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
269
270 gLog.log(entry.returns(res).withAutomaticDuration());
271 return statusFromErrcode(res);
272}
273
274binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
275 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
276 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
277
278 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
279
280 gLog.log(entry.returns(res).withAutomaticDuration());
281 return statusFromErrcode(res);
282}
283
284binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
285 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
286 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
287
288 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
289
290 gLog.log(entry.returns(res).withAutomaticDuration());
291 return statusFromErrcode(res);
292}
293
294binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
295 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
296 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
297
298 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
299 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
300
301 gLog.log(entry.returns(res).withAutomaticDuration());
302 return statusFromErrcode(res);
303}
304
305binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
306 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
307 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
308
309 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
310 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
311
312 gLog.log(entry.returns(res).withAutomaticDuration());
313 return statusFromErrcode(res);
314}
315
316binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
317 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
318 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
319
320 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
321 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
322
323 gLog.log(entry.returns(res).withAutomaticDuration());
324 return statusFromErrcode(res);
325}
326
327binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
328 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
329 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
330
331 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
332 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
333
334 gLog.log(entry.returns(res).withAutomaticDuration());
335 return statusFromErrcode(res);
336}
337
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]338binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]339 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]340 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]341 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]342 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]343 return statusFromErrcode(ret);
344}
345
346binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
347 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
348 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
349 return statusFromErrcode(ret);
350}
351
352binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]353 ENFORCE_PERMISSION(NETWORK_STACK);
354 // Both of these functions manage their own locking internally.
355 const int ret = gCtls->netCtrl.destroyNetwork(netId);
356 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]357 return statusFromErrcode(ret);
358}
359
360binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
361 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
362 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
363 return statusFromErrcode(ret);
364}
365
366binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
367 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
368 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
369 return statusFromErrcode(ret);
370}
371
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]372namespace {
373
374std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
375 std::vector<std::string> result;
376 result.reserve(uidRangeArray.size());
377 for (const auto& uidRange : uidRangeArray) {
378 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
379 }
380
381 return base::Join(result, ", ");
382}
383
384} // namespace
385
386binder::Status NetdNativeService::networkAddUidRanges(
387 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]388 // NetworkController::addUsersToNetwork is thread-safe.
389 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]390 auto entry = gLog.newEntry()
391 .prettyFunction(__PRETTY_FUNCTION__)
392 .args(netId, uidRangeParcelVecToString(uidRangeArray));
393
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]394 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]395 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]396 return statusFromErrcode(ret);
397}
398
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]399binder::Status NetdNativeService::networkRemoveUidRanges(
400 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]401 // NetworkController::removeUsersFromNetwork is thread-safe.
402 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]403 auto entry = gLog.newEntry()
404 .prettyFunction(__PRETTY_FUNCTION__)
405 .args(netId, uidRangeParcelVecToString(uidRangeArray));
406
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]407 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]408 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]409 return statusFromErrcode(ret);
410}
411
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]412binder::Status NetdNativeService::networkRejectNonSecureVpn(
413 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]414 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
415 // it should be possible to use the same lock as NetworkController. However, every call through
416 // the CommandListener "network" command will need to hold this lock too, not just the ones that
417 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
418 // look at routes, but it's not enough here).
419 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]420 auto entry = gLog.newEntry()
421 .prettyFunction(__PRETTY_FUNCTION__)
422 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]423 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]424
425 int err;
426 if (add) {
427 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
428 } else {
429 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
430 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]431 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]432 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]433}
434
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]435binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
436 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]437 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
438
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]439 auto entry = gLog.newEntry()
440 .prettyFunction(__PRETTY_FUNCTION__)
441 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]442 SockDiag sd;
443 if (!sd.open()) {
444 return binder::Status::fromServiceSpecificError(EIO,
445 String8("Could not open SOCK_DIAG socket"));
446 }
447
448 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]449 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
450 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]451
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]452 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]453 if (err) {
454 return binder::Status::fromServiceSpecificError(-err,
455 String8::format("destroySockets: %s", strerror(-err)));
456 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]457 return binder::Status::ok();
458}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]459
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]460// Parse a base64 encoded string into a vector of bytes.
461// On failure, return an empty vector.
462static std::vector<uint8_t> parseBase64(const std::string& input) {
463 std::vector<uint8_t> decoded;
464 size_t out_len;
465 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
466 return decoded;
467 }
468 // out_len is now an upper bound on the output length.
469 decoded.resize(out_len);
470 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
471 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
472 // Possibly shrink the vector if the actual output was smaller than the bound.
473 decoded.resize(out_len);
474 } else {
475 decoded.clear();
476 }
477 if (out_len != SHA256_SIZE) {
478 decoded.clear();
479 }
480 return decoded;
481}
482
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]483binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
484 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]485 const std::vector<int32_t>& params, const std::string& tlsName,
486 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]487 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]488 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
489 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]490 auto entry = gLog.newEntry()
491 .prettyFunction(__PRETTY_FUNCTION__)
492 .arg(netId)
493 .arg(servers)
494 .arg(domains)
495 .arg(params)
496 .arg(tlsName)
497 .arg(tlsServers)
498 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]499
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]500 std::set<std::vector<uint8_t>> decoded_fingerprints;
501 for (const std::string& fingerprint : tlsFingerprints) {
502 std::vector<uint8_t> decoded = parseBase64(fingerprint);
503 if (decoded.empty()) {
504 return binder::Status::fromServiceSpecificError(EINVAL,
505 String8::format("ResolverController error: bad fingerprint"));
506 }
507 decoded_fingerprints.emplace(decoded);
508 }
509
510 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]511 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]512 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]513 if (err != 0) {
514 return binder::Status::fromServiceSpecificError(-err,
515 String8::format("ResolverController error: %s", strerror(-err)));
516 }
517 return binder::Status::ok();
518}
519
520binder::Status NetdNativeService::getResolverInfo(int32_t netId,
521 std::vector<std::string>* servers, std::vector<std::string>* domains,
522 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
523 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
524 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
525
526 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
527 if (err != 0) {
528 return binder::Status::fromServiceSpecificError(-err,
529 String8::format("ResolverController error: %s", strerror(-err)));
530 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]531 return binder::Status::ok();
532}
533
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]534binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]535 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]536
537 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
538 return binder::Status::ok();
539}
540
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]541namespace {
542
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]543void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
544 const TetherController::TetherStats& tetherStats) {
545 if (tetherStatsParcel->extIface == tetherStats.extIface) {
546 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
547 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
548 tetherStatsParcel->txBytes += tetherStats.txBytes;
549 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]550 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]551}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]552
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]553TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
554 TetherStatsParcel result;
555 result.iface = stats.extIface;
556 result.rxBytes = stats.rxBytes;
557 result.rxPackets = stats.rxPackets;
558 result.txBytes = stats.txBytes;
559 result.txPackets = stats.txPackets;
560 return result;
561}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]562
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]563void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
564 const TetherController::TetherStatsList& statsList) {
565 std::map<std::string, TetherController::TetherStats> statsMap;
566 for (const auto& stats : statsList) {
567 auto iter = statsMap.find(stats.extIface);
568 if (iter != statsMap.end()) {
569 tetherAddStatsByInterface(&(iter->second), stats);
570 } else {
571 statsMap.insert(
572 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
573 }
574 }
575 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
576 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
577 }
578}
579
580std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
581 std::vector<std::string> result;
582 for (const auto& t : *tVec) {
583 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
584 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
585 t.txPackets));
586 }
587 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]588}
589
590} // namespace
591
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]592binder::Status NetdNativeService::tetherGetStats(
593 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]594 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]595
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]596 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
597
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]598 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]599 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]600 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]601 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]602 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
603 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
604 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]605 return binder::Status::ok();
606}
607
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]608binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
609 const std::string &addrString, int prefixLength) {
610 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
611
612 const int err = InterfaceController::addAddress(
613 ifName.c_str(), addrString.c_str(), prefixLength);
614 if (err != 0) {
615 return binder::Status::fromServiceSpecificError(-err,
616 String8::format("InterfaceController error: %s", strerror(-err)));
617 }
618 return binder::Status::ok();
619}
620
621binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
622 const std::string &addrString, int prefixLength) {
623 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
624
625 const int err = InterfaceController::delAddress(
626 ifName.c_str(), addrString.c_str(), prefixLength);
627 if (err != 0) {
628 return binder::Status::fromServiceSpecificError(-err,
629 String8::format("InterfaceController error: %s", strerror(-err)));
630 }
631 return binder::Status::ok();
632}
633
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]634namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]635
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]636std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
637 int32_t category) {
638 const char* ipversionStr = nullptr;
639 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]640 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]641 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]642 break;
643 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]644 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]645 break;
646 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]647 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
648 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]649 }
650
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]651 const char* whichStr = nullptr;
652 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]653 case INetd::CONF:
654 whichStr = "conf";
655 break;
656 case INetd::NEIGH:
657 whichStr = "neigh";
658 break;
659 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]660 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
661 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]662 }
663
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]664 return {binder::Status::ok(), ipversionStr, whichStr};
665}
666
667} // namespace
668
669binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
670 const std::string& ifname,
671 const std::string& parameter, std::string* value) {
672 ENFORCE_PERMISSION(NETWORK_STACK);
673 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
674 .args(ipversion, which, ifname, parameter);
675
676 const auto pathParts = getPathComponents(ipversion, which);
677 const auto& pathStatus = std::get<0>(pathParts);
678 if (!pathStatus.isOk()) {
679 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
680 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]681 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]682
683 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
684 std::get<2>(pathParts), ifname.c_str(),
685 parameter.c_str(), value);
686 entry.returns(err);
687 if (err == 0) entry.returns(*value);
688 gLog.log(entry.withAutomaticDuration());
689 return statusFromErrcode(err);
690}
691
692binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
693 const std::string& ifname,
694 const std::string& parameter,
695 const std::string& value) {
696 ENFORCE_PERMISSION(NETWORK_STACK);
697 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
698 .args(ipversion, which, ifname, parameter, value);
699
700 const auto pathParts = getPathComponents(ipversion, which);
701 const auto& pathStatus = std::get<0>(pathParts);
702 if (!pathStatus.isOk()) {
703 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
704 return pathStatus;
705 }
706
707 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
708 std::get<2>(pathParts), ifname.c_str(),
709 parameter.c_str(), value.c_str());
710 gLog.log(entry.returns(err).withAutomaticDuration());
711 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]712}
713
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]714binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
715 // This function intentionally does not lock, since the only thing it does is one read from an
716 // atomic_int.
717 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
718 ENFORCE_DEBUGGABLE();
719
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]720 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]721 return binder::Status::ok();
722}
723
724binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
725 // This function intentionally does not lock, since the only thing it does is one write to an
726 // atomic_int.
727 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
728 ENFORCE_DEBUGGABLE();
729
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]730 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
731 ? binder::Status::ok()
732 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]733}
734
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]735binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
736 int newUid) {
737 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]738 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]739
740 uid_t callerUid = IPCThreadState::self()->getCallingUid();
741 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
742}
743
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]744binder::Status NetdNativeService::ipSecAllocateSpi(
745 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]746 const std::string& sourceAddress,
747 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]748 int32_t inSpi,
749 int32_t* outSpi) {
750 // Necessary locking done in IpSecService and kernel
751 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]752 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]753 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]754 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]755 sourceAddress,
756 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]757 inSpi,
758 outSpi));
759}
760
761binder::Status NetdNativeService::ipSecAddSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]762 int32_t transformId, int32_t mode, const std::string& sourceAddress,
763 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
764 int32_t markValue, int32_t markMask, const std::string& authAlgo,
765 const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
766 const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
767 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
768 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]769 // Necessary locking done in IpSecService and kernel
770 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]771 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]772 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]773 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
774 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]775 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
776 interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]777}
778
779binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]780 int32_t transformId, const std::string& sourceAddress,
781 const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
782 int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]783 // Necessary locking done in IpSecService and kernel
784 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]785 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]786 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]787 transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]788}
789
790binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
791 const android::base::unique_fd& socket,
792 int32_t transformId,
793 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]794 const std::string& sourceAddress,
795 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]796 int32_t spi) {
797 // Necessary locking done in IpSecService and kernel
798 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]799 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]800 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]801 socket,
802 transformId,
803 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]804 sourceAddress,
805 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]806 spi));
807}
808
809binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
810 const android::base::unique_fd& socket) {
811 // Necessary locking done in IpSecService and kernel
812 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]813 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]814 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]815 socket));
816}
817
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]818binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
819 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]820 const std::string& tmplSrcAddress,
821 const std::string& tmplDstAddress,
822 int32_t spi, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]823 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]824 // Necessary locking done in IpSecService and kernel
825 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]826 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]827 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]828 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]829 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]830}
831
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]832binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
833 int32_t transformId, int32_t selAddrFamily, int32_t direction,
834 const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
835 int32_t markValue, int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]836 // Necessary locking done in IpSecService and kernel
837 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]838 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]839 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]840 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]841 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]842}
843
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]844binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
845 int32_t selAddrFamily,
846 int32_t direction, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]847 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]848 // Necessary locking done in IpSecService and kernel
849 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]850 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]851 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]852 transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]853}
854
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]855binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
856 const std::string& localAddress,
857 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]858 int32_t iKey, int32_t oKey,
859 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]860 // Necessary locking done in IpSecService and kernel
861 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]862 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]863
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]864 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]865 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]866 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
867
868 gLog.log(entry.returns(result).withAutomaticDuration());
869 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]870}
871
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]872binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
873 const std::string& localAddress,
874 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]875 int32_t iKey, int32_t oKey,
876 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]877 // Necessary locking done in IpSecService and kernel
878 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]879 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]880
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]881 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame^]882 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]883 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
884
885 gLog.log(entry.returns(result).withAutomaticDuration());
886 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]887}
888
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]889binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]890 // Necessary locking done in IpSecService and kernel
891 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]892 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]893
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]894 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
895 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
896
897 gLog.log(entry.returns(result).withAutomaticDuration());
898 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]899}
900
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]901binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
902 int32_t mode) {
903 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]904 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]905}
906
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]907binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
908 const std::string& prefix, int32_t mark,
909 int32_t mask) {
910 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]911 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]912}
913
914binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
915 const std::string& prefix, int32_t mark,
916 int32_t mask) {
917 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]918 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]919}
920
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]921binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
922 ENFORCE_PERMISSION(NETWORK_STACK);
923 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
924 return binder::Status::ok();
925}
926
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]927binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
928 const std::string& classLabel) {
929 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
930 auto entry = gLog.newEntry()
931 .prettyFunction(__PRETTY_FUNCTION__)
932 .arg(ifName)
933 .arg(timeout)
934 .arg(classLabel);
935 int res =
936 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
937 gLog.log(entry.returns(res).withAutomaticDuration());
938 return statusFromErrcode(res);
939}
940
941binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
942 int32_t timeout,
943 const std::string& classLabel) {
944 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
945 auto entry = gLog.newEntry()
946 .prettyFunction(__PRETTY_FUNCTION__)
947 .arg(ifName)
948 .arg(timeout)
949 .arg(classLabel);
950 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
951 classLabel.c_str());
952 gLog.log(entry.returns(res).withAutomaticDuration());
953 return statusFromErrcode(res);
954}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]955
956binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
957 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
958 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
959 StrictPenalty penalty;
960 switch (policyPenalty) {
961 case INetd::PENALTY_POLICY_REJECT:
962 penalty = REJECT;
963 break;
964 case INetd::PENALTY_POLICY_LOG:
965 penalty = LOG;
966 break;
967 case INetd::PENALTY_POLICY_ACCEPT:
968 penalty = ACCEPT;
969 break;
970 default:
971 return statusFromErrcode(-EINVAL);
972 break;
973 }
974 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
975 gLog.log(entry.returns(res).withAutomaticDuration());
976 return statusFromErrcode(res);
977}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]978
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]979binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
980 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
981 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
982 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
983 gLog.log(entry.returns(res).withAutomaticDuration());
984 return statusFromErrcode(res);
985}
986
987binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
988 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
989 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
990 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
991 gLog.log(entry.returns(res).withAutomaticDuration());
992 return statusFromErrcode(res);
993}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]994
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]995binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
996 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
997 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
998 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
999 gLog.log(entry.returns(*status).withAutomaticDuration());
1000 return binder::Status::ok();
1001}
1002
1003binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1004 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1005 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1006 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1007 gLog.log(entry.returns(res).withAutomaticDuration());
1008 return statusFromErrcode(res);
1009}
1010
1011binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1012 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1013 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1014 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1015 gLog.log(entry.returns(res).withAutomaticDuration());
1016 return statusFromErrcode(res);
1017}
1018
1019binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1020 const std::string& toIface) {
1021 ENFORCE_PERMISSION(NETWORK_STACK);
1022 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1023 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1024 gLog.log(entry.returns(res).withAutomaticDuration());
1025 return statusFromErrcode(res);
1026}
1027
1028binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1029 const std::string& toIface) {
1030 ENFORCE_PERMISSION(NETWORK_STACK);
1031 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1032 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1033 gLog.log(entry.returns(res).withAutomaticDuration());
1034 return statusFromErrcode(res);
1035}
1036
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1037namespace {
1038std::string addSquareBrackets(const std::string& s) {
1039 return "[" + s + "]";
1040}
1041
1042std::string addCurlyBrackets(const std::string& s) {
1043 return "{" + s + "}";
1044}
1045
1046} // namespace
1047binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1048 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1049 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1050
1051 const auto& ifaceList = InterfaceController::getIfaceNames();
1052 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1053
1054 interfaceListResult->clear();
1055 interfaceListResult->reserve(ifaceList.value().size());
1056 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1057 end(ifaceList.value()));
1058
1059 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1060 .withAutomaticDuration());
1061 return binder::Status::ok();
1062}
1063
1064std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1065 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1066 std::to_string(cfg.prefixLength)};
1067 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1068 return addCurlyBrackets(base::Join(result, ", "));
1069}
1070
1071binder::Status NetdNativeService::interfaceGetCfg(
1072 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1073 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1074 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1075
1076 const auto& cfgRes = InterfaceController::getCfg(ifName);
1077 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1078
1079 *interfaceGetCfgResult = cfgRes.value();
1080 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1081 .withAutomaticDuration());
1082 return binder::Status::ok();
1083}
1084
1085binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1086 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1087 auto entry = gLog.newEntry()
1088 .prettyFunction(__PRETTY_FUNCTION__)
1089 .arg(interfaceConfigurationParcelToString(cfg));
1090
1091 const auto& res = InterfaceController::setCfg(cfg);
1092 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1093
1094 gLog.log(entry.withAutomaticDuration());
1095 return binder::Status::ok();
1096}
1097
1098binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1099 bool enable) {
1100 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1101 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1102 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1103 gLog.log(entry.returns(res).withAutomaticDuration());
1104 return statusFromErrcode(res);
1105}
1106
1107binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1108 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1109 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1110 int res = InterfaceController::clearAddrs(ifName.c_str());
1111 gLog.log(entry.returns(res).withAutomaticDuration());
1112 return statusFromErrcode(res);
1113}
1114
1115binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1116 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1117 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1118 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1119 gLog.log(entry.returns(res).withAutomaticDuration());
1120 return statusFromErrcode(res);
1121}
1122
1123binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1124 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1125 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1126 std::string mtu = std::to_string(mtuValue);
1127 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1128 gLog.log(entry.returns(res).withAutomaticDuration());
1129 return statusFromErrcode(res);
1130}
1131
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1132binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1133 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1134 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1135 if (dhcpRanges.size() % 2 == 1) {
1136 return statusFromErrcode(-EINVAL);
1137 }
1138 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1139 gLog.log(entry.returns(res).withAutomaticDuration());
1140 return statusFromErrcode(res);
1141}
1142
1143binder::Status NetdNativeService::tetherStop() {
1144 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1145 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1146 int res = gCtls->tetherCtrl.stopTethering();
1147 gLog.log(entry.returns(res).withAutomaticDuration());
1148 return statusFromErrcode(res);
1149}
1150
1151binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1152 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1153 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1154 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1155 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1156 return binder::Status::ok();
1157}
1158
1159binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1160 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1161 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1162 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1163 gLog.log(entry.returns(res).withAutomaticDuration());
1164 return statusFromErrcode(res);
1165}
1166
1167binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1168 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1169 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1170 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1171 gLog.log(entry.returns(res).withAutomaticDuration());
1172 return statusFromErrcode(res);
1173}
1174
1175binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1176 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1177 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1178 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1179 ifList->push_back(ifname);
1180 }
1181 gLog.log(entry.returns(true).withAutomaticDuration());
1182 return binder::Status::ok();
1183}
1184
1185binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1186 const std::vector<std::string>& dnsAddrs) {
1187 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1188 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1189 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1190 gLog.log(entry.returns(res).withAutomaticDuration());
1191 return statusFromErrcode(res);
1192}
1193
1194binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1195 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1196 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1197 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1198 dnsList->push_back(fwdr);
1199 }
1200 gLog.log(entry.returns(true).withAutomaticDuration());
1201 return binder::Status::ok();
1202}
1203
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1204binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1205 const std::string& destination,
1206 const std::string& nextHop) {
1207 // Public methods of NetworkController are thread-safe.
1208 ENFORCE_PERMISSION(NETWORK_STACK);
1209 auto entry = gLog.newEntry()
1210 .prettyFunction(__PRETTY_FUNCTION__)
1211 .arg(netId)
1212 .arg(ifName)
1213 .arg(destination)
1214 .arg(nextHop);
1215 bool legacy = false;
1216 uid_t uid = 0; // UID is only meaningful for legacy routes.
1217 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1218 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1219 gLog.log(entry.returns(res).withAutomaticDuration());
1220 return statusFromErrcode(res);
1221}
1222
1223binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1224 const std::string& destination,
1225 const std::string& nextHop) {
1226 ENFORCE_PERMISSION(NETWORK_STACK);
1227 auto entry = gLog.newEntry()
1228 .prettyFunction(__PRETTY_FUNCTION__)
1229 .arg(netId)
1230 .arg(ifName)
1231 .arg(destination)
1232 .arg(nextHop);
1233 bool legacy = false;
1234 uid_t uid = 0; // UID is only meaningful for legacy routes.
1235 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1236 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1237 gLog.log(entry.returns(res).withAutomaticDuration());
1238 return statusFromErrcode(res);
1239}
1240
1241binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1242 const std::string& destination,
1243 const std::string& nextHop, int32_t uid) {
1244 ENFORCE_PERMISSION(NETWORK_STACK);
1245 auto entry = gLog.newEntry()
1246 .prettyFunction(__PRETTY_FUNCTION__)
1247 .arg(netId)
1248 .arg(ifName)
1249 .arg(destination)
1250 .arg(nextHop)
1251 .arg(uid);
1252 bool legacy = true;
1253 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1254 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1255 (uid_t) uid);
1256 gLog.log(entry.returns(res).withAutomaticDuration());
1257 return statusFromErrcode(res);
1258}
1259
1260binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1261 const std::string& destination,
1262 const std::string& nextHop,
1263 int32_t uid) {
1264 ENFORCE_PERMISSION(NETWORK_STACK);
1265 auto entry = gLog.newEntry()
1266 .prettyFunction(__PRETTY_FUNCTION__)
1267 .arg(netId)
1268 .arg(ifName)
1269 .arg(destination)
1270 .arg(nextHop)
1271 .arg(uid);
1272 bool legacy = true;
1273 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1274 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1275 (uid_t) uid);
1276 gLog.log(entry.returns(res).withAutomaticDuration());
1277 return statusFromErrcode(res);
1278}
1279
1280binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1281 ENFORCE_PERMISSION(NETWORK_STACK);
1282 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1283 *netId = gCtls->netCtrl.getDefaultNetwork();
1284 gLog.log(entry.returns(*netId).withAutomaticDuration());
1285 return binder::Status::ok();
1286}
1287
1288binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1289 ENFORCE_PERMISSION(NETWORK_STACK);
1290 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1291 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1292 gLog.log(entry.returns(res).withAutomaticDuration());
1293 return statusFromErrcode(res);
1294}
1295
1296binder::Status NetdNativeService::networkClearDefault() {
1297 ENFORCE_PERMISSION(NETWORK_STACK);
1298 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1299 unsigned netId = NETID_UNSET;
1300 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1301 gLog.log(entry.returns(res).withAutomaticDuration());
1302 return statusFromErrcode(res);
1303}
1304
1305std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1306 return {begin(intUids), end(intUids)};
1307}
1308
1309Permission NetdNativeService::convertPermission(int32_t permission) {
1310 switch (permission) {
1311 case INetd::PERMISSION_NETWORK:
1312 return Permission::PERMISSION_NETWORK;
1313 case INetd::PERMISSION_SYSTEM:
1314 return Permission::PERMISSION_SYSTEM;
1315 default:
1316 return Permission::PERMISSION_NONE;
1317 }
1318}
1319
1320binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1321 int32_t permission) {
1322 ENFORCE_PERMISSION(NETWORK_STACK);
1323 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1324 std::vector<unsigned> netIds = {(unsigned) netId};
1325 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1326 gLog.log(entry.returns(res).withAutomaticDuration());
1327 return statusFromErrcode(res);
1328}
1329
1330binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1331 const std::vector<int32_t>& uids) {
1332 ENFORCE_PERMISSION(NETWORK_STACK);
1333 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1334 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1335 gLog.log(entry.withAutomaticDuration());
1336 return binder::Status::ok();
1337}
1338
1339binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1340 ENFORCE_PERMISSION(NETWORK_STACK);
1341 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1342 Permission permission = Permission::PERMISSION_NONE;
1343 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1344 gLog.log(entry.withAutomaticDuration());
1345 return binder::Status::ok();
1346}
1347
1348binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1349 ENFORCE_PERMISSION(NETWORK_STACK);
1350 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1351 std::vector<uid_t> uids = {(uid_t) uid};
1352 gCtls->netCtrl.allowProtect(uids);
1353 gLog.log(entry.withAutomaticDuration());
1354 return binder::Status::ok();
1355}
1356
1357binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1358 ENFORCE_PERMISSION(NETWORK_STACK);
1359 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1360 std::vector<uid_t> uids = {(uid_t) uid};
1361 gCtls->netCtrl.denyProtect(uids);
1362 gLog.log(entry.withAutomaticDuration());
1363 return binder::Status::ok();
1364}
1365
1366binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1367 ENFORCE_PERMISSION(NETWORK_STACK);
1368 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1369 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1370 gLog.log(entry.returns(*ret).withAutomaticDuration());
1371 return binder::Status::ok();
1372}
1373
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1374namespace {
1375std::string ruleToString(int32_t rule) {
1376 switch (rule) {
1377 case INetd::FIREWALL_RULE_DENY:
1378 return "DENY";
1379 case INetd::FIREWALL_RULE_ALLOW:
1380 return "ALLOW";
1381 default:
1382 return "INVALID";
1383 }
1384}
1385
1386std::string typeToString(int32_t type) {
1387 switch (type) {
1388 case INetd::FIREWALL_WHITELIST:
1389 return "WHITELIST";
1390 case INetd::FIREWALL_BLACKLIST:
1391 return "BLACKLIST";
1392 default:
1393 return "INVALID";
1394 }
1395}
1396
1397std::string chainToString(int32_t chain) {
1398 switch (chain) {
1399 case INetd::FIREWALL_CHAIN_NONE:
1400 return "NONE";
1401 case INetd::FIREWALL_CHAIN_DOZABLE:
1402 return "DOZABLE";
1403 case INetd::FIREWALL_CHAIN_STANDBY:
1404 return "STANDBY";
1405 case INetd::FIREWALL_CHAIN_POWERSAVE:
1406 return "POWERSAVE";
1407 default:
1408 return "INVALID";
1409 }
1410}
1411
1412} // namespace
1413
1414binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1415 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1416 auto entry =
1417 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1418 auto type = static_cast<FirewallType>(firewallType);
1419
1420 int res = gCtls->firewallCtrl.setFirewallType(type);
1421 gLog.log(entry.returns(res).withAutomaticDuration());
1422 return statusFromErrcode(res);
1423}
1424
1425binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1426 int32_t firewallRule) {
1427 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1428 auto entry = gLog.newEntry()
1429 .prettyFunction(__PRETTY_FUNCTION__)
1430 .args(ifName, ruleToString(firewallRule));
1431 auto rule = static_cast<FirewallRule>(firewallRule);
1432
1433 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1434 gLog.log(entry.returns(res).withAutomaticDuration());
1435 return statusFromErrcode(res);
1436}
1437
1438binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1439 int32_t firewallRule) {
1440 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1441 auto entry = gLog.newEntry()
1442 .prettyFunction(__PRETTY_FUNCTION__)
1443 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1444 auto chain = static_cast<ChildChain>(childChain);
1445 auto rule = static_cast<FirewallRule>(firewallRule);
1446
1447 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1448 gLog.log(entry.returns(res).withAutomaticDuration());
1449 return statusFromErrcode(res);
1450}
1451
1452binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1453 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1454 auto entry = gLog.newEntry()
1455 .prettyFunction(__PRETTY_FUNCTION__)
1456 .args(chainToString(childChain), enable);
1457 auto chain = static_cast<ChildChain>(childChain);
1458
1459 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1460 gLog.log(entry.returns(res).withAutomaticDuration());
1461 return statusFromErrcode(res);
1462}
1463
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1464binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1465 const std::string& extIface) {
1466 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1467 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1468
1469 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1470 gLog.log(entry.returns(res).withAutomaticDuration());
1471 return statusFromErrcode(res);
1472}
1473
1474binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1475 const std::string& extIface) {
1476 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1477 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1478
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1479 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1480 gLog.log(entry.returns(res).withAutomaticDuration());
1481 return statusFromErrcode(res);
1482}
1483
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1484} // namespace net
1485} // namespace android