Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 4e19cb8648df44b1642fbe13890e1f76fc938588 / . / server / NetdNativeService.cpp
blob: 70aad7159065720070d624aa58b1bd181c8f0826 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]19#include <set>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]20#include <vector>
21
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]22#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]23#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]24#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]25#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]26#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]27#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28
29#include <binder/IPCThreadState.h>
30#include <binder/IServiceManager.h>
31#include "android/net/BnNetd.h"
32
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]33#include <openssl/base64.h>
34
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]35#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]36#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]37#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]38#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]39#include "NetdConstants.h"
40#include "NetdNativeService.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]41#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]42#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]43#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]44#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]45
46using android::base::StringPrintf;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]47using android::os::PersistableBundle;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]48
49namespace android {
50namespace net {
51
52namespace {
53
54const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]55const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]56const char DUMP[] = "android.permission.DUMP";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]57
58binder::Status checkPermission(const char *permission) {
59 pid_t pid;
60 uid_t uid;
61
62 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
63 return binder::Status::ok();
64 } else {
65 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
66 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
67 }
68}
69
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]70#define ENFORCE_DEBUGGABLE() { \
71 char value[PROPERTY_VALUE_MAX + 1]; \
72 if (property_get("ro.debuggable", value, NULL) != 1 \
73 || value[0] != '1') { \
74 return binder::Status::fromExceptionCode( \
75 binder::Status::EX_SECURITY, \
76 String8("Not available in production builds.") \
77 ); \
78 } \
79}
80
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]81#define ENFORCE_PERMISSION(permission) { \
82 binder::Status status = checkPermission((permission)); \
83 if (!status.isOk()) { \
84 return status; \
85 } \
86}
87
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]88#define NETD_LOCKING_RPC(permission, lock) \
89 ENFORCE_PERMISSION(permission); \
90 android::RWLock::AutoWLock _lock(lock);
91
92#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]93
94inline binder::Status statusFromErrcode(int ret) {
95 if (ret) {
96 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
97 }
98 return binder::Status::ok();
99}
100
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]101} // namespace
102
103
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]104status_t NetdNativeService::start() {
105 IPCThreadState::self()->disableBackgroundScheduling(true);
106 status_t ret = BinderService<NetdNativeService>::publish();
107 if (ret != android::OK) {
108 return ret;
109 }
110 sp<ProcessState> ps(ProcessState::self());
111 ps->startThreadPool();
112 ps->giveThreadPoolName();
113 return android::OK;
114}
115
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]116status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]117 const binder::Status dump_permission = checkPermission(DUMP);
118 if (!dump_permission.isOk()) {
119 const String8 msg(dump_permission.toString8());
120 write(fd, msg.string(), msg.size());
121 return PERMISSION_DENIED;
122 }
123
124 // This method does not grab any locks. If individual classes need locking
125 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]126
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]127 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]128
129 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
130 dw.blankline();
131 gCtls->tcpSocketMonitor.dump(dw);
132 dw.blankline();
133 return NO_ERROR;
134 }
135
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]136 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
137 dw.blankline();
138 gCtls->trafficCtrl.dump(dw, true);
139 dw.blankline();
140 return NO_ERROR;
141 }
142
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]143 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]144 dw.blankline();
145 gCtls->netCtrl.dump(dw);
146 dw.blankline();
147
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]148 gCtls->trafficCtrl.dump(dw, false);
149 dw.blankline();
150
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]151 return NO_ERROR;
152}
153
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]154binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]155 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]156
157 *alive = true;
158 return binder::Status::ok();
159}
160
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]161binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]162 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
163 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
164
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]165 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]166 *ret = (err == 0);
167 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]168}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]169
170binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
171 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
172
173 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
174 *ret = (err == 0);
175 return binder::Status::ok();
176}
177
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]178binder::Status NetdNativeService::networkCreatePhysical(int32_t netId,
179 const std::string& permission) {
180 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
181 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, stringToPermission(permission.c_str()));
182 return statusFromErrcode(ret);
183}
184
185binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
186 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
187 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
188 return statusFromErrcode(ret);
189}
190
191binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]192 ENFORCE_PERMISSION(NETWORK_STACK);
193 // Both of these functions manage their own locking internally.
194 const int ret = gCtls->netCtrl.destroyNetwork(netId);
195 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]196 return statusFromErrcode(ret);
197}
198
199binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
200 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
201 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
202 return statusFromErrcode(ret);
203}
204
205binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
206 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
207 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
208 return statusFromErrcode(ret);
209}
210
211binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,
212 const std::vector<UidRange>& uidRangeArray) {
213 // NetworkController::addUsersToNetwork is thread-safe.
214 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
215 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
216 return statusFromErrcode(ret);
217}
218
219binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,
220 const std::vector<UidRange>& uidRangeArray) {
221 // NetworkController::removeUsersFromNetwork is thread-safe.
222 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
223 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
224 return statusFromErrcode(ret);
225}
226
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]227binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
228 const std::vector<UidRange>& uidRangeArray) {
229 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
230 // it should be possible to use the same lock as NetworkController. However, every call through
231 // the CommandListener "network" command will need to hold this lock too, not just the ones that
232 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
233 // look at routes, but it's not enough here).
234 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
235
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]236 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]237
238 int err;
239 if (add) {
240 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
241 } else {
242 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
243 }
244
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]245 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]246}
247
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]248binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
249 const std::vector<int32_t>& skipUids) {
250
251 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
252
253 SockDiag sd;
254 if (!sd.open()) {
255 return binder::Status::fromServiceSpecificError(EIO,
256 String8("Could not open SOCK_DIAG socket"));
257 }
258
259 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]260 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
261 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]262
263 if (err) {
264 return binder::Status::fromServiceSpecificError(-err,
265 String8::format("destroySockets: %s", strerror(-err)));
266 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]267 return binder::Status::ok();
268}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]269
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]270// Parse a base64 encoded string into a vector of bytes.
271// On failure, return an empty vector.
272static std::vector<uint8_t> parseBase64(const std::string& input) {
273 std::vector<uint8_t> decoded;
274 size_t out_len;
275 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
276 return decoded;
277 }
278 // out_len is now an upper bound on the output length.
279 decoded.resize(out_len);
280 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
281 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
282 // Possibly shrink the vector if the actual output was smaller than the bound.
283 decoded.resize(out_len);
284 } else {
285 decoded.clear();
286 }
287 if (out_len != SHA256_SIZE) {
288 decoded.clear();
289 }
290 return decoded;
291}
292
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]293binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
294 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]295 const std::vector<int32_t>& params, const std::string& tlsName,
296 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]297 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]298 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
299 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
300
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]301 std::set<std::vector<uint8_t>> decoded_fingerprints;
302 for (const std::string& fingerprint : tlsFingerprints) {
303 std::vector<uint8_t> decoded = parseBase64(fingerprint);
304 if (decoded.empty()) {
305 return binder::Status::fromServiceSpecificError(EINVAL,
306 String8::format("ResolverController error: bad fingerprint"));
307 }
308 decoded_fingerprints.emplace(decoded);
309 }
310
311 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]312 tlsName, tlsServers, decoded_fingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]313 if (err != 0) {
314 return binder::Status::fromServiceSpecificError(-err,
315 String8::format("ResolverController error: %s", strerror(-err)));
316 }
317 return binder::Status::ok();
318}
319
320binder::Status NetdNativeService::getResolverInfo(int32_t netId,
321 std::vector<std::string>* servers, std::vector<std::string>* domains,
322 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
323 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
324 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
325
326 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
327 if (err != 0) {
328 return binder::Status::fromServiceSpecificError(-err,
329 String8::format("ResolverController error: %s", strerror(-err)));
330 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]331 return binder::Status::ok();
332}
333
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]334binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]335 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]336
337 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
338 return binder::Status::ok();
339}
340
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]341namespace {
342
343void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
344 String16 iface = String16(stats.extIface.c_str());
345 std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
346
347 bundle->getLongVector(iface, &statsVector);
348 if (statsVector.size() == 0) {
349 for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
350 }
351
Lorenzo Colitti9a65ac62017-09-04 18:07:56 +0900[diff] [blame]352 statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
353 statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
354 statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
355 statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]356
357 bundle->putLongVector(iface, statsVector);
358}
359
360} // namespace
361
362binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
363 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
364
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]365 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]366 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]367 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]368 }
369
370 for (const auto& stats : statsList.value()) {
371 tetherAddStats(bundle, stats);
372 }
373
374 return binder::Status::ok();
375}
376
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]377binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
378 const std::string &addrString, int prefixLength) {
379 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
380
381 const int err = InterfaceController::addAddress(
382 ifName.c_str(), addrString.c_str(), prefixLength);
383 if (err != 0) {
384 return binder::Status::fromServiceSpecificError(-err,
385 String8::format("InterfaceController error: %s", strerror(-err)));
386 }
387 return binder::Status::ok();
388}
389
390binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
391 const std::string &addrString, int prefixLength) {
392 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
393
394 const int err = InterfaceController::delAddress(
395 ifName.c_str(), addrString.c_str(), prefixLength);
396 if (err != 0) {
397 return binder::Status::fromServiceSpecificError(-err,
398 String8::format("InterfaceController error: %s", strerror(-err)));
399 }
400 return binder::Status::ok();
401}
402
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]403binder::Status NetdNativeService::setProcSysNet(
404 int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
405 const std::string &value) {
406 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
407
408 const char *familyStr;
409 switch (family) {
410 case INetd::IPV4:
411 familyStr = "ipv4";
412 break;
413 case INetd::IPV6:
414 familyStr = "ipv6";
415 break;
416 default:
417 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
418 }
419
420 const char *whichStr;
421 switch (which) {
422 case INetd::CONF:
423 whichStr = "conf";
424 break;
425 case INetd::NEIGH:
426 whichStr = "neigh";
427 break;
428 default:
429 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
430 }
431
432 const int err = InterfaceController::setParameter(
433 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
434 value.c_str());
435 if (err != 0) {
436 return binder::Status::fromServiceSpecificError(-err,
437 String8::format("ResolverController error: %s", strerror(-err)));
438 }
439 return binder::Status::ok();
440}
441
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]442binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
443 // This function intentionally does not lock, since the only thing it does is one read from an
444 // atomic_int.
445 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
446 ENFORCE_DEBUGGABLE();
447
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]448 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]449 return binder::Status::ok();
450}
451
452binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
453 // This function intentionally does not lock, since the only thing it does is one write to an
454 // atomic_int.
455 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
456 ENFORCE_DEBUGGABLE();
457
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]458 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
459 ? binder::Status::ok()
460 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]461}
462
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]463binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
464 int newUid) {
465 ENFORCE_PERMISSION(NETWORK_STACK)
466 ALOGD("ipSecSetEncapSocketOwner()");
467
468 uid_t callerUid = IPCThreadState::self()->getCallingUid();
469 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
470}
471
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]472binder::Status NetdNativeService::ipSecAllocateSpi(
473 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]474 const std::string& sourceAddress,
475 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]476 int32_t inSpi,
477 int32_t* outSpi) {
478 // Necessary locking done in IpSecService and kernel
479 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
480 ALOGD("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]481 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]482 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]483 sourceAddress,
484 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]485 inSpi,
486 outSpi));
487}
488
489binder::Status NetdNativeService::ipSecAddSecurityAssociation(
490 int32_t transformId,
491 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]492 const std::string& sourceAddress,
493 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]494 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]495 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]496 int32_t markValue,
497 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]498 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
499 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]500 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]501 int32_t encapType,
502 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]503 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]504 // Necessary locking done in IpSecService and kernel
505 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
506 ALOGD("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]507 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]508 transformId, mode, sourceAddress, destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]509 underlyingNetId,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]510 spi, markValue, markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]511 authAlgo, authKey, authTruncBits,
512 cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]513 aeadAlgo, aeadKey, aeadIcvBits,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]514 encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]515}
516
517binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
518 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]519 const std::string& sourceAddress,
520 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]521 int32_t spi,
522 int32_t markValue,
523 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]524 // Necessary locking done in IpSecService and kernel
525 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
526 ALOGD("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]527 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]528 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]529 sourceAddress,
530 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]531 spi,
532 markValue,
533 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]534}
535
536binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
537 const android::base::unique_fd& socket,
538 int32_t transformId,
539 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]540 const std::string& sourceAddress,
541 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]542 int32_t spi) {
543 // Necessary locking done in IpSecService and kernel
544 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
545 ALOGD("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]546 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]547 socket,
548 transformId,
549 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]550 sourceAddress,
551 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]552 spi));
553}
554
555binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
556 const android::base::unique_fd& socket) {
557 // Necessary locking done in IpSecService and kernel
558 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
559 ALOGD("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]560 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]561 socket));
562}
563
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]564binder::Status NetdNativeService::ipSecAddSecurityPolicy(
565 int32_t transformId,
566 int32_t direction,
567 const std::string& sourceAddress,
568 const std::string& destinationAddress,
569 int32_t spi,
570 int32_t markValue,
571 int32_t markMask){
572 // Necessary locking done in IpSecService and kernel
573 ENFORCE_PERMISSION(NETWORK_STACK);
574 ALOGD("ipSecAddSecurityPolicy()");
575 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
576 transformId,
577 direction,
578 sourceAddress,
579 destinationAddress,
580 spi,
581 markValue,
582 markMask));
583}
584
585binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
586 int32_t transformId,
587 int32_t direction,
588 const std::string& sourceAddress,
589 const std::string& destinationAddress,
590 int32_t spi,
591 int32_t markValue,
592 int32_t markMask){
593 // Necessary locking done in IpSecService and kernel
594 ENFORCE_PERMISSION(NETWORK_STACK);
595 ALOGD("ipSecAddSecurityPolicy()");
596 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
597 transformId,
598 direction,
599 sourceAddress,
600 destinationAddress,
601 spi,
602 markValue,
603 markMask));
604}
605
606binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(
607 int32_t transformId,
608 int32_t direction,
609 const std::string& sourceAddress,
610 const std::string& destinationAddress,
611 int32_t markValue,
612 int32_t markMask){
613 // Necessary locking done in IpSecService and kernel
614 ENFORCE_PERMISSION(NETWORK_STACK);
615 ALOGD("ipSecAddSecurityPolicy()");
616 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
617 transformId,
618 direction,
619 sourceAddress,
620 destinationAddress,
621 markValue,
622 markMask));
623}
624
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]625binder::Status NetdNativeService::addVirtualTunnelInterface(
626 const std::string& deviceName,
627 const std::string& localAddress,
628 const std::string& remoteAddress,
629 int32_t iKey,
630 int32_t oKey) {
631 // Necessary locking done in IpSecService and kernel
632 ENFORCE_PERMISSION(NETWORK_STACK);
633 ALOGD("addVirtualTunnelInterface()");
634 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
635 deviceName,
636 localAddress,
637 remoteAddress,
638 iKey,
639 oKey,
640 false);
641
642 return (ret == 0) ? binder::Status::ok() :
643 asBinderStatus(netdutils::statusFromErrno(
644 ret, "Error in creating virtual tunnel interface."));
645}
646
647binder::Status NetdNativeService::updateVirtualTunnelInterface(
648 const std::string& deviceName,
649 const std::string& localAddress,
650 const std::string& remoteAddress,
651 int32_t iKey,
652 int32_t oKey) {
653 // Necessary locking done in IpSecService and kernel
654 ENFORCE_PERMISSION(NETWORK_STACK);
655 ALOGD("updateVirtualTunnelInterface()");
656 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
657 deviceName,
658 localAddress,
659 remoteAddress,
660 iKey,
661 oKey,
662 true);
663
664 return (ret == 0) ? binder::Status::ok() :
665 asBinderStatus(netdutils::statusFromErrno(
666 ret, "Error in updating virtual tunnel interface."));
667}
668
669binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
670 // Necessary locking done in IpSecService and kernel
671 ENFORCE_PERMISSION(NETWORK_STACK);
672 ALOGD("removeVirtualTunnelInterface()");
673 int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
674
675 return (ret == 0) ? binder::Status::ok() :
676 asBinderStatus(netdutils::statusFromErrno(
677 ret, "Error in removing virtual tunnel interface."));
678}
679
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]680binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
681 int32_t mode) {
682 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]683 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]684}
685
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]686binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
687 const std::string& prefix, int32_t mark,
688 int32_t mask) {
689 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]690 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]691}
692
693binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
694 const std::string& prefix, int32_t mark,
695 int32_t mask) {
696 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]697 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]698}
699
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]700binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
701 ENFORCE_PERMISSION(NETWORK_STACK);
702 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
703 return binder::Status::ok();
704}
705
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]706} // namespace net
707} // namespace android