Blame - server/NetdNativeService.cpp - platform/system/netd

2016-02-02 17:19:04 +0900

[diff] [blame]

/**

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

17

#define LOG_TAG "Netd"

18

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

19

#include <cinttypes>

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

20

#include <set>

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

21

#include <tuple>

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

22

#include <vector>

23

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

24

#include <android-base/stringprintf.h>

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

25

#include <android-base/strings.h>

Robin Lee

2016-09-13 18:55:42 +0900

[diff] [blame]

26

#include <cutils/properties.h>

Logan Chien

3f46148

2018-04-23 14:31:32 +0800

[diff] [blame]

27

#include <log/log.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

28

#include <utils/Errors.h>

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

29

#include <utils/String16.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

30

31

#include <binder/IPCThreadState.h>

32

#include <binder/IServiceManager.h>

33

#include "android/net/BnNetd.h"

34

Ben Schwartz

e760181

2017-04-28 16:38:29 -0400

[diff] [blame]

35

#include <openssl/base64.h>

36

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

37

#include "Controllers.h"

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

38

#include "DumpWriter.h"

Michal Karpinski

d544011

2016-10-06 16:56:04 +0100

[diff] [blame]

39

#include "EventReporter.h"

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

40

#include "InterfaceController.h"

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

41

#include "NetdConstants.h"

42

#include "NetdNativeService.h"

Erik Kline

8589004

2018-05-25 19:19:11 +0900

[diff] [blame]

43

#include "Process.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

44

#include "RouteController.h"

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

45

#include "SockDiag.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

46

#include "UidRanges.h"

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

47

48

using android::base::StringPrintf;

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

49

using android::net::TetherStatsParcel;

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

namespace android {

namespace net {

namespace {

const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";

Joel Scherpelz

2017-05-22 13:11:54 +0900

[diff] [blame]

57

const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

58

const char DUMP[] = "android.permission.DUMP";

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

59

const char OPT_SHORT[] = "--short";

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

60

61

binder::Status checkPermission(const char *permission) {

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

62

pid_t pid = IPCThreadState::self()->getCallingPid();

63

uid_t uid = IPCThreadState::self()->getCallingUid();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

64

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

65

// If the caller is the system UID, don't check permissions.

66

// Otherwise, if the system server's binder thread pool is full, and all the threads are

67

// blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492

68

//

69

// From a security perspective, there is currently no difference, because:

70

// 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL

71

// and NETWORK_STACK, which the system server will always need to have.

72

// 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.

73

if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

74

return binder::Status::ok();

75

} else {

76

auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);

77

return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));

}

}

Robin Lee

2016-09-13 18:55:42 +0900

[diff] [blame]

81

#define ENFORCE_DEBUGGABLE() { \

82

char value[PROPERTY_VALUE_MAX + 1]; \

Yi Kong

bdfd57e

2018-07-25 13:26:10 -0700

[diff] [blame]

83

if (property_get("ro.debuggable", value, nullptr) != 1 \

Robin Lee

2016-09-13 18:55:42 +0900

[diff] [blame]

84

|| value[0] != '1') { \

85

return binder::Status::fromExceptionCode( \

86

binder::Status::EX_SECURITY, \

87

String8("Not available in production builds.") \

); \

} \

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

92

#define ENFORCE_PERMISSION(permission) { \

93

binder::Status status = checkPermission((permission)); \

94

if (!status.isOk()) { \

return status; \

} \

}

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

99

#define NETD_LOCKING_RPC(permission, lock) \

100

ENFORCE_PERMISSION(permission); \

Bernie Innocenti

abf8a34

2018-08-10 15:17:16 +0900

[diff] [blame]

101

std::lock_guard _lock(lock);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

102

103

#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

104

105

inline binder::Status statusFromErrcode(int ret) {

106

if (ret) {

107

return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));

108

}

109

return binder::Status::ok();

110

}

111

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

112

bool contains(const Vector<String16>& words, const String16& word) {

113

for (const auto& w : words) {

114

if (w == word) return true;

115

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

116

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

return false;

}

} // namespace

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

121

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

122

status_t NetdNativeService::start() {

123

IPCThreadState::self()->disableBackgroundScheduling(true);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

124

const status_t ret = BinderService<NetdNativeService>::publish();

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

125

if (ret != android::OK) {

126

return ret;

127

}

128

sp<ProcessState> ps(ProcessState::self());

129

ps->startThreadPool();

130

ps->giveThreadPoolName();

return android::OK;

}

Hugo Benichi

2018-01-15 21:54:00 +0900

[diff] [blame]

134

status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

135

const binder::Status dump_permission = checkPermission(DUMP);

136

if (!dump_permission.isOk()) {

137

const String8 msg(dump_permission.toString8());

138

write(fd, msg.string(), msg.size());

139

return PERMISSION_DENIED;

140

}

141

142

// This method does not grab any locks. If individual classes need locking

143

// their dump() methods MUST handle locking appropriately.

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

144

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

145

DumpWriter dw(fd);

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

146

147

if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {

148

dw.blankline();

149

gCtls->tcpSocketMonitor.dump(dw);

dw.blankline();

return NO_ERROR;

}

Chenbo Feng

2018-03-26 10:53:33 -0700

[diff] [blame]

154

if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {

155

dw.blankline();

156

gCtls->trafficCtrl.dump(dw, true);

dw.blankline();

return NO_ERROR;

}

Erik Kline

2018-05-25 19:19:11 +0900

[diff] [blame]

161

process::dump(dw);

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

162

dw.blankline();

163

gCtls->netCtrl.dump(dw);

164

dw.blankline();

165

Chenbo Feng

ef29717

2018-03-26 10:53:33 -0700

[diff] [blame]

166

gCtls->trafficCtrl.dump(dw, false);

167

dw.blankline();

168

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

169

{

170

ScopedIndent indentLog(dw);

171

if (contains(args, String16(OPT_SHORT))) {

172

dw.println("Log: <omitted>");

173

} else {

174

dw.println("Log:");

175

ScopedIndent indentLogEntries(dw);

176

gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

return NO_ERROR;

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

184

binder::Status NetdNativeService::isAlive(bool *alive) {

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

185

NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

186

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

187

188

*alive = true;

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

189

190

gLog.log(entry.returns(*alive));

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

191

return binder::Status::ok();

192

}

193

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

194

binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

195

bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {

196

NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

197

auto entry = gLog.newEntry()

198

.prettyFunction(__PRETTY_FUNCTION__)

199

.arg(chainName)

200

.arg(isWhitelist)

201

.arg(uids);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

202

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

203

int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

204

*ret = (err == 0);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

205

206

gLog.log(entry.returns(*ret).withAutomaticDuration());

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

207

return binder::Status::ok();

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

208

}

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

209

210

binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {

211

NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

212

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

213

214

int err = gCtls->bandwidthCtrl.enableDataSaver(enable);

215

*ret = (err == 0);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

216

gLog.log(entry.returns(*ret).withAutomaticDuration());

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

217

return binder::Status::ok();

218

}

219

Luke Huang

531f5d3

2018-08-03 15:19:05 +0800

[diff] [blame]

220

binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,

221

int64_t bytes) {

222

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

223

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);

224

225

int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);

226

227

gLog.log(entry.returns(res).withAutomaticDuration());

228

return statusFromErrcode(res);

229

}

230

231

binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {

232

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

233

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

234

235

int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);

236

237

gLog.log(entry.returns(res).withAutomaticDuration());

238

return statusFromErrcode(res);

239

}

240

241

binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,

242

int64_t bytes) {

243

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

244

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);

245

246

int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);

247

248

gLog.log(entry.returns(res).withAutomaticDuration());

249

return statusFromErrcode(res);

250

}

251

252

binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {

253

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

254

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

255

256

int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);

257

258

gLog.log(entry.returns(res).withAutomaticDuration());

259

return statusFromErrcode(res);

260

}

261

262

binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {

263

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

264

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);

265

266

int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);

267

268

gLog.log(entry.returns(res).withAutomaticDuration());

269

return statusFromErrcode(res);

270

}

271

272

binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {

273

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

274

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);

275

276

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

277

int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);

278

279

gLog.log(entry.returns(res).withAutomaticDuration());

280

return statusFromErrcode(res);

281

}

282

283

binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {

284

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

285

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);

286

287

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

288

int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);

289

290

gLog.log(entry.returns(res).withAutomaticDuration());

291

return statusFromErrcode(res);

292

}

293

294

binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {

295

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

296

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);

297

298

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

299

int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);

300

301

gLog.log(entry.returns(res).withAutomaticDuration());

302

return statusFromErrcode(res);

303

}

304

305

binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {

306

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);

307

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);

308

309

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

310

int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);

311

312

gLog.log(entry.returns(res).withAutomaticDuration());

313

return statusFromErrcode(res);

314

}

315

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

316

binder::Status NetdNativeService::networkCreatePhysical(int32_t netId,

317

const std::string& permission) {

318

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

319

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

320

int ret = gCtls->netCtrl.createPhysicalNetwork(netId, stringToPermission(permission.c_str()));

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

321

gLog.log(entry.returns(ret).withAutomaticDuration());

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

322

return statusFromErrcode(ret);

323

}

324

325

binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {

326

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

327

int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);

328

return statusFromErrcode(ret);

329

}

330

331

binder::Status NetdNativeService::networkDestroy(int32_t netId) {

Erik Kline

c8b6a9c

2018-01-15 17:06:48 +0900

[diff] [blame]

332

ENFORCE_PERMISSION(NETWORK_STACK);

333

// Both of these functions manage their own locking internally.

334

const int ret = gCtls->netCtrl.destroyNetwork(netId);

335

gCtls->resolverCtrl.clearDnsServers(netId);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

336

return statusFromErrcode(ret);

337

}

338

339

binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {

340

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

341

int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());

342

return statusFromErrcode(ret);

343

}

344

345

binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {

346

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

347

int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());

348

return statusFromErrcode(ret);

349

}

350

351

binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,

352

const std::vector<UidRange>& uidRangeArray) {

353

// NetworkController::addUsersToNetwork is thread-safe.

354

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

355

int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));

356

return statusFromErrcode(ret);

357

}

358

359

binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,

360

const std::vector<UidRange>& uidRangeArray) {

361

// NetworkController::removeUsersFromNetwork is thread-safe.

362

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

363

int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));

364

return statusFromErrcode(ret);

365

}

366

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

367

binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,

368

const std::vector<UidRange>& uidRangeArray) {

369

// TODO: elsewhere RouteController is only used from the tethering and network controllers, so

370

// it should be possible to use the same lock as NetworkController. However, every call through

371

// the CommandListener "network" command will need to hold this lock too, not just the ones that

372

// read/modify network internal state (that is sufficient for ::dump() because it doesn't

373

// look at routes, but it's not enough here).

374

NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);

375

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

376

UidRanges uidRanges(uidRangeArray);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

int err;

if (add) {

err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);

381

} else {

382

err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);

383

}

384

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

385

return statusFromErrcode(err);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

386

}

387

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

388

binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,

389

const std::vector<int32_t>& skipUids) {

390

391

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

SockDiag sd;

if (!sd.open()) {

return binder::Status::fromServiceSpecificError(EIO,

396

String8("Could not open SOCK_DIAG socket"));

397

}

398

399

UidRanges uidRanges(uids);

Lorenzo Colitti

e5c3c99

2016-07-26 17:53:50 +0900

[diff] [blame]

400

int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),

401

true /* excludeLoopback */);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

402

403

if (err) {

404

return binder::Status::fromServiceSpecificError(-err,

405

String8::format("destroySockets: %s", strerror(-err)));

406

}

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

407

return binder::Status::ok();

408

}

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

409

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

410

// Parse a base64 encoded string into a vector of bytes.

411

// On failure, return an empty vector.

412

static std::vector<uint8_t> parseBase64(const std::string& input) {

413

std::vector<uint8_t> decoded;

414

size_t out_len;

415

if (EVP_DecodedLength(&out_len, input.size()) != 1) {

416

return decoded;

417

}

418

// out_len is now an upper bound on the output length.

419

decoded.resize(out_len);

420

if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),

421

reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {

422

// Possibly shrink the vector if the actual output was smaller than the bound.

423

decoded.resize(out_len);

} else {

decoded.clear();

}

if (out_len != SHA256_SIZE) {

decoded.clear();

}

return decoded;

}

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

433

binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,

434

const std::vector<std::string>& servers, const std::vector<std::string>& domains,

Erik Kline

a1476fb

2018-03-04 21:01:56 +0900

[diff] [blame]

435

const std::vector<int32_t>& params, const std::string& tlsName,

436

const std::vector<std::string>& tlsServers,

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

437

const std::vector<std::string>& tlsFingerprints) {

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

438

// This function intentionally does not lock within Netd, as Bionic is thread-safe.

439

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

440

auto entry = gLog.newEntry()

441

.prettyFunction(__PRETTY_FUNCTION__)

.arg(netId)

.arg(servers)

.arg(domains)

.arg(params)

.arg(tlsName)

.arg(tlsServers)

.arg(tlsFingerprints);

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

449

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

450

std::set<std::vector<uint8_t>> decoded_fingerprints;

451

for (const std::string& fingerprint : tlsFingerprints) {

452

std::vector<uint8_t> decoded = parseBase64(fingerprint);

453

if (decoded.empty()) {

454

return binder::Status::fromServiceSpecificError(EINVAL,

455

String8::format("ResolverController error: bad fingerprint"));

456

}

457

decoded_fingerprints.emplace(decoded);

458

}

459

460

int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,

Erik Kline

a1476fb

2018-03-04 21:01:56 +0900

[diff] [blame]

461

tlsName, tlsServers, decoded_fingerprints);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

462

gLog.log(entry.returns(err).withAutomaticDuration());

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

463

if (err != 0) {

464

return binder::Status::fromServiceSpecificError(-err,

465

String8::format("ResolverController error: %s", strerror(-err)));

466

}

467

return binder::Status::ok();

468

}

469

470

binder::Status NetdNativeService::getResolverInfo(int32_t netId,

471

std::vector<std::string>* servers, std::vector<std::string>* domains,

472

std::vector<int32_t>* params, std::vector<int32_t>* stats) {

473

// This function intentionally does not lock within Netd, as Bionic is thread-safe.

474

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

475

476

int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);

477

if (err != 0) {

478

return binder::Status::fromServiceSpecificError(-err,

479

String8::format("ResolverController error: %s", strerror(-err)));

480

}

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

481

return binder::Status::ok();

482

}

483

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

484

binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {

Luke Huang

d1ee462

2018-06-29 13:49:58 +0800

[diff] [blame]

485

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

486

487

*ret = gCtls->tetherCtrl.applyDnsInterfaces();

488

return binder::Status::ok();

489

}

490

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

491

namespace {

492

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

493

void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,

494

const TetherController::TetherStats& tetherStats) {

495

if (tetherStatsParcel->extIface == tetherStats.extIface) {

496

tetherStatsParcel->rxBytes += tetherStats.rxBytes;

497

tetherStatsParcel->rxPackets += tetherStats.rxPackets;

498

tetherStatsParcel->txBytes += tetherStats.txBytes;

499

tetherStatsParcel->txPackets += tetherStats.txPackets;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

500

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

501

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

502

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

503

TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {

504

TetherStatsParcel result;

505

result.iface = stats.extIface;

506

result.rxBytes = stats.rxBytes;

507

result.rxPackets = stats.rxPackets;

508

result.txBytes = stats.txBytes;

509

result.txPackets = stats.txPackets;

510

return result;

511

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

512

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

513

void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,

514

const TetherController::TetherStatsList& statsList) {

515

std::map<std::string, TetherController::TetherStats> statsMap;

516

for (const auto& stats : statsList) {

517

auto iter = statsMap.find(stats.extIface);

518

if (iter != statsMap.end()) {

519

tetherAddStatsByInterface(&(iter->second), stats);

520

} else {

521

statsMap.insert(

522

std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));

523

}

524

}

525

for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {

526

tetherStatsVec->push_back(toTetherStatsParcel(iter->second));

}

}

std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {

531

std::vector<std::string> result;

532

for (const auto& t : *tVec) {

533

result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,

534

t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,

535

t.txPackets));

536

}

537

return result;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

}

} // namespace

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

542

binder::Status NetdNativeService::tetherGetStats(

543

std::vector<TetherStatsParcel>* tetherStatsParcelVec) {

Luke Huang

d1ee462

2018-06-29 13:49:58 +0800

[diff] [blame]

544

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

545

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

546

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

547

Lorenzo Colitti

5192bf7

2017-09-04 13:30:59 +0900

[diff] [blame]

548

const auto& statsList = gCtls->tetherCtrl.getTetherStats();

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

549

if (!isOk(statsList)) {

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

550

return asBinderStatus(statsList);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

551

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

552

setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());

553

auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);

554

gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

555

return binder::Status::ok();

556

}

557

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

558

binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,

559

const std::string &addrString, int prefixLength) {

560

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

561

562

const int err = InterfaceController::addAddress(

563

ifName.c_str(), addrString.c_str(), prefixLength);

564

if (err != 0) {

565

return binder::Status::fromServiceSpecificError(-err,

566

String8::format("InterfaceController error: %s", strerror(-err)));

567

}

568

return binder::Status::ok();

569

}

570

571

binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,

572

const std::string &addrString, int prefixLength) {

573

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

574

575

const int err = InterfaceController::delAddress(

576

ifName.c_str(), addrString.c_str(), prefixLength);

577

if (err != 0) {

578

return binder::Status::fromServiceSpecificError(-err,

579

String8::format("InterfaceController error: %s", strerror(-err)));

580

}

581

return binder::Status::ok();

582

}

583

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

584

namespace {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

585

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

586

std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,

587

int32_t category) {

588

const char* ipversionStr = nullptr;

589

switch (ipversion) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

590

case INetd::IPV4:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

591

ipversionStr = "ipv4";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

592

break;

593

case INetd::IPV6:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

594

ipversionStr = "ipv6";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

595

break;

596

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

597

return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),

598

nullptr, nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

599

}

600

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

601

const char* whichStr = nullptr;

602

switch (category) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

case INetd::CONF:

whichStr = "conf";

break;

case INetd::NEIGH:

whichStr = "neigh";

break;

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

610

return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,

611

nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

612

}

613

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

614

return {binder::Status::ok(), ipversionStr, whichStr};

}

} // namespace

binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,

620

const std::string& ifname,

621

const std::string& parameter, std::string* value) {

622

ENFORCE_PERMISSION(NETWORK_STACK);

623

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)

624

.args(ipversion, which, ifname, parameter);

625

626

const auto pathParts = getPathComponents(ipversion, which);

627

const auto& pathStatus = std::get<0>(pathParts);

628

if (!pathStatus.isOk()) {

629

gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());

630

return pathStatus;

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

631

}

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

632

633

const int err = InterfaceController::getParameter(std::get<1>(pathParts),

634

std::get<2>(pathParts), ifname.c_str(),

635

parameter.c_str(), value);

636

entry.returns(err);

637

if (err == 0) entry.returns(*value);

638

gLog.log(entry.withAutomaticDuration());

639

return statusFromErrcode(err);

640

}

641

642

binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,

643

const std::string& ifname,

644

const std::string& parameter,

645

const std::string& value) {

646

ENFORCE_PERMISSION(NETWORK_STACK);

647

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)

648

.args(ipversion, which, ifname, parameter, value);

649

650

const auto pathParts = getPathComponents(ipversion, which);

651

const auto& pathStatus = std::get<0>(pathParts);

652

if (!pathStatus.isOk()) {

653

gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());

return pathStatus;

}

const int err = InterfaceController::setParameter(std::get<1>(pathParts),

658

std::get<2>(pathParts), ifname.c_str(),

659

parameter.c_str(), value.c_str());

660

gLog.log(entry.returns(err).withAutomaticDuration());

661

return statusFromErrcode(err);

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

662

}

663

Robin Lee

2016-09-13 18:55:42 +0900

[diff] [blame]

664

binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {

665

// This function intentionally does not lock, since the only thing it does is one read from an

666

// atomic_int.

667

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

668

ENFORCE_DEBUGGABLE();

669

Michal Karpinski

d544011

2016-10-06 16:56:04 +0100

[diff] [blame]

670

*reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();

Robin Lee

2016-09-13 18:55:42 +0900

[diff] [blame]

671

return binder::Status::ok();

672

}

673

674

binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {

675

// This function intentionally does not lock, since the only thing it does is one write to an

676

// atomic_int.

677

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

678

ENFORCE_DEBUGGABLE();

679

Michal Karpinski

d544011

2016-10-06 16:56:04 +0100

[diff] [blame]

680

return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)

681

? binder::Status::ok()

682

: binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);

Robin Lee

2016-09-13 18:55:42 +0900

[diff] [blame]

683

}

684

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

685

binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,

686

int newUid) {

687

ENFORCE_PERMISSION(NETWORK_STACK)

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

688

gLog.log("ipSecSetEncapSocketOwner()");

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

689

690

uid_t callerUid = IPCThreadState::self()->getCallingUid();

691

return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));

692

}

693

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

694

binder::Status NetdNativeService::ipSecAllocateSpi(

695

int32_t transformId,

Nathan Harold

2018-01-09 16:42:57 -0800

[diff] [blame]

696

const std::string& sourceAddress,

697

const std::string& destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

698

int32_t inSpi,

699

int32_t* outSpi) {

700

// Necessary locking done in IpSecService and kernel

701

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

702

gLog.log("ipSecAllocateSpi()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

703

return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

704

transformId,

Nathan Harold

2018-01-09 16:42:57 -0800

[diff] [blame]

705

sourceAddress,

706

destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

inSpi,

outSpi));

}

binder::Status NetdNativeService::ipSecAddSecurityAssociation(

712

int32_t transformId,

713

int32_t mode,

Nathan Harold

2018-01-09 16:42:57 -0800

[diff] [blame]

714

const std::string& sourceAddress,

715

const std::string& destinationAddress,

Benedict Wong

96abf48

2018-01-22 13:56:41 -0800

[diff] [blame]

716

int32_t underlyingNetId,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

717

int32_t spi,

Di Lu

2ccb3e5

2018-01-03 16:19:20 -0800

[diff] [blame]

718

int32_t markValue,

719

int32_t markMask,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

720

const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,

721

const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,

Benedict Wong

be65b43

2017-08-22 21:43:14 -0700

[diff] [blame]

722

const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

723

int32_t encapType,

724

int32_t encapLocalPort,

ludi

ec83605

2017-05-20 14:17:05 -0700

[diff] [blame]

725

int32_t encapRemotePort) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

726

// Necessary locking done in IpSecService and kernel

727

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

728

gLog.log("ipSecAddSecurityAssociation()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

729

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

730

transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,

731

markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,

732

aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

733

}

734

735

binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(

736

int32_t transformId,

Nathan Harold

2018-01-09 16:42:57 -0800

[diff] [blame]

737

const std::string& sourceAddress,

738

const std::string& destinationAddress,

Di Lu

2ccb3e5

2018-01-03 16:19:20 -0800

[diff] [blame]

739

int32_t spi,

740

int32_t markValue,

741

int32_t markMask) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

742

// Necessary locking done in IpSecService and kernel

743

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

744

gLog.log("ipSecDeleteSecurityAssociation()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

745

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

746

transformId,

Nathan Harold

2018-01-09 16:42:57 -0800

[diff] [blame]

747

sourceAddress,

748

destinationAddress,

Di Lu

2ccb3e5

2018-01-03 16:19:20 -0800

[diff] [blame]

749

spi,

750

markValue,

751

markMask));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

752

}

753

754

binder::Status NetdNativeService::ipSecApplyTransportModeTransform(

755

const android::base::unique_fd& socket,

756

int32_t transformId,

757

int32_t direction,

Nathan Harold

2018-01-09 16:42:57 -0800

[diff] [blame]

758

const std::string& sourceAddress,

759

const std::string& destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

760

int32_t spi) {

761

// Necessary locking done in IpSecService and kernel

762

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

763

gLog.log("ipSecApplyTransportModeTransform()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

764

return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

765

socket,

766

transformId,

767

direction,

Nathan Harold

2018-01-09 16:42:57 -0800

[diff] [blame]

768

sourceAddress,

769

destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

spi));

}

binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(

774

const android::base::unique_fd& socket) {

775

// Necessary locking done in IpSecService and kernel

776

ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

777

gLog.log("ipSecRemoveTransportModeTransform()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

778

return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

socket));

}

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

782

binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,

783

int32_t direction,

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

784

const std::string& tmplSrcAddress,

785

const std::string& tmplDstAddress,

786

int32_t spi, int32_t markValue,

787

int32_t markMask) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

788

// Necessary locking done in IpSecService and kernel

789

ENFORCE_PERMISSION(NETWORK_STACK);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

790

gLog.log("ipSecAddSecurityPolicy()");

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

791

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

792

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

793

markMask));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

794

}

795

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

796

binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(int32_t transformId,

797

int32_t selAddrFamily,

798

int32_t direction,

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

799

const std::string& tmplSrcAddress,

800

const std::string& tmplDstAddress,

801

int32_t spi, int32_t markValue,

802

int32_t markMask) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

803

// Necessary locking done in IpSecService and kernel

804

ENFORCE_PERMISSION(NETWORK_STACK);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

805

gLog.log("ipSecAddSecurityPolicy()");

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

806

return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

807

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

808

markMask));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

809

}

810

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

811

binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,

812

int32_t selAddrFamily,

813

int32_t direction, int32_t markValue,

814

int32_t markMask) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

815

// Necessary locking done in IpSecService and kernel

816

ENFORCE_PERMISSION(NETWORK_STACK);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

817

gLog.log("ipSecAddSecurityPolicy()");

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

818

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

819

transformId, selAddrFamily, direction, markValue, markMask));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

820

}

821

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

822

binder::Status NetdNativeService::addVirtualTunnelInterface(

823

const std::string& deviceName,

824

const std::string& localAddress,

825

const std::string& remoteAddress,

826

int32_t iKey,

827

int32_t oKey) {

828

// Necessary locking done in IpSecService and kernel

829

ENFORCE_PERMISSION(NETWORK_STACK);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

830

gLog.log("addVirtualTunnelInterface()");

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

831

int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(

deviceName,

localAddress,

remoteAddress,

iKey,

oKey,

false);

return (ret == 0) ? binder::Status::ok() :

840

asBinderStatus(netdutils::statusFromErrno(

841

ret, "Error in creating virtual tunnel interface."));

842

}

843

844

binder::Status NetdNativeService::updateVirtualTunnelInterface(

845

const std::string& deviceName,

846

const std::string& localAddress,

847

const std::string& remoteAddress,

848

int32_t iKey,

849

int32_t oKey) {

850

// Necessary locking done in IpSecService and kernel

851

ENFORCE_PERMISSION(NETWORK_STACK);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

852

gLog.log("updateVirtualTunnelInterface()");

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

853

int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(

deviceName,

localAddress,

remoteAddress,

iKey,

oKey,

true);

return (ret == 0) ? binder::Status::ok() :

862

asBinderStatus(netdutils::statusFromErrno(

863

ret, "Error in updating virtual tunnel interface."));

864

}

865

866

binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {

867

// Necessary locking done in IpSecService and kernel

868

ENFORCE_PERMISSION(NETWORK_STACK);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

869

gLog.log("removeVirtualTunnelInterface()");

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

870

int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);

871

872

return (ret == 0) ? binder::Status::ok() :

873

asBinderStatus(netdutils::statusFromErrno(

874

ret, "Error in removing virtual tunnel interface."));

875

}

876

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

877

binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,

878

int32_t mode) {

879

ENFORCE_PERMISSION(NETWORK_STACK);

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

880

return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

881

}

882

Joel Scherpelz

2017-05-22 13:11:54 +0900

[diff] [blame]

883

binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,

884

const std::string& prefix, int32_t mark,

885

int32_t mask) {

886

ENFORCE_PERMISSION(NETWORK_STACK);

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

887

return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));

Joel Scherpelz

2017-05-22 13:11:54 +0900

[diff] [blame]

888

}

889

890

binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,

891

const std::string& prefix, int32_t mark,

892

int32_t mask) {

893

ENFORCE_PERMISSION(NETWORK_STACK);

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

894

return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));

Joel Scherpelz

2017-05-22 13:11:54 +0900

[diff] [blame]

895

}

896

Chenbo Feng

07d43fe

2017-12-21 14:38:51 -0800

[diff] [blame]

897

binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {

898

ENFORCE_PERMISSION(NETWORK_STACK);

899

*ret = gCtls->trafficCtrl.checkBpfStatsEnable();

900

return binder::Status::ok();

901

}

902

Luke Huang

0051a62

2018-07-23 20:30:16 +0800

[diff] [blame]

903

binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,

904

const std::string& classLabel) {

905

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);

906

auto entry = gLog.newEntry()

907

.prettyFunction(__PRETTY_FUNCTION__)

.arg(ifName)

.arg(timeout)

.arg(classLabel);

int res =

gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());

913

gLog.log(entry.returns(res).withAutomaticDuration());

914

return statusFromErrcode(res);

915

}

916

917

binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,

918

int32_t timeout,

919

const std::string& classLabel) {

920

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);

921

auto entry = gLog.newEntry()

922

.prettyFunction(__PRETTY_FUNCTION__)

.arg(ifName)

.arg(timeout)

.arg(classLabel);

int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,

927

classLabel.c_str());

928

gLog.log(entry.returns(res).withAutomaticDuration());

929

return statusFromErrcode(res);

930

}

Luke Huang

a67dd56

2018-07-17 19:58:25 +0800

[diff] [blame]

931

932

binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {

933

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);

934

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);

935

StrictPenalty penalty;

936

switch (policyPenalty) {

937

case INetd::PENALTY_POLICY_REJECT:

938

penalty = REJECT;

939

break;

940

case INetd::PENALTY_POLICY_LOG:

941

penalty = LOG;

942

break;

943

case INetd::PENALTY_POLICY_ACCEPT:

penalty = ACCEPT;

break;

default:

return statusFromErrcode(-EINVAL);

948

break;

949

}

950

int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);

951

gLog.log(entry.returns(res).withAutomaticDuration());

952

return statusFromErrcode(res);

953

}

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

954

binder::Status NetdNativeService::clatdStart(const std::string& ifName) {

955

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);

956

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

957

int res = gCtls->clatdCtrl.startClatd(ifName.c_str());

958

gLog.log(entry.returns(res).withAutomaticDuration());

959

return statusFromErrcode(res);

960

}

961

962

binder::Status NetdNativeService::clatdStop(const std::string& ifName) {

963

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);

964

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

965

int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());

966

gLog.log(entry.returns(res).withAutomaticDuration());

967

return statusFromErrcode(res);

968

}

Luke Huang

a67dd56

2018-07-17 19:58:25 +0800

[diff] [blame]

969

Luke Huang

457d470

2018-08-16 15:39:15 +0800

[diff] [blame]

970

binder::Status NetdNativeService::ipfwdEnabled(bool* status) {

971

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

972

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

973

*status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;

974

gLog.log(entry.returns(*status).withAutomaticDuration());

975

return binder::Status::ok();

976

}

977

978

binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {

979

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

980

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);

981

int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

982

gLog.log(entry.returns(res).withAutomaticDuration());

983

return statusFromErrcode(res);

984

}

985

986

binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {

987

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

988

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);

989

int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

990

gLog.log(entry.returns(res).withAutomaticDuration());

991

return statusFromErrcode(res);

992

}

993

994

binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,

995

const std::string& toIface) {

996

ENFORCE_PERMISSION(NETWORK_STACK);

997

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);

998

int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());

999

gLog.log(entry.returns(res).withAutomaticDuration());

1000

return statusFromErrcode(res);

1001

}

1002

1003

binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,

1004

const std::string& toIface) {

1005

ENFORCE_PERMISSION(NETWORK_STACK);

1006

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);

1007

int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());

1008

gLog.log(entry.returns(res).withAutomaticDuration());

1009

return statusFromErrcode(res);

1010

}

1011

Luke Huang

b5733d7

2018-08-21 17:17:19 +0800

[diff] [blame]

1012

binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {

1013

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1014

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);

1015

if (dhcpRanges.size() % 2 == 1) {

1016

return statusFromErrcode(-EINVAL);

1017

}

1018

int res = gCtls->tetherCtrl.startTethering(dhcpRanges);

1019

gLog.log(entry.returns(res).withAutomaticDuration());

1020

return statusFromErrcode(res);

1021

}

1022

1023

binder::Status NetdNativeService::tetherStop() {

1024

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1025

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

1026

int res = gCtls->tetherCtrl.stopTethering();

1027

gLog.log(entry.returns(res).withAutomaticDuration());

1028

return statusFromErrcode(res);

1029

}

1030

1031

binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {

1032

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1033

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

1034

*enabled = gCtls->tetherCtrl.isTetheringStarted();

1035

gLog.log(entry.returns(*enabled).withAutomaticDuration());

1036

return binder::Status::ok();

1037

}

1038

1039

binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {

1040

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1041

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

1042

int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());

1043

gLog.log(entry.returns(res).withAutomaticDuration());

1044

return statusFromErrcode(res);

1045

}

1046

1047

binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {

1048

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1049

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

1050

int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());

1051

gLog.log(entry.returns(res).withAutomaticDuration());

1052

return statusFromErrcode(res);

1053

}

1054

1055

binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {

1056

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1057

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

1058

for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {

1059

ifList->push_back(ifname);

1060

}

1061

gLog.log(entry.returns(true).withAutomaticDuration());

1062

return binder::Status::ok();

1063

}

1064

1065

binder::Status NetdNativeService::tetherDnsSet(int32_t netId,

1066

const std::vector<std::string>& dnsAddrs) {

1067

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1068

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);

1069

int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);

1070

gLog.log(entry.returns(res).withAutomaticDuration());

1071

return statusFromErrcode(res);

1072

}

1073

1074

binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {

1075

NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);

1076

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

1077

for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {

1078

dnsList->push_back(fwdr);

1079

}

1080

gLog.log(entry.returns(true).withAutomaticDuration());

1081

return binder::Status::ok();

1082

}

1083

Lorenzo Colitti