Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / b670d16e224878d2bae71db8d6788372926baea8 / . / server / NetdNativeService.cpp
blob: 3e76fcf2de46c76e4fc5eb7517b96ba6b40d0fe4 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]25#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]26#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]27#include <log/log.h>
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame^]28#include <resolv_netid.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]29#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]30#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]31
32#include <binder/IPCThreadState.h>
33#include <binder/IServiceManager.h>
34#include "android/net/BnNetd.h"
35
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]36#include <openssl/base64.h>
37
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]38#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]39#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]40#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]41#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdConstants.h"
43#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame^]44#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]45#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]46#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]47#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]48#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]51using android::net::TetherStatsParcel;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]52
53namespace android {
54namespace net {
55
56namespace {
57
58const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]59const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]60const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]61const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]62
63binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]64 pid_t pid = IPCThreadState::self()->getCallingPid();
65 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]66
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]67 // If the caller is the system UID, don't check permissions.
68 // Otherwise, if the system server's binder thread pool is full, and all the threads are
69 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
70 //
71 // From a security perspective, there is currently no difference, because:
72 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
73 // and NETWORK_STACK, which the system server will always need to have.
74 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
75 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]76 return binder::Status::ok();
77 } else {
78 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
79 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
80 }
81}
82
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]83#define ENFORCE_DEBUGGABLE() { \
84 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]85 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]86 || value[0] != '1') { \
87 return binder::Status::fromExceptionCode( \
88 binder::Status::EX_SECURITY, \
89 String8("Not available in production builds.") \
90 ); \
91 } \
92}
93
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]94#define ENFORCE_PERMISSION(permission) { \
95 binder::Status status = checkPermission((permission)); \
96 if (!status.isOk()) { \
97 return status; \
98 } \
99}
100
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]101#define NETD_LOCKING_RPC(permission, lock) \
102 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]103 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]104
105#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]106
107inline binder::Status statusFromErrcode(int ret) {
108 if (ret) {
109 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
110 }
111 return binder::Status::ok();
112}
113
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]114bool contains(const Vector<String16>& words, const String16& word) {
115 for (const auto& w : words) {
116 if (w == word) return true;
117 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]118
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]119 return false;
120}
121
122} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]123
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]124status_t NetdNativeService::start() {
125 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]126 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]127 if (ret != android::OK) {
128 return ret;
129 }
130 sp<ProcessState> ps(ProcessState::self());
131 ps->startThreadPool();
132 ps->giveThreadPoolName();
133 return android::OK;
134}
135
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]136status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]137 const binder::Status dump_permission = checkPermission(DUMP);
138 if (!dump_permission.isOk()) {
139 const String8 msg(dump_permission.toString8());
140 write(fd, msg.string(), msg.size());
141 return PERMISSION_DENIED;
142 }
143
144 // This method does not grab any locks. If individual classes need locking
145 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]146
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]147 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]148
149 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
150 dw.blankline();
151 gCtls->tcpSocketMonitor.dump(dw);
152 dw.blankline();
153 return NO_ERROR;
154 }
155
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]156 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
157 dw.blankline();
158 gCtls->trafficCtrl.dump(dw, true);
159 dw.blankline();
160 return NO_ERROR;
161 }
162
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]163 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]164 dw.blankline();
165 gCtls->netCtrl.dump(dw);
166 dw.blankline();
167
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]168 gCtls->trafficCtrl.dump(dw, false);
169 dw.blankline();
170
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]171 {
172 ScopedIndent indentLog(dw);
173 if (contains(args, String16(OPT_SHORT))) {
174 dw.println("Log: <omitted>");
175 } else {
176 dw.println("Log:");
177 ScopedIndent indentLogEntries(dw);
178 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
179 }
180 dw.blankline();
181 }
182
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]183 return NO_ERROR;
184}
185
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]186binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]187 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]188 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]189
190 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]191
192 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]193 return binder::Status::ok();
194}
195
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]196binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]197 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
198 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]199 auto entry = gLog.newEntry()
200 .prettyFunction(__PRETTY_FUNCTION__)
201 .arg(chainName)
202 .arg(isWhitelist)
203 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]204
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]205 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]206 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]207
208 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]209 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]210}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]211
212binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
213 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]214 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]215
216 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
217 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]218 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]219 return binder::Status::ok();
220}
221
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]222binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
223 int64_t bytes) {
224 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
225 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
226
227 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
228
229 gLog.log(entry.returns(res).withAutomaticDuration());
230 return statusFromErrcode(res);
231}
232
233binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
234 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
235 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
236
237 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
238
239 gLog.log(entry.returns(res).withAutomaticDuration());
240 return statusFromErrcode(res);
241}
242
243binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
244 int64_t bytes) {
245 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
246 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
247
248 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
249
250 gLog.log(entry.returns(res).withAutomaticDuration());
251 return statusFromErrcode(res);
252}
253
254binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
255 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
256 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
257
258 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
259
260 gLog.log(entry.returns(res).withAutomaticDuration());
261 return statusFromErrcode(res);
262}
263
264binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
265 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
266 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
267
268 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
269
270 gLog.log(entry.returns(res).withAutomaticDuration());
271 return statusFromErrcode(res);
272}
273
274binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
275 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
276 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
277
278 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
279 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
280
281 gLog.log(entry.returns(res).withAutomaticDuration());
282 return statusFromErrcode(res);
283}
284
285binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
286 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
287 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
288
289 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
290 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
291
292 gLog.log(entry.returns(res).withAutomaticDuration());
293 return statusFromErrcode(res);
294}
295
296binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
297 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
298 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
299
300 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
301 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
302
303 gLog.log(entry.returns(res).withAutomaticDuration());
304 return statusFromErrcode(res);
305}
306
307binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
308 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
309 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
310
311 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
312 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
313
314 gLog.log(entry.returns(res).withAutomaticDuration());
315 return statusFromErrcode(res);
316}
317
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame^]318binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]319 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]320 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame^]321 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]322 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]323 return statusFromErrcode(ret);
324}
325
326binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
327 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
328 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
329 return statusFromErrcode(ret);
330}
331
332binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]333 ENFORCE_PERMISSION(NETWORK_STACK);
334 // Both of these functions manage their own locking internally.
335 const int ret = gCtls->netCtrl.destroyNetwork(netId);
336 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]337 return statusFromErrcode(ret);
338}
339
340binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
341 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
342 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
343 return statusFromErrcode(ret);
344}
345
346binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
347 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
348 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
349 return statusFromErrcode(ret);
350}
351
352binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,
353 const std::vector<UidRange>& uidRangeArray) {
354 // NetworkController::addUsersToNetwork is thread-safe.
355 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
356 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
357 return statusFromErrcode(ret);
358}
359
360binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,
361 const std::vector<UidRange>& uidRangeArray) {
362 // NetworkController::removeUsersFromNetwork is thread-safe.
363 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
364 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
365 return statusFromErrcode(ret);
366}
367
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]368binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
369 const std::vector<UidRange>& uidRangeArray) {
370 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
371 // it should be possible to use the same lock as NetworkController. However, every call through
372 // the CommandListener "network" command will need to hold this lock too, not just the ones that
373 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
374 // look at routes, but it's not enough here).
375 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
376
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]377 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]378
379 int err;
380 if (add) {
381 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
382 } else {
383 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
384 }
385
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]386 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]387}
388
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]389binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
390 const std::vector<int32_t>& skipUids) {
391
392 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
393
394 SockDiag sd;
395 if (!sd.open()) {
396 return binder::Status::fromServiceSpecificError(EIO,
397 String8("Could not open SOCK_DIAG socket"));
398 }
399
400 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]401 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
402 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]403
404 if (err) {
405 return binder::Status::fromServiceSpecificError(-err,
406 String8::format("destroySockets: %s", strerror(-err)));
407 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]408 return binder::Status::ok();
409}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]410
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]411// Parse a base64 encoded string into a vector of bytes.
412// On failure, return an empty vector.
413static std::vector<uint8_t> parseBase64(const std::string& input) {
414 std::vector<uint8_t> decoded;
415 size_t out_len;
416 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
417 return decoded;
418 }
419 // out_len is now an upper bound on the output length.
420 decoded.resize(out_len);
421 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
422 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
423 // Possibly shrink the vector if the actual output was smaller than the bound.
424 decoded.resize(out_len);
425 } else {
426 decoded.clear();
427 }
428 if (out_len != SHA256_SIZE) {
429 decoded.clear();
430 }
431 return decoded;
432}
433
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]434binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
435 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]436 const std::vector<int32_t>& params, const std::string& tlsName,
437 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]438 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]439 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
440 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]441 auto entry = gLog.newEntry()
442 .prettyFunction(__PRETTY_FUNCTION__)
443 .arg(netId)
444 .arg(servers)
445 .arg(domains)
446 .arg(params)
447 .arg(tlsName)
448 .arg(tlsServers)
449 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]450
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]451 std::set<std::vector<uint8_t>> decoded_fingerprints;
452 for (const std::string& fingerprint : tlsFingerprints) {
453 std::vector<uint8_t> decoded = parseBase64(fingerprint);
454 if (decoded.empty()) {
455 return binder::Status::fromServiceSpecificError(EINVAL,
456 String8::format("ResolverController error: bad fingerprint"));
457 }
458 decoded_fingerprints.emplace(decoded);
459 }
460
461 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]462 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]463 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]464 if (err != 0) {
465 return binder::Status::fromServiceSpecificError(-err,
466 String8::format("ResolverController error: %s", strerror(-err)));
467 }
468 return binder::Status::ok();
469}
470
471binder::Status NetdNativeService::getResolverInfo(int32_t netId,
472 std::vector<std::string>* servers, std::vector<std::string>* domains,
473 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
474 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
475 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
476
477 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
478 if (err != 0) {
479 return binder::Status::fromServiceSpecificError(-err,
480 String8::format("ResolverController error: %s", strerror(-err)));
481 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]482 return binder::Status::ok();
483}
484
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]485binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]486 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]487
488 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
489 return binder::Status::ok();
490}
491
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]492namespace {
493
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]494void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
495 const TetherController::TetherStats& tetherStats) {
496 if (tetherStatsParcel->extIface == tetherStats.extIface) {
497 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
498 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
499 tetherStatsParcel->txBytes += tetherStats.txBytes;
500 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]501 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]502}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]503
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]504TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
505 TetherStatsParcel result;
506 result.iface = stats.extIface;
507 result.rxBytes = stats.rxBytes;
508 result.rxPackets = stats.rxPackets;
509 result.txBytes = stats.txBytes;
510 result.txPackets = stats.txPackets;
511 return result;
512}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]513
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]514void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
515 const TetherController::TetherStatsList& statsList) {
516 std::map<std::string, TetherController::TetherStats> statsMap;
517 for (const auto& stats : statsList) {
518 auto iter = statsMap.find(stats.extIface);
519 if (iter != statsMap.end()) {
520 tetherAddStatsByInterface(&(iter->second), stats);
521 } else {
522 statsMap.insert(
523 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
524 }
525 }
526 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
527 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
528 }
529}
530
531std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
532 std::vector<std::string> result;
533 for (const auto& t : *tVec) {
534 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
535 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
536 t.txPackets));
537 }
538 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]539}
540
541} // namespace
542
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]543binder::Status NetdNativeService::tetherGetStats(
544 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]545 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]546
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]547 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
548
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]549 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]550 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]551 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]552 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]553 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
554 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
555 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]556 return binder::Status::ok();
557}
558
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]559binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
560 const std::string &addrString, int prefixLength) {
561 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
562
563 const int err = InterfaceController::addAddress(
564 ifName.c_str(), addrString.c_str(), prefixLength);
565 if (err != 0) {
566 return binder::Status::fromServiceSpecificError(-err,
567 String8::format("InterfaceController error: %s", strerror(-err)));
568 }
569 return binder::Status::ok();
570}
571
572binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
573 const std::string &addrString, int prefixLength) {
574 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
575
576 const int err = InterfaceController::delAddress(
577 ifName.c_str(), addrString.c_str(), prefixLength);
578 if (err != 0) {
579 return binder::Status::fromServiceSpecificError(-err,
580 String8::format("InterfaceController error: %s", strerror(-err)));
581 }
582 return binder::Status::ok();
583}
584
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]585namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]586
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]587std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
588 int32_t category) {
589 const char* ipversionStr = nullptr;
590 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]591 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]592 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]593 break;
594 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]595 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]596 break;
597 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]598 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
599 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]600 }
601
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]602 const char* whichStr = nullptr;
603 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]604 case INetd::CONF:
605 whichStr = "conf";
606 break;
607 case INetd::NEIGH:
608 whichStr = "neigh";
609 break;
610 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]611 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
612 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]613 }
614
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]615 return {binder::Status::ok(), ipversionStr, whichStr};
616}
617
618} // namespace
619
620binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
621 const std::string& ifname,
622 const std::string& parameter, std::string* value) {
623 ENFORCE_PERMISSION(NETWORK_STACK);
624 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
625 .args(ipversion, which, ifname, parameter);
626
627 const auto pathParts = getPathComponents(ipversion, which);
628 const auto& pathStatus = std::get<0>(pathParts);
629 if (!pathStatus.isOk()) {
630 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
631 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]632 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]633
634 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
635 std::get<2>(pathParts), ifname.c_str(),
636 parameter.c_str(), value);
637 entry.returns(err);
638 if (err == 0) entry.returns(*value);
639 gLog.log(entry.withAutomaticDuration());
640 return statusFromErrcode(err);
641}
642
643binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
644 const std::string& ifname,
645 const std::string& parameter,
646 const std::string& value) {
647 ENFORCE_PERMISSION(NETWORK_STACK);
648 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
649 .args(ipversion, which, ifname, parameter, value);
650
651 const auto pathParts = getPathComponents(ipversion, which);
652 const auto& pathStatus = std::get<0>(pathParts);
653 if (!pathStatus.isOk()) {
654 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
655 return pathStatus;
656 }
657
658 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
659 std::get<2>(pathParts), ifname.c_str(),
660 parameter.c_str(), value.c_str());
661 gLog.log(entry.returns(err).withAutomaticDuration());
662 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]663}
664
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]665binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
666 // This function intentionally does not lock, since the only thing it does is one read from an
667 // atomic_int.
668 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
669 ENFORCE_DEBUGGABLE();
670
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]671 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]672 return binder::Status::ok();
673}
674
675binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
676 // This function intentionally does not lock, since the only thing it does is one write to an
677 // atomic_int.
678 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
679 ENFORCE_DEBUGGABLE();
680
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]681 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
682 ? binder::Status::ok()
683 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]684}
685
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]686binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
687 int newUid) {
688 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]689 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]690
691 uid_t callerUid = IPCThreadState::self()->getCallingUid();
692 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
693}
694
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]695binder::Status NetdNativeService::ipSecAllocateSpi(
696 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]697 const std::string& sourceAddress,
698 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]699 int32_t inSpi,
700 int32_t* outSpi) {
701 // Necessary locking done in IpSecService and kernel
702 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]703 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]704 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]705 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]706 sourceAddress,
707 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]708 inSpi,
709 outSpi));
710}
711
712binder::Status NetdNativeService::ipSecAddSecurityAssociation(
713 int32_t transformId,
714 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]715 const std::string& sourceAddress,
716 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]717 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]718 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]719 int32_t markValue,
720 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]721 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
722 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]723 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]724 int32_t encapType,
725 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]726 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]727 // Necessary locking done in IpSecService and kernel
728 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]729 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]730 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]731 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
732 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
733 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]734}
735
736binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
737 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]738 const std::string& sourceAddress,
739 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]740 int32_t spi,
741 int32_t markValue,
742 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]743 // Necessary locking done in IpSecService and kernel
744 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]745 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]746 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]747 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]748 sourceAddress,
749 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]750 spi,
751 markValue,
752 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]753}
754
755binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
756 const android::base::unique_fd& socket,
757 int32_t transformId,
758 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]759 const std::string& sourceAddress,
760 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]761 int32_t spi) {
762 // Necessary locking done in IpSecService and kernel
763 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]764 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]765 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]766 socket,
767 transformId,
768 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]769 sourceAddress,
770 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]771 spi));
772}
773
774binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
775 const android::base::unique_fd& socket) {
776 // Necessary locking done in IpSecService and kernel
777 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]778 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]779 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]780 socket));
781}
782
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]783binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
784 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]785 const std::string& tmplSrcAddress,
786 const std::string& tmplDstAddress,
787 int32_t spi, int32_t markValue,
788 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]789 // Necessary locking done in IpSecService and kernel
790 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]791 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]792 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]793 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
794 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]795}
796
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]797binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(int32_t transformId,
798 int32_t selAddrFamily,
799 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]800 const std::string& tmplSrcAddress,
801 const std::string& tmplDstAddress,
802 int32_t spi, int32_t markValue,
803 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]804 // Necessary locking done in IpSecService and kernel
805 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]806 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]807 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]808 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
809 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]810}
811
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]812binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
813 int32_t selAddrFamily,
814 int32_t direction, int32_t markValue,
815 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]816 // Necessary locking done in IpSecService and kernel
817 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]818 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]819 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]820 transformId, selAddrFamily, direction, markValue, markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]821}
822
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]823binder::Status NetdNativeService::addVirtualTunnelInterface(
824 const std::string& deviceName,
825 const std::string& localAddress,
826 const std::string& remoteAddress,
827 int32_t iKey,
828 int32_t oKey) {
829 // Necessary locking done in IpSecService and kernel
830 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]831 gLog.log("addVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]832 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
833 deviceName,
834 localAddress,
835 remoteAddress,
836 iKey,
837 oKey,
838 false);
839
840 return (ret == 0) ? binder::Status::ok() :
841 asBinderStatus(netdutils::statusFromErrno(
842 ret, "Error in creating virtual tunnel interface."));
843}
844
845binder::Status NetdNativeService::updateVirtualTunnelInterface(
846 const std::string& deviceName,
847 const std::string& localAddress,
848 const std::string& remoteAddress,
849 int32_t iKey,
850 int32_t oKey) {
851 // Necessary locking done in IpSecService and kernel
852 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]853 gLog.log("updateVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]854 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
855 deviceName,
856 localAddress,
857 remoteAddress,
858 iKey,
859 oKey,
860 true);
861
862 return (ret == 0) ? binder::Status::ok() :
863 asBinderStatus(netdutils::statusFromErrno(
864 ret, "Error in updating virtual tunnel interface."));
865}
866
867binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
868 // Necessary locking done in IpSecService and kernel
869 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]870 gLog.log("removeVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]871 int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
872
873 return (ret == 0) ? binder::Status::ok() :
874 asBinderStatus(netdutils::statusFromErrno(
875 ret, "Error in removing virtual tunnel interface."));
876}
877
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]878binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
879 int32_t mode) {
880 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]881 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]882}
883
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]884binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
885 const std::string& prefix, int32_t mark,
886 int32_t mask) {
887 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]888 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]889}
890
891binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
892 const std::string& prefix, int32_t mark,
893 int32_t mask) {
894 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]895 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]896}
897
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]898binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
899 ENFORCE_PERMISSION(NETWORK_STACK);
900 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
901 return binder::Status::ok();
902}
903
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]904binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
905 const std::string& classLabel) {
906 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
907 auto entry = gLog.newEntry()
908 .prettyFunction(__PRETTY_FUNCTION__)
909 .arg(ifName)
910 .arg(timeout)
911 .arg(classLabel);
912 int res =
913 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
914 gLog.log(entry.returns(res).withAutomaticDuration());
915 return statusFromErrcode(res);
916}
917
918binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
919 int32_t timeout,
920 const std::string& classLabel) {
921 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
922 auto entry = gLog.newEntry()
923 .prettyFunction(__PRETTY_FUNCTION__)
924 .arg(ifName)
925 .arg(timeout)
926 .arg(classLabel);
927 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
928 classLabel.c_str());
929 gLog.log(entry.returns(res).withAutomaticDuration());
930 return statusFromErrcode(res);
931}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]932
933binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
934 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
935 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
936 StrictPenalty penalty;
937 switch (policyPenalty) {
938 case INetd::PENALTY_POLICY_REJECT:
939 penalty = REJECT;
940 break;
941 case INetd::PENALTY_POLICY_LOG:
942 penalty = LOG;
943 break;
944 case INetd::PENALTY_POLICY_ACCEPT:
945 penalty = ACCEPT;
946 break;
947 default:
948 return statusFromErrcode(-EINVAL);
949 break;
950 }
951 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
952 gLog.log(entry.returns(res).withAutomaticDuration());
953 return statusFromErrcode(res);
954}
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]955binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
956 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
957 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
958 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
959 gLog.log(entry.returns(res).withAutomaticDuration());
960 return statusFromErrcode(res);
961}
962
963binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
964 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
965 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
966 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
967 gLog.log(entry.returns(res).withAutomaticDuration());
968 return statusFromErrcode(res);
969}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]970
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]971binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
972 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
973 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
974 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
975 gLog.log(entry.returns(*status).withAutomaticDuration());
976 return binder::Status::ok();
977}
978
979binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
980 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
981 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
982 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
983 gLog.log(entry.returns(res).withAutomaticDuration());
984 return statusFromErrcode(res);
985}
986
987binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
988 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
989 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
990 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
991 gLog.log(entry.returns(res).withAutomaticDuration());
992 return statusFromErrcode(res);
993}
994
995binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
996 const std::string& toIface) {
997 ENFORCE_PERMISSION(NETWORK_STACK);
998 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
999 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1000 gLog.log(entry.returns(res).withAutomaticDuration());
1001 return statusFromErrcode(res);
1002}
1003
1004binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1005 const std::string& toIface) {
1006 ENFORCE_PERMISSION(NETWORK_STACK);
1007 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1008 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1009 gLog.log(entry.returns(res).withAutomaticDuration());
1010 return statusFromErrcode(res);
1011}
1012
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1013binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1014 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1015 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1016 if (dhcpRanges.size() % 2 == 1) {
1017 return statusFromErrcode(-EINVAL);
1018 }
1019 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1020 gLog.log(entry.returns(res).withAutomaticDuration());
1021 return statusFromErrcode(res);
1022}
1023
1024binder::Status NetdNativeService::tetherStop() {
1025 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1026 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1027 int res = gCtls->tetherCtrl.stopTethering();
1028 gLog.log(entry.returns(res).withAutomaticDuration());
1029 return statusFromErrcode(res);
1030}
1031
1032binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1033 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1034 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1035 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1036 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1037 return binder::Status::ok();
1038}
1039
1040binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1041 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1042 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1043 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1044 gLog.log(entry.returns(res).withAutomaticDuration());
1045 return statusFromErrcode(res);
1046}
1047
1048binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1049 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1050 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1051 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1052 gLog.log(entry.returns(res).withAutomaticDuration());
1053 return statusFromErrcode(res);
1054}
1055
1056binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1057 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1058 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1059 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1060 ifList->push_back(ifname);
1061 }
1062 gLog.log(entry.returns(true).withAutomaticDuration());
1063 return binder::Status::ok();
1064}
1065
1066binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1067 const std::vector<std::string>& dnsAddrs) {
1068 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1069 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1070 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1071 gLog.log(entry.returns(res).withAutomaticDuration());
1072 return statusFromErrcode(res);
1073}
1074
1075binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1076 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1077 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1078 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1079 dnsList->push_back(fwdr);
1080 }
1081 gLog.log(entry.returns(true).withAutomaticDuration());
1082 return binder::Status::ok();
1083}
1084
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame^]1085binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1086 const std::string& destination,
1087 const std::string& nextHop) {
1088 // Public methods of NetworkController are thread-safe.
1089 ENFORCE_PERMISSION(NETWORK_STACK);
1090 auto entry = gLog.newEntry()
1091 .prettyFunction(__PRETTY_FUNCTION__)
1092 .arg(netId)
1093 .arg(ifName)
1094 .arg(destination)
1095 .arg(nextHop);
1096 bool legacy = false;
1097 uid_t uid = 0; // UID is only meaningful for legacy routes.
1098 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1099 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1100 gLog.log(entry.returns(res).withAutomaticDuration());
1101 return statusFromErrcode(res);
1102}
1103
1104binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1105 const std::string& destination,
1106 const std::string& nextHop) {
1107 ENFORCE_PERMISSION(NETWORK_STACK);
1108 auto entry = gLog.newEntry()
1109 .prettyFunction(__PRETTY_FUNCTION__)
1110 .arg(netId)
1111 .arg(ifName)
1112 .arg(destination)
1113 .arg(nextHop);
1114 bool legacy = false;
1115 uid_t uid = 0; // UID is only meaningful for legacy routes.
1116 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1117 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1118 gLog.log(entry.returns(res).withAutomaticDuration());
1119 return statusFromErrcode(res);
1120}
1121
1122binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1123 const std::string& destination,
1124 const std::string& nextHop, int32_t uid) {
1125 ENFORCE_PERMISSION(NETWORK_STACK);
1126 auto entry = gLog.newEntry()
1127 .prettyFunction(__PRETTY_FUNCTION__)
1128 .arg(netId)
1129 .arg(ifName)
1130 .arg(destination)
1131 .arg(nextHop)
1132 .arg(uid);
1133 bool legacy = true;
1134 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1135 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1136 (uid_t) uid);
1137 gLog.log(entry.returns(res).withAutomaticDuration());
1138 return statusFromErrcode(res);
1139}
1140
1141binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1142 const std::string& destination,
1143 const std::string& nextHop,
1144 int32_t uid) {
1145 ENFORCE_PERMISSION(NETWORK_STACK);
1146 auto entry = gLog.newEntry()
1147 .prettyFunction(__PRETTY_FUNCTION__)
1148 .arg(netId)
1149 .arg(ifName)
1150 .arg(destination)
1151 .arg(nextHop)
1152 .arg(uid);
1153 bool legacy = true;
1154 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1155 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1156 (uid_t) uid);
1157 gLog.log(entry.returns(res).withAutomaticDuration());
1158 return statusFromErrcode(res);
1159}
1160
1161binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1162 ENFORCE_PERMISSION(NETWORK_STACK);
1163 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1164 *netId = gCtls->netCtrl.getDefaultNetwork();
1165 gLog.log(entry.returns(*netId).withAutomaticDuration());
1166 return binder::Status::ok();
1167}
1168
1169binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1170 ENFORCE_PERMISSION(NETWORK_STACK);
1171 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1172 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1173 gLog.log(entry.returns(res).withAutomaticDuration());
1174 return statusFromErrcode(res);
1175}
1176
1177binder::Status NetdNativeService::networkClearDefault() {
1178 ENFORCE_PERMISSION(NETWORK_STACK);
1179 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1180 unsigned netId = NETID_UNSET;
1181 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1182 gLog.log(entry.returns(res).withAutomaticDuration());
1183 return statusFromErrcode(res);
1184}
1185
1186std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1187 return {begin(intUids), end(intUids)};
1188}
1189
1190Permission NetdNativeService::convertPermission(int32_t permission) {
1191 switch (permission) {
1192 case INetd::PERMISSION_NETWORK:
1193 return Permission::PERMISSION_NETWORK;
1194 case INetd::PERMISSION_SYSTEM:
1195 return Permission::PERMISSION_SYSTEM;
1196 default:
1197 return Permission::PERMISSION_NONE;
1198 }
1199}
1200
1201binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1202 int32_t permission) {
1203 ENFORCE_PERMISSION(NETWORK_STACK);
1204 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1205 std::vector<unsigned> netIds = {(unsigned) netId};
1206 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1207 gLog.log(entry.returns(res).withAutomaticDuration());
1208 return statusFromErrcode(res);
1209}
1210
1211binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1212 const std::vector<int32_t>& uids) {
1213 ENFORCE_PERMISSION(NETWORK_STACK);
1214 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1215 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1216 gLog.log(entry.withAutomaticDuration());
1217 return binder::Status::ok();
1218}
1219
1220binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1221 ENFORCE_PERMISSION(NETWORK_STACK);
1222 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1223 Permission permission = Permission::PERMISSION_NONE;
1224 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1225 gLog.log(entry.withAutomaticDuration());
1226 return binder::Status::ok();
1227}
1228
1229binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1230 ENFORCE_PERMISSION(NETWORK_STACK);
1231 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1232 std::vector<uid_t> uids = {(uid_t) uid};
1233 gCtls->netCtrl.allowProtect(uids);
1234 gLog.log(entry.withAutomaticDuration());
1235 return binder::Status::ok();
1236}
1237
1238binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1239 ENFORCE_PERMISSION(NETWORK_STACK);
1240 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1241 std::vector<uid_t> uids = {(uid_t) uid};
1242 gCtls->netCtrl.denyProtect(uids);
1243 gLog.log(entry.withAutomaticDuration());
1244 return binder::Status::ok();
1245}
1246
1247binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1248 ENFORCE_PERMISSION(NETWORK_STACK);
1249 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1250 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1251 gLog.log(entry.returns(*ret).withAutomaticDuration());
1252 return binder::Status::ok();
1253}
1254
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1255} // namespace net
1256} // namespace android