Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / c8b6a9c5dc2a38ccb6c1b838c8e6acc6d26149cf / . / server / NetdNativeService.cpp
blob: 80081ea3c2e52f7b19cfd17f18a7d913c6899281 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]19#include <set>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]20#include <vector>
21
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]22#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]23#include <android-base/strings.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <cutils/log.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]25#include <cutils/properties.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]26#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]27#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28
29#include <binder/IPCThreadState.h>
30#include <binder/IServiceManager.h>
31#include "android/net/BnNetd.h"
32
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]33#include <openssl/base64.h>
34
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]35#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]36#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]37#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]38#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]39#include "NetdConstants.h"
40#include "NetdNativeService.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]41#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]42#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]43#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]44
45using android::base::StringPrintf;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]46using android::os::PersistableBundle;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]47
48namespace android {
49namespace net {
50
51namespace {
52
53const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]54const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]55const char DUMP[] = "android.permission.DUMP";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]56
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]57binder::Status toBinderStatus(const netdutils::Status s) {
58 if (isOk(s)) {
59 return binder::Status::ok();
60 }
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]61 return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str());
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]62}
63
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]64binder::Status checkPermission(const char *permission) {
65 pid_t pid;
66 uid_t uid;
67
68 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
69 return binder::Status::ok();
70 } else {
71 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
72 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
73 }
74}
75
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]76#define ENFORCE_DEBUGGABLE() { \
77 char value[PROPERTY_VALUE_MAX + 1]; \
78 if (property_get("ro.debuggable", value, NULL) != 1 \
79 || value[0] != '1') { \
80 return binder::Status::fromExceptionCode( \
81 binder::Status::EX_SECURITY, \
82 String8("Not available in production builds.") \
83 ); \
84 } \
85}
86
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]87#define ENFORCE_PERMISSION(permission) { \
88 binder::Status status = checkPermission((permission)); \
89 if (!status.isOk()) { \
90 return status; \
91 } \
92}
93
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]94#define NETD_LOCKING_RPC(permission, lock) \
95 ENFORCE_PERMISSION(permission); \
96 android::RWLock::AutoWLock _lock(lock);
97
98#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]99
100inline binder::Status statusFromErrcode(int ret) {
101 if (ret) {
102 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
103 }
104 return binder::Status::ok();
105}
106
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]107} // namespace
108
109
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]110status_t NetdNativeService::start() {
111 IPCThreadState::self()->disableBackgroundScheduling(true);
112 status_t ret = BinderService<NetdNativeService>::publish();
113 if (ret != android::OK) {
114 return ret;
115 }
116 sp<ProcessState> ps(ProcessState::self());
117 ps->startThreadPool();
118 ps->giveThreadPoolName();
119 return android::OK;
120}
121
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]122status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
123 const binder::Status dump_permission = checkPermission(DUMP);
124 if (!dump_permission.isOk()) {
125 const String8 msg(dump_permission.toString8());
126 write(fd, msg.string(), msg.size());
127 return PERMISSION_DENIED;
128 }
129
130 // This method does not grab any locks. If individual classes need locking
131 // their dump() methods MUST handle locking appropriately.
132 DumpWriter dw(fd);
133 dw.blankline();
134 gCtls->netCtrl.dump(dw);
135 dw.blankline();
136
137 return NO_ERROR;
138}
139
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]140binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]141 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]142
143 *alive = true;
144 return binder::Status::ok();
145}
146
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]147binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
148 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
149 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
150
151 android::String8 name = android::String8(chainName);
152 int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
153 *ret = (err == 0);
154 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]155}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]156
157binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
158 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
159
160 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
161 *ret = (err == 0);
162 return binder::Status::ok();
163}
164
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]165binder::Status NetdNativeService::networkCreatePhysical(int32_t netId,
166 const std::string& permission) {
167 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
168 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, stringToPermission(permission.c_str()));
169 return statusFromErrcode(ret);
170}
171
172binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
173 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
174 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
175 return statusFromErrcode(ret);
176}
177
178binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame^]179 ENFORCE_PERMISSION(NETWORK_STACK);
180 // Both of these functions manage their own locking internally.
181 const int ret = gCtls->netCtrl.destroyNetwork(netId);
182 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]183 return statusFromErrcode(ret);
184}
185
186binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
187 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
188 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
189 return statusFromErrcode(ret);
190}
191
192binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
193 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
194 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
195 return statusFromErrcode(ret);
196}
197
198binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,
199 const std::vector<UidRange>& uidRangeArray) {
200 // NetworkController::addUsersToNetwork is thread-safe.
201 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
202 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
203 return statusFromErrcode(ret);
204}
205
206binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,
207 const std::vector<UidRange>& uidRangeArray) {
208 // NetworkController::removeUsersFromNetwork is thread-safe.
209 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
210 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
211 return statusFromErrcode(ret);
212}
213
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]214binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
215 const std::vector<UidRange>& uidRangeArray) {
216 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
217 // it should be possible to use the same lock as NetworkController. However, every call through
218 // the CommandListener "network" command will need to hold this lock too, not just the ones that
219 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
220 // look at routes, but it's not enough here).
221 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
222
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]223 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]224
225 int err;
226 if (add) {
227 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
228 } else {
229 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
230 }
231
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]232 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]233}
234
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]235binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
236 const std::vector<int32_t>& skipUids) {
237
238 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
239
240 SockDiag sd;
241 if (!sd.open()) {
242 return binder::Status::fromServiceSpecificError(EIO,
243 String8("Could not open SOCK_DIAG socket"));
244 }
245
246 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]247 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
248 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]249
250 if (err) {
251 return binder::Status::fromServiceSpecificError(-err,
252 String8::format("destroySockets: %s", strerror(-err)));
253 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]254 return binder::Status::ok();
255}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]256
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]257// Parse a base64 encoded string into a vector of bytes.
258// On failure, return an empty vector.
259static std::vector<uint8_t> parseBase64(const std::string& input) {
260 std::vector<uint8_t> decoded;
261 size_t out_len;
262 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
263 return decoded;
264 }
265 // out_len is now an upper bound on the output length.
266 decoded.resize(out_len);
267 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
268 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
269 // Possibly shrink the vector if the actual output was smaller than the bound.
270 decoded.resize(out_len);
271 } else {
272 decoded.clear();
273 }
274 if (out_len != SHA256_SIZE) {
275 decoded.clear();
276 }
277 return decoded;
278}
279
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]280binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
281 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]282 const std::vector<int32_t>& params, bool useTls, const std::string& tlsName,
283 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]284 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
285 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
286
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]287 std::set<std::vector<uint8_t>> decoded_fingerprints;
288 for (const std::string& fingerprint : tlsFingerprints) {
289 std::vector<uint8_t> decoded = parseBase64(fingerprint);
290 if (decoded.empty()) {
291 return binder::Status::fromServiceSpecificError(EINVAL,
292 String8::format("ResolverController error: bad fingerprint"));
293 }
294 decoded_fingerprints.emplace(decoded);
295 }
296
297 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
298 useTls, tlsName, decoded_fingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]299 if (err != 0) {
300 return binder::Status::fromServiceSpecificError(-err,
301 String8::format("ResolverController error: %s", strerror(-err)));
302 }
303 return binder::Status::ok();
304}
305
306binder::Status NetdNativeService::getResolverInfo(int32_t netId,
307 std::vector<std::string>* servers, std::vector<std::string>* domains,
308 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
309 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
310 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
311
312 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
313 if (err != 0) {
314 return binder::Status::fromServiceSpecificError(-err,
315 String8::format("ResolverController error: %s", strerror(-err)));
316 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]317 return binder::Status::ok();
318}
319
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]320binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]321 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]322
323 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
324 return binder::Status::ok();
325}
326
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]327namespace {
328
329void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
330 String16 iface = String16(stats.extIface.c_str());
331 std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
332
333 bundle->getLongVector(iface, &statsVector);
334 if (statsVector.size() == 0) {
335 for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
336 }
337
Lorenzo Colitti9a65ac62017-09-04 18:07:56 +0900[diff] [blame]338 statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
339 statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
340 statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
341 statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]342
343 bundle->putLongVector(iface, statsVector);
344}
345
346} // namespace
347
348binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
349 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
350
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]351 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]352 if (!isOk(statsList)) {
353 return toBinderStatus(statsList);
354 }
355
356 for (const auto& stats : statsList.value()) {
357 tetherAddStats(bundle, stats);
358 }
359
360 return binder::Status::ok();
361}
362
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]363binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
364 const std::string &addrString, int prefixLength) {
365 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
366
367 const int err = InterfaceController::addAddress(
368 ifName.c_str(), addrString.c_str(), prefixLength);
369 if (err != 0) {
370 return binder::Status::fromServiceSpecificError(-err,
371 String8::format("InterfaceController error: %s", strerror(-err)));
372 }
373 return binder::Status::ok();
374}
375
376binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
377 const std::string &addrString, int prefixLength) {
378 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
379
380 const int err = InterfaceController::delAddress(
381 ifName.c_str(), addrString.c_str(), prefixLength);
382 if (err != 0) {
383 return binder::Status::fromServiceSpecificError(-err,
384 String8::format("InterfaceController error: %s", strerror(-err)));
385 }
386 return binder::Status::ok();
387}
388
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]389binder::Status NetdNativeService::setProcSysNet(
390 int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
391 const std::string &value) {
392 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
393
394 const char *familyStr;
395 switch (family) {
396 case INetd::IPV4:
397 familyStr = "ipv4";
398 break;
399 case INetd::IPV6:
400 familyStr = "ipv6";
401 break;
402 default:
403 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
404 }
405
406 const char *whichStr;
407 switch (which) {
408 case INetd::CONF:
409 whichStr = "conf";
410 break;
411 case INetd::NEIGH:
412 whichStr = "neigh";
413 break;
414 default:
415 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
416 }
417
418 const int err = InterfaceController::setParameter(
419 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
420 value.c_str());
421 if (err != 0) {
422 return binder::Status::fromServiceSpecificError(-err,
423 String8::format("ResolverController error: %s", strerror(-err)));
424 }
425 return binder::Status::ok();
426}
427
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]428binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
429 // This function intentionally does not lock, since the only thing it does is one read from an
430 // atomic_int.
431 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
432 ENFORCE_DEBUGGABLE();
433
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]434 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]435 return binder::Status::ok();
436}
437
438binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
439 // This function intentionally does not lock, since the only thing it does is one write to an
440 // atomic_int.
441 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
442 ENFORCE_DEBUGGABLE();
443
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]444 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
445 ? binder::Status::ok()
446 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]447}
448
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]449binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
450 int newUid) {
451 ENFORCE_PERMISSION(NETWORK_STACK)
452 ALOGD("ipSecSetEncapSocketOwner()");
453
454 uid_t callerUid = IPCThreadState::self()->getCallingUid();
455 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
456}
457
458
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]459binder::Status NetdNativeService::ipSecAllocateSpi(
460 int32_t transformId,
461 int32_t direction,
462 const std::string& localAddress,
463 const std::string& remoteAddress,
464 int32_t inSpi,
465 int32_t* outSpi) {
466 // Necessary locking done in IpSecService and kernel
467 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
468 ALOGD("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]469 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]470 transformId,
471 direction,
472 localAddress,
473 remoteAddress,
474 inSpi,
475 outSpi));
476}
477
478binder::Status NetdNativeService::ipSecAddSecurityAssociation(
479 int32_t transformId,
480 int32_t mode,
481 int32_t direction,
482 const std::string& localAddress,
483 const std::string& remoteAddress,
484 int64_t underlyingNetworkHandle,
485 int32_t spi,
486 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
487 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]488 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]489 int32_t encapType,
490 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]491 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]492 // Necessary locking done in IpSecService and kernel
493 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
494 ALOGD("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]495 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]496 transformId, mode, direction, localAddress, remoteAddress,
497 underlyingNetworkHandle,
498 spi,
499 authAlgo, authKey, authTruncBits,
500 cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]501 aeadAlgo, aeadKey, aeadIcvBits,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]502 encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]503}
504
505binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
506 int32_t transformId,
507 int32_t direction,
508 const std::string& localAddress,
509 const std::string& remoteAddress,
510 int32_t spi) {
511 // Necessary locking done in IpSecService and kernel
512 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
513 ALOGD("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]514 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]515 transformId,
516 direction,
517 localAddress,
518 remoteAddress,
519 spi));
520}
521
522binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
523 const android::base::unique_fd& socket,
524 int32_t transformId,
525 int32_t direction,
526 const std::string& localAddress,
527 const std::string& remoteAddress,
528 int32_t spi) {
529 // Necessary locking done in IpSecService and kernel
530 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
531 ALOGD("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]532 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]533 socket,
534 transformId,
535 direction,
536 localAddress,
537 remoteAddress,
538 spi));
539}
540
541binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
542 const android::base::unique_fd& socket) {
543 // Necessary locking done in IpSecService and kernel
544 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
545 ALOGD("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]546 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]547 socket));
548}
549
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]550binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
551 int32_t mode) {
552 ENFORCE_PERMISSION(NETWORK_STACK);
553 return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
554}
555
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]556binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
557 const std::string& prefix, int32_t mark,
558 int32_t mask) {
559 ENFORCE_PERMISSION(NETWORK_STACK);
560 return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
561}
562
563binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
564 const std::string& prefix, int32_t mark,
565 int32_t mask) {
566 ENFORCE_PERMISSION(NETWORK_STACK);
567 return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
568}
569
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]570} // namespace net
571} // namespace android