Blame - server/NetdNativeService.cpp - platform/system/netd

2016-02-02 17:19:04 +0900

[diff] [blame]

/**

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

17

#define LOG_TAG "Netd"

18

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

19

#include <cinttypes>

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

20

#include <numeric>

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

21

#include <set>

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

22

#include <tuple>

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

23

#include <vector>

24

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

25

#include <android-base/file.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

26

#include <android-base/stringprintf.h>

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

27

#include <android-base/strings.h>

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

28

#include <cutils/properties.h>

Logan Chien

3f46148

2018-04-23 14:31:32 +0800

[diff] [blame]

29

#include <log/log.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

30

#include <utils/Errors.h>

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

31

#include <utils/String16.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

32

33

#include <binder/IPCThreadState.h>

34

#include <binder/IServiceManager.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

35

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

36

#include <json/value.h>

Jeongik Cha

2019-03-22 12:11:25 +0900

[diff] [blame]

37

#include <json/writer.h>

Ben Schwartz

e760181

2017-04-28 16:38:29 -0400

[diff] [blame]

38

#include <openssl/base64.h>

39

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

40

#include "Controllers.h"

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

41

#include "InterfaceController.h"

Mike Yu

5ae6154

2018-10-19 22:11:43 +0800

[diff] [blame]

42

#include "NetdConstants.h" // SHA256_SIZE

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

43

#include "NetdNativeService.h"

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

44

#include "NetdPermissions.h"

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

45

#include "Permission.h"

Erik Kline

8589004

2018-05-25 19:19:11 +0900

[diff] [blame]

46

#include "Process.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

47

#include "RouteController.h"

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

48

#include "SockDiag.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

49

#include "UidRanges.h"

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

50

#include "android/net/BnNetd.h"

Luke Huang

b257d61

2019-03-14 21:19:13 +0800

[diff] [blame]

51

#include "netdutils/DumpWriter.h"

Bernie Innocenti

189eb50

2018-10-01 23:10:18 +0900

[diff] [blame]

52

#include "netid_client.h" // NETID_UNSET

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

53

54

using android::base::StringPrintf;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

55

using android::base::WriteStringToFile;

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

56

using android::net::TetherStatsParcel;

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

57

using android::net::UidRangeParcel;

Luke Huang

b257d61

2019-03-14 21:19:13 +0800

[diff] [blame]

58

using android::netdutils::DumpWriter;

59

using android::netdutils::ScopedIndent;

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

60

using android::os::ParcelFileDescriptor;

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

namespace android {

namespace net {

namespace {

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

66

const char OPT_SHORT[] = "--short";

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

67

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

68

binder::Status checkAnyPermission(const std::vector<const char*>& permissions) {

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

69

pid_t pid = IPCThreadState::self()->getCallingPid();

70

uid_t uid = IPCThreadState::self()->getCallingUid();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

71

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

72

// If the caller is the system UID, don't check permissions.

73

// Otherwise, if the system server's binder thread pool is full, and all the threads are

74

// blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492

75

//

76

// From a security perspective, there is currently no difference, because:

77

// 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

78

// and NETWORK_STACK, which the system server always has (or MAINLINE_NETWORK_STACK, which

79

// is equivalent to having both CONNECTIVITY_INTERNAL and NETWORK_STACK).

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

80

// 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

81

if (uid == AID_SYSTEM) {

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

82

return binder::Status::ok();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

83

}

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

84

85

for (const char* permission : permissions) {

86

if (checkPermission(String16(permission), pid, uid)) {

87

return binder::Status::ok();

}

}

auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s",

92

uid, pid, android::base::Join(permissions, ',').c_str());

93

return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, err.c_str());

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

94

}

95

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

96

#define ENFORCE_ANY_PERMISSION(...) \

97

do { \

98

binder::Status status = checkAnyPermission({__VA_ARGS__}); \

99

if (!status.isOk()) { \

100

return status; \

101

} \

102

} while (0)

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

103

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

104

#define NETD_LOCKING_RPC(lock, ... /* permissions */) \

105

ENFORCE_ANY_PERMISSION(__VA_ARGS__); \

Bernie Innocenti

abf8a34

2018-08-10 15:17:16 +0900

[diff] [blame]

106

std::lock_guard _lock(lock);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

107

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

108

#define NETD_BIG_LOCK_RPC(... /* permissions */) NETD_LOCKING_RPC(gBigNetdLock, __VA_ARGS__)

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

109

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

110

#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \

111

do { \

112

if (!isOk((res))) { \

113

logErrorStatus((logEntry), (res)); \

114

return asBinderStatus((res)); \

} \

} while (0)

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

118

#define ENFORCE_INTERNAL_PERMISSIONS() \

119

ENFORCE_ANY_PERMISSION(PERM_CONNECTIVITY_INTERNAL, PERM_MAINLINE_NETWORK_STACK)

120

121

#define ENFORCE_NETWORK_STACK_PERMISSIONS() \

122

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK)

123

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

124

void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {

125

gLog.log(logEntry.returns(status.code()).withAutomaticDuration());

126

}

127

Bernie Innocenti

97f388f

2018-10-16 19:17:08 +0900

[diff] [blame]

128

binder::Status asBinderStatus(const netdutils::Status& status) {

129

if (isOk(status)) {

130

return binder::Status::ok();

131

}

132

return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());

133

}

134

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

135

inline binder::Status statusFromErrcode(int ret) {

136

if (ret) {

137

return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));

138

}

139

return binder::Status::ok();

140

}

141

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

142

bool contains(const Vector<String16>& words, const String16& word) {

143

for (const auto& w : words) {

144

if (w == word) return true;

145

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

146

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

return false;

}

} // namespace

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

151

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

152

status_t NetdNativeService::start() {

153

IPCThreadState::self()->disableBackgroundScheduling(true);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

154

const status_t ret = BinderService<NetdNativeService>::publish();

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

155

if (ret != android::OK) {

156

return ret;

157

}

158

sp<ProcessState> ps(ProcessState::self());

159

ps->startThreadPool();

160

ps->giveThreadPoolName();

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

161

162

// register log callback to BnNetd::logFunc

163

BnNetd::logFunc = [](const Json::Value& logTransaction) {

164

bool hasReturnArgs;

165

std::string output;

166

const Json::Value& inputArgs = logTransaction["input_args"];

167

const Json::Value& returnArgs = logTransaction["_aidl_return"];

168

Json::Value::Members member = inputArgs.getMemberNames();

169

170

hasReturnArgs = !returnArgs.empty();

171

output.append(logTransaction["method_name"].asString().c_str() + std::string("("));

172

173

// input args

Jeongik Cha

2019-03-22 12:11:25 +0900

[diff] [blame]

174

Json::FastWriter fastWriter;

175

fastWriter.omitEndingLineFeed();

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

176

for (Json::Value::Members::iterator iter = member.begin(); iter != member.end(); ++iter) {

Jeongik Cha

2019-03-22 12:11:25 +0900

[diff] [blame]

177

std::string value = fastWriter.write(inputArgs[(*iter).c_str()]);

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

178

if (value.empty()) value = std::string("null");

179

output.append(value);

180

if (iter != member.end() - 1) {

output.append(", ");

}

}

output.append(std::string(")"));

185

// return args

186

if (hasReturnArgs) {

Jeongik Cha

2019-03-22 12:11:25 +0900

[diff] [blame]

187

output.append(StringPrintf(" -> (%s)", fastWriter.write(returnArgs).c_str()));

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

188

}

189

// duration time

190

output.append(StringPrintf(" <%sms>", logTransaction["duration_ms"].asString().c_str()));

191

gLog.info("%s", output.c_str());

192

};

193

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

return android::OK;

}

Hugo Benichi

2018-01-15 21:54:00 +0900

[diff] [blame]

197

status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

198

const binder::Status dump_permission = checkAnyPermission({PERM_DUMP});

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

199

if (!dump_permission.isOk()) {

200

const String8 msg(dump_permission.toString8());

201

write(fd, msg.string(), msg.size());

202

return PERMISSION_DENIED;

203

}

204

205

// This method does not grab any locks. If individual classes need locking

206

// their dump() methods MUST handle locking appropriately.

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

207

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

208

DumpWriter dw(fd);

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

209

210

if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {

211

dw.blankline();

212

gCtls->tcpSocketMonitor.dump(dw);

dw.blankline();

return NO_ERROR;

}

Chenbo Feng

2018-03-26 10:53:33 -0700

[diff] [blame]

217

if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {

218

dw.blankline();

219

gCtls->trafficCtrl.dump(dw, true);

dw.blankline();

return NO_ERROR;

}

Erik Kline

2018-05-25 19:19:11 +0900

[diff] [blame]

224

process::dump(dw);

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

225

dw.blankline();

226

gCtls->netCtrl.dump(dw);

227

dw.blankline();

228

Chenbo Feng

ef29717

2018-03-26 10:53:33 -0700

[diff] [blame]

229

gCtls->trafficCtrl.dump(dw, false);

230

dw.blankline();

231

Benedict Wong

af85543

2018-05-10 17:07:37 -0700

[diff] [blame]

232

gCtls->xfrmCtrl.dump(dw);

233

dw.blankline();

234

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

235

{

236

ScopedIndent indentLog(dw);

237

if (contains(args, String16(OPT_SHORT))) {

238

dw.println("Log: <omitted>");

239

} else {

240

dw.println("Log:");

241

ScopedIndent indentLogEntries(dw);

242

gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Luke Huang

2018-08-29 19:06:05 +0800

[diff] [blame]

247

{

248

ScopedIndent indentLog(dw);

249

if (contains(args, String16(OPT_SHORT))) {

250

dw.println("UnsolicitedLog: <omitted>");

251

} else {

252

dw.println("UnsolicitedLog:");

253

ScopedIndent indentLogEntries(dw);

254

gUnsolicitedLog.forEachEntry(

255

[&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

return NO_ERROR;

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

263

binder::Status NetdNativeService::isAlive(bool *alive) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

264

NETD_BIG_LOCK_RPC(PERM_CONNECTIVITY_INTERNAL, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

265

266

*alive = true;

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

267

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

268

return binder::Status::ok();

269

}

270

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

271

binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

272

bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

273

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_CONNECTIVITY_INTERNAL,

274

PERM_MAINLINE_NETWORK_STACK);

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

275

int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

276

*ret = (err == 0);

277

return binder::Status::ok();

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

278

}

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

279

280

binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

281

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_CONNECTIVITY_INTERNAL,

282

PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

283

int err = gCtls->bandwidthCtrl.enableDataSaver(enable);

284

*ret = (err == 0);

285

return binder::Status::ok();

286

}

287

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

288

binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,

289

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

290

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

291

int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

292

return statusFromErrcode(res);

293

}

294

295

binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

296

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

297

int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

298

return statusFromErrcode(res);

299

}

300

301

binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,

302

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

303

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

304

int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

305

return statusFromErrcode(res);

306

}

307

308

binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

309

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

310

int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

311

return statusFromErrcode(res);

312

}

313

314

binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

315

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

316

int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

317

return statusFromErrcode(res);

318

}

319

320

binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

321

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

322

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

323

int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

324

return statusFromErrcode(res);

325

}

326

327

binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

328

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

329

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

330

int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

331

return statusFromErrcode(res);

332

}

333

334

binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

335

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

336

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

337

int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

338

return statusFromErrcode(res);

339

}

340

341

binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

342

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

343

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

344

int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

345

return statusFromErrcode(res);

346

}

347

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

348

binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

349

ENFORCE_INTERNAL_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

350

int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

351

return statusFromErrcode(ret);

352

}

353

cken

67cd14c

2018-12-05 17:26:59 +0900

[diff] [blame]

354

binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

355

ENFORCE_NETWORK_STACK_PERMISSIONS();

cken

67cd14c

2018-12-05 17:26:59 +0900

[diff] [blame]

356

int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

357

return statusFromErrcode(ret);

358

}

359

360

binder::Status NetdNativeService::networkDestroy(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

361

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

c8b6a9c

2018-01-15 17:06:48 +0900

[diff] [blame]

362

// Both of these functions manage their own locking internally.

Mike Yu

3e348b6

2018-12-24 17:05:02 +0800

[diff] [blame]

363

// Clear DNS servers before deleting the cache to avoid the cache being created again.

Erik Kline

c8b6a9c

2018-01-15 17:06:48 +0900

[diff] [blame]

364

gCtls->resolverCtrl.clearDnsServers(netId);

Mike Yu

4fe1b9c

2019-01-29 17:50:19 +0800

[diff] [blame]

365

const int ret = gCtls->netCtrl.destroyNetwork(netId);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

366

return statusFromErrcode(ret);

367

}

368

369

binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

370

ENFORCE_INTERNAL_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

371

int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());

372

return statusFromErrcode(ret);

373

}

374

375

binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

376

ENFORCE_INTERNAL_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

377

int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());

378

return statusFromErrcode(ret);

379

}

380

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

381

binder::Status NetdNativeService::networkAddUidRanges(

382

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

383

// NetworkController::addUsersToNetwork is thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

384

ENFORCE_INTERNAL_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

385

int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));

386

return statusFromErrcode(ret);

387

}

388

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

389

binder::Status NetdNativeService::networkRemoveUidRanges(

390

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

391

// NetworkController::removeUsersFromNetwork is thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

392

ENFORCE_INTERNAL_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

393

int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));

394

return statusFromErrcode(ret);

395

}

396

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

397

binder::Status NetdNativeService::networkRejectNonSecureVpn(

398

bool add, const std::vector<UidRangeParcel>& uidRangeArray) {

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

399

// TODO: elsewhere RouteController is only used from the tethering and network controllers, so

400

// it should be possible to use the same lock as NetworkController. However, every call through

401

// the CommandListener "network" command will need to hold this lock too, not just the ones that

402

// read/modify network internal state (that is sufficient for ::dump() because it doesn't

403

// look at routes, but it's not enough here).

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

404

NETD_BIG_LOCK_RPC(PERM_CONNECTIVITY_INTERNAL, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

405

UidRanges uidRanges(uidRangeArray);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

int err;

if (add) {

err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);

410

} else {

411

err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);

412

}

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

413

return statusFromErrcode(err);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

414

}

415

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

416

binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,

417

const std::vector<int32_t>& skipUids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

418

ENFORCE_INTERNAL_PERMISSIONS();

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

SockDiag sd;

if (!sd.open()) {

return binder::Status::fromServiceSpecificError(EIO,

423

String8("Could not open SOCK_DIAG socket"));

424

}

425

426

UidRanges uidRanges(uids);

Lorenzo Colitti

e5c3c99

2016-07-26 17:53:50 +0900

[diff] [blame]

427

int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),

428

true /* excludeLoopback */);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

429

if (err) {

430

return binder::Status::fromServiceSpecificError(-err,

431

String8::format("destroySockets: %s", strerror(-err)));

432

}

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

433

return binder::Status::ok();

434

}

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

435

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

436

// Parse a base64 encoded string into a vector of bytes.

437

// On failure, return an empty vector.

438

static std::vector<uint8_t> parseBase64(const std::string& input) {

439

std::vector<uint8_t> decoded;

440

size_t out_len;

441

if (EVP_DecodedLength(&out_len, input.size()) != 1) {

442

return decoded;

443

}

444

// out_len is now an upper bound on the output length.

445

decoded.resize(out_len);

446

if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),

447

reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {

448

// Possibly shrink the vector if the actual output was smaller than the bound.

449

decoded.resize(out_len);

} else {

decoded.clear();

}

if (out_len != SHA256_SIZE) {

decoded.clear();

}

return decoded;

}

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

459

binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,

460

const std::vector<std::string>& servers, const std::vector<std::string>& domains,

Erik Kline

a1476fb

2018-03-04 21:01:56 +0900

[diff] [blame]

461

const std::vector<int32_t>& params, const std::string& tlsName,

462

const std::vector<std::string>& tlsServers,

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

463

const std::vector<std::string>& tlsFingerprints) {

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

464

// This function intentionally does not lock within Netd, as Bionic is thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

465

ENFORCE_INTERNAL_PERMISSIONS();

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

466

Ben Schwartz

2017-10-02 12:35:48 -0400

[diff] [blame]

467

std::set<std::vector<uint8_t>> decoded_fingerprints;

468

for (const std::string& fingerprint : tlsFingerprints) {

469

std::vector<uint8_t> decoded = parseBase64(fingerprint);

470

if (decoded.empty()) {

471

return binder::Status::fromServiceSpecificError(EINVAL,

472

String8::format("ResolverController error: bad fingerprint"));

473

}

474

decoded_fingerprints.emplace(decoded);

475

}

476

477

int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,

Erik Kline

a1476fb

2018-03-04 21:01:56 +0900

[diff] [blame]

478

tlsName, tlsServers, decoded_fingerprints);

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

479

if (err != 0) {

480

return binder::Status::fromServiceSpecificError(-err,

481

String8::format("ResolverController error: %s", strerror(-err)));

482

}

483

return binder::Status::ok();

484

}

485

Ken Chen

2a42935

2018-12-22 21:46:55 +0800

[diff] [blame]

486

binder::Status NetdNativeService::getResolverInfo(

487

int32_t netId, std::vector<std::string>* servers, std::vector<std::string>* domains,

488

std::vector<std::string>* tlsServers, std::vector<int32_t>* params,

489

std::vector<int32_t>* stats, std::vector<int32_t>* wait_for_pending_req_timeout_count) {

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

490

// This function intentionally does not lock within Netd, as Bionic is thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

491

ENFORCE_NETWORK_STACK_PERMISSIONS();

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

492

Ken Chen

2a42935

2018-12-22 21:46:55 +0800

[diff] [blame]

493

int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, tlsServers, params,

494

stats, wait_for_pending_req_timeout_count);

Pierre Imai

2016-04-13 06:44:51 +0900

[diff] [blame]

495

if (err != 0) {

496

return binder::Status::fromServiceSpecificError(-err,

497

String8::format("ResolverController error: %s", strerror(-err)));

498

}

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

499

return binder::Status::ok();

500

}

501

Lorenzo Colitti

b5d4587

2019-02-18 10:59:29 +0900

[diff] [blame]

502

binder::Status NetdNativeService::resolverStartPrefix64Discovery(int32_t netId) {

503

// Locking happens in Dns64Configuration.

504

ENFORCE_NETWORK_STACK_PERMISSIONS();

505

gCtls->resolverCtrl.startPrefix64Discovery(netId);

506

return binder::Status::ok();

507

}

508

509

binder::Status NetdNativeService::resolverStopPrefix64Discovery(int32_t netId) {

510

// Locking happens in Dns64Configuration.

511

ENFORCE_NETWORK_STACK_PERMISSIONS();

512

gCtls->resolverCtrl.stopPrefix64Discovery(netId);

513

return binder::Status::ok();

514

}

515

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

516

binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

517

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

518

*ret = gCtls->tetherCtrl.applyDnsInterfaces();

519

return binder::Status::ok();

520

}

521

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

522

namespace {

523

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

524

void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,

525

const TetherController::TetherStats& tetherStats) {

526

if (tetherStatsParcel->extIface == tetherStats.extIface) {

527

tetherStatsParcel->rxBytes += tetherStats.rxBytes;

528

tetherStatsParcel->rxPackets += tetherStats.rxPackets;

529

tetherStatsParcel->txBytes += tetherStats.txBytes;

530

tetherStatsParcel->txPackets += tetherStats.txPackets;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

531

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

532

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

533

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

534

TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {

535

TetherStatsParcel result;

536

result.iface = stats.extIface;

537

result.rxBytes = stats.rxBytes;

538

result.rxPackets = stats.rxPackets;

539

result.txBytes = stats.txBytes;

540

result.txPackets = stats.txPackets;

541

return result;

542

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

543

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

544

void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,

545

const TetherController::TetherStatsList& statsList) {

546

std::map<std::string, TetherController::TetherStats> statsMap;

547

for (const auto& stats : statsList) {

548

auto iter = statsMap.find(stats.extIface);

549

if (iter != statsMap.end()) {

550

tetherAddStatsByInterface(&(iter->second), stats);

551

} else {

552

statsMap.insert(

553

std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));

554

}

555

}

556

for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {

557

tetherStatsVec->push_back(toTetherStatsParcel(iter->second));

}

}

std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {

562

std::vector<std::string> result;

563

for (const auto& t : *tVec) {

564

result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,

565

t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,

566

t.txPackets));

567

}

568

return result;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

}

} // namespace

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

573

binder::Status NetdNativeService::tetherGetStats(

574

std::vector<TetherStatsParcel>* tetherStatsParcelVec) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

575

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

5192bf7

2017-09-04 13:30:59 +0900

[diff] [blame]

576

const auto& statsList = gCtls->tetherCtrl.getTetherStats();

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

577

if (!isOk(statsList)) {

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

578

return asBinderStatus(statsList);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

579

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

580

setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());

581

auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

582

return binder::Status::ok();

583

}

584

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

585

binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,

586

const std::string &addrString, int prefixLength) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

587

ENFORCE_INTERNAL_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

588

const int err = InterfaceController::addAddress(

589

ifName.c_str(), addrString.c_str(), prefixLength);

590

if (err != 0) {

591

return binder::Status::fromServiceSpecificError(-err,

592

String8::format("InterfaceController error: %s", strerror(-err)));

593

}

594

return binder::Status::ok();

595

}

596

597

binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,

598

const std::string &addrString, int prefixLength) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

599

ENFORCE_INTERNAL_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

600

const int err = InterfaceController::delAddress(

601

ifName.c_str(), addrString.c_str(), prefixLength);

602

if (err != 0) {

603

return binder::Status::fromServiceSpecificError(-err,

604

String8::format("InterfaceController error: %s", strerror(-err)));

605

}

606

return binder::Status::ok();

607

}

608

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

609

namespace {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

610

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

611

std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,

612

int32_t category) {

613

const char* ipversionStr = nullptr;

614

switch (ipversion) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

615

case INetd::IPV4:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

616

ipversionStr = "ipv4";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

617

break;

618

case INetd::IPV6:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

619

ipversionStr = "ipv6";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

620

break;

621

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

622

return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),

623

nullptr, nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

624

}

625

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

626

const char* whichStr = nullptr;

627

switch (category) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

case INetd::CONF:

whichStr = "conf";

break;

case INetd::NEIGH:

whichStr = "neigh";

break;

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

635

return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,

636

nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

637

}

638

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

639

return {binder::Status::ok(), ipversionStr, whichStr};

}

} // namespace

binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,

645

const std::string& ifname,

646

const std::string& parameter, std::string* value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

647

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

648

const auto pathParts = getPathComponents(ipversion, which);

649

const auto& pathStatus = std::get<0>(pathParts);

650

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

651

return pathStatus;

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

652

}

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

653

654

const int err = InterfaceController::getParameter(std::get<1>(pathParts),

655

std::get<2>(pathParts), ifname.c_str(),

656

parameter.c_str(), value);

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

657

return statusFromErrcode(err);

658

}

659

660

binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,

661

const std::string& ifname,

662

const std::string& parameter,

663

const std::string& value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

664

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

665

const auto pathParts = getPathComponents(ipversion, which);

666

const auto& pathStatus = std::get<0>(pathParts);

667

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

return pathStatus;

}

const int err = InterfaceController::setParameter(std::get<1>(pathParts),

672

std::get<2>(pathParts), ifname.c_str(),

673

parameter.c_str(), value.c_str());

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

674

return statusFromErrcode(err);

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

675

}

676

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

677

binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,

678

int newUid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

679

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

680

gLog.log("ipSecSetEncapSocketOwner()");

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

681

682

uid_t callerUid = IPCThreadState::self()->getCallingUid();

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

683

return asBinderStatus(

684

gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

685

}

686

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

687

binder::Status NetdNativeService::ipSecAllocateSpi(

688

int32_t transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

689

const std::string& sourceAddress,

690

const std::string& destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

691

int32_t inSpi,

692

int32_t* outSpi) {

693

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

694

ENFORCE_INTERNAL_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

695

gLog.log("ipSecAllocateSpi()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

696

return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

697

transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

698

sourceAddress,

699

destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

inSpi,

outSpi));

}

binder::Status NetdNativeService::ipSecAddSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

705

int32_t transformId, int32_t mode, const std::string& sourceAddress,

706

const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,

707

int32_t markValue, int32_t markMask, const std::string& authAlgo,

708

const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,

709

const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,

710

const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,

711

int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

712

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

713

ENFORCE_INTERNAL_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

714

gLog.log("ipSecAddSecurityAssociation()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

715

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

716

transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,

717

markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

718

aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,

719

interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

720

}

721

722

binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

723

int32_t transformId, const std::string& sourceAddress,

724

const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,

725

int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

726

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

727

ENFORCE_INTERNAL_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

728

gLog.log("ipSecDeleteSecurityAssociation()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

729

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

730

transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

731

}

732

733

binder::Status NetdNativeService::ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

734

const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,

735

const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

736

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

737

ENFORCE_INTERNAL_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

738

gLog.log("ipSecApplyTransportModeTransform()");

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

739

return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

740

socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

741

}

742

743

binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

744

const ParcelFileDescriptor& socket) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

745

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

746

ENFORCE_INTERNAL_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

747

gLog.log("ipSecRemoveTransportModeTransform()");

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

748

return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

749

}

750

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

751

binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,

752

int32_t direction,

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

753

const std::string& tmplSrcAddress,

754

const std::string& tmplDstAddress,

755

int32_t spi, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

756

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

757

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

758

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

759

gLog.log("ipSecAddSecurityPolicy()");

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

760

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

761

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

762

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

763

}

764

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

765

binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(

766

int32_t transformId, int32_t selAddrFamily, int32_t direction,

767

const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,

768

int32_t markValue, int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

769

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

770

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

771

gLog.log("ipSecAddSecurityPolicy()");

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

772

return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

773

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

774

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

775

}

776

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

777

binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,

778

int32_t selAddrFamily,

779

int32_t direction, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

780

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

781

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

782

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

783

gLog.log("ipSecAddSecurityPolicy()");

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

784

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

785

transformId, selAddrFamily, direction, markValue, markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

786

}

787

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

788

binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,

789

const std::string& localAddress,

790

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

791

int32_t iKey, int32_t oKey,

792

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

793

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

794

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

795

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

796

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

797

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

798

}

799

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

800

binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,

801

const std::string& localAddress,

802

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

803

int32_t iKey, int32_t oKey,

804

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

805

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

806

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

807

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

808

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

809

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

810

}

811

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

812

binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

813

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

814

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

815

netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

816

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

817

}

818

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

819

binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,

820

int32_t mode) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

821

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

822

return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

823

}

824

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

825

binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,

826

const std::string& prefix, int32_t mark,

827

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

828

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

829

return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

830

}

831

832

binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,

833

const std::string& prefix, int32_t mark,

834

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

835

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

836

return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

837

}

838

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

839

binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,

840

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

841

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

842

int res =

843

gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

844

return statusFromErrcode(res);

845

}

846

847

binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,

848

int32_t timeout,

849

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

850

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

851

int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,

852

classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

853

return statusFromErrcode(res);

854

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

855

856

binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

857

NETD_LOCKING_RPC(gCtls->strictCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

858

StrictPenalty penalty;

859

switch (policyPenalty) {

860

case INetd::PENALTY_POLICY_REJECT:

861

penalty = REJECT;

862

break;

863

case INetd::PENALTY_POLICY_LOG:

864

penalty = LOG;

865

break;

866

case INetd::PENALTY_POLICY_ACCEPT:

penalty = ACCEPT;

break;

default:

return statusFromErrcode(-EINVAL);

871

break;

872

}

873

int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

874

return statusFromErrcode(res);

875

}

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

876

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

877

binder::Status NetdNativeService::clatdStart(const std::string& ifName,

878

const std::string& nat64Prefix, std::string* v6Addr) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

879

NETD_LOCKING_RPC(gCtls->clatdCtrl.mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

880

int res = gCtls->clatdCtrl.startClatd(ifName.c_str(), nat64Prefix, v6Addr);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

881

return statusFromErrcode(res);

882

}

883

884

binder::Status NetdNativeService::clatdStop(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

885

NETD_LOCKING_RPC(gCtls->clatdCtrl.mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

886

int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

887

return statusFromErrcode(res);

888

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

889

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

890

binder::Status NetdNativeService::ipfwdEnabled(bool* status) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

891

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

728cf4c

2019-03-14 19:43:02 +0800

[diff] [blame]

892

*status = (gCtls->tetherCtrl.getIpfwdRequesterList().size() > 0) ? true : false;

893

return binder::Status::ok();

894

}

895

896

binder::Status NetdNativeService::ipfwdGetRequesterList(std::vector<std::string>* requesterList) {

897

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

898

for (const auto& requester : gCtls->tetherCtrl.getIpfwdRequesterList()) {

899

requesterList->push_back(requester);

900

}

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

901

return binder::Status::ok();

902

}

903

904

binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

905

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

906

int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

907

return statusFromErrcode(res);

908

}

909

910

binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

911

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

912

int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

913

return statusFromErrcode(res);

914

}

915

916

binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,

917

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

918

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

919

int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

920

return statusFromErrcode(res);

921

}

922

923

binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,

924

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

925

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

926

int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

927

return statusFromErrcode(res);

928

}

929

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

930

namespace {

931

std::string addSquareBrackets(const std::string& s) {

932

return "[" + s + "]";

933

}

934

935

std::string addCurlyBrackets(const std::string& s) {

936

return "{" + s + "}";

937

}

938

939

} // namespace

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

940

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

941

binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

942

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

943

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

944

945

const auto& ifaceList = InterfaceController::getIfaceNames();

946

RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);

947

948

interfaceListResult->clear();

949

interfaceListResult->reserve(ifaceList.value().size());

950

interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),

951

end(ifaceList.value()));

952

953

gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))

954

.withAutomaticDuration());

955

return binder::Status::ok();

956

}

957

958

std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {

959

std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,

960

std::to_string(cfg.prefixLength)};

961

result.insert(end(result), begin(cfg.flags), end(cfg.flags));

962

return addCurlyBrackets(base::Join(result, ", "));

963

}

964

965

binder::Status NetdNativeService::interfaceGetCfg(

966

const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

967

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

968

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

969

970

const auto& cfgRes = InterfaceController::getCfg(ifName);

971

RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);

972

973

*interfaceGetCfgResult = cfgRes.value();

974

gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))

975

.withAutomaticDuration());

976

return binder::Status::ok();

977

}

978

979

binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

980

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

981

auto entry = gLog.newEntry()

982

.prettyFunction(__PRETTY_FUNCTION__)

983

.arg(interfaceConfigurationParcelToString(cfg));

984

985

const auto& res = InterfaceController::setCfg(cfg);

986

RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);

987

988

gLog.log(entry.withAutomaticDuration());

989

return binder::Status::ok();

990

}

991

992

binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,

993

bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

994

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

995

int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

996

return statusFromErrcode(res);

997

}

998

999

binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1000

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

1001

int res = InterfaceController::clearAddrs(ifName.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

1002

return statusFromErrcode(res);

1003

}

1004

1005

binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1006

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

1007

int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

1008

return statusFromErrcode(res);

1009

}

1010

1011

binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1012

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

1013

std::string mtu = std::to_string(mtuValue);

1014

int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

1015

return statusFromErrcode(res);

1016

}

1017

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1018

binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1019

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1020

if (dhcpRanges.size() % 2 == 1) {

1021

return statusFromErrcode(-EINVAL);

1022

}

1023

int res = gCtls->tetherCtrl.startTethering(dhcpRanges);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1024

return statusFromErrcode(res);

1025

}

1026

1027

binder::Status NetdNativeService::tetherStop() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1028

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1029

int res = gCtls->tetherCtrl.stopTethering();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1030

return statusFromErrcode(res);

1031

}

1032

1033

binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1034

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1035

*enabled = gCtls->tetherCtrl.isTetheringStarted();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1036

return binder::Status::ok();

1037

}

1038

1039

binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1040

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1041

int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1042

return statusFromErrcode(res);

1043

}

1044

1045

binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1046

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1047

int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1048

return statusFromErrcode(res);

1049

}

1050

1051

binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1052

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1053

for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {

1054

ifList->push_back(ifname);

1055

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1056

return binder::Status::ok();

1057

}

1058

1059

binder::Status NetdNativeService::tetherDnsSet(int32_t netId,

1060

const std::vector<std::string>& dnsAddrs) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1061

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1062

int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1063

return statusFromErrcode(res);

1064

}

1065

1066

binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1067

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1068

for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {

1069

dnsList->push_back(fwdr);

1070

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1071

return binder::Status::ok();

1072

}

1073

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1074

binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,

1075

const std::string& destination,

1076

const std::string& nextHop) {

1077

// Public methods of NetworkController are thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1078

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1079

bool legacy = false;

1080

uid_t uid = 0; // UID is only meaningful for legacy routes.

1081

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

1082

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1083

return statusFromErrcode(res);

1084

}

1085

1086

binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,

1087

const std::string& destination,

1088

const std::string& nextHop) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1089

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1090

bool legacy = false;

1091

uid_t uid = 0; // UID is only meaningful for legacy routes.

1092

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1093

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1094

return statusFromErrcode(res);

1095

}

1096

1097

binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,

1098

const std::string& destination,

1099

const std::string& nextHop, int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1100

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1101

bool legacy = true;

1102

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

1103

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

1104

(uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1105

return statusFromErrcode(res);

1106

}

1107

1108

binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,

1109

const std::string& destination,

1110

const std::string& nextHop,

1111

int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1112

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1113

bool legacy = true;

1114

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1115

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

1116

(uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1117

return statusFromErrcode(res);

1118

}

1119

1120

binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1121

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1122

*netId = gCtls->netCtrl.getDefaultNetwork();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1123

return binder::Status::ok();

1124

}

1125

1126

binder::Status NetdNativeService::networkSetDefault(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1127

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1128

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1129

return statusFromErrcode(res);

1130

}

1131

1132

binder::Status NetdNativeService::networkClearDefault() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1133

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1134

unsigned netId = NETID_UNSET;

1135

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1136

return statusFromErrcode(res);

1137

}

1138

1139

std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {

1140

return {begin(intUids), end(intUids)};

1141

}

1142

1143

Permission NetdNativeService::convertPermission(int32_t permission) {

1144

switch (permission) {

1145

case INetd::PERMISSION_NETWORK:

1146

return Permission::PERMISSION_NETWORK;

1147

case INetd::PERMISSION_SYSTEM:

1148

return Permission::PERMISSION_SYSTEM;

1149

default:

1150

return Permission::PERMISSION_NONE;

}

}

binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,

1155

int32_t permission) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1156

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1157

std::vector<unsigned> netIds = {(unsigned) netId};

1158

int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1159

return statusFromErrcode(res);

1160

}

1161

1162

binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,

1163

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1164

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1165

gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1166

return binder::Status::ok();

1167

}

1168

1169

binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1170

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1171

Permission permission = Permission::PERMISSION_NONE;

1172

gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1173

return binder::Status::ok();

1174

}

1175

1176

binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1177

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1178

std::vector<uid_t> uids = {(uid_t) uid};

1179

gCtls->netCtrl.allowProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1180

return binder::Status::ok();

1181

}

1182

1183

binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1184

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1185

std::vector<uid_t> uids = {(uid_t) uid};

1186

gCtls->netCtrl.denyProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1187

return binder::Status::ok();

1188

}

1189

1190

binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1191

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1192

*ret = gCtls->netCtrl.canProtect((uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1193

return binder::Status::ok();

1194

}

1195

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1196

binder::Status NetdNativeService::trafficSetNetPermForUids(int32_t permission,

1197

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1198

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1199

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);

1200

gCtls->trafficCtrl.setPermissionForUids(permission, intsToUids(uids));

1201

gLog.log(entry.withAutomaticDuration());

1202

return binder::Status::ok();

1203

}

1204

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1205

binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1206

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1207

auto type = static_cast<FirewallType>(firewallType);

1208

1209

int res = gCtls->firewallCtrl.setFirewallType(type);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1210

return statusFromErrcode(res);

1211

}

1212

1213

binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,

1214

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1215

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1216

auto rule = static_cast<FirewallRule>(firewallRule);

1217

1218

int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1219

return statusFromErrcode(res);

1220

}

1221

1222

binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,

1223

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1224

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1225

auto chain = static_cast<ChildChain>(childChain);

1226

auto rule = static_cast<FirewallRule>(firewallRule);

1227

1228

int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1229

return statusFromErrcode(res);

1230

}

1231

1232

binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1233

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1234

auto chain = static_cast<ChildChain>(childChain);

1235

1236

int res = gCtls->firewallCtrl.enableChildChains(chain, enable);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1237

return statusFromErrcode(res);

1238

}

1239

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1240

binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,

1241

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1242

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1243

1244

int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1245

return statusFromErrcode(res);

1246

}

1247

1248

binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,

1249

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1250

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

ae038f8

2018-11-05 11:17:31 +0900

[diff] [blame]

1251

int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1252

return statusFromErrcode(res);

1253

}

1254

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1255

binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,

1256

const std::string& wmemValues) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1257

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1258

if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {

1259

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1260

return statusFromErrcode(ret);

1261

}

1262

1263

if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {

1264

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1265

return statusFromErrcode(ret);

1266

}

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1267

return binder::Status::ok();

1268

}

1269

nuccachen

f52f7a5

2018-07-17 18:07:23 +0800

[diff] [blame]

1270

binder::Status NetdNativeService::getPrefix64(int netId, std::string* _aidl_return) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1271

ENFORCE_NETWORK_STACK_PERMISSIONS();

nuccachen

f52f7a5

2018-07-17 18:07:23 +0800

[diff] [blame]

1272

netdutils::IPPrefix prefix{};

1273

int err = gCtls->resolverCtrl.getPrefix64(netId, &prefix);

1274

if (err != 0) {

1275

return binder::Status::fromServiceSpecificError(

1276

-err, String8::format("ResolverController error: %s", strerror(-err)));

1277

}

1278

*_aidl_return = prefix.toString();

1279

return binder::Status::ok();

1280

}

1281

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1282

binder::Status NetdNativeService::registerUnsolicitedEventListener(

1283

const android::sp<android::net::INetdUnsolicitedEventListener>& listener) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1284

ENFORCE_NETWORK_STACK_PERMISSIONS();

Bernie Innocenti

9ee088d

2019-02-01 17:14:32 +0900

[diff] [blame]

1285

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);

1286

gCtls->eventReporter.registerUnsolEventListener(listener);

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1287

gLog.log(entry.withAutomaticDuration());

1288

return binder::Status::ok();

1289

}

1290

Lorenzo Colitti