Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / d7dd1d3af4ebac422303370301f1d98c9a84a8ae / . / server / NetdNativeService.cpp
blob: 0cb740f7465f7ec4e3505870d05f8fd840643ebd [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]19#include <set>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]20#include <vector>
21
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]22#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]23#include <android-base/strings.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <cutils/log.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]25#include <cutils/properties.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]26#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]27#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28
29#include <binder/IPCThreadState.h>
30#include <binder/IServiceManager.h>
31#include "android/net/BnNetd.h"
32
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]33#include <openssl/base64.h>
34
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]35#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]36#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]37#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]38#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]39#include "NetdConstants.h"
40#include "NetdNativeService.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]41#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]42#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]43#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]44
45using android::base::StringPrintf;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]46using android::os::PersistableBundle;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]47
48namespace android {
49namespace net {
50
51namespace {
52
53const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]54const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]55const char DUMP[] = "android.permission.DUMP";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]56
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]57binder::Status toBinderStatus(const netdutils::Status s) {
58 if (isOk(s)) {
59 return binder::Status::ok();
60 }
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]61 return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str());
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]62}
63
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]64binder::Status checkPermission(const char *permission) {
65 pid_t pid;
66 uid_t uid;
67
68 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
69 return binder::Status::ok();
70 } else {
71 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
72 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
73 }
74}
75
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]76#define ENFORCE_DEBUGGABLE() { \
77 char value[PROPERTY_VALUE_MAX + 1]; \
78 if (property_get("ro.debuggable", value, NULL) != 1 \
79 || value[0] != '1') { \
80 return binder::Status::fromExceptionCode( \
81 binder::Status::EX_SECURITY, \
82 String8("Not available in production builds.") \
83 ); \
84 } \
85}
86
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]87#define ENFORCE_PERMISSION(permission) { \
88 binder::Status status = checkPermission((permission)); \
89 if (!status.isOk()) { \
90 return status; \
91 } \
92}
93
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]94#define NETD_LOCKING_RPC(permission, lock) \
95 ENFORCE_PERMISSION(permission); \
96 android::RWLock::AutoWLock _lock(lock);
97
98#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]99} // namespace
100
101
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]102status_t NetdNativeService::start() {
103 IPCThreadState::self()->disableBackgroundScheduling(true);
104 status_t ret = BinderService<NetdNativeService>::publish();
105 if (ret != android::OK) {
106 return ret;
107 }
108 sp<ProcessState> ps(ProcessState::self());
109 ps->startThreadPool();
110 ps->giveThreadPoolName();
111 return android::OK;
112}
113
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]114status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
115 const binder::Status dump_permission = checkPermission(DUMP);
116 if (!dump_permission.isOk()) {
117 const String8 msg(dump_permission.toString8());
118 write(fd, msg.string(), msg.size());
119 return PERMISSION_DENIED;
120 }
121
122 // This method does not grab any locks. If individual classes need locking
123 // their dump() methods MUST handle locking appropriately.
124 DumpWriter dw(fd);
125 dw.blankline();
126 gCtls->netCtrl.dump(dw);
127 dw.blankline();
128
129 return NO_ERROR;
130}
131
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]132binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]133 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]134
135 *alive = true;
136 return binder::Status::ok();
137}
138
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]139binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
140 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
141 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
142
143 android::String8 name = android::String8(chainName);
144 int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
145 *ret = (err == 0);
146 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]147}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]148
149binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
150 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
151
152 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
153 *ret = (err == 0);
154 return binder::Status::ok();
155}
156
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]157binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
158 const std::vector<UidRange>& uidRangeArray) {
159 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
160 // it should be possible to use the same lock as NetworkController. However, every call through
161 // the CommandListener "network" command will need to hold this lock too, not just the ones that
162 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
163 // look at routes, but it's not enough here).
164 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
165
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]166 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]167
168 int err;
169 if (add) {
170 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
171 } else {
172 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
173 }
174
175 if (err != 0) {
176 return binder::Status::fromServiceSpecificError(-err,
177 String8::format("RouteController error: %s", strerror(-err)));
178 }
179 return binder::Status::ok();
180}
181
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]182binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
183 const std::vector<int32_t>& skipUids) {
184
185 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
186
187 SockDiag sd;
188 if (!sd.open()) {
189 return binder::Status::fromServiceSpecificError(EIO,
190 String8("Could not open SOCK_DIAG socket"));
191 }
192
193 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]194 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
195 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]196
197 if (err) {
198 return binder::Status::fromServiceSpecificError(-err,
199 String8::format("destroySockets: %s", strerror(-err)));
200 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]201 return binder::Status::ok();
202}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]203
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]204// Parse a base64 encoded string into a vector of bytes.
205// On failure, return an empty vector.
206static std::vector<uint8_t> parseBase64(const std::string& input) {
207 std::vector<uint8_t> decoded;
208 size_t out_len;
209 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
210 return decoded;
211 }
212 // out_len is now an upper bound on the output length.
213 decoded.resize(out_len);
214 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
215 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
216 // Possibly shrink the vector if the actual output was smaller than the bound.
217 decoded.resize(out_len);
218 } else {
219 decoded.clear();
220 }
221 if (out_len != SHA256_SIZE) {
222 decoded.clear();
223 }
224 return decoded;
225}
226
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]227binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
228 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]229 const std::vector<int32_t>& params, bool useTls, const std::string& tlsName,
230 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]231 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
232 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
233
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]234 std::set<std::vector<uint8_t>> decoded_fingerprints;
235 for (const std::string& fingerprint : tlsFingerprints) {
236 std::vector<uint8_t> decoded = parseBase64(fingerprint);
237 if (decoded.empty()) {
238 return binder::Status::fromServiceSpecificError(EINVAL,
239 String8::format("ResolverController error: bad fingerprint"));
240 }
241 decoded_fingerprints.emplace(decoded);
242 }
243
244 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
245 useTls, tlsName, decoded_fingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]246 if (err != 0) {
247 return binder::Status::fromServiceSpecificError(-err,
248 String8::format("ResolverController error: %s", strerror(-err)));
249 }
250 return binder::Status::ok();
251}
252
253binder::Status NetdNativeService::getResolverInfo(int32_t netId,
254 std::vector<std::string>* servers, std::vector<std::string>* domains,
255 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
256 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
257 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
258
259 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
260 if (err != 0) {
261 return binder::Status::fromServiceSpecificError(-err,
262 String8::format("ResolverController error: %s", strerror(-err)));
263 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]264 return binder::Status::ok();
265}
266
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]267binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]268 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]269
270 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
271 return binder::Status::ok();
272}
273
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]274namespace {
275
276void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
277 String16 iface = String16(stats.extIface.c_str());
278 std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
279
280 bundle->getLongVector(iface, &statsVector);
281 if (statsVector.size() == 0) {
282 for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
283 }
284
Lorenzo Colitti9a65ac62017-09-04 18:07:56 +0900[diff] [blame]285 statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
286 statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
287 statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
288 statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]289
290 bundle->putLongVector(iface, statsVector);
291}
292
293} // namespace
294
295binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
296 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
297
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]298 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]299 if (!isOk(statsList)) {
300 return toBinderStatus(statsList);
301 }
302
303 for (const auto& stats : statsList.value()) {
304 tetherAddStats(bundle, stats);
305 }
306
307 return binder::Status::ok();
308}
309
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]310binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
311 const std::string &addrString, int prefixLength) {
312 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
313
314 const int err = InterfaceController::addAddress(
315 ifName.c_str(), addrString.c_str(), prefixLength);
316 if (err != 0) {
317 return binder::Status::fromServiceSpecificError(-err,
318 String8::format("InterfaceController error: %s", strerror(-err)));
319 }
320 return binder::Status::ok();
321}
322
323binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
324 const std::string &addrString, int prefixLength) {
325 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
326
327 const int err = InterfaceController::delAddress(
328 ifName.c_str(), addrString.c_str(), prefixLength);
329 if (err != 0) {
330 return binder::Status::fromServiceSpecificError(-err,
331 String8::format("InterfaceController error: %s", strerror(-err)));
332 }
333 return binder::Status::ok();
334}
335
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]336binder::Status NetdNativeService::setProcSysNet(
337 int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
338 const std::string &value) {
339 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
340
341 const char *familyStr;
342 switch (family) {
343 case INetd::IPV4:
344 familyStr = "ipv4";
345 break;
346 case INetd::IPV6:
347 familyStr = "ipv6";
348 break;
349 default:
350 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
351 }
352
353 const char *whichStr;
354 switch (which) {
355 case INetd::CONF:
356 whichStr = "conf";
357 break;
358 case INetd::NEIGH:
359 whichStr = "neigh";
360 break;
361 default:
362 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
363 }
364
365 const int err = InterfaceController::setParameter(
366 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
367 value.c_str());
368 if (err != 0) {
369 return binder::Status::fromServiceSpecificError(-err,
370 String8::format("ResolverController error: %s", strerror(-err)));
371 }
372 return binder::Status::ok();
373}
374
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]375binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
376 // This function intentionally does not lock, since the only thing it does is one read from an
377 // atomic_int.
378 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
379 ENFORCE_DEBUGGABLE();
380
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]381 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]382 return binder::Status::ok();
383}
384
385binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
386 // This function intentionally does not lock, since the only thing it does is one write to an
387 // atomic_int.
388 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
389 ENFORCE_DEBUGGABLE();
390
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]391 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
392 ? binder::Status::ok()
393 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]394}
395
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]396binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
397 int newUid) {
398 ENFORCE_PERMISSION(NETWORK_STACK)
399 ALOGD("ipSecSetEncapSocketOwner()");
400
401 uid_t callerUid = IPCThreadState::self()->getCallingUid();
402 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
403}
404
405
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]406binder::Status NetdNativeService::ipSecAllocateSpi(
407 int32_t transformId,
408 int32_t direction,
409 const std::string& localAddress,
410 const std::string& remoteAddress,
411 int32_t inSpi,
412 int32_t* outSpi) {
413 // Necessary locking done in IpSecService and kernel
414 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
415 ALOGD("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]416 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]417 transformId,
418 direction,
419 localAddress,
420 remoteAddress,
421 inSpi,
422 outSpi));
423}
424
425binder::Status NetdNativeService::ipSecAddSecurityAssociation(
426 int32_t transformId,
427 int32_t mode,
428 int32_t direction,
429 const std::string& localAddress,
430 const std::string& remoteAddress,
431 int64_t underlyingNetworkHandle,
432 int32_t spi,
433 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
434 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]435 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]436 int32_t encapType,
437 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]438 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]439 // Necessary locking done in IpSecService and kernel
440 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
441 ALOGD("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]442 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]443 transformId, mode, direction, localAddress, remoteAddress,
444 underlyingNetworkHandle,
445 spi,
446 authAlgo, authKey, authTruncBits,
447 cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]448 aeadAlgo, aeadKey, aeadIcvBits,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]449 encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]450}
451
452binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
453 int32_t transformId,
454 int32_t direction,
455 const std::string& localAddress,
456 const std::string& remoteAddress,
457 int32_t spi) {
458 // Necessary locking done in IpSecService and kernel
459 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
460 ALOGD("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]461 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]462 transformId,
463 direction,
464 localAddress,
465 remoteAddress,
466 spi));
467}
468
469binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
470 const android::base::unique_fd& socket,
471 int32_t transformId,
472 int32_t direction,
473 const std::string& localAddress,
474 const std::string& remoteAddress,
475 int32_t spi) {
476 // Necessary locking done in IpSecService and kernel
477 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
478 ALOGD("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]479 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]480 socket,
481 transformId,
482 direction,
483 localAddress,
484 remoteAddress,
485 spi));
486}
487
488binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
489 const android::base::unique_fd& socket) {
490 // Necessary locking done in IpSecService and kernel
491 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
492 ALOGD("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]493 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]494 socket));
495}
496
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]497binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
498 int32_t mode) {
499 ENFORCE_PERMISSION(NETWORK_STACK);
500 return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
501}
502
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]503binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
504 const std::string& prefix, int32_t mark,
505 int32_t mask) {
506 ENFORCE_PERMISSION(NETWORK_STACK);
507 return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
508}
509
510binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
511 const std::string& prefix, int32_t mark,
512 int32_t mask) {
513 ENFORCE_PERMISSION(NETWORK_STACK);
514 return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
515}
516
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]517} // namespace net
518} // namespace android