Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / da77e8e2c19364e6045ede9b446089877e48d2f4 / . / server / NetdNativeService.cpp
blob: 3e153ec5ad8d5a6c9da7b6fecff96152716fee63 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]25#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]26#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]27#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]29#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]30
31#include <binder/IPCThreadState.h>
32#include <binder/IServiceManager.h>
33#include "android/net/BnNetd.h"
34
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]35#include <openssl/base64.h>
36
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]37#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]38#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]39#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]43#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]44#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]46#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]47#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]48#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]51using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]52using android::net::UidRangeParcel;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]53
54namespace android {
55namespace net {
56
57namespace {
58
59const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]60const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]61const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]62const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]63
64binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]65 pid_t pid = IPCThreadState::self()->getCallingPid();
66 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]67
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]68 // If the caller is the system UID, don't check permissions.
69 // Otherwise, if the system server's binder thread pool is full, and all the threads are
70 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
71 //
72 // From a security perspective, there is currently no difference, because:
73 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
74 // and NETWORK_STACK, which the system server will always need to have.
75 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
76 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]77 return binder::Status::ok();
78 } else {
79 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
80 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
81 }
82}
83
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]84#define ENFORCE_DEBUGGABLE() { \
85 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]86 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]87 || value[0] != '1') { \
88 return binder::Status::fromExceptionCode( \
89 binder::Status::EX_SECURITY, \
90 String8("Not available in production builds.") \
91 ); \
92 } \
93}
94
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]95#define ENFORCE_PERMISSION(permission) { \
96 binder::Status status = checkPermission((permission)); \
97 if (!status.isOk()) { \
98 return status; \
99 } \
100}
101
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]102#define NETD_LOCKING_RPC(permission, lock) \
103 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]104 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]105
106#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]107
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]108#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
109 do { \
110 if (!isOk((res))) { \
111 logErrorStatus((logEntry), (res)); \
112 return asBinderStatus((res)); \
113 } \
114 } while (0)
115
116void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
117 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
118}
119
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]120binder::Status asBinderStatus(const netdutils::Status& status) {
121 if (isOk(status)) {
122 return binder::Status::ok();
123 }
124 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
125}
126
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]127inline binder::Status statusFromErrcode(int ret) {
128 if (ret) {
129 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
130 }
131 return binder::Status::ok();
132}
133
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]134bool contains(const Vector<String16>& words, const String16& word) {
135 for (const auto& w : words) {
136 if (w == word) return true;
137 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]138
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]139 return false;
140}
141
142} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]143
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]144status_t NetdNativeService::start() {
145 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]146 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]147 if (ret != android::OK) {
148 return ret;
149 }
150 sp<ProcessState> ps(ProcessState::self());
151 ps->startThreadPool();
152 ps->giveThreadPoolName();
153 return android::OK;
154}
155
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]156status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]157 const binder::Status dump_permission = checkPermission(DUMP);
158 if (!dump_permission.isOk()) {
159 const String8 msg(dump_permission.toString8());
160 write(fd, msg.string(), msg.size());
161 return PERMISSION_DENIED;
162 }
163
164 // This method does not grab any locks. If individual classes need locking
165 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]166
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]167 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]168
169 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
170 dw.blankline();
171 gCtls->tcpSocketMonitor.dump(dw);
172 dw.blankline();
173 return NO_ERROR;
174 }
175
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]176 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
177 dw.blankline();
178 gCtls->trafficCtrl.dump(dw, true);
179 dw.blankline();
180 return NO_ERROR;
181 }
182
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]183 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]184 dw.blankline();
185 gCtls->netCtrl.dump(dw);
186 dw.blankline();
187
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]188 gCtls->trafficCtrl.dump(dw, false);
189 dw.blankline();
190
Benedict Wongaf855432018-05-10 17:07:37 -0700[diff] [blame]191 gCtls->xfrmCtrl.dump(dw);
192 dw.blankline();
193
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]194 {
195 ScopedIndent indentLog(dw);
196 if (contains(args, String16(OPT_SHORT))) {
197 dw.println("Log: <omitted>");
198 } else {
199 dw.println("Log:");
200 ScopedIndent indentLogEntries(dw);
201 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
202 }
203 dw.blankline();
204 }
205
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]206 return NO_ERROR;
207}
208
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]209binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]210 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]211 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]212
213 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]214
215 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]216 return binder::Status::ok();
217}
218
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]219binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]220 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
221 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]222 auto entry = gLog.newEntry()
223 .prettyFunction(__PRETTY_FUNCTION__)
224 .arg(chainName)
225 .arg(isWhitelist)
226 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]227
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]228 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]229 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]230
231 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]232 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]233}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]234
235binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
236 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]237 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]238
239 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
240 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]241 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]242 return binder::Status::ok();
243}
244
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]245binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
246 int64_t bytes) {
247 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
248 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
249
250 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
251
252 gLog.log(entry.returns(res).withAutomaticDuration());
253 return statusFromErrcode(res);
254}
255
256binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
257 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
258 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
259
260 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
261
262 gLog.log(entry.returns(res).withAutomaticDuration());
263 return statusFromErrcode(res);
264}
265
266binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
267 int64_t bytes) {
268 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
269 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
270
271 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
272
273 gLog.log(entry.returns(res).withAutomaticDuration());
274 return statusFromErrcode(res);
275}
276
277binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
278 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
279 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
280
281 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
282
283 gLog.log(entry.returns(res).withAutomaticDuration());
284 return statusFromErrcode(res);
285}
286
287binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
288 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
289 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
290
291 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
292
293 gLog.log(entry.returns(res).withAutomaticDuration());
294 return statusFromErrcode(res);
295}
296
297binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
298 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
299 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
300
301 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
302 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
303
304 gLog.log(entry.returns(res).withAutomaticDuration());
305 return statusFromErrcode(res);
306}
307
308binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
309 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
310 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
311
312 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
313 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
314
315 gLog.log(entry.returns(res).withAutomaticDuration());
316 return statusFromErrcode(res);
317}
318
319binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
320 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
321 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
322
323 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
324 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
325
326 gLog.log(entry.returns(res).withAutomaticDuration());
327 return statusFromErrcode(res);
328}
329
330binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
331 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
332 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
333
334 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
335 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
336
337 gLog.log(entry.returns(res).withAutomaticDuration());
338 return statusFromErrcode(res);
339}
340
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]341binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]342 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]343 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]344 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]345 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]346 return statusFromErrcode(ret);
347}
348
349binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
350 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
351 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
352 return statusFromErrcode(ret);
353}
354
355binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]356 ENFORCE_PERMISSION(NETWORK_STACK);
357 // Both of these functions manage their own locking internally.
358 const int ret = gCtls->netCtrl.destroyNetwork(netId);
359 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]360 return statusFromErrcode(ret);
361}
362
363binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
364 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
365 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
366 return statusFromErrcode(ret);
367}
368
369binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
370 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
371 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
372 return statusFromErrcode(ret);
373}
374
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]375namespace {
376
377std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
378 std::vector<std::string> result;
379 result.reserve(uidRangeArray.size());
380 for (const auto& uidRange : uidRangeArray) {
381 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
382 }
383
384 return base::Join(result, ", ");
385}
386
387} // namespace
388
389binder::Status NetdNativeService::networkAddUidRanges(
390 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]391 // NetworkController::addUsersToNetwork is thread-safe.
392 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]393 auto entry = gLog.newEntry()
394 .prettyFunction(__PRETTY_FUNCTION__)
395 .args(netId, uidRangeParcelVecToString(uidRangeArray));
396
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]397 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]398 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]399 return statusFromErrcode(ret);
400}
401
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]402binder::Status NetdNativeService::networkRemoveUidRanges(
403 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]404 // NetworkController::removeUsersFromNetwork is thread-safe.
405 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]406 auto entry = gLog.newEntry()
407 .prettyFunction(__PRETTY_FUNCTION__)
408 .args(netId, uidRangeParcelVecToString(uidRangeArray));
409
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]410 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]411 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]412 return statusFromErrcode(ret);
413}
414
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]415binder::Status NetdNativeService::networkRejectNonSecureVpn(
416 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]417 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
418 // it should be possible to use the same lock as NetworkController. However, every call through
419 // the CommandListener "network" command will need to hold this lock too, not just the ones that
420 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
421 // look at routes, but it's not enough here).
422 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]423 auto entry = gLog.newEntry()
424 .prettyFunction(__PRETTY_FUNCTION__)
425 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]426 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]427
428 int err;
429 if (add) {
430 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
431 } else {
432 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
433 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]434 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]435 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]436}
437
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]438binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
439 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]440 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
441
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]442 auto entry = gLog.newEntry()
443 .prettyFunction(__PRETTY_FUNCTION__)
444 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]445 SockDiag sd;
446 if (!sd.open()) {
447 return binder::Status::fromServiceSpecificError(EIO,
448 String8("Could not open SOCK_DIAG socket"));
449 }
450
451 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]452 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
453 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]454
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]455 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]456 if (err) {
457 return binder::Status::fromServiceSpecificError(-err,
458 String8::format("destroySockets: %s", strerror(-err)));
459 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]460 return binder::Status::ok();
461}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]462
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]463// Parse a base64 encoded string into a vector of bytes.
464// On failure, return an empty vector.
465static std::vector<uint8_t> parseBase64(const std::string& input) {
466 std::vector<uint8_t> decoded;
467 size_t out_len;
468 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
469 return decoded;
470 }
471 // out_len is now an upper bound on the output length.
472 decoded.resize(out_len);
473 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
474 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
475 // Possibly shrink the vector if the actual output was smaller than the bound.
476 decoded.resize(out_len);
477 } else {
478 decoded.clear();
479 }
480 if (out_len != SHA256_SIZE) {
481 decoded.clear();
482 }
483 return decoded;
484}
485
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]486binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
487 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]488 const std::vector<int32_t>& params, const std::string& tlsName,
489 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]490 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]491 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
492 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]493 auto entry = gLog.newEntry()
494 .prettyFunction(__PRETTY_FUNCTION__)
495 .arg(netId)
496 .arg(servers)
497 .arg(domains)
498 .arg(params)
499 .arg(tlsName)
500 .arg(tlsServers)
501 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]502
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]503 std::set<std::vector<uint8_t>> decoded_fingerprints;
504 for (const std::string& fingerprint : tlsFingerprints) {
505 std::vector<uint8_t> decoded = parseBase64(fingerprint);
506 if (decoded.empty()) {
507 return binder::Status::fromServiceSpecificError(EINVAL,
508 String8::format("ResolverController error: bad fingerprint"));
509 }
510 decoded_fingerprints.emplace(decoded);
511 }
512
513 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]514 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]515 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]516 if (err != 0) {
517 return binder::Status::fromServiceSpecificError(-err,
518 String8::format("ResolverController error: %s", strerror(-err)));
519 }
520 return binder::Status::ok();
521}
522
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame^]523binder::Status NetdNativeService::getResolverInfo(int32_t netId, std::vector<std::string>* servers,
524 std::vector<std::string>* domains,
525 std::vector<std::string>* tlsServers,
526 std::vector<int32_t>* params,
527 std::vector<int32_t>* stats) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]528 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame^]529 ENFORCE_PERMISSION(NETWORK_STACK);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]530
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame^]531 int err =
532 gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, tlsServers, params, stats);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]533 if (err != 0) {
534 return binder::Status::fromServiceSpecificError(-err,
535 String8::format("ResolverController error: %s", strerror(-err)));
536 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]537 return binder::Status::ok();
538}
539
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]540binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]541 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]542
543 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
544 return binder::Status::ok();
545}
546
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]547namespace {
548
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]549void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
550 const TetherController::TetherStats& tetherStats) {
551 if (tetherStatsParcel->extIface == tetherStats.extIface) {
552 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
553 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
554 tetherStatsParcel->txBytes += tetherStats.txBytes;
555 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]556 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]557}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]558
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]559TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
560 TetherStatsParcel result;
561 result.iface = stats.extIface;
562 result.rxBytes = stats.rxBytes;
563 result.rxPackets = stats.rxPackets;
564 result.txBytes = stats.txBytes;
565 result.txPackets = stats.txPackets;
566 return result;
567}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]568
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]569void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
570 const TetherController::TetherStatsList& statsList) {
571 std::map<std::string, TetherController::TetherStats> statsMap;
572 for (const auto& stats : statsList) {
573 auto iter = statsMap.find(stats.extIface);
574 if (iter != statsMap.end()) {
575 tetherAddStatsByInterface(&(iter->second), stats);
576 } else {
577 statsMap.insert(
578 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
579 }
580 }
581 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
582 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
583 }
584}
585
586std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
587 std::vector<std::string> result;
588 for (const auto& t : *tVec) {
589 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
590 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
591 t.txPackets));
592 }
593 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]594}
595
596} // namespace
597
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]598binder::Status NetdNativeService::tetherGetStats(
599 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]600 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]601
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]602 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
603
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]604 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]605 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]606 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]607 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]608 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
609 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
610 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]611 return binder::Status::ok();
612}
613
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]614binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
615 const std::string &addrString, int prefixLength) {
616 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
617
618 const int err = InterfaceController::addAddress(
619 ifName.c_str(), addrString.c_str(), prefixLength);
620 if (err != 0) {
621 return binder::Status::fromServiceSpecificError(-err,
622 String8::format("InterfaceController error: %s", strerror(-err)));
623 }
624 return binder::Status::ok();
625}
626
627binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
628 const std::string &addrString, int prefixLength) {
629 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
630
631 const int err = InterfaceController::delAddress(
632 ifName.c_str(), addrString.c_str(), prefixLength);
633 if (err != 0) {
634 return binder::Status::fromServiceSpecificError(-err,
635 String8::format("InterfaceController error: %s", strerror(-err)));
636 }
637 return binder::Status::ok();
638}
639
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]640namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]641
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]642std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
643 int32_t category) {
644 const char* ipversionStr = nullptr;
645 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]646 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]647 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]648 break;
649 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]650 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]651 break;
652 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]653 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
654 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]655 }
656
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]657 const char* whichStr = nullptr;
658 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]659 case INetd::CONF:
660 whichStr = "conf";
661 break;
662 case INetd::NEIGH:
663 whichStr = "neigh";
664 break;
665 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]666 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
667 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]668 }
669
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]670 return {binder::Status::ok(), ipversionStr, whichStr};
671}
672
673} // namespace
674
675binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
676 const std::string& ifname,
677 const std::string& parameter, std::string* value) {
678 ENFORCE_PERMISSION(NETWORK_STACK);
679 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
680 .args(ipversion, which, ifname, parameter);
681
682 const auto pathParts = getPathComponents(ipversion, which);
683 const auto& pathStatus = std::get<0>(pathParts);
684 if (!pathStatus.isOk()) {
685 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
686 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]687 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]688
689 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
690 std::get<2>(pathParts), ifname.c_str(),
691 parameter.c_str(), value);
692 entry.returns(err);
693 if (err == 0) entry.returns(*value);
694 gLog.log(entry.withAutomaticDuration());
695 return statusFromErrcode(err);
696}
697
698binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
699 const std::string& ifname,
700 const std::string& parameter,
701 const std::string& value) {
702 ENFORCE_PERMISSION(NETWORK_STACK);
703 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
704 .args(ipversion, which, ifname, parameter, value);
705
706 const auto pathParts = getPathComponents(ipversion, which);
707 const auto& pathStatus = std::get<0>(pathParts);
708 if (!pathStatus.isOk()) {
709 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
710 return pathStatus;
711 }
712
713 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
714 std::get<2>(pathParts), ifname.c_str(),
715 parameter.c_str(), value.c_str());
716 gLog.log(entry.returns(err).withAutomaticDuration());
717 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]718}
719
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]720binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
721 // This function intentionally does not lock, since the only thing it does is one read from an
722 // atomic_int.
723 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
724 ENFORCE_DEBUGGABLE();
725
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]726 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]727 return binder::Status::ok();
728}
729
730binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
731 // This function intentionally does not lock, since the only thing it does is one write to an
732 // atomic_int.
733 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
734 ENFORCE_DEBUGGABLE();
735
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]736 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
737 ? binder::Status::ok()
738 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]739}
740
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]741binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
742 int newUid) {
743 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]744 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]745
746 uid_t callerUid = IPCThreadState::self()->getCallingUid();
747 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
748}
749
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]750binder::Status NetdNativeService::ipSecAllocateSpi(
751 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]752 const std::string& sourceAddress,
753 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]754 int32_t inSpi,
755 int32_t* outSpi) {
756 // Necessary locking done in IpSecService and kernel
757 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]758 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]759 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]760 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]761 sourceAddress,
762 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]763 inSpi,
764 outSpi));
765}
766
767binder::Status NetdNativeService::ipSecAddSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]768 int32_t transformId, int32_t mode, const std::string& sourceAddress,
769 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
770 int32_t markValue, int32_t markMask, const std::string& authAlgo,
771 const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
772 const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
773 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
774 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]775 // Necessary locking done in IpSecService and kernel
776 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]777 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]778 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]779 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
780 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]781 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
782 interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]783}
784
785binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]786 int32_t transformId, const std::string& sourceAddress,
787 const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
788 int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]789 // Necessary locking done in IpSecService and kernel
790 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]791 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]792 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]793 transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]794}
795
796binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
797 const android::base::unique_fd& socket,
798 int32_t transformId,
799 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]800 const std::string& sourceAddress,
801 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]802 int32_t spi) {
803 // Necessary locking done in IpSecService and kernel
804 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]805 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]806 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]807 socket,
808 transformId,
809 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]810 sourceAddress,
811 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]812 spi));
813}
814
815binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
816 const android::base::unique_fd& socket) {
817 // Necessary locking done in IpSecService and kernel
818 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]819 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]820 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]821 socket));
822}
823
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]824binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
825 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]826 const std::string& tmplSrcAddress,
827 const std::string& tmplDstAddress,
828 int32_t spi, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]829 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]830 // Necessary locking done in IpSecService and kernel
831 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]832 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]833 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]834 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]835 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]836}
837
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]838binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
839 int32_t transformId, int32_t selAddrFamily, int32_t direction,
840 const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
841 int32_t markValue, int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]842 // Necessary locking done in IpSecService and kernel
843 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]844 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]845 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]846 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]847 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]848}
849
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]850binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
851 int32_t selAddrFamily,
852 int32_t direction, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]853 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]854 // Necessary locking done in IpSecService and kernel
855 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]856 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]857 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]858 transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]859}
860
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]861binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
862 const std::string& localAddress,
863 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]864 int32_t iKey, int32_t oKey,
865 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]866 // Necessary locking done in IpSecService and kernel
867 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]868 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]869
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]870 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]871 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]872 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
873
874 gLog.log(entry.returns(result).withAutomaticDuration());
875 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]876}
877
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]878binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
879 const std::string& localAddress,
880 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]881 int32_t iKey, int32_t oKey,
882 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]883 // Necessary locking done in IpSecService and kernel
884 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]885 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]886
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]887 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]888 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]889 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
890
891 gLog.log(entry.returns(result).withAutomaticDuration());
892 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]893}
894
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]895binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]896 // Necessary locking done in IpSecService and kernel
897 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]898 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]899
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]900 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
901 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
902
903 gLog.log(entry.returns(result).withAutomaticDuration());
904 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]905}
906
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]907binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
908 int32_t mode) {
909 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]910 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]911}
912
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]913binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
914 const std::string& prefix, int32_t mark,
915 int32_t mask) {
916 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]917 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]918}
919
920binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
921 const std::string& prefix, int32_t mark,
922 int32_t mask) {
923 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]924 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]925}
926
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]927binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
928 ENFORCE_PERMISSION(NETWORK_STACK);
929 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
930 return binder::Status::ok();
931}
932
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]933binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
934 const std::string& classLabel) {
935 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
936 auto entry = gLog.newEntry()
937 .prettyFunction(__PRETTY_FUNCTION__)
938 .arg(ifName)
939 .arg(timeout)
940 .arg(classLabel);
941 int res =
942 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
943 gLog.log(entry.returns(res).withAutomaticDuration());
944 return statusFromErrcode(res);
945}
946
947binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
948 int32_t timeout,
949 const std::string& classLabel) {
950 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
951 auto entry = gLog.newEntry()
952 .prettyFunction(__PRETTY_FUNCTION__)
953 .arg(ifName)
954 .arg(timeout)
955 .arg(classLabel);
956 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
957 classLabel.c_str());
958 gLog.log(entry.returns(res).withAutomaticDuration());
959 return statusFromErrcode(res);
960}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]961
962binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
963 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
964 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
965 StrictPenalty penalty;
966 switch (policyPenalty) {
967 case INetd::PENALTY_POLICY_REJECT:
968 penalty = REJECT;
969 break;
970 case INetd::PENALTY_POLICY_LOG:
971 penalty = LOG;
972 break;
973 case INetd::PENALTY_POLICY_ACCEPT:
974 penalty = ACCEPT;
975 break;
976 default:
977 return statusFromErrcode(-EINVAL);
978 break;
979 }
980 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
981 gLog.log(entry.returns(res).withAutomaticDuration());
982 return statusFromErrcode(res);
983}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]984
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]985binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
986 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
987 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
988 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
989 gLog.log(entry.returns(res).withAutomaticDuration());
990 return statusFromErrcode(res);
991}
992
993binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
994 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
995 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
996 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
997 gLog.log(entry.returns(res).withAutomaticDuration());
998 return statusFromErrcode(res);
999}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]1000
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]1001binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
1002 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1003 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1004 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
1005 gLog.log(entry.returns(*status).withAutomaticDuration());
1006 return binder::Status::ok();
1007}
1008
1009binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1010 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1011 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1012 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1013 gLog.log(entry.returns(res).withAutomaticDuration());
1014 return statusFromErrcode(res);
1015}
1016
1017binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1018 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1019 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1020 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1021 gLog.log(entry.returns(res).withAutomaticDuration());
1022 return statusFromErrcode(res);
1023}
1024
1025binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1026 const std::string& toIface) {
1027 ENFORCE_PERMISSION(NETWORK_STACK);
1028 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1029 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1030 gLog.log(entry.returns(res).withAutomaticDuration());
1031 return statusFromErrcode(res);
1032}
1033
1034binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1035 const std::string& toIface) {
1036 ENFORCE_PERMISSION(NETWORK_STACK);
1037 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1038 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1039 gLog.log(entry.returns(res).withAutomaticDuration());
1040 return statusFromErrcode(res);
1041}
1042
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1043namespace {
1044std::string addSquareBrackets(const std::string& s) {
1045 return "[" + s + "]";
1046}
1047
1048std::string addCurlyBrackets(const std::string& s) {
1049 return "{" + s + "}";
1050}
1051
1052} // namespace
1053binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1054 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1055 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1056
1057 const auto& ifaceList = InterfaceController::getIfaceNames();
1058 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1059
1060 interfaceListResult->clear();
1061 interfaceListResult->reserve(ifaceList.value().size());
1062 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1063 end(ifaceList.value()));
1064
1065 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1066 .withAutomaticDuration());
1067 return binder::Status::ok();
1068}
1069
1070std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1071 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1072 std::to_string(cfg.prefixLength)};
1073 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1074 return addCurlyBrackets(base::Join(result, ", "));
1075}
1076
1077binder::Status NetdNativeService::interfaceGetCfg(
1078 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1079 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1080 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1081
1082 const auto& cfgRes = InterfaceController::getCfg(ifName);
1083 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1084
1085 *interfaceGetCfgResult = cfgRes.value();
1086 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1087 .withAutomaticDuration());
1088 return binder::Status::ok();
1089}
1090
1091binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1092 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1093 auto entry = gLog.newEntry()
1094 .prettyFunction(__PRETTY_FUNCTION__)
1095 .arg(interfaceConfigurationParcelToString(cfg));
1096
1097 const auto& res = InterfaceController::setCfg(cfg);
1098 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1099
1100 gLog.log(entry.withAutomaticDuration());
1101 return binder::Status::ok();
1102}
1103
1104binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1105 bool enable) {
1106 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1107 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1108 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1109 gLog.log(entry.returns(res).withAutomaticDuration());
1110 return statusFromErrcode(res);
1111}
1112
1113binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1114 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1115 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1116 int res = InterfaceController::clearAddrs(ifName.c_str());
1117 gLog.log(entry.returns(res).withAutomaticDuration());
1118 return statusFromErrcode(res);
1119}
1120
1121binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1122 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1123 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1124 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1125 gLog.log(entry.returns(res).withAutomaticDuration());
1126 return statusFromErrcode(res);
1127}
1128
1129binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1130 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1131 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1132 std::string mtu = std::to_string(mtuValue);
1133 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1134 gLog.log(entry.returns(res).withAutomaticDuration());
1135 return statusFromErrcode(res);
1136}
1137
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1138binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1139 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1140 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1141 if (dhcpRanges.size() % 2 == 1) {
1142 return statusFromErrcode(-EINVAL);
1143 }
1144 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1145 gLog.log(entry.returns(res).withAutomaticDuration());
1146 return statusFromErrcode(res);
1147}
1148
1149binder::Status NetdNativeService::tetherStop() {
1150 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1151 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1152 int res = gCtls->tetherCtrl.stopTethering();
1153 gLog.log(entry.returns(res).withAutomaticDuration());
1154 return statusFromErrcode(res);
1155}
1156
1157binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1158 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1159 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1160 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1161 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1162 return binder::Status::ok();
1163}
1164
1165binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1166 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1167 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1168 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1169 gLog.log(entry.returns(res).withAutomaticDuration());
1170 return statusFromErrcode(res);
1171}
1172
1173binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1174 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1175 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1176 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1177 gLog.log(entry.returns(res).withAutomaticDuration());
1178 return statusFromErrcode(res);
1179}
1180
1181binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1182 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1183 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1184 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1185 ifList->push_back(ifname);
1186 }
1187 gLog.log(entry.returns(true).withAutomaticDuration());
1188 return binder::Status::ok();
1189}
1190
1191binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1192 const std::vector<std::string>& dnsAddrs) {
1193 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1194 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1195 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1196 gLog.log(entry.returns(res).withAutomaticDuration());
1197 return statusFromErrcode(res);
1198}
1199
1200binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1201 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1202 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1203 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1204 dnsList->push_back(fwdr);
1205 }
1206 gLog.log(entry.returns(true).withAutomaticDuration());
1207 return binder::Status::ok();
1208}
1209
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1210binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1211 const std::string& destination,
1212 const std::string& nextHop) {
1213 // Public methods of NetworkController are thread-safe.
1214 ENFORCE_PERMISSION(NETWORK_STACK);
1215 auto entry = gLog.newEntry()
1216 .prettyFunction(__PRETTY_FUNCTION__)
1217 .arg(netId)
1218 .arg(ifName)
1219 .arg(destination)
1220 .arg(nextHop);
1221 bool legacy = false;
1222 uid_t uid = 0; // UID is only meaningful for legacy routes.
1223 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1224 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1225 gLog.log(entry.returns(res).withAutomaticDuration());
1226 return statusFromErrcode(res);
1227}
1228
1229binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1230 const std::string& destination,
1231 const std::string& nextHop) {
1232 ENFORCE_PERMISSION(NETWORK_STACK);
1233 auto entry = gLog.newEntry()
1234 .prettyFunction(__PRETTY_FUNCTION__)
1235 .arg(netId)
1236 .arg(ifName)
1237 .arg(destination)
1238 .arg(nextHop);
1239 bool legacy = false;
1240 uid_t uid = 0; // UID is only meaningful for legacy routes.
1241 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1242 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1243 gLog.log(entry.returns(res).withAutomaticDuration());
1244 return statusFromErrcode(res);
1245}
1246
1247binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1248 const std::string& destination,
1249 const std::string& nextHop, int32_t uid) {
1250 ENFORCE_PERMISSION(NETWORK_STACK);
1251 auto entry = gLog.newEntry()
1252 .prettyFunction(__PRETTY_FUNCTION__)
1253 .arg(netId)
1254 .arg(ifName)
1255 .arg(destination)
1256 .arg(nextHop)
1257 .arg(uid);
1258 bool legacy = true;
1259 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1260 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1261 (uid_t) uid);
1262 gLog.log(entry.returns(res).withAutomaticDuration());
1263 return statusFromErrcode(res);
1264}
1265
1266binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1267 const std::string& destination,
1268 const std::string& nextHop,
1269 int32_t uid) {
1270 ENFORCE_PERMISSION(NETWORK_STACK);
1271 auto entry = gLog.newEntry()
1272 .prettyFunction(__PRETTY_FUNCTION__)
1273 .arg(netId)
1274 .arg(ifName)
1275 .arg(destination)
1276 .arg(nextHop)
1277 .arg(uid);
1278 bool legacy = true;
1279 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1280 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1281 (uid_t) uid);
1282 gLog.log(entry.returns(res).withAutomaticDuration());
1283 return statusFromErrcode(res);
1284}
1285
1286binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1287 ENFORCE_PERMISSION(NETWORK_STACK);
1288 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1289 *netId = gCtls->netCtrl.getDefaultNetwork();
1290 gLog.log(entry.returns(*netId).withAutomaticDuration());
1291 return binder::Status::ok();
1292}
1293
1294binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1295 ENFORCE_PERMISSION(NETWORK_STACK);
1296 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1297 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1298 gLog.log(entry.returns(res).withAutomaticDuration());
1299 return statusFromErrcode(res);
1300}
1301
1302binder::Status NetdNativeService::networkClearDefault() {
1303 ENFORCE_PERMISSION(NETWORK_STACK);
1304 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1305 unsigned netId = NETID_UNSET;
1306 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1307 gLog.log(entry.returns(res).withAutomaticDuration());
1308 return statusFromErrcode(res);
1309}
1310
1311std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1312 return {begin(intUids), end(intUids)};
1313}
1314
1315Permission NetdNativeService::convertPermission(int32_t permission) {
1316 switch (permission) {
1317 case INetd::PERMISSION_NETWORK:
1318 return Permission::PERMISSION_NETWORK;
1319 case INetd::PERMISSION_SYSTEM:
1320 return Permission::PERMISSION_SYSTEM;
1321 default:
1322 return Permission::PERMISSION_NONE;
1323 }
1324}
1325
1326binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1327 int32_t permission) {
1328 ENFORCE_PERMISSION(NETWORK_STACK);
1329 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1330 std::vector<unsigned> netIds = {(unsigned) netId};
1331 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1332 gLog.log(entry.returns(res).withAutomaticDuration());
1333 return statusFromErrcode(res);
1334}
1335
1336binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1337 const std::vector<int32_t>& uids) {
1338 ENFORCE_PERMISSION(NETWORK_STACK);
1339 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1340 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1341 gLog.log(entry.withAutomaticDuration());
1342 return binder::Status::ok();
1343}
1344
1345binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1346 ENFORCE_PERMISSION(NETWORK_STACK);
1347 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1348 Permission permission = Permission::PERMISSION_NONE;
1349 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1350 gLog.log(entry.withAutomaticDuration());
1351 return binder::Status::ok();
1352}
1353
1354binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1355 ENFORCE_PERMISSION(NETWORK_STACK);
1356 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1357 std::vector<uid_t> uids = {(uid_t) uid};
1358 gCtls->netCtrl.allowProtect(uids);
1359 gLog.log(entry.withAutomaticDuration());
1360 return binder::Status::ok();
1361}
1362
1363binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1364 ENFORCE_PERMISSION(NETWORK_STACK);
1365 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1366 std::vector<uid_t> uids = {(uid_t) uid};
1367 gCtls->netCtrl.denyProtect(uids);
1368 gLog.log(entry.withAutomaticDuration());
1369 return binder::Status::ok();
1370}
1371
1372binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1373 ENFORCE_PERMISSION(NETWORK_STACK);
1374 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1375 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1376 gLog.log(entry.returns(*ret).withAutomaticDuration());
1377 return binder::Status::ok();
1378}
1379
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1380namespace {
1381std::string ruleToString(int32_t rule) {
1382 switch (rule) {
1383 case INetd::FIREWALL_RULE_DENY:
1384 return "DENY";
1385 case INetd::FIREWALL_RULE_ALLOW:
1386 return "ALLOW";
1387 default:
1388 return "INVALID";
1389 }
1390}
1391
1392std::string typeToString(int32_t type) {
1393 switch (type) {
1394 case INetd::FIREWALL_WHITELIST:
1395 return "WHITELIST";
1396 case INetd::FIREWALL_BLACKLIST:
1397 return "BLACKLIST";
1398 default:
1399 return "INVALID";
1400 }
1401}
1402
1403std::string chainToString(int32_t chain) {
1404 switch (chain) {
1405 case INetd::FIREWALL_CHAIN_NONE:
1406 return "NONE";
1407 case INetd::FIREWALL_CHAIN_DOZABLE:
1408 return "DOZABLE";
1409 case INetd::FIREWALL_CHAIN_STANDBY:
1410 return "STANDBY";
1411 case INetd::FIREWALL_CHAIN_POWERSAVE:
1412 return "POWERSAVE";
1413 default:
1414 return "INVALID";
1415 }
1416}
1417
1418} // namespace
1419
1420binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1421 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1422 auto entry =
1423 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1424 auto type = static_cast<FirewallType>(firewallType);
1425
1426 int res = gCtls->firewallCtrl.setFirewallType(type);
1427 gLog.log(entry.returns(res).withAutomaticDuration());
1428 return statusFromErrcode(res);
1429}
1430
1431binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1432 int32_t firewallRule) {
1433 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1434 auto entry = gLog.newEntry()
1435 .prettyFunction(__PRETTY_FUNCTION__)
1436 .args(ifName, ruleToString(firewallRule));
1437 auto rule = static_cast<FirewallRule>(firewallRule);
1438
1439 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1440 gLog.log(entry.returns(res).withAutomaticDuration());
1441 return statusFromErrcode(res);
1442}
1443
1444binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1445 int32_t firewallRule) {
1446 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1447 auto entry = gLog.newEntry()
1448 .prettyFunction(__PRETTY_FUNCTION__)
1449 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1450 auto chain = static_cast<ChildChain>(childChain);
1451 auto rule = static_cast<FirewallRule>(firewallRule);
1452
1453 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1454 gLog.log(entry.returns(res).withAutomaticDuration());
1455 return statusFromErrcode(res);
1456}
1457
1458binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1459 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1460 auto entry = gLog.newEntry()
1461 .prettyFunction(__PRETTY_FUNCTION__)
1462 .args(chainToString(childChain), enable);
1463 auto chain = static_cast<ChildChain>(childChain);
1464
1465 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1466 gLog.log(entry.returns(res).withAutomaticDuration());
1467 return statusFromErrcode(res);
1468}
1469
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1470binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1471 const std::string& extIface) {
1472 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1473 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1474
1475 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1476 gLog.log(entry.returns(res).withAutomaticDuration());
1477 return statusFromErrcode(res);
1478}
1479
1480binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1481 const std::string& extIface) {
1482 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1483 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1484
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1485 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1486 gLog.log(entry.returns(res).withAutomaticDuration());
1487 return statusFromErrcode(res);
1488}
1489
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1490} // namespace net
1491} // namespace android