Blame - server/NetdNativeService.cpp - platform/system/netd

2016-02-02 17:19:04 +0900

[diff] [blame]

/**

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

17

#define LOG_TAG "Netd"

18

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

19

#include <cinttypes>

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

20

#include <numeric>

Ben Schwartz

4204ecf

2017-10-02 12:35:48 -0400

[diff] [blame]

21

#include <set>

Xiao Ma

64b15b7

2019-03-20 11:33:15 +0900

[diff] [blame]

22

#include <string>

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

23

#include <tuple>

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

24

#include <vector>

25

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

26

#include <android-base/file.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

27

#include <android-base/stringprintf.h>

Ben Schwartz

4204ecf

2017-10-02 12:35:48 -0400

[diff] [blame]

28

#include <android-base/strings.h>

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

29

#include <binder/IPCThreadState.h>

30

#include <binder/IServiceManager.h>

31

#include <binder/Status.h>

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

32

#include <cutils/properties.h>

Logan Chien

3f46148

2018-04-23 14:31:32 +0800

[diff] [blame]

33

#include <log/log.h>

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

34

#include <netdutils/DumpWriter.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

35

#include <utils/Errors.h>

Pierre Imai

beedec3

2016-04-13 06:44:51 +0900

[diff] [blame]

36

#include <utils/String16.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

37

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

38

#include "BinderUtil.h"

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

39

#include "Controllers.h"

Chiachang Wang

00fc62f

2019-12-04 20:38:26 +0800

[diff] [blame]

40

#include "Fwmark.h"

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

41

#include "InterfaceController.h"

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

42

#include "NetdNativeService.h"

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

43

#include "NetdPermissions.h"

Luke Huang

0e5e69d

2019-03-06 15:42:38 +0800

[diff] [blame]

44

#include "OemNetdListener.h"

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

45

#include "Permission.h"

Erik Kline

8589004

2018-05-25 19:19:11 +0900

[diff] [blame]

46

#include "Process.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

47

#include "RouteController.h"

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

48

#include "SockDiag.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

49

#include "UidRanges.h"

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

50

#include "android/net/BnNetd.h"

Bernie Innocenti

189eb50

2018-10-01 23:10:18 +0900

[diff] [blame]

51

#include "netid_client.h" // NETID_UNSET

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

52

53

using android::base::StringPrintf;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

54

using android::base::WriteStringToFile;

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

55

using android::net::TetherStatsParcel;

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

56

using android::net::UidRangeParcel;

Luke Huang

b257d61

2019-03-14 21:19:13 +0800

[diff] [blame]

57

using android::netdutils::DumpWriter;

58

using android::netdutils::ScopedIndent;

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

59

using android::os::ParcelFileDescriptor;

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

namespace android {

namespace net {

namespace {

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

65

const char OPT_SHORT[] = "--short";

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

66

Automerger Merge Worker

2b0f586

2020-03-05 12:25:24 +0000

[diff] [blame]

67

// The input permissions should be equivalent that this function would return ok if any of them is

68

// granted.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

69

binder::Status checkAnyPermission(const std::vector<const char*>& permissions) {

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

70

pid_t pid = IPCThreadState::self()->getCallingPid();

71

uid_t uid = IPCThreadState::self()->getCallingUid();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

72

Automerger Merge Worker

2b0f586

2020-03-05 12:25:24 +0000

[diff] [blame]

73

// TODO: Do the pure permission check in this function. Have another method

74

// (e.g. checkNetworkStackPermission) to wrap AID_SYSTEM and

75

// AID_NETWORK_STACK uid check.

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

76

// If the caller is the system UID, don't check permissions.

77

// Otherwise, if the system server's binder thread pool is full, and all the threads are

78

// blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492

79

//

80

// From a security perspective, there is currently no difference, because:

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

81

// 1. The system server has the NETWORK_STACK permission, which grants access to all the

82

// IPCs in this file.

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

83

// 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

84

if (uid == AID_SYSTEM) {

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

85

return binder::Status::ok();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

86

}

Automerger Merge Worker

2b0f586

2020-03-05 12:25:24 +0000

[diff] [blame]

87

// AID_NETWORK_STACK own MAINLINE_NETWORK_STACK permission, don't IPC to system server to check

88

// MAINLINE_NETWORK_STACK permission. Cross-process(netd, networkstack and system server)

89

// deadlock: http://b/149766727

90

if (uid == AID_NETWORK_STACK) {

91

for (const char* permission : permissions) {

92

if (std::strcmp(permission, PERM_MAINLINE_NETWORK_STACK) == 0) {

93

return binder::Status::ok();

94

}

95

}

96

}

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

97

98

for (const char* permission : permissions) {

99

if (checkPermission(String16(permission), pid, uid)) {

100

return binder::Status::ok();

}

}

auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s",

105

uid, pid, android::base::Join(permissions, ',').c_str());

106

return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, err.c_str());

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

107

}

108

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

109

#define ENFORCE_ANY_PERMISSION(...) \

110

do { \

111

binder::Status status = checkAnyPermission({__VA_ARGS__}); \

112

if (!status.isOk()) { \

113

return status; \

114

} \

115

} while (0)

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

116

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

117

#define NETD_LOCKING_RPC(lock, ... /* permissions */) \

118

ENFORCE_ANY_PERMISSION(__VA_ARGS__); \

Bernie Innocenti

abf8a34

2018-08-10 15:17:16 +0900

[diff] [blame]

119

std::lock_guard _lock(lock);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

120

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

121

#define NETD_BIG_LOCK_RPC(... /* permissions */) NETD_LOCKING_RPC(gBigNetdLock, __VA_ARGS__)

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

122

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

123

#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \

124

do { \

125

if (!isOk((res))) { \

126

logErrorStatus((logEntry), (res)); \

127

return asBinderStatus((res)); \

} \

} while (0)

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

131

#define ENFORCE_NETWORK_STACK_PERMISSIONS() \

132

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK)

133

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

134

void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {

135

gLog.log(logEntry.returns(status.code()).withAutomaticDuration());

136

}

137

Bernie Innocenti

97f388f

2018-10-16 19:17:08 +0900

[diff] [blame]

138

binder::Status asBinderStatus(const netdutils::Status& status) {

139

if (isOk(status)) {

140

return binder::Status::ok();

141

}

142

return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());

143

}

144

Lorenzo Colitti

e801d3c

2020-02-18 00:00:35 +0900

[diff] [blame]

145

template <typename T>

146

binder::Status asBinderStatus(const base::Result<T> result) {

147

if (result.ok()) return binder::Status::ok();

148

149

return binder::Status::fromServiceSpecificError(result.error().code(),

150

result.error().message().c_str());

151

}

152

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

153

inline binder::Status statusFromErrcode(int ret) {

154

if (ret) {

155

return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));

156

}

157

return binder::Status::ok();

158

}

159

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

160

bool contains(const Vector<String16>& words, const String16& word) {

161

for (const auto& w : words) {

162

if (w == word) return true;

163

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

164

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

return false;

}

} // namespace

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

169

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

170

NetdNativeService::NetdNativeService() {

171

// register log callback to BnNetd::logFunc

172

BnNetd::logFunc = std::bind(binderCallLogFn, std::placeholders::_1,

173

[](const std::string& msg) { gLog.info("%s", msg.c_str()); });

174

}

175

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

176

status_t NetdNativeService::start() {

177

IPCThreadState::self()->disableBackgroundScheduling(true);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

178

const status_t ret = BinderService<NetdNativeService>::publish();

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

179

if (ret != android::OK) {

180

return ret;

181

}

182

sp<ProcessState> ps(ProcessState::self());

183

ps->startThreadPool();

184

ps->giveThreadPoolName();

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

185

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

return android::OK;

}

Hugo Benichi

2018-01-15 21:54:00 +0900

[diff] [blame]

189

status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

190

const binder::Status dump_permission = checkAnyPermission({PERM_DUMP});

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

191

if (!dump_permission.isOk()) {

192

const String8 msg(dump_permission.toString8());

193

write(fd, msg.string(), msg.size());

194

return PERMISSION_DENIED;

195

}

196

197

// This method does not grab any locks. If individual classes need locking

198

// their dump() methods MUST handle locking appropriately.

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

199

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

200

DumpWriter dw(fd);

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

201

202

if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {

203

dw.blankline();

204

gCtls->tcpSocketMonitor.dump(dw);

dw.blankline();

return NO_ERROR;

}

Chenbo Feng

2018-03-26 10:53:33 -0700

[diff] [blame]

209

if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {

210

dw.blankline();

211

gCtls->trafficCtrl.dump(dw, true);

dw.blankline();

return NO_ERROR;

}

Erik Kline

2018-05-25 19:19:11 +0900

[diff] [blame]

216

process::dump(dw);

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

217

dw.blankline();

218

gCtls->netCtrl.dump(dw);

219

dw.blankline();

220

Chenbo Feng

ef29717

2018-03-26 10:53:33 -0700

[diff] [blame]

221

gCtls->trafficCtrl.dump(dw, false);

222

dw.blankline();

223

Benedict Wong

af85543

2018-05-10 17:07:37 -0700

[diff] [blame]

224

gCtls->xfrmCtrl.dump(dw);

225

dw.blankline();

226

Maciej Żenczykowski

5526271

2019-03-29 23:44:56 -0700

[diff] [blame]

227

gCtls->clatdCtrl.dump(dw);

228

dw.blankline();

229

Lorenzo Colitti

52db391

2020-02-17 23:59:45 +0900

[diff] [blame]

230

gCtls->tetherCtrl.dump(dw);

231

dw.blankline();

232

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

233

{

234

ScopedIndent indentLog(dw);

235

if (contains(args, String16(OPT_SHORT))) {

236

dw.println("Log: <omitted>");

237

} else {

238

dw.println("Log:");

239

ScopedIndent indentLogEntries(dw);

240

gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Luke Huang

2018-08-29 19:06:05 +0800

[diff] [blame]

245

{

246

ScopedIndent indentLog(dw);

247

if (contains(args, String16(OPT_SHORT))) {

248

dw.println("UnsolicitedLog: <omitted>");

249

} else {

250

dw.println("UnsolicitedLog:");

251

ScopedIndent indentLogEntries(dw);

252

gUnsolicitedLog.forEachEntry(

253

[&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

return NO_ERROR;

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

261

binder::Status NetdNativeService::isAlive(bool *alive) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

262

NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

263

264

*alive = true;

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

265

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

266

return binder::Status::ok();

267

}

268

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

269

binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

270

bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

271

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

272

int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

273

*ret = (err == 0);

274

return binder::Status::ok();

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

275

}

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

276

277

binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

278

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

279

int err = gCtls->bandwidthCtrl.enableDataSaver(enable);

280

*ret = (err == 0);

281

return binder::Status::ok();

282

}

283

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

284

binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,

285

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

286

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

287

int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

288

return statusFromErrcode(res);

289

}

290

291

binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

292

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

293

int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

294

return statusFromErrcode(res);

295

}

296

297

binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,

298

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

299

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

300

int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

301

return statusFromErrcode(res);

302

}

303

304

binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

305

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

306

int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

307

return statusFromErrcode(res);

308

}

309

310

binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

311

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

312

int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

313

return statusFromErrcode(res);

314

}

315

316

binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

317

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

318

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

319

int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

320

return statusFromErrcode(res);

321

}

322

323

binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

324

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

325

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

326

int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

327

return statusFromErrcode(res);

328

}

329

330

binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

331

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

332

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

333

int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

334

return statusFromErrcode(res);

335

}

336

337

binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

338

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

339

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

340

int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

341

return statusFromErrcode(res);

342

}

343

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

344

binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

345

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

346

int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

347

return statusFromErrcode(ret);

348

}

349

cken

67cd14c

2018-12-05 17:26:59 +0900

[diff] [blame]

350

binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

351

ENFORCE_NETWORK_STACK_PERMISSIONS();

cken

67cd14c

2018-12-05 17:26:59 +0900

[diff] [blame]

352

int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

353

return statusFromErrcode(ret);

354

}

355

356

binder::Status NetdNativeService::networkDestroy(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

357

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

d33a8f4

2019-03-14 16:10:04 +0800

[diff] [blame]

358

// NetworkController::destroyNetwork is thread-safe.

Mike Yu

4fe1b9c

2019-01-29 17:50:19 +0800

[diff] [blame]

359

const int ret = gCtls->netCtrl.destroyNetwork(netId);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

360

return statusFromErrcode(ret);

361

}

362

363

binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

364

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

365

int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());

366

return statusFromErrcode(ret);

367

}

368

369

binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

370

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

371

int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());

372

return statusFromErrcode(ret);

373

}

374

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

375

binder::Status NetdNativeService::networkAddUidRanges(

376

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

377

// NetworkController::addUsersToNetwork is thread-safe.

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

378

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

379

int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));

380

return statusFromErrcode(ret);

381

}

382

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

383

binder::Status NetdNativeService::networkRemoveUidRanges(

384

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

385

// NetworkController::removeUsersFromNetwork is thread-safe.

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

386

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

387

int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));

388

return statusFromErrcode(ret);

389

}

390

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

391

binder::Status NetdNativeService::networkRejectNonSecureVpn(

392

bool add, const std::vector<UidRangeParcel>& uidRangeArray) {

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

393

// TODO: elsewhere RouteController is only used from the tethering and network controllers, so

394

// it should be possible to use the same lock as NetworkController. However, every call through

395

// the CommandListener "network" command will need to hold this lock too, not just the ones that

396

// read/modify network internal state (that is sufficient for ::dump() because it doesn't

397

// look at routes, but it's not enough here).

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

398

NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

399

UidRanges uidRanges(uidRangeArray);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

int err;

if (add) {

err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);

404

} else {

405

err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);

406

}

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

407

return statusFromErrcode(err);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

408

}

409

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

410

binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,

411

const std::vector<int32_t>& skipUids) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

412

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

SockDiag sd;

if (!sd.open()) {

return binder::Status::fromServiceSpecificError(EIO,

417

String8("Could not open SOCK_DIAG socket"));

418

}

419

420

UidRanges uidRanges(uids);

Lorenzo Colitti

e5c3c99

2016-07-26 17:53:50 +0900

[diff] [blame]

421

int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),

422

true /* excludeLoopback */);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

423

if (err) {

424

return binder::Status::fromServiceSpecificError(-err,

425

String8::format("destroySockets: %s", strerror(-err)));

426

}

Pierre Imai

beedec3

2016-04-13 06:44:51 +0900

[diff] [blame]

427

return binder::Status::ok();

428

}

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

429

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

430

binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

431

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

432

*ret = gCtls->tetherCtrl.applyDnsInterfaces();

433

return binder::Status::ok();

434

}

435

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

436

namespace {

437

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

438

void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,

439

const TetherController::TetherStats& tetherStats) {

440

if (tetherStatsParcel->extIface == tetherStats.extIface) {

441

tetherStatsParcel->rxBytes += tetherStats.rxBytes;

442

tetherStatsParcel->rxPackets += tetherStats.rxPackets;

443

tetherStatsParcel->txBytes += tetherStats.txBytes;

444

tetherStatsParcel->txPackets += tetherStats.txPackets;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

445

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

446

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

447

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

448

TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {

449

TetherStatsParcel result;

450

result.iface = stats.extIface;

451

result.rxBytes = stats.rxBytes;

452

result.rxPackets = stats.rxPackets;

453

result.txBytes = stats.txBytes;

454

result.txPackets = stats.txPackets;

455

return result;

456

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

457

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

458

void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,

459

const TetherController::TetherStatsList& statsList) {

460

std::map<std::string, TetherController::TetherStats> statsMap;

461

for (const auto& stats : statsList) {

462

auto iter = statsMap.find(stats.extIface);

463

if (iter != statsMap.end()) {

464

tetherAddStatsByInterface(&(iter->second), stats);

465

} else {

466

statsMap.insert(

467

std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));

468

}

469

}

470

for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {

471

tetherStatsVec->push_back(toTetherStatsParcel(iter->second));

}

}

std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {

476

std::vector<std::string> result;

477

for (const auto& t : *tVec) {

478

result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,

479

t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,

480

t.txPackets));

481

}

482

return result;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

}

} // namespace

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

487

binder::Status NetdNativeService::tetherGetStats(

488

std::vector<TetherStatsParcel>* tetherStatsParcelVec) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

489

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

5192bf7

2017-09-04 13:30:59 +0900

[diff] [blame]

490

const auto& statsList = gCtls->tetherCtrl.getTetherStats();

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

491

if (!isOk(statsList)) {

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

492

return asBinderStatus(statsList);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

493

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

494

setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());

495

auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

496

return binder::Status::ok();

497

}

498

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

499

binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,

500

const std::string &addrString, int prefixLength) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

501

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

502

const int err = InterfaceController::addAddress(

503

ifName.c_str(), addrString.c_str(), prefixLength);

504

if (err != 0) {

505

return binder::Status::fromServiceSpecificError(-err,

506

String8::format("InterfaceController error: %s", strerror(-err)));

507

}

508

return binder::Status::ok();

509

}

510

511

binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,

512

const std::string &addrString, int prefixLength) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

513

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

514

const int err = InterfaceController::delAddress(

515

ifName.c_str(), addrString.c_str(), prefixLength);

516

if (err != 0) {

517

return binder::Status::fromServiceSpecificError(-err,

518

String8::format("InterfaceController error: %s", strerror(-err)));

519

}

520

return binder::Status::ok();

521

}

522

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

523

namespace {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

524

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

525

std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,

526

int32_t category) {

527

const char* ipversionStr = nullptr;

528

switch (ipversion) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

529

case INetd::IPV4:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

530

ipversionStr = "ipv4";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

531

break;

532

case INetd::IPV6:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

533

ipversionStr = "ipv6";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

534

break;

535

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

536

return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),

537

nullptr, nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

538

}

539

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

540

const char* whichStr = nullptr;

541

switch (category) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

case INetd::CONF:

whichStr = "conf";

break;

case INetd::NEIGH:

whichStr = "neigh";

break;

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

549

return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,

550

nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

551

}

552

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

553

return {binder::Status::ok(), ipversionStr, whichStr};

}

} // namespace

binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,

559

const std::string& ifname,

560

const std::string& parameter, std::string* value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

561

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

562

const auto pathParts = getPathComponents(ipversion, which);

563

const auto& pathStatus = std::get<0>(pathParts);

564

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

565

return pathStatus;

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

566

}

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

567

568

const int err = InterfaceController::getParameter(std::get<1>(pathParts),

569

std::get<2>(pathParts), ifname.c_str(),

570

parameter.c_str(), value);

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

571

return statusFromErrcode(err);

572

}

573

574

binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,

575

const std::string& ifname,

576

const std::string& parameter,

577

const std::string& value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

578

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

579

const auto pathParts = getPathComponents(ipversion, which);

580

const auto& pathStatus = std::get<0>(pathParts);

581

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

return pathStatus;

}

const int err = InterfaceController::setParameter(std::get<1>(pathParts),

586

std::get<2>(pathParts), ifname.c_str(),

587

parameter.c_str(), value.c_str());

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

588

return statusFromErrcode(err);

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

589

}

590

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

591

binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,

592

int newUid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

593

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

594

595

uid_t callerUid = IPCThreadState::self()->getCallingUid();

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

596

return asBinderStatus(

597

gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

598

}

599

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

600

binder::Status NetdNativeService::ipSecAllocateSpi(

601

int32_t transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

602

const std::string& sourceAddress,

603

const std::string& destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

604

int32_t inSpi,

605

int32_t* outSpi) {

606

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

607

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

608

return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

609

transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

610

sourceAddress,

611

destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

inSpi,

outSpi));

}

binder::Status NetdNativeService::ipSecAddSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

617

int32_t transformId, int32_t mode, const std::string& sourceAddress,

618

const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,

619

int32_t markValue, int32_t markMask, const std::string& authAlgo,

620

const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,

621

const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,

622

const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,

623

int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

624

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

625

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

626

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

627

transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,

628

markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

629

aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,

630

interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

631

}

632

633

binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

634

int32_t transformId, const std::string& sourceAddress,

635

const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,

636

int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

637

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

638

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

639

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

640

transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

641

}

642

643

binder::Status NetdNativeService::ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

644

const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,

645

const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

646

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

647

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

648

return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

649

socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

650

}

651

652

binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

653

const ParcelFileDescriptor& socket) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

654

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

655

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

656

return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

657

}

658

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

659

binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,

660

int32_t direction,

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

661

const std::string& tmplSrcAddress,

662

const std::string& tmplDstAddress,

663

int32_t spi, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

664

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

665

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

666

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

667

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

668

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

669

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

670

}

671

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

672

binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(

673

int32_t transformId, int32_t selAddrFamily, int32_t direction,

674

const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,

675

int32_t markValue, int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

676

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

677

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

678

return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

679

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

680

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

681

}

682

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

683

binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,

684

int32_t selAddrFamily,

685

int32_t direction, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

686

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

687

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

688

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

689

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

690

transformId, selAddrFamily, direction, markValue, markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

691

}

692

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

693

binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,

694

const std::string& localAddress,

695

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

696

int32_t iKey, int32_t oKey,

697

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

698

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

699

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

700

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

701

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

702

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

703

}

704

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

705

binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,

706

const std::string& localAddress,

707

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

708

int32_t iKey, int32_t oKey,

709

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

710

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

711

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

712

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

713

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

714

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

715

}

716

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

717

binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

718

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

719

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

720

netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

721

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

722

}

723

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

724

binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,

725

int32_t mode) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

726

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

727

return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

728

}

729

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

730

binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,

731

const std::string& prefix, int32_t mark,

732

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

733

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

734

return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

735

}

736

737

binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,

738

const std::string& prefix, int32_t mark,

739

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

740

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

741

return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

742

}

743

Chenbo Feng

873ae14

2019-04-10 12:26:06 -0700

[diff] [blame]

744

binder::Status NetdNativeService::trafficSwapActiveStatsMap() {

745

ENFORCE_NETWORK_STACK_PERMISSIONS();

746

return asBinderStatus(gCtls->trafficCtrl.swapActiveStatsMap());

747

}

748

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

749

binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,

750

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

751

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

752

int res =

753

gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

754

return statusFromErrcode(res);

755

}

756

757

binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,

758

int32_t timeout,

759

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

760

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

761

int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,

762

classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

763

return statusFromErrcode(res);

764

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

765

766

binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

767

NETD_LOCKING_RPC(gCtls->strictCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

768

StrictPenalty penalty;

769

switch (policyPenalty) {

770

case INetd::PENALTY_POLICY_REJECT:

771

penalty = REJECT;

772

break;

773

case INetd::PENALTY_POLICY_LOG:

774

penalty = LOG;

775

break;

776

case INetd::PENALTY_POLICY_ACCEPT:

penalty = ACCEPT;

break;

default:

return statusFromErrcode(-EINVAL);

781

break;

782

}

783

int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

784

return statusFromErrcode(res);

785

}

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

786

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

787

binder::Status NetdNativeService::clatdStart(const std::string& ifName,

788

const std::string& nat64Prefix, std::string* v6Addr) {

Maciej Żenczykowski

5628027

2019-03-30 03:32:51 -0700

[diff] [blame]

789

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

790

int res = gCtls->clatdCtrl.startClatd(ifName.c_str(), nat64Prefix, v6Addr);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

791

return statusFromErrcode(res);

792

}

793

794

binder::Status NetdNativeService::clatdStop(const std::string& ifName) {

Maciej Żenczykowski

5628027

2019-03-30 03:32:51 -0700

[diff] [blame]

795

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

796

int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

797

return statusFromErrcode(res);

798

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

799

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

800

binder::Status NetdNativeService::ipfwdEnabled(bool* status) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

801

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

728cf4c

2019-03-14 19:43:02 +0800

[diff] [blame]

802

*status = (gCtls->tetherCtrl.getIpfwdRequesterList().size() > 0) ? true : false;

803

return binder::Status::ok();

804

}

805

806

binder::Status NetdNativeService::ipfwdGetRequesterList(std::vector<std::string>* requesterList) {

807

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

808

for (const auto& requester : gCtls->tetherCtrl.getIpfwdRequesterList()) {

809

requesterList->push_back(requester);

810

}

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

811

return binder::Status::ok();

812

}

813

814

binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

815

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

816

int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

817

return statusFromErrcode(res);

818

}

819

820

binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

821

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

822

int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

823

return statusFromErrcode(res);

824

}

825

826

binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,

827

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

828

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

829

int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

830

return statusFromErrcode(res);

831

}

832

833

binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,

834

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

835

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

836

int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

837

return statusFromErrcode(res);

838

}

839

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

840

namespace {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

841

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

842

std::string addCurlyBrackets(const std::string& s) {

843

return "{" + s + "}";

844

}

845

846

} // namespace

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

847

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

848

binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

849

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

850

const auto& ifaceList = InterfaceController::getIfaceNames();

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

851

852

interfaceListResult->clear();

853

interfaceListResult->reserve(ifaceList.value().size());

854

interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),

855

end(ifaceList.value()));

856

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

857

return binder::Status::ok();

858

}

859

860

std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {

861

std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,

862

std::to_string(cfg.prefixLength)};

863

result.insert(end(result), begin(cfg.flags), end(cfg.flags));

864

return addCurlyBrackets(base::Join(result, ", "));

865

}

866

867

binder::Status NetdNativeService::interfaceGetCfg(

868

const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

869

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

870

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

871

872

const auto& cfgRes = InterfaceController::getCfg(ifName);

873

RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);

874

875

*interfaceGetCfgResult = cfgRes.value();

876

gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))

877

.withAutomaticDuration());

878

return binder::Status::ok();

879

}

880

881

binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

882

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

883

auto entry = gLog.newEntry()

884

.prettyFunction(__PRETTY_FUNCTION__)

885

.arg(interfaceConfigurationParcelToString(cfg));

886

887

const auto& res = InterfaceController::setCfg(cfg);

888

RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);

889

890

gLog.log(entry.withAutomaticDuration());

891

return binder::Status::ok();

892

}

893

894

binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,

895

bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

896

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

897

int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

898

return statusFromErrcode(res);

899

}

900

901

binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

902

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

903

int res = InterfaceController::clearAddrs(ifName.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

904

return statusFromErrcode(res);

905

}

906

907

binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

908

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

909

int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

910

return statusFromErrcode(res);

911

}

912

913

binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

914

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

915

std::string mtu = std::to_string(mtuValue);

916

int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

917

return statusFromErrcode(res);

918

}

919

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

920

binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

921

TetherConfigParcel config;

922

config.usingLegacyDnsProxy = true;

923

config.dhcpRanges = dhcpRanges;

924

return tetherStartWithConfiguration(config);

Luke Huang

91bd3e1

2019-08-20 11:33:52 +0800

[diff] [blame]

925

}

926

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

927

binder::Status NetdNativeService::tetherStartWithConfiguration(const TetherConfigParcel& config) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

928

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

929

if (config.dhcpRanges.size() % 2 == 1) {

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

930

return statusFromErrcode(-EINVAL);

931

}

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

932

// TODO: Pass TetherConfigParcel directly.

933

int res = gCtls->tetherCtrl.startTethering(config.usingLegacyDnsProxy, config.dhcpRanges);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

934

return statusFromErrcode(res);

935

}

936

937

binder::Status NetdNativeService::tetherStop() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

938

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

939

int res = gCtls->tetherCtrl.stopTethering();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

940

return statusFromErrcode(res);

941

}

942

943

binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

944

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

945

*enabled = gCtls->tetherCtrl.isTetheringStarted();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

946

return binder::Status::ok();

947

}

948

949

binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

950

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

951

int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

952

return statusFromErrcode(res);

953

}

954

955

binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

956

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

957

int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

958

return statusFromErrcode(res);

959

}

960

961

binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

962

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

963

for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {

964

ifList->push_back(ifname);

965

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

966

return binder::Status::ok();

967

}

968

969

binder::Status NetdNativeService::tetherDnsSet(int32_t netId,

970

const std::vector<std::string>& dnsAddrs) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

971

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

972

int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

973

return statusFromErrcode(res);

974

}

975

976

binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

977

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

978

for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {

979

dnsList->push_back(fwdr);

980

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

981

return binder::Status::ok();

982

}

983

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

984

binder::Status NetdNativeService::networkAddRouteParcel(int32_t netId,

985

const RouteInfoParcel& route) {

986

// Public methods of NetworkController are thread-safe.

987

ENFORCE_NETWORK_STACK_PERMISSIONS();

988

bool legacy = false;

989

uid_t uid = 0; // UID is only meaningful for legacy routes.

990

991

// convert Parcel to parameters

992

int res = gCtls->netCtrl.addRoute(netId, route.ifName.c_str(), route.destination.c_str(),

993

route.nextHop.empty() ? nullptr : route.nextHop.c_str(),

994

legacy, uid, route.mtu);

995

return statusFromErrcode(res);

996

}

997

998

binder::Status NetdNativeService::networkUpdateRouteParcel(int32_t netId,

999

const RouteInfoParcel& route) {

1000

// Public methods of NetworkController are thread-safe.

1001

ENFORCE_NETWORK_STACK_PERMISSIONS();

1002

bool legacy = false;

1003

uid_t uid = 0; // UID is only meaningful for legacy routes.

1004

1005

// convert Parcel to parameters

1006

int res = gCtls->netCtrl.updateRoute(netId, route.ifName.c_str(), route.destination.c_str(),

1007

route.nextHop.empty() ? nullptr : route.nextHop.c_str(),

1008

legacy, uid, route.mtu);

1009

return statusFromErrcode(res);

1010

}

1011

1012

binder::Status NetdNativeService::networkRemoveRouteParcel(int32_t netId,

1013

const RouteInfoParcel& route) {

1014

return networkRemoveRoute(netId, route.ifName, route.destination, route.nextHop);

1015

}

1016

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1017

binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,

1018

const std::string& destination,

1019

const std::string& nextHop) {

1020

// Public methods of NetworkController are thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1021

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1022

bool legacy = false;

1023

uid_t uid = 0; // UID is only meaningful for legacy routes.

1024

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1025

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid, 0);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1026

return statusFromErrcode(res);

1027

}

1028

1029

binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,

1030

const std::string& destination,

1031

const std::string& nextHop) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1032

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1033

bool legacy = false;

1034

uid_t uid = 0; // UID is only meaningful for legacy routes.

1035

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1036

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1037

return statusFromErrcode(res);

1038

}

1039

1040

binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,

1041

const std::string& destination,

1042

const std::string& nextHop, int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1043

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1044

bool legacy = true;

1045

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

1046

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1047

(uid_t)uid, 0);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1048

return statusFromErrcode(res);

1049

}

1050

1051

binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,

1052

const std::string& destination,

1053

const std::string& nextHop,

1054

int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1055

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1056

bool legacy = true;

1057

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1058

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

1059

(uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1060

return statusFromErrcode(res);

1061

}

1062

1063

binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1064

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1065

*netId = gCtls->netCtrl.getDefaultNetwork();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1066

return binder::Status::ok();

1067

}

1068

1069

binder::Status NetdNativeService::networkSetDefault(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1070

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1071

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1072

return statusFromErrcode(res);

1073

}

1074

1075

binder::Status NetdNativeService::networkClearDefault() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1076

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1077

unsigned netId = NETID_UNSET;

1078

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1079

return statusFromErrcode(res);

1080

}

1081

1082

std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {

1083

return {begin(intUids), end(intUids)};

1084

}

1085

1086

Permission NetdNativeService::convertPermission(int32_t permission) {

1087

switch (permission) {

1088

case INetd::PERMISSION_NETWORK:

1089

return Permission::PERMISSION_NETWORK;

1090

case INetd::PERMISSION_SYSTEM:

1091

return Permission::PERMISSION_SYSTEM;

1092

default:

1093

return Permission::PERMISSION_NONE;

}

}

binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,

1098

int32_t permission) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1099

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1100

std::vector<unsigned> netIds = {(unsigned) netId};

1101

int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1102

return statusFromErrcode(res);

1103

}

1104

1105

binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,

1106

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1107

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1108

gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1109

return binder::Status::ok();

1110

}

1111

1112

binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1113

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1114

Permission permission = Permission::PERMISSION_NONE;

1115

gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1116

return binder::Status::ok();

1117

}

1118

1119

binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1120

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1121

std::vector<uid_t> uids = {(uid_t) uid};

1122

gCtls->netCtrl.allowProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1123

return binder::Status::ok();

1124

}

1125

1126

binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1127

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1128

std::vector<uid_t> uids = {(uid_t) uid};

1129

gCtls->netCtrl.denyProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1130

return binder::Status::ok();

1131

}

1132

1133

binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1134

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1135

*ret = gCtls->netCtrl.canProtect((uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1136

return binder::Status::ok();

1137

}

1138

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1139

binder::Status NetdNativeService::trafficSetNetPermForUids(int32_t permission,

1140

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1141

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1142

gCtls->trafficCtrl.setPermissionForUids(permission, intsToUids(uids));

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1143

return binder::Status::ok();

1144

}

1145

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1146

binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1147

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1148

auto type = static_cast<FirewallType>(firewallType);

1149

1150

int res = gCtls->firewallCtrl.setFirewallType(type);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1151

return statusFromErrcode(res);

1152

}

1153

1154

binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,

1155

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1156

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1157

auto rule = static_cast<FirewallRule>(firewallRule);

1158

1159

int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1160

return statusFromErrcode(res);

1161

}

1162

1163

binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,

1164

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1165

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1166

auto chain = static_cast<ChildChain>(childChain);

1167

auto rule = static_cast<FirewallRule>(firewallRule);

1168

1169

int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1170

return statusFromErrcode(res);

1171

}

1172

1173

binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1174

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1175

auto chain = static_cast<ChildChain>(childChain);

1176

1177

int res = gCtls->firewallCtrl.enableChildChains(chain, enable);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1178

return statusFromErrcode(res);

1179

}

1180

Rubin Xu

ec27ff2

2019-01-08 21:33:03 +0000

[diff] [blame]

1181

binder::Status NetdNativeService::firewallAddUidInterfaceRules(const std::string& ifName,

1182

const std::vector<int32_t>& uids) {

1183

ENFORCE_NETWORK_STACK_PERMISSIONS();

1184

1185

return asBinderStatus(gCtls->trafficCtrl.addUidInterfaceRules(

1186

RouteController::getIfIndex(ifName.c_str()), uids));

1187

}

1188

1189

binder::Status NetdNativeService::firewallRemoveUidInterfaceRules(

1190

const std::vector<int32_t>& uids) {

1191

ENFORCE_NETWORK_STACK_PERMISSIONS();

1192

1193

return asBinderStatus(gCtls->trafficCtrl.removeUidInterfaceRules(uids));

1194

}

1195

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1196

binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,

1197

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1198

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1199

1200

int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1201

return statusFromErrcode(res);

1202

}

1203

1204

binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,

1205

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1206

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

ae038f8

2018-11-05 11:17:31 +0900

[diff] [blame]

1207

int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1208

return statusFromErrcode(res);

1209

}

1210

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1211

binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,

1212

const std::string& wmemValues) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1213

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1214

if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {

1215

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1216

return statusFromErrcode(ret);

1217

}

1218

1219

if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {

1220

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1221

return statusFromErrcode(ret);

1222

}

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1223

return binder::Status::ok();

1224

}

1225

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1226

binder::Status NetdNativeService::registerUnsolicitedEventListener(

1227

const android::sp<android::net::INetdUnsolicitedEventListener>& listener) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1228

ENFORCE_NETWORK_STACK_PERMISSIONS();

Bernie Innocenti

9ee088d

2019-02-01 17:14:32 +0900

[diff] [blame]

1229

gCtls->eventReporter.registerUnsolEventListener(listener);

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1230

return binder::Status::ok();

1231

}

1232

Luke Huang

e60bfd8

2019-04-26 11:39:31 +0800

[diff] [blame]

1233

binder::Status NetdNativeService::getOemNetd(android::sp<android::IBinder>* listener) {

1234

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

0e5e69d

2019-03-06 15:42:38 +0800

[diff] [blame]

1235

*listener = com::android::internal::net::OemNetdListener::getListener();

1236

Luke Huang

e60bfd8

2019-04-26 11:39:31 +0800

[diff] [blame]

1237

return binder::Status::ok();

1238

}

1239

Chiachang Wang

00fc62f

2019-12-04 20:38:26 +0800

[diff] [blame]

1240

binder::Status NetdNativeService::getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markMask) {

1241

ENFORCE_NETWORK_STACK_PERMISSIONS();

1242

1243

Fwmark fwmark;

1244

fwmark.netId = netId;

1245

markMask->mask = FWMARK_NET_ID_MASK;

1246

markMask->mark = fwmark.intValue;

1247

return binder::Status::ok();

1248

}

1249

Lorenzo Colitti

e801d3c

2020-02-18 00:00:35 +0900

[diff] [blame]

1250

binder::Status NetdNativeService::tetherRuleAddDownstreamIpv6(

1251

int intIfaceIndex, int extIfaceIndex, const std::vector<uint8_t>& ipAddress,

1252

const std::vector<uint8_t>& srcL2Address, const std::vector<uint8_t>& dstL2Address) {

1253

ENFORCE_NETWORK_STACK_PERMISSIONS();

1254

1255

return asBinderStatus(gCtls->tetherCtrl.addDownstreamIpv6Rule(

1256

intIfaceIndex, extIfaceIndex, ipAddress, srcL2Address, dstL2Address));

1257

}

1258

1259

binder::Status NetdNativeService::tetherRuleRemoveDownstreamIpv6(

1260

int extIfaceIndex, const std::vector<uint8_t>& ipAddress) {

1261

ENFORCE_NETWORK_STACK_PERMISSIONS();

1262

1263

return asBinderStatus(gCtls->tetherCtrl.removeDownstreamIpv6Rule(extIfaceIndex, ipAddress));

1264

}

1265

Lorenzo Colitti