Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 767a3e84867e1d65ae5ffd7e1a6165b4cc2476d0 / . / server / NetdNativeService.cpp
blob: fdf55b471d810d537acacb29b98c4ec9f8c73795 [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]25#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]26#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]27#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]29#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]30
31#include <binder/IPCThreadState.h>
32#include <binder/IServiceManager.h>
33#include "android/net/BnNetd.h"
34
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]35#include <openssl/base64.h>
36
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]37#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]38#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]39#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]43#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]44#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]46#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]47#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]48#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]51using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]52using android::net::UidRangeParcel;
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]53using android::os::ParcelFileDescriptor;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]54
55namespace android {
56namespace net {
57
58namespace {
59
60const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]61const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]62const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]63const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]64
65binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]66 pid_t pid = IPCThreadState::self()->getCallingPid();
67 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]68
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]69 // If the caller is the system UID, don't check permissions.
70 // Otherwise, if the system server's binder thread pool is full, and all the threads are
71 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
72 //
73 // From a security perspective, there is currently no difference, because:
74 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
75 // and NETWORK_STACK, which the system server will always need to have.
76 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
77 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]78 return binder::Status::ok();
79 } else {
80 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
81 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
82 }
83}
84
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]85#define ENFORCE_DEBUGGABLE() { \
86 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]87 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]88 || value[0] != '1') { \
89 return binder::Status::fromExceptionCode( \
90 binder::Status::EX_SECURITY, \
91 String8("Not available in production builds.") \
92 ); \
93 } \
94}
95
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]96#define ENFORCE_PERMISSION(permission) { \
97 binder::Status status = checkPermission((permission)); \
98 if (!status.isOk()) { \
99 return status; \
100 } \
101}
102
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]103#define NETD_LOCKING_RPC(permission, lock) \
104 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]105 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]106
107#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]108
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]109#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
110 do { \
111 if (!isOk((res))) { \
112 logErrorStatus((logEntry), (res)); \
113 return asBinderStatus((res)); \
114 } \
115 } while (0)
116
117void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
118 gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
119}
120
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]121binder::Status asBinderStatus(const netdutils::Status& status) {
122 if (isOk(status)) {
123 return binder::Status::ok();
124 }
125 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
126}
127
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]128inline binder::Status statusFromErrcode(int ret) {
129 if (ret) {
130 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
131 }
132 return binder::Status::ok();
133}
134
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]135bool contains(const Vector<String16>& words, const String16& word) {
136 for (const auto& w : words) {
137 if (w == word) return true;
138 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]139
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]140 return false;
141}
142
143} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]144
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]145status_t NetdNativeService::start() {
146 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]147 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]148 if (ret != android::OK) {
149 return ret;
150 }
151 sp<ProcessState> ps(ProcessState::self());
152 ps->startThreadPool();
153 ps->giveThreadPoolName();
154 return android::OK;
155}
156
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]157status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]158 const binder::Status dump_permission = checkPermission(DUMP);
159 if (!dump_permission.isOk()) {
160 const String8 msg(dump_permission.toString8());
161 write(fd, msg.string(), msg.size());
162 return PERMISSION_DENIED;
163 }
164
165 // This method does not grab any locks. If individual classes need locking
166 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]167
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]168 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]169
170 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
171 dw.blankline();
172 gCtls->tcpSocketMonitor.dump(dw);
173 dw.blankline();
174 return NO_ERROR;
175 }
176
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]177 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
178 dw.blankline();
179 gCtls->trafficCtrl.dump(dw, true);
180 dw.blankline();
181 return NO_ERROR;
182 }
183
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]184 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]185 dw.blankline();
186 gCtls->netCtrl.dump(dw);
187 dw.blankline();
188
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]189 gCtls->trafficCtrl.dump(dw, false);
190 dw.blankline();
191
Benedict Wongaf855432018-05-10 17:07:37 -0700[diff] [blame]192 gCtls->xfrmCtrl.dump(dw);
193 dw.blankline();
194
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]195 {
196 ScopedIndent indentLog(dw);
197 if (contains(args, String16(OPT_SHORT))) {
198 dw.println("Log: <omitted>");
199 } else {
200 dw.println("Log:");
201 ScopedIndent indentLogEntries(dw);
202 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
203 }
204 dw.blankline();
205 }
206
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]207 return NO_ERROR;
208}
209
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]210binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]211 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]212 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]213
214 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]215
216 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]217 return binder::Status::ok();
218}
219
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]220binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]221 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
222 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]223 auto entry = gLog.newEntry()
224 .prettyFunction(__PRETTY_FUNCTION__)
225 .arg(chainName)
226 .arg(isWhitelist)
227 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]228
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]229 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]230 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]231
232 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]233 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]234}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]235
236binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
237 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]238 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]239
240 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
241 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]242 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]243 return binder::Status::ok();
244}
245
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]246binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
247 int64_t bytes) {
248 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
249 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
250
251 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
252
253 gLog.log(entry.returns(res).withAutomaticDuration());
254 return statusFromErrcode(res);
255}
256
257binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
258 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
259 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
260
261 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
262
263 gLog.log(entry.returns(res).withAutomaticDuration());
264 return statusFromErrcode(res);
265}
266
267binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
268 int64_t bytes) {
269 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
270 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
271
272 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
273
274 gLog.log(entry.returns(res).withAutomaticDuration());
275 return statusFromErrcode(res);
276}
277
278binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
279 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
280 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
281
282 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
283
284 gLog.log(entry.returns(res).withAutomaticDuration());
285 return statusFromErrcode(res);
286}
287
288binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
289 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
290 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
291
292 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
293
294 gLog.log(entry.returns(res).withAutomaticDuration());
295 return statusFromErrcode(res);
296}
297
298binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
299 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
300 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
301
302 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
303 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
304
305 gLog.log(entry.returns(res).withAutomaticDuration());
306 return statusFromErrcode(res);
307}
308
309binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
310 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
311 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
312
313 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
314 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
315
316 gLog.log(entry.returns(res).withAutomaticDuration());
317 return statusFromErrcode(res);
318}
319
320binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
321 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
322 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
323
324 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
325 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
326
327 gLog.log(entry.returns(res).withAutomaticDuration());
328 return statusFromErrcode(res);
329}
330
331binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
332 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
333 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
334
335 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
336 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
337
338 gLog.log(entry.returns(res).withAutomaticDuration());
339 return statusFromErrcode(res);
340}
341
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]342binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]343 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]344 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]345 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]346 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]347 return statusFromErrcode(ret);
348}
349
350binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
351 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
352 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
353 return statusFromErrcode(ret);
354}
355
356binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]357 ENFORCE_PERMISSION(NETWORK_STACK);
358 // Both of these functions manage their own locking internally.
359 const int ret = gCtls->netCtrl.destroyNetwork(netId);
360 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]361 return statusFromErrcode(ret);
362}
363
364binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
365 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
366 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
367 return statusFromErrcode(ret);
368}
369
370binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
371 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
372 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
373 return statusFromErrcode(ret);
374}
375
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]376namespace {
377
378std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
379 std::vector<std::string> result;
380 result.reserve(uidRangeArray.size());
381 for (const auto& uidRange : uidRangeArray) {
382 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
383 }
384
385 return base::Join(result, ", ");
386}
387
388} // namespace
389
390binder::Status NetdNativeService::networkAddUidRanges(
391 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]392 // NetworkController::addUsersToNetwork is thread-safe.
393 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]394 auto entry = gLog.newEntry()
395 .prettyFunction(__PRETTY_FUNCTION__)
396 .args(netId, uidRangeParcelVecToString(uidRangeArray));
397
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]398 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]399 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]400 return statusFromErrcode(ret);
401}
402
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]403binder::Status NetdNativeService::networkRemoveUidRanges(
404 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]405 // NetworkController::removeUsersFromNetwork is thread-safe.
406 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]407 auto entry = gLog.newEntry()
408 .prettyFunction(__PRETTY_FUNCTION__)
409 .args(netId, uidRangeParcelVecToString(uidRangeArray));
410
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]411 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]412 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]413 return statusFromErrcode(ret);
414}
415
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]416binder::Status NetdNativeService::networkRejectNonSecureVpn(
417 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]418 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
419 // it should be possible to use the same lock as NetworkController. However, every call through
420 // the CommandListener "network" command will need to hold this lock too, not just the ones that
421 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
422 // look at routes, but it's not enough here).
423 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]424 auto entry = gLog.newEntry()
425 .prettyFunction(__PRETTY_FUNCTION__)
426 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]427 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]428
429 int err;
430 if (add) {
431 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
432 } else {
433 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
434 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]435 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]436 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]437}
438
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]439binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
440 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]441 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
442
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]443 auto entry = gLog.newEntry()
444 .prettyFunction(__PRETTY_FUNCTION__)
445 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]446 SockDiag sd;
447 if (!sd.open()) {
448 return binder::Status::fromServiceSpecificError(EIO,
449 String8("Could not open SOCK_DIAG socket"));
450 }
451
452 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]453 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
454 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]455
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]456 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]457 if (err) {
458 return binder::Status::fromServiceSpecificError(-err,
459 String8::format("destroySockets: %s", strerror(-err)));
460 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]461 return binder::Status::ok();
462}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]463
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]464// Parse a base64 encoded string into a vector of bytes.
465// On failure, return an empty vector.
466static std::vector<uint8_t> parseBase64(const std::string& input) {
467 std::vector<uint8_t> decoded;
468 size_t out_len;
469 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
470 return decoded;
471 }
472 // out_len is now an upper bound on the output length.
473 decoded.resize(out_len);
474 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
475 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
476 // Possibly shrink the vector if the actual output was smaller than the bound.
477 decoded.resize(out_len);
478 } else {
479 decoded.clear();
480 }
481 if (out_len != SHA256_SIZE) {
482 decoded.clear();
483 }
484 return decoded;
485}
486
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]487binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
488 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]489 const std::vector<int32_t>& params, const std::string& tlsName,
490 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]491 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]492 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
493 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]494 auto entry = gLog.newEntry()
495 .prettyFunction(__PRETTY_FUNCTION__)
496 .arg(netId)
497 .arg(servers)
498 .arg(domains)
499 .arg(params)
500 .arg(tlsName)
501 .arg(tlsServers)
502 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]503
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]504 std::set<std::vector<uint8_t>> decoded_fingerprints;
505 for (const std::string& fingerprint : tlsFingerprints) {
506 std::vector<uint8_t> decoded = parseBase64(fingerprint);
507 if (decoded.empty()) {
508 return binder::Status::fromServiceSpecificError(EINVAL,
509 String8::format("ResolverController error: bad fingerprint"));
510 }
511 decoded_fingerprints.emplace(decoded);
512 }
513
514 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]515 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]516 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]517 if (err != 0) {
518 return binder::Status::fromServiceSpecificError(-err,
519 String8::format("ResolverController error: %s", strerror(-err)));
520 }
521 return binder::Status::ok();
522}
523
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]524binder::Status NetdNativeService::getResolverInfo(int32_t netId, std::vector<std::string>* servers,
525 std::vector<std::string>* domains,
526 std::vector<std::string>* tlsServers,
527 std::vector<int32_t>* params,
528 std::vector<int32_t>* stats) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]529 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]530 ENFORCE_PERMISSION(NETWORK_STACK);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]531
Mike Yuda77e8e2018-11-26 13:26:21 +0900[diff] [blame]532 int err =
533 gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, tlsServers, params, stats);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]534 if (err != 0) {
535 return binder::Status::fromServiceSpecificError(-err,
536 String8::format("ResolverController error: %s", strerror(-err)));
537 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]538 return binder::Status::ok();
539}
540
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]541binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]542 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]543
544 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
545 return binder::Status::ok();
546}
547
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]548namespace {
549
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]550void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
551 const TetherController::TetherStats& tetherStats) {
552 if (tetherStatsParcel->extIface == tetherStats.extIface) {
553 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
554 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
555 tetherStatsParcel->txBytes += tetherStats.txBytes;
556 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]557 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]558}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]559
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]560TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
561 TetherStatsParcel result;
562 result.iface = stats.extIface;
563 result.rxBytes = stats.rxBytes;
564 result.rxPackets = stats.rxPackets;
565 result.txBytes = stats.txBytes;
566 result.txPackets = stats.txPackets;
567 return result;
568}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]569
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]570void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
571 const TetherController::TetherStatsList& statsList) {
572 std::map<std::string, TetherController::TetherStats> statsMap;
573 for (const auto& stats : statsList) {
574 auto iter = statsMap.find(stats.extIface);
575 if (iter != statsMap.end()) {
576 tetherAddStatsByInterface(&(iter->second), stats);
577 } else {
578 statsMap.insert(
579 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
580 }
581 }
582 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
583 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
584 }
585}
586
587std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
588 std::vector<std::string> result;
589 for (const auto& t : *tVec) {
590 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
591 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
592 t.txPackets));
593 }
594 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]595}
596
597} // namespace
598
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]599binder::Status NetdNativeService::tetherGetStats(
600 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]601 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]602
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]603 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
604
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]605 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]606 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]607 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]608 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]609 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
610 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
611 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]612 return binder::Status::ok();
613}
614
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]615binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
616 const std::string &addrString, int prefixLength) {
617 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
618
619 const int err = InterfaceController::addAddress(
620 ifName.c_str(), addrString.c_str(), prefixLength);
621 if (err != 0) {
622 return binder::Status::fromServiceSpecificError(-err,
623 String8::format("InterfaceController error: %s", strerror(-err)));
624 }
625 return binder::Status::ok();
626}
627
628binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
629 const std::string &addrString, int prefixLength) {
630 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
631
632 const int err = InterfaceController::delAddress(
633 ifName.c_str(), addrString.c_str(), prefixLength);
634 if (err != 0) {
635 return binder::Status::fromServiceSpecificError(-err,
636 String8::format("InterfaceController error: %s", strerror(-err)));
637 }
638 return binder::Status::ok();
639}
640
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]641namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]642
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]643std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
644 int32_t category) {
645 const char* ipversionStr = nullptr;
646 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]647 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]648 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]649 break;
650 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]651 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]652 break;
653 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]654 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
655 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]656 }
657
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]658 const char* whichStr = nullptr;
659 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]660 case INetd::CONF:
661 whichStr = "conf";
662 break;
663 case INetd::NEIGH:
664 whichStr = "neigh";
665 break;
666 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]667 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
668 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]669 }
670
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]671 return {binder::Status::ok(), ipversionStr, whichStr};
672}
673
674} // namespace
675
676binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
677 const std::string& ifname,
678 const std::string& parameter, std::string* value) {
679 ENFORCE_PERMISSION(NETWORK_STACK);
680 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
681 .args(ipversion, which, ifname, parameter);
682
683 const auto pathParts = getPathComponents(ipversion, which);
684 const auto& pathStatus = std::get<0>(pathParts);
685 if (!pathStatus.isOk()) {
686 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
687 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]688 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]689
690 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
691 std::get<2>(pathParts), ifname.c_str(),
692 parameter.c_str(), value);
693 entry.returns(err);
694 if (err == 0) entry.returns(*value);
695 gLog.log(entry.withAutomaticDuration());
696 return statusFromErrcode(err);
697}
698
699binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
700 const std::string& ifname,
701 const std::string& parameter,
702 const std::string& value) {
703 ENFORCE_PERMISSION(NETWORK_STACK);
704 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
705 .args(ipversion, which, ifname, parameter, value);
706
707 const auto pathParts = getPathComponents(ipversion, which);
708 const auto& pathStatus = std::get<0>(pathParts);
709 if (!pathStatus.isOk()) {
710 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
711 return pathStatus;
712 }
713
714 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
715 std::get<2>(pathParts), ifname.c_str(),
716 parameter.c_str(), value.c_str());
717 gLog.log(entry.returns(err).withAutomaticDuration());
718 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]719}
720
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]721binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
722 // This function intentionally does not lock, since the only thing it does is one read from an
723 // atomic_int.
724 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
725 ENFORCE_DEBUGGABLE();
726
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]727 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]728 return binder::Status::ok();
729}
730
731binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
732 // This function intentionally does not lock, since the only thing it does is one write to an
733 // atomic_int.
734 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
735 ENFORCE_DEBUGGABLE();
736
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]737 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
738 ? binder::Status::ok()
739 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]740}
741
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]742binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,
743 int newUid) {
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]744 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]745 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]746
747 uid_t callerUid = IPCThreadState::self()->getCallingUid();
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]748 return asBinderStatus(
749 gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]750}
751
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]752binder::Status NetdNativeService::ipSecAllocateSpi(
753 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]754 const std::string& sourceAddress,
755 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]756 int32_t inSpi,
757 int32_t* outSpi) {
758 // Necessary locking done in IpSecService and kernel
759 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]760 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]761 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]762 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]763 sourceAddress,
764 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]765 inSpi,
766 outSpi));
767}
768
769binder::Status NetdNativeService::ipSecAddSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]770 int32_t transformId, int32_t mode, const std::string& sourceAddress,
771 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
772 int32_t markValue, int32_t markMask, const std::string& authAlgo,
773 const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
774 const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
775 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
776 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]777 // Necessary locking done in IpSecService and kernel
778 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]779 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]780 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]781 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
782 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]783 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
784 interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]785}
786
787binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]788 int32_t transformId, const std::string& sourceAddress,
789 const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
790 int32_t interfaceId) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]791 // Necessary locking done in IpSecService and kernel
792 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]793 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]794 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]795 transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]796}
797
798binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]799 const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,
800 const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]801 // Necessary locking done in IpSecService and kernel
802 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]803 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]804 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]805 socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]806}
807
808binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]809 const ParcelFileDescriptor& socket) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]810 // Necessary locking done in IpSecService and kernel
811 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]812 gLog.log("ipSecRemoveTransportModeTransform()");
Luke Huange203a152018-11-23 11:47:28 +0800[diff] [blame]813 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]814}
815
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]816binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
817 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]818 const std::string& tmplSrcAddress,
819 const std::string& tmplDstAddress,
820 int32_t spi, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]821 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]822 // Necessary locking done in IpSecService and kernel
823 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]824 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]825 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]826 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]827 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]828}
829
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]830binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
831 int32_t transformId, int32_t selAddrFamily, int32_t direction,
832 const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
833 int32_t markValue, int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]834 // Necessary locking done in IpSecService and kernel
835 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]836 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]837 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]838 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]839 markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]840}
841
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]842binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
843 int32_t selAddrFamily,
844 int32_t direction, int32_t markValue,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]845 int32_t markMask, int32_t interfaceId) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]846 // Necessary locking done in IpSecService and kernel
847 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]848 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]849 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]850 transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]851}
852
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]853binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
854 const std::string& localAddress,
855 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]856 int32_t iKey, int32_t oKey,
857 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]858 // Necessary locking done in IpSecService and kernel
859 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]860 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]861
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]862 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]863 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]864 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
865
866 gLog.log(entry.returns(result).withAutomaticDuration());
867 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]868}
869
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]870binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
871 const std::string& localAddress,
872 const std::string& remoteAddress,
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]873 int32_t iKey, int32_t oKey,
874 int32_t interfaceId) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]875 // Necessary locking done in IpSecService and kernel
876 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]877 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]878
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]879 netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
Benedict Wonga450e722018-05-07 10:29:02 -0700[diff] [blame]880 deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]881 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
882
883 gLog.log(entry.returns(result).withAutomaticDuration());
884 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]885}
886
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]887binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]888 // Necessary locking done in IpSecService and kernel
889 ENFORCE_PERMISSION(NETWORK_STACK);
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]890 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]891
Benedict Wong319f17e2018-05-15 17:06:44 -0700[diff] [blame]892 netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
893 RETURN_BINDER_STATUS_IF_NOT_OK(entry, result);
894
895 gLog.log(entry.returns(result).withAutomaticDuration());
896 return binder::Status::ok();
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]897}
898
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]899binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
900 int32_t mode) {
901 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]902 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]903}
904
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]905binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
906 const std::string& prefix, int32_t mark,
907 int32_t mask) {
908 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]909 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]910}
911
912binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
913 const std::string& prefix, int32_t mark,
914 int32_t mask) {
915 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]916 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]917}
918
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]919binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
920 ENFORCE_PERMISSION(NETWORK_STACK);
921 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
922 return binder::Status::ok();
923}
924
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]925binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
926 const std::string& classLabel) {
927 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
928 auto entry = gLog.newEntry()
929 .prettyFunction(__PRETTY_FUNCTION__)
930 .arg(ifName)
931 .arg(timeout)
932 .arg(classLabel);
933 int res =
934 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
935 gLog.log(entry.returns(res).withAutomaticDuration());
936 return statusFromErrcode(res);
937}
938
939binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
940 int32_t timeout,
941 const std::string& classLabel) {
942 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
943 auto entry = gLog.newEntry()
944 .prettyFunction(__PRETTY_FUNCTION__)
945 .arg(ifName)
946 .arg(timeout)
947 .arg(classLabel);
948 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
949 classLabel.c_str());
950 gLog.log(entry.returns(res).withAutomaticDuration());
951 return statusFromErrcode(res);
952}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]953
954binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
955 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
956 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
957 StrictPenalty penalty;
958 switch (policyPenalty) {
959 case INetd::PENALTY_POLICY_REJECT:
960 penalty = REJECT;
961 break;
962 case INetd::PENALTY_POLICY_LOG:
963 penalty = LOG;
964 break;
965 case INetd::PENALTY_POLICY_ACCEPT:
966 penalty = ACCEPT;
967 break;
968 default:
969 return statusFromErrcode(-EINVAL);
970 break;
971 }
972 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
973 gLog.log(entry.returns(res).withAutomaticDuration());
974 return statusFromErrcode(res);
975}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]976
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]977binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
978 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
979 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
980 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
981 gLog.log(entry.returns(res).withAutomaticDuration());
982 return statusFromErrcode(res);
983}
984
985binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
986 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
987 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
988 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
989 gLog.log(entry.returns(res).withAutomaticDuration());
990 return statusFromErrcode(res);
991}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]992
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]993binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
994 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
995 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
996 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
997 gLog.log(entry.returns(*status).withAutomaticDuration());
998 return binder::Status::ok();
999}
1000
1001binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1002 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1003 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1004 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1005 gLog.log(entry.returns(res).withAutomaticDuration());
1006 return statusFromErrcode(res);
1007}
1008
1009binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1010 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1011 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1012 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1013 gLog.log(entry.returns(res).withAutomaticDuration());
1014 return statusFromErrcode(res);
1015}
1016
1017binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1018 const std::string& toIface) {
1019 ENFORCE_PERMISSION(NETWORK_STACK);
1020 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1021 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1022 gLog.log(entry.returns(res).withAutomaticDuration());
1023 return statusFromErrcode(res);
1024}
1025
1026binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1027 const std::string& toIface) {
1028 ENFORCE_PERMISSION(NETWORK_STACK);
1029 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1030 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1031 gLog.log(entry.returns(res).withAutomaticDuration());
1032 return statusFromErrcode(res);
1033}
1034
Luke Huangf7782042018-08-08 13:13:04 +0800[diff] [blame]1035namespace {
1036std::string addSquareBrackets(const std::string& s) {
1037 return "[" + s + "]";
1038}
1039
1040std::string addCurlyBrackets(const std::string& s) {
1041 return "{" + s + "}";
1042}
1043
1044} // namespace
1045binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
1046 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1047 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1048
1049 const auto& ifaceList = InterfaceController::getIfaceNames();
1050 RETURN_BINDER_STATUS_IF_NOT_OK(entry, ifaceList);
1051
1052 interfaceListResult->clear();
1053 interfaceListResult->reserve(ifaceList.value().size());
1054 interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
1055 end(ifaceList.value()));
1056
1057 gLog.log(entry.returns(addSquareBrackets(base::Join(*interfaceListResult, ", ")))
1058 .withAutomaticDuration());
1059 return binder::Status::ok();
1060}
1061
1062std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
1063 std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
1064 std::to_string(cfg.prefixLength)};
1065 result.insert(end(result), begin(cfg.flags), end(cfg.flags));
1066 return addCurlyBrackets(base::Join(result, ", "));
1067}
1068
1069binder::Status NetdNativeService::interfaceGetCfg(
1070 const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
1071 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1072 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1073
1074 const auto& cfgRes = InterfaceController::getCfg(ifName);
1075 RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
1076
1077 *interfaceGetCfgResult = cfgRes.value();
1078 gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
1079 .withAutomaticDuration());
1080 return binder::Status::ok();
1081}
1082
1083binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
1084 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1085 auto entry = gLog.newEntry()
1086 .prettyFunction(__PRETTY_FUNCTION__)
1087 .arg(interfaceConfigurationParcelToString(cfg));
1088
1089 const auto& res = InterfaceController::setCfg(cfg);
1090 RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
1091
1092 gLog.log(entry.withAutomaticDuration());
1093 return binder::Status::ok();
1094}
1095
1096binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
1097 bool enable) {
1098 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1099 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1100 int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
1101 gLog.log(entry.returns(res).withAutomaticDuration());
1102 return statusFromErrcode(res);
1103}
1104
1105binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
1106 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1107 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1108 int res = InterfaceController::clearAddrs(ifName.c_str());
1109 gLog.log(entry.returns(res).withAutomaticDuration());
1110 return statusFromErrcode(res);
1111}
1112
1113binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
1114 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1115 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, enable);
1116 int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
1117 gLog.log(entry.returns(res).withAutomaticDuration());
1118 return statusFromErrcode(res);
1119}
1120
1121binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
1122 NETD_LOCKING_RPC(NETWORK_STACK, InterfaceController::mutex);
1123 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(ifName, mtuValue);
1124 std::string mtu = std::to_string(mtuValue);
1125 int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
1126 gLog.log(entry.returns(res).withAutomaticDuration());
1127 return statusFromErrcode(res);
1128}
1129
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1130binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1131 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1132 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1133 if (dhcpRanges.size() % 2 == 1) {
1134 return statusFromErrcode(-EINVAL);
1135 }
1136 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1137 gLog.log(entry.returns(res).withAutomaticDuration());
1138 return statusFromErrcode(res);
1139}
1140
1141binder::Status NetdNativeService::tetherStop() {
1142 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1143 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1144 int res = gCtls->tetherCtrl.stopTethering();
1145 gLog.log(entry.returns(res).withAutomaticDuration());
1146 return statusFromErrcode(res);
1147}
1148
1149binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1150 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1151 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1152 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1153 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1154 return binder::Status::ok();
1155}
1156
1157binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1158 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1159 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1160 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1161 gLog.log(entry.returns(res).withAutomaticDuration());
1162 return statusFromErrcode(res);
1163}
1164
1165binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1166 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1167 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1168 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1169 gLog.log(entry.returns(res).withAutomaticDuration());
1170 return statusFromErrcode(res);
1171}
1172
1173binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1174 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1175 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1176 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1177 ifList->push_back(ifname);
1178 }
1179 gLog.log(entry.returns(true).withAutomaticDuration());
1180 return binder::Status::ok();
1181}
1182
1183binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1184 const std::vector<std::string>& dnsAddrs) {
1185 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1186 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1187 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1188 gLog.log(entry.returns(res).withAutomaticDuration());
1189 return statusFromErrcode(res);
1190}
1191
1192binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1193 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1194 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1195 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1196 dnsList->push_back(fwdr);
1197 }
1198 gLog.log(entry.returns(true).withAutomaticDuration());
1199 return binder::Status::ok();
1200}
1201
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1202binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1203 const std::string& destination,
1204 const std::string& nextHop) {
1205 // Public methods of NetworkController are thread-safe.
1206 ENFORCE_PERMISSION(NETWORK_STACK);
1207 auto entry = gLog.newEntry()
1208 .prettyFunction(__PRETTY_FUNCTION__)
1209 .arg(netId)
1210 .arg(ifName)
1211 .arg(destination)
1212 .arg(nextHop);
1213 bool legacy = false;
1214 uid_t uid = 0; // UID is only meaningful for legacy routes.
1215 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1216 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1217 gLog.log(entry.returns(res).withAutomaticDuration());
1218 return statusFromErrcode(res);
1219}
1220
1221binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1222 const std::string& destination,
1223 const std::string& nextHop) {
1224 ENFORCE_PERMISSION(NETWORK_STACK);
1225 auto entry = gLog.newEntry()
1226 .prettyFunction(__PRETTY_FUNCTION__)
1227 .arg(netId)
1228 .arg(ifName)
1229 .arg(destination)
1230 .arg(nextHop);
1231 bool legacy = false;
1232 uid_t uid = 0; // UID is only meaningful for legacy routes.
1233 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1234 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1235 gLog.log(entry.returns(res).withAutomaticDuration());
1236 return statusFromErrcode(res);
1237}
1238
1239binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1240 const std::string& destination,
1241 const std::string& nextHop, int32_t uid) {
1242 ENFORCE_PERMISSION(NETWORK_STACK);
1243 auto entry = gLog.newEntry()
1244 .prettyFunction(__PRETTY_FUNCTION__)
1245 .arg(netId)
1246 .arg(ifName)
1247 .arg(destination)
1248 .arg(nextHop)
1249 .arg(uid);
1250 bool legacy = true;
1251 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1252 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1253 (uid_t) uid);
1254 gLog.log(entry.returns(res).withAutomaticDuration());
1255 return statusFromErrcode(res);
1256}
1257
1258binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1259 const std::string& destination,
1260 const std::string& nextHop,
1261 int32_t uid) {
1262 ENFORCE_PERMISSION(NETWORK_STACK);
1263 auto entry = gLog.newEntry()
1264 .prettyFunction(__PRETTY_FUNCTION__)
1265 .arg(netId)
1266 .arg(ifName)
1267 .arg(destination)
1268 .arg(nextHop)
1269 .arg(uid);
1270 bool legacy = true;
1271 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1272 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1273 (uid_t) uid);
1274 gLog.log(entry.returns(res).withAutomaticDuration());
1275 return statusFromErrcode(res);
1276}
1277
1278binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1279 ENFORCE_PERMISSION(NETWORK_STACK);
1280 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1281 *netId = gCtls->netCtrl.getDefaultNetwork();
1282 gLog.log(entry.returns(*netId).withAutomaticDuration());
1283 return binder::Status::ok();
1284}
1285
1286binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1287 ENFORCE_PERMISSION(NETWORK_STACK);
1288 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1289 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1290 gLog.log(entry.returns(res).withAutomaticDuration());
1291 return statusFromErrcode(res);
1292}
1293
1294binder::Status NetdNativeService::networkClearDefault() {
1295 ENFORCE_PERMISSION(NETWORK_STACK);
1296 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1297 unsigned netId = NETID_UNSET;
1298 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1299 gLog.log(entry.returns(res).withAutomaticDuration());
1300 return statusFromErrcode(res);
1301}
1302
1303std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1304 return {begin(intUids), end(intUids)};
1305}
1306
1307Permission NetdNativeService::convertPermission(int32_t permission) {
1308 switch (permission) {
1309 case INetd::PERMISSION_NETWORK:
1310 return Permission::PERMISSION_NETWORK;
1311 case INetd::PERMISSION_SYSTEM:
1312 return Permission::PERMISSION_SYSTEM;
1313 default:
1314 return Permission::PERMISSION_NONE;
1315 }
1316}
1317
1318binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1319 int32_t permission) {
1320 ENFORCE_PERMISSION(NETWORK_STACK);
1321 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1322 std::vector<unsigned> netIds = {(unsigned) netId};
1323 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1324 gLog.log(entry.returns(res).withAutomaticDuration());
1325 return statusFromErrcode(res);
1326}
1327
1328binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1329 const std::vector<int32_t>& uids) {
1330 ENFORCE_PERMISSION(NETWORK_STACK);
1331 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1332 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1333 gLog.log(entry.withAutomaticDuration());
1334 return binder::Status::ok();
1335}
1336
1337binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1338 ENFORCE_PERMISSION(NETWORK_STACK);
1339 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1340 Permission permission = Permission::PERMISSION_NONE;
1341 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1342 gLog.log(entry.withAutomaticDuration());
1343 return binder::Status::ok();
1344}
1345
1346binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1347 ENFORCE_PERMISSION(NETWORK_STACK);
1348 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1349 std::vector<uid_t> uids = {(uid_t) uid};
1350 gCtls->netCtrl.allowProtect(uids);
1351 gLog.log(entry.withAutomaticDuration());
1352 return binder::Status::ok();
1353}
1354
1355binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1356 ENFORCE_PERMISSION(NETWORK_STACK);
1357 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1358 std::vector<uid_t> uids = {(uid_t) uid};
1359 gCtls->netCtrl.denyProtect(uids);
1360 gLog.log(entry.withAutomaticDuration());
1361 return binder::Status::ok();
1362}
1363
1364binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1365 ENFORCE_PERMISSION(NETWORK_STACK);
1366 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1367 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1368 gLog.log(entry.returns(*ret).withAutomaticDuration());
1369 return binder::Status::ok();
1370}
1371
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1372namespace {
1373std::string ruleToString(int32_t rule) {
1374 switch (rule) {
1375 case INetd::FIREWALL_RULE_DENY:
1376 return "DENY";
1377 case INetd::FIREWALL_RULE_ALLOW:
1378 return "ALLOW";
1379 default:
1380 return "INVALID";
1381 }
1382}
1383
1384std::string typeToString(int32_t type) {
1385 switch (type) {
1386 case INetd::FIREWALL_WHITELIST:
1387 return "WHITELIST";
1388 case INetd::FIREWALL_BLACKLIST:
1389 return "BLACKLIST";
1390 default:
1391 return "INVALID";
1392 }
1393}
1394
1395std::string chainToString(int32_t chain) {
1396 switch (chain) {
1397 case INetd::FIREWALL_CHAIN_NONE:
1398 return "NONE";
1399 case INetd::FIREWALL_CHAIN_DOZABLE:
1400 return "DOZABLE";
1401 case INetd::FIREWALL_CHAIN_STANDBY:
1402 return "STANDBY";
1403 case INetd::FIREWALL_CHAIN_POWERSAVE:
1404 return "POWERSAVE";
1405 default:
1406 return "INVALID";
1407 }
1408}
1409
1410} // namespace
1411
1412binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1413 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1414 auto entry =
1415 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1416 auto type = static_cast<FirewallType>(firewallType);
1417
1418 int res = gCtls->firewallCtrl.setFirewallType(type);
1419 gLog.log(entry.returns(res).withAutomaticDuration());
1420 return statusFromErrcode(res);
1421}
1422
1423binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1424 int32_t firewallRule) {
1425 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1426 auto entry = gLog.newEntry()
1427 .prettyFunction(__PRETTY_FUNCTION__)
1428 .args(ifName, ruleToString(firewallRule));
1429 auto rule = static_cast<FirewallRule>(firewallRule);
1430
1431 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1432 gLog.log(entry.returns(res).withAutomaticDuration());
1433 return statusFromErrcode(res);
1434}
1435
1436binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1437 int32_t firewallRule) {
1438 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1439 auto entry = gLog.newEntry()
1440 .prettyFunction(__PRETTY_FUNCTION__)
1441 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1442 auto chain = static_cast<ChildChain>(childChain);
1443 auto rule = static_cast<FirewallRule>(firewallRule);
1444
1445 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1446 gLog.log(entry.returns(res).withAutomaticDuration());
1447 return statusFromErrcode(res);
1448}
1449
1450binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1451 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1452 auto entry = gLog.newEntry()
1453 .prettyFunction(__PRETTY_FUNCTION__)
1454 .args(chainToString(childChain), enable);
1455 auto chain = static_cast<ChildChain>(childChain);
1456
1457 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1458 gLog.log(entry.returns(res).withAutomaticDuration());
1459 return statusFromErrcode(res);
1460}
1461
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1462binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1463 const std::string& extIface) {
1464 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1465 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1466
1467 int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1468 gLog.log(entry.returns(res).withAutomaticDuration());
1469 return statusFromErrcode(res);
1470}
1471
1472binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1473 const std::string& extIface) {
1474 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1475 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).args(intIface, extIface);
1476
Luke Huangae038f82018-11-05 11:17:31 +0900[diff] [blame]1477 int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
Luke Huang19b49c52018-10-22 12:12:05 +0900[diff] [blame]1478 gLog.log(entry.returns(res).withAutomaticDuration());
1479 return statusFromErrcode(res);
1480}
1481
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1482} // namespace net
1483} // namespace android