Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 5ae615416cb8dedcb7bd1157f58d012c3535ed11 / . / server / NetdNativeService.cpp
blob: d589bfccafd8a50bdf007c673476ec9c4bb9c59b [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]19#include <cinttypes>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]20#include <set>
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]21#include <tuple>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]22#include <vector>
23
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]25#include <android-base/strings.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]26#include <cutils/properties.h>
Logan Chien3f461482018-04-23 14:31:32 +0800[diff] [blame]27#include <log/log.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]29#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]30
31#include <binder/IPCThreadState.h>
32#include <binder/IServiceManager.h>
33#include "android/net/BnNetd.h"
34
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]35#include <openssl/base64.h>
36
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]37#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]38#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]39#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]40#include "InterfaceController.h"
Mike Yu5ae61542018-10-19 22:11:43 +0800[diff] [blame^]41#include "NetdConstants.h" // SHA256_SIZE
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]42#include "NetdNativeService.h"
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]43#include "Permission.h"
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]44#include "Process.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]45#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]46#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]47#include "UidRanges.h"
Bernie Innocenti189eb502018-10-01 23:10:18 +0900[diff] [blame]48#include "netid_client.h" // NETID_UNSET
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]49
50using android::base::StringPrintf;
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]51using android::net::TetherStatsParcel;
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]52using android::net::UidRangeParcel;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]53
54namespace android {
55namespace net {
56
57namespace {
58
59const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]60const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]61const char DUMP[] = "android.permission.DUMP";
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]62const char OPT_SHORT[] = "--short";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]63
64binder::Status checkPermission(const char *permission) {
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]65 pid_t pid = IPCThreadState::self()->getCallingPid();
66 uid_t uid = IPCThreadState::self()->getCallingUid();
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]67
Luke Huanga38b65c2018-09-26 16:31:03 +0800[diff] [blame]68 // If the caller is the system UID, don't check permissions.
69 // Otherwise, if the system server's binder thread pool is full, and all the threads are
70 // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
71 //
72 // From a security perspective, there is currently no difference, because:
73 // 1. The only permissions we check in netd's binder interface are CONNECTIVITY_INTERNAL
74 // and NETWORK_STACK, which the system server will always need to have.
75 // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
76 if (uid == AID_SYSTEM || checkPermission(String16(permission), pid, uid)) {
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]77 return binder::Status::ok();
78 } else {
79 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
80 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
81 }
82}
83
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]84#define ENFORCE_DEBUGGABLE() { \
85 char value[PROPERTY_VALUE_MAX + 1]; \
Yi Kongbdfd57e2018-07-25 13:26:10 -0700[diff] [blame]86 if (property_get("ro.debuggable", value, nullptr) != 1 \
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]87 || value[0] != '1') { \
88 return binder::Status::fromExceptionCode( \
89 binder::Status::EX_SECURITY, \
90 String8("Not available in production builds.") \
91 ); \
92 } \
93}
94
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]95#define ENFORCE_PERMISSION(permission) { \
96 binder::Status status = checkPermission((permission)); \
97 if (!status.isOk()) { \
98 return status; \
99 } \
100}
101
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]102#define NETD_LOCKING_RPC(permission, lock) \
103 ENFORCE_PERMISSION(permission); \
Bernie Innocentiabf8a342018-08-10 15:17:16 +0900[diff] [blame]104 std::lock_guard _lock(lock);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]105
106#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]107
Bernie Innocenti97f388f2018-10-16 19:17:08 +0900[diff] [blame]108binder::Status asBinderStatus(const netdutils::Status& status) {
109 if (isOk(status)) {
110 return binder::Status::ok();
111 }
112 return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
113}
114
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]115inline binder::Status statusFromErrcode(int ret) {
116 if (ret) {
117 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
118 }
119 return binder::Status::ok();
120}
121
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]122bool contains(const Vector<String16>& words, const String16& word) {
123 for (const auto& w : words) {
124 if (w == word) return true;
125 }
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]126
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]127 return false;
128}
129
130} // namespace
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]131
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]132status_t NetdNativeService::start() {
133 IPCThreadState::self()->disableBackgroundScheduling(true);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]134 const status_t ret = BinderService<NetdNativeService>::publish();
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]135 if (ret != android::OK) {
136 return ret;
137 }
138 sp<ProcessState> ps(ProcessState::self());
139 ps->startThreadPool();
140 ps->giveThreadPoolName();
141 return android::OK;
142}
143
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]144status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]145 const binder::Status dump_permission = checkPermission(DUMP);
146 if (!dump_permission.isOk()) {
147 const String8 msg(dump_permission.toString8());
148 write(fd, msg.string(), msg.size());
149 return PERMISSION_DENIED;
150 }
151
152 // This method does not grab any locks. If individual classes need locking
153 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]154
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]155 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]156
157 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
158 dw.blankline();
159 gCtls->tcpSocketMonitor.dump(dw);
160 dw.blankline();
161 return NO_ERROR;
162 }
163
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]164 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
165 dw.blankline();
166 gCtls->trafficCtrl.dump(dw, true);
167 dw.blankline();
168 return NO_ERROR;
169 }
170
Erik Kline85890042018-05-25 19:19:11 +0900[diff] [blame]171 process::dump(dw);
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]172 dw.blankline();
173 gCtls->netCtrl.dump(dw);
174 dw.blankline();
175
Chenbo Fengef297172018-03-26 10:53:33 -0700[diff] [blame]176 gCtls->trafficCtrl.dump(dw, false);
177 dw.blankline();
178
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]179 {
180 ScopedIndent indentLog(dw);
181 if (contains(args, String16(OPT_SHORT))) {
182 dw.println("Log: <omitted>");
183 } else {
184 dw.println("Log:");
185 ScopedIndent indentLogEntries(dw);
186 gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
187 }
188 dw.blankline();
189 }
190
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]191 return NO_ERROR;
192}
193
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]194binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]195 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]196 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]197
198 *alive = true;
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]199
200 gLog.log(entry.returns(*alive));
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]201 return binder::Status::ok();
202}
203
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]204binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]205 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
206 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]207 auto entry = gLog.newEntry()
208 .prettyFunction(__PRETTY_FUNCTION__)
209 .arg(chainName)
210 .arg(isWhitelist)
211 .arg(uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]212
Erik Klinef52d4522018-03-14 15:01:46 +0900[diff] [blame]213 int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]214 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]215
216 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]217 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]218}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]219
220binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
221 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]222 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(enable);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]223
224 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
225 *ret = (err == 0);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]226 gLog.log(entry.returns(*ret).withAutomaticDuration());
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]227 return binder::Status::ok();
228}
229
Luke Huang531f5d32018-08-03 15:19:05 +0800[diff] [blame]230binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
231 int64_t bytes) {
232 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
233 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
234
235 int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
236
237 gLog.log(entry.returns(res).withAutomaticDuration());
238 return statusFromErrcode(res);
239}
240
241binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
242 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
243 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
244
245 int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
246
247 gLog.log(entry.returns(res).withAutomaticDuration());
248 return statusFromErrcode(res);
249}
250
251binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
252 int64_t bytes) {
253 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
254 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName).arg(bytes);
255
256 int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
257
258 gLog.log(entry.returns(res).withAutomaticDuration());
259 return statusFromErrcode(res);
260}
261
262binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
263 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
264 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
265
266 int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
267
268 gLog.log(entry.returns(res).withAutomaticDuration());
269 return statusFromErrcode(res);
270}
271
272binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
273 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
274 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(bytes);
275
276 int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
277
278 gLog.log(entry.returns(res).withAutomaticDuration());
279 return statusFromErrcode(res);
280}
281
282binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
283 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
284 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
285
286 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
287 int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);
288
289 gLog.log(entry.returns(res).withAutomaticDuration());
290 return statusFromErrcode(res);
291}
292
293binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
294 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
295 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
296
297 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
298 int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);
299
300 gLog.log(entry.returns(res).withAutomaticDuration());
301 return statusFromErrcode(res);
302}
303
304binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
305 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
306 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
307
308 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
309 int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);
310
311 gLog.log(entry.returns(res).withAutomaticDuration());
312 return statusFromErrcode(res);
313}
314
315binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
316 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->bandwidthCtrl.lock);
317 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
318
319 std::vector<std::string> appStrUids = {std::to_string(abs(uid))};
320 int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);
321
322 gLog.log(entry.returns(res).withAutomaticDuration());
323 return statusFromErrcode(res);
324}
325
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]326binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]327 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]328 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]329 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]330 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]331 return statusFromErrcode(ret);
332}
333
334binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
335 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
336 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
337 return statusFromErrcode(ret);
338}
339
340binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]341 ENFORCE_PERMISSION(NETWORK_STACK);
342 // Both of these functions manage their own locking internally.
343 const int ret = gCtls->netCtrl.destroyNetwork(netId);
344 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]345 return statusFromErrcode(ret);
346}
347
348binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
349 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
350 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
351 return statusFromErrcode(ret);
352}
353
354binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
355 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
356 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
357 return statusFromErrcode(ret);
358}
359
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]360namespace {
361
362std::string uidRangeParcelVecToString(const std::vector<UidRangeParcel>& uidRangeArray) {
363 std::vector<std::string> result;
364 result.reserve(uidRangeArray.size());
365 for (const auto& uidRange : uidRangeArray) {
366 result.push_back(StringPrintf("%d-%d", uidRange.start, uidRange.stop));
367 }
368
369 return base::Join(result, ", ");
370}
371
372} // namespace
373
374binder::Status NetdNativeService::networkAddUidRanges(
375 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]376 // NetworkController::addUsersToNetwork is thread-safe.
377 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]378 auto entry = gLog.newEntry()
379 .prettyFunction(__PRETTY_FUNCTION__)
380 .args(netId, uidRangeParcelVecToString(uidRangeArray));
381
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]382 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]383 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]384 return statusFromErrcode(ret);
385}
386
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]387binder::Status NetdNativeService::networkRemoveUidRanges(
388 int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]389 // NetworkController::removeUsersFromNetwork is thread-safe.
390 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]391 auto entry = gLog.newEntry()
392 .prettyFunction(__PRETTY_FUNCTION__)
393 .args(netId, uidRangeParcelVecToString(uidRangeArray));
394
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]395 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]396 gLog.log(entry.returns(ret).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]397 return statusFromErrcode(ret);
398}
399
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]400binder::Status NetdNativeService::networkRejectNonSecureVpn(
401 bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]402 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
403 // it should be possible to use the same lock as NetworkController. However, every call through
404 // the CommandListener "network" command will need to hold this lock too, not just the ones that
405 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
406 // look at routes, but it's not enough here).
407 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]408 auto entry = gLog.newEntry()
409 .prettyFunction(__PRETTY_FUNCTION__)
410 .args(add, uidRangeParcelVecToString(uidRangeArray));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]411 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]412
413 int err;
414 if (add) {
415 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
416 } else {
417 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
418 }
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]419 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]420 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]421}
422
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]423binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
424 const std::vector<int32_t>& skipUids) {
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]425 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
426
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]427 auto entry = gLog.newEntry()
428 .prettyFunction(__PRETTY_FUNCTION__)
429 .arg(uidRangeParcelVecToString(uids));
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]430 SockDiag sd;
431 if (!sd.open()) {
432 return binder::Status::fromServiceSpecificError(EIO,
433 String8("Could not open SOCK_DIAG socket"));
434 }
435
436 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]437 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
438 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]439
Luke Huang94658ac2018-10-18 19:35:12 +0900[diff] [blame]440 gLog.log(entry.returns(err).withAutomaticDuration());
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]441 if (err) {
442 return binder::Status::fromServiceSpecificError(-err,
443 String8::format("destroySockets: %s", strerror(-err)));
444 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]445 return binder::Status::ok();
446}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]447
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]448// Parse a base64 encoded string into a vector of bytes.
449// On failure, return an empty vector.
450static std::vector<uint8_t> parseBase64(const std::string& input) {
451 std::vector<uint8_t> decoded;
452 size_t out_len;
453 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
454 return decoded;
455 }
456 // out_len is now an upper bound on the output length.
457 decoded.resize(out_len);
458 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
459 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
460 // Possibly shrink the vector if the actual output was smaller than the bound.
461 decoded.resize(out_len);
462 } else {
463 decoded.clear();
464 }
465 if (out_len != SHA256_SIZE) {
466 decoded.clear();
467 }
468 return decoded;
469}
470
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]471binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
472 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]473 const std::vector<int32_t>& params, const std::string& tlsName,
474 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]475 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]476 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
477 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]478 auto entry = gLog.newEntry()
479 .prettyFunction(__PRETTY_FUNCTION__)
480 .arg(netId)
481 .arg(servers)
482 .arg(domains)
483 .arg(params)
484 .arg(tlsName)
485 .arg(tlsServers)
486 .arg(tlsFingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]487
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]488 std::set<std::vector<uint8_t>> decoded_fingerprints;
489 for (const std::string& fingerprint : tlsFingerprints) {
490 std::vector<uint8_t> decoded = parseBase64(fingerprint);
491 if (decoded.empty()) {
492 return binder::Status::fromServiceSpecificError(EINVAL,
493 String8::format("ResolverController error: bad fingerprint"));
494 }
495 decoded_fingerprints.emplace(decoded);
496 }
497
498 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Klinea1476fb2018-03-04 21:01:56 +0900[diff] [blame]499 tlsName, tlsServers, decoded_fingerprints);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]500 gLog.log(entry.returns(err).withAutomaticDuration());
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]501 if (err != 0) {
502 return binder::Status::fromServiceSpecificError(-err,
503 String8::format("ResolverController error: %s", strerror(-err)));
504 }
505 return binder::Status::ok();
506}
507
508binder::Status NetdNativeService::getResolverInfo(int32_t netId,
509 std::vector<std::string>* servers, std::vector<std::string>* domains,
510 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
511 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
512 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
513
514 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
515 if (err != 0) {
516 return binder::Status::fromServiceSpecificError(-err,
517 String8::format("ResolverController error: %s", strerror(-err)));
518 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]519 return binder::Status::ok();
520}
521
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]522binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]523 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]524
525 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
526 return binder::Status::ok();
527}
528
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]529namespace {
530
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]531void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
532 const TetherController::TetherStats& tetherStats) {
533 if (tetherStatsParcel->extIface == tetherStats.extIface) {
534 tetherStatsParcel->rxBytes += tetherStats.rxBytes;
535 tetherStatsParcel->rxPackets += tetherStats.rxPackets;
536 tetherStatsParcel->txBytes += tetherStats.txBytes;
537 tetherStatsParcel->txPackets += tetherStats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]538 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]539}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]540
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]541TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
542 TetherStatsParcel result;
543 result.iface = stats.extIface;
544 result.rxBytes = stats.rxBytes;
545 result.rxPackets = stats.rxPackets;
546 result.txBytes = stats.txBytes;
547 result.txPackets = stats.txPackets;
548 return result;
549}
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]550
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]551void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
552 const TetherController::TetherStatsList& statsList) {
553 std::map<std::string, TetherController::TetherStats> statsMap;
554 for (const auto& stats : statsList) {
555 auto iter = statsMap.find(stats.extIface);
556 if (iter != statsMap.end()) {
557 tetherAddStatsByInterface(&(iter->second), stats);
558 } else {
559 statsMap.insert(
560 std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
561 }
562 }
563 for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
564 tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
565 }
566}
567
568std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
569 std::vector<std::string> result;
570 for (const auto& t : *tVec) {
571 result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
572 t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
573 t.txPackets));
574 }
575 return result;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]576}
577
578} // namespace
579
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]580binder::Status NetdNativeService::tetherGetStats(
581 std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
Luke Huangd1ee4622018-06-29 13:49:58 +0800[diff] [blame]582 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]583
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]584 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
585
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]586 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]587 if (!isOk(statsList)) {
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]588 return asBinderStatus(statsList);
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]589 }
Luke Huangcaebcbb2018-09-27 20:37:14 +0800[diff] [blame]590 setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
591 auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
592 gLog.log(entry.returns(base::Join(statsResults, ";")).withAutomaticDuration());
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]593 return binder::Status::ok();
594}
595
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]596binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
597 const std::string &addrString, int prefixLength) {
598 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
599
600 const int err = InterfaceController::addAddress(
601 ifName.c_str(), addrString.c_str(), prefixLength);
602 if (err != 0) {
603 return binder::Status::fromServiceSpecificError(-err,
604 String8::format("InterfaceController error: %s", strerror(-err)));
605 }
606 return binder::Status::ok();
607}
608
609binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
610 const std::string &addrString, int prefixLength) {
611 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
612
613 const int err = InterfaceController::delAddress(
614 ifName.c_str(), addrString.c_str(), prefixLength);
615 if (err != 0) {
616 return binder::Status::fromServiceSpecificError(-err,
617 String8::format("InterfaceController error: %s", strerror(-err)));
618 }
619 return binder::Status::ok();
620}
621
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]622namespace {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]623
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]624std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
625 int32_t category) {
626 const char* ipversionStr = nullptr;
627 switch (ipversion) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]628 case INetd::IPV4:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]629 ipversionStr = "ipv4";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]630 break;
631 case INetd::IPV6:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]632 ipversionStr = "ipv6";
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]633 break;
634 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]635 return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
636 nullptr, nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]637 }
638
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]639 const char* whichStr = nullptr;
640 switch (category) {
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]641 case INetd::CONF:
642 whichStr = "conf";
643 break;
644 case INetd::NEIGH:
645 whichStr = "neigh";
646 break;
647 default:
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]648 return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
649 nullptr};
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]650 }
651
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]652 return {binder::Status::ok(), ipversionStr, whichStr};
653}
654
655} // namespace
656
657binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
658 const std::string& ifname,
659 const std::string& parameter, std::string* value) {
660 ENFORCE_PERMISSION(NETWORK_STACK);
661 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
662 .args(ipversion, which, ifname, parameter);
663
664 const auto pathParts = getPathComponents(ipversion, which);
665 const auto& pathStatus = std::get<0>(pathParts);
666 if (!pathStatus.isOk()) {
667 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
668 return pathStatus;
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]669 }
Erik Kline38e51f12018-09-06 20:14:44 +0900[diff] [blame]670
671 const int err = InterfaceController::getParameter(std::get<1>(pathParts),
672 std::get<2>(pathParts), ifname.c_str(),
673 parameter.c_str(), value);
674 entry.returns(err);
675 if (err == 0) entry.returns(*value);
676 gLog.log(entry.withAutomaticDuration());
677 return statusFromErrcode(err);
678}
679
680binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
681 const std::string& ifname,
682 const std::string& parameter,
683 const std::string& value) {
684 ENFORCE_PERMISSION(NETWORK_STACK);
685 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__)
686 .args(ipversion, which, ifname, parameter, value);
687
688 const auto pathParts = getPathComponents(ipversion, which);
689 const auto& pathStatus = std::get<0>(pathParts);
690 if (!pathStatus.isOk()) {
691 gLog.log(entry.returns(pathStatus.exceptionCode()).withAutomaticDuration());
692 return pathStatus;
693 }
694
695 const int err = InterfaceController::setParameter(std::get<1>(pathParts),
696 std::get<2>(pathParts), ifname.c_str(),
697 parameter.c_str(), value.c_str());
698 gLog.log(entry.returns(err).withAutomaticDuration());
699 return statusFromErrcode(err);
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]700}
701
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]702binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
703 // This function intentionally does not lock, since the only thing it does is one read from an
704 // atomic_int.
705 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
706 ENFORCE_DEBUGGABLE();
707
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]708 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]709 return binder::Status::ok();
710}
711
712binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
713 // This function intentionally does not lock, since the only thing it does is one write to an
714 // atomic_int.
715 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
716 ENFORCE_DEBUGGABLE();
717
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]718 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
719 ? binder::Status::ok()
720 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]721}
722
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]723binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
724 int newUid) {
725 ENFORCE_PERMISSION(NETWORK_STACK)
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]726 gLog.log("ipSecSetEncapSocketOwner()");
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]727
728 uid_t callerUid = IPCThreadState::self()->getCallingUid();
729 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
730}
731
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]732binder::Status NetdNativeService::ipSecAllocateSpi(
733 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]734 const std::string& sourceAddress,
735 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]736 int32_t inSpi,
737 int32_t* outSpi) {
738 // Necessary locking done in IpSecService and kernel
739 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]740 gLog.log("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]741 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]742 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]743 sourceAddress,
744 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]745 inSpi,
746 outSpi));
747}
748
749binder::Status NetdNativeService::ipSecAddSecurityAssociation(
750 int32_t transformId,
751 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]752 const std::string& sourceAddress,
753 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]754 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]755 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]756 int32_t markValue,
757 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]758 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
759 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]760 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]761 int32_t encapType,
762 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]763 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]764 // Necessary locking done in IpSecService and kernel
765 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]766 gLog.log("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]767 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]768 transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
769 markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
770 aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]771}
772
773binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
774 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]775 const std::string& sourceAddress,
776 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]777 int32_t spi,
778 int32_t markValue,
779 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]780 // Necessary locking done in IpSecService and kernel
781 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]782 gLog.log("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]783 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]784 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]785 sourceAddress,
786 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]787 spi,
788 markValue,
789 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]790}
791
792binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
793 const android::base::unique_fd& socket,
794 int32_t transformId,
795 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]796 const std::string& sourceAddress,
797 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]798 int32_t spi) {
799 // Necessary locking done in IpSecService and kernel
800 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]801 gLog.log("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]802 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]803 socket,
804 transformId,
805 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]806 sourceAddress,
807 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]808 spi));
809}
810
811binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
812 const android::base::unique_fd& socket) {
813 // Necessary locking done in IpSecService and kernel
814 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]815 gLog.log("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]816 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]817 socket));
818}
819
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]820binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
821 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]822 const std::string& tmplSrcAddress,
823 const std::string& tmplDstAddress,
824 int32_t spi, int32_t markValue,
825 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]826 // Necessary locking done in IpSecService and kernel
827 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]828 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]829 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]830 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
831 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]832}
833
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]834binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(int32_t transformId,
835 int32_t selAddrFamily,
836 int32_t direction,
Benedict Wongad600cb2018-05-14 17:22:35 -0700[diff] [blame]837 const std::string& tmplSrcAddress,
838 const std::string& tmplDstAddress,
839 int32_t spi, int32_t markValue,
840 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]841 // Necessary locking done in IpSecService and kernel
842 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]843 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]844 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]845 transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
846 markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]847}
848
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]849binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
850 int32_t selAddrFamily,
851 int32_t direction, int32_t markValue,
852 int32_t markMask) {
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]853 // Necessary locking done in IpSecService and kernel
854 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]855 gLog.log("ipSecAddSecurityPolicy()");
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]856 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
Benedict Wonga04ffa72018-05-09 21:42:42 -0700[diff] [blame]857 transformId, selAddrFamily, direction, markValue, markMask));
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]858}
859
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]860binder::Status NetdNativeService::addVirtualTunnelInterface(
861 const std::string& deviceName,
862 const std::string& localAddress,
863 const std::string& remoteAddress,
864 int32_t iKey,
865 int32_t oKey) {
866 // Necessary locking done in IpSecService and kernel
867 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]868 gLog.log("addVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]869 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
870 deviceName,
871 localAddress,
872 remoteAddress,
873 iKey,
874 oKey,
875 false);
876
877 return (ret == 0) ? binder::Status::ok() :
878 asBinderStatus(netdutils::statusFromErrno(
879 ret, "Error in creating virtual tunnel interface."));
880}
881
882binder::Status NetdNativeService::updateVirtualTunnelInterface(
883 const std::string& deviceName,
884 const std::string& localAddress,
885 const std::string& remoteAddress,
886 int32_t iKey,
887 int32_t oKey) {
888 // Necessary locking done in IpSecService and kernel
889 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]890 gLog.log("updateVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]891 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
892 deviceName,
893 localAddress,
894 remoteAddress,
895 iKey,
896 oKey,
897 true);
898
899 return (ret == 0) ? binder::Status::ok() :
900 asBinderStatus(netdutils::statusFromErrno(
901 ret, "Error in updating virtual tunnel interface."));
902}
903
904binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
905 // Necessary locking done in IpSecService and kernel
906 ENFORCE_PERMISSION(NETWORK_STACK);
Erik Klineb31fd692018-06-06 20:50:11 +0900[diff] [blame]907 gLog.log("removeVirtualTunnelInterface()");
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]908 int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
909
910 return (ret == 0) ? binder::Status::ok() :
911 asBinderStatus(netdutils::statusFromErrno(
912 ret, "Error in removing virtual tunnel interface."));
913}
914
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]915binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
916 int32_t mode) {
917 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]918 return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]919}
920
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]921binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
922 const std::string& prefix, int32_t mark,
923 int32_t mask) {
924 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]925 return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]926}
927
928binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
929 const std::string& prefix, int32_t mark,
930 int32_t mask) {
931 ENFORCE_PERMISSION(NETWORK_STACK);
Nathan Harold28ccfef2018-03-16 19:02:47 -0700[diff] [blame]932 return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]933}
934
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]935binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
936 ENFORCE_PERMISSION(NETWORK_STACK);
937 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
938 return binder::Status::ok();
939}
940
Luke Huang0051a622018-07-23 20:30:16 +0800[diff] [blame]941binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
942 const std::string& classLabel) {
943 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
944 auto entry = gLog.newEntry()
945 .prettyFunction(__PRETTY_FUNCTION__)
946 .arg(ifName)
947 .arg(timeout)
948 .arg(classLabel);
949 int res =
950 gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
951 gLog.log(entry.returns(res).withAutomaticDuration());
952 return statusFromErrcode(res);
953}
954
955binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
956 int32_t timeout,
957 const std::string& classLabel) {
958 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->idletimerCtrl.lock);
959 auto entry = gLog.newEntry()
960 .prettyFunction(__PRETTY_FUNCTION__)
961 .arg(ifName)
962 .arg(timeout)
963 .arg(classLabel);
964 int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
965 classLabel.c_str());
966 gLog.log(entry.returns(res).withAutomaticDuration());
967 return statusFromErrcode(res);
968}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]969
970binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
971 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->strictCtrl.lock);
972 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid).arg(policyPenalty);
973 StrictPenalty penalty;
974 switch (policyPenalty) {
975 case INetd::PENALTY_POLICY_REJECT:
976 penalty = REJECT;
977 break;
978 case INetd::PENALTY_POLICY_LOG:
979 penalty = LOG;
980 break;
981 case INetd::PENALTY_POLICY_ACCEPT:
982 penalty = ACCEPT;
983 break;
984 default:
985 return statusFromErrcode(-EINVAL);
986 break;
987 }
988 int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
989 gLog.log(entry.returns(res).withAutomaticDuration());
990 return statusFromErrcode(res);
991}
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]992
Luke Huang6d301232018-08-01 14:05:18 +0800[diff] [blame]993binder::Status NetdNativeService::clatdStart(const std::string& ifName) {
994 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
995 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
996 int res = gCtls->clatdCtrl.startClatd(ifName.c_str());
997 gLog.log(entry.returns(res).withAutomaticDuration());
998 return statusFromErrcode(res);
999}
1000
1001binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
1002 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->clatdCtrl.mutex);
1003 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1004 int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
1005 gLog.log(entry.returns(res).withAutomaticDuration());
1006 return statusFromErrcode(res);
1007}
Luke Huanga67dd562018-07-17 19:58:25 +0800[diff] [blame]1008
Luke Huang457d4702018-08-16 15:39:15 +0800[diff] [blame]1009binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
1010 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1011 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1012 *status = (gCtls->tetherCtrl.forwardingRequestCount() > 0) ? true : false;
1013 gLog.log(entry.returns(*status).withAutomaticDuration());
1014 return binder::Status::ok();
1015}
1016
1017binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
1018 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1019 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1020 int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1021 gLog.log(entry.returns(res).withAutomaticDuration());
1022 return statusFromErrcode(res);
1023}
1024
1025binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
1026 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1027 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(requester);
1028 int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
1029 gLog.log(entry.returns(res).withAutomaticDuration());
1030 return statusFromErrcode(res);
1031}
1032
1033binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
1034 const std::string& toIface) {
1035 ENFORCE_PERMISSION(NETWORK_STACK);
1036 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1037 int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
1038 gLog.log(entry.returns(res).withAutomaticDuration());
1039 return statusFromErrcode(res);
1040}
1041
1042binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
1043 const std::string& toIface) {
1044 ENFORCE_PERMISSION(NETWORK_STACK);
1045 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(fromIface).arg(toIface);
1046 int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
1047 gLog.log(entry.returns(res).withAutomaticDuration());
1048 return statusFromErrcode(res);
1049}
1050
Luke Huangb5733d72018-08-21 17:17:19 +0800[diff] [blame]1051binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
1052 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1053 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(dhcpRanges);
1054 if (dhcpRanges.size() % 2 == 1) {
1055 return statusFromErrcode(-EINVAL);
1056 }
1057 int res = gCtls->tetherCtrl.startTethering(dhcpRanges);
1058 gLog.log(entry.returns(res).withAutomaticDuration());
1059 return statusFromErrcode(res);
1060}
1061
1062binder::Status NetdNativeService::tetherStop() {
1063 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1064 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1065 int res = gCtls->tetherCtrl.stopTethering();
1066 gLog.log(entry.returns(res).withAutomaticDuration());
1067 return statusFromErrcode(res);
1068}
1069
1070binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
1071 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1072 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1073 *enabled = gCtls->tetherCtrl.isTetheringStarted();
1074 gLog.log(entry.returns(*enabled).withAutomaticDuration());
1075 return binder::Status::ok();
1076}
1077
1078binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
1079 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1080 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1081 int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
1082 gLog.log(entry.returns(res).withAutomaticDuration());
1083 return statusFromErrcode(res);
1084}
1085
1086binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1087 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1088 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
1089 int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1090 gLog.log(entry.returns(res).withAutomaticDuration());
1091 return statusFromErrcode(res);
1092}
1093
1094binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1095 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1096 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1097 for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1098 ifList->push_back(ifname);
1099 }
1100 gLog.log(entry.returns(true).withAutomaticDuration());
1101 return binder::Status::ok();
1102}
1103
1104binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1105 const std::vector<std::string>& dnsAddrs) {
1106 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1107 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(dnsAddrs);
1108 int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1109 gLog.log(entry.returns(res).withAutomaticDuration());
1110 return statusFromErrcode(res);
1111}
1112
1113binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1114 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock);
1115 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1116 for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1117 dnsList->push_back(fwdr);
1118 }
1119 gLog.log(entry.returns(true).withAutomaticDuration());
1120 return binder::Status::ok();
1121}
1122
Luke Huangb670d162018-08-23 20:01:13 +0800[diff] [blame]1123binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1124 const std::string& destination,
1125 const std::string& nextHop) {
1126 // Public methods of NetworkController are thread-safe.
1127 ENFORCE_PERMISSION(NETWORK_STACK);
1128 auto entry = gLog.newEntry()
1129 .prettyFunction(__PRETTY_FUNCTION__)
1130 .arg(netId)
1131 .arg(ifName)
1132 .arg(destination)
1133 .arg(nextHop);
1134 bool legacy = false;
1135 uid_t uid = 0; // UID is only meaningful for legacy routes.
1136 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1137 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1138 gLog.log(entry.returns(res).withAutomaticDuration());
1139 return statusFromErrcode(res);
1140}
1141
1142binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1143 const std::string& destination,
1144 const std::string& nextHop) {
1145 ENFORCE_PERMISSION(NETWORK_STACK);
1146 auto entry = gLog.newEntry()
1147 .prettyFunction(__PRETTY_FUNCTION__)
1148 .arg(netId)
1149 .arg(ifName)
1150 .arg(destination)
1151 .arg(nextHop);
1152 bool legacy = false;
1153 uid_t uid = 0; // UID is only meaningful for legacy routes.
1154 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1155 nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1156 gLog.log(entry.returns(res).withAutomaticDuration());
1157 return statusFromErrcode(res);
1158}
1159
1160binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1161 const std::string& destination,
1162 const std::string& nextHop, int32_t uid) {
1163 ENFORCE_PERMISSION(NETWORK_STACK);
1164 auto entry = gLog.newEntry()
1165 .prettyFunction(__PRETTY_FUNCTION__)
1166 .arg(netId)
1167 .arg(ifName)
1168 .arg(destination)
1169 .arg(nextHop)
1170 .arg(uid);
1171 bool legacy = true;
1172 int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1173 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1174 (uid_t) uid);
1175 gLog.log(entry.returns(res).withAutomaticDuration());
1176 return statusFromErrcode(res);
1177}
1178
1179binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1180 const std::string& destination,
1181 const std::string& nextHop,
1182 int32_t uid) {
1183 ENFORCE_PERMISSION(NETWORK_STACK);
1184 auto entry = gLog.newEntry()
1185 .prettyFunction(__PRETTY_FUNCTION__)
1186 .arg(netId)
1187 .arg(ifName)
1188 .arg(destination)
1189 .arg(nextHop)
1190 .arg(uid);
1191 bool legacy = true;
1192 int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1193 nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1194 (uid_t) uid);
1195 gLog.log(entry.returns(res).withAutomaticDuration());
1196 return statusFromErrcode(res);
1197}
1198
1199binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1200 ENFORCE_PERMISSION(NETWORK_STACK);
1201 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1202 *netId = gCtls->netCtrl.getDefaultNetwork();
1203 gLog.log(entry.returns(*netId).withAutomaticDuration());
1204 return binder::Status::ok();
1205}
1206
1207binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1208 ENFORCE_PERMISSION(NETWORK_STACK);
1209 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId);
1210 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1211 gLog.log(entry.returns(res).withAutomaticDuration());
1212 return statusFromErrcode(res);
1213}
1214
1215binder::Status NetdNativeService::networkClearDefault() {
1216 ENFORCE_PERMISSION(NETWORK_STACK);
1217 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__);
1218 unsigned netId = NETID_UNSET;
1219 int res = gCtls->netCtrl.setDefaultNetwork(netId);
1220 gLog.log(entry.returns(res).withAutomaticDuration());
1221 return statusFromErrcode(res);
1222}
1223
1224std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1225 return {begin(intUids), end(intUids)};
1226}
1227
1228Permission NetdNativeService::convertPermission(int32_t permission) {
1229 switch (permission) {
1230 case INetd::PERMISSION_NETWORK:
1231 return Permission::PERMISSION_NETWORK;
1232 case INetd::PERMISSION_SYSTEM:
1233 return Permission::PERMISSION_SYSTEM;
1234 default:
1235 return Permission::PERMISSION_NONE;
1236 }
1237}
1238
1239binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1240 int32_t permission) {
1241 ENFORCE_PERMISSION(NETWORK_STACK);
1242 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(netId).arg(permission);
1243 std::vector<unsigned> netIds = {(unsigned) netId};
1244 int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1245 gLog.log(entry.returns(res).withAutomaticDuration());
1246 return statusFromErrcode(res);
1247}
1248
1249binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1250 const std::vector<int32_t>& uids) {
1251 ENFORCE_PERMISSION(NETWORK_STACK);
1252 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(permission).arg(uids);
1253 gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1254 gLog.log(entry.withAutomaticDuration());
1255 return binder::Status::ok();
1256}
1257
1258binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1259 ENFORCE_PERMISSION(NETWORK_STACK);
1260 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uids);
1261 Permission permission = Permission::PERMISSION_NONE;
1262 gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1263 gLog.log(entry.withAutomaticDuration());
1264 return binder::Status::ok();
1265}
1266
1267binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {
1268 ENFORCE_PERMISSION(NETWORK_STACK);
1269 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1270 std::vector<uid_t> uids = {(uid_t) uid};
1271 gCtls->netCtrl.allowProtect(uids);
1272 gLog.log(entry.withAutomaticDuration());
1273 return binder::Status::ok();
1274}
1275
1276binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1277 ENFORCE_PERMISSION(NETWORK_STACK);
1278 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1279 std::vector<uid_t> uids = {(uid_t) uid};
1280 gCtls->netCtrl.denyProtect(uids);
1281 gLog.log(entry.withAutomaticDuration());
1282 return binder::Status::ok();
1283}
1284
1285binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1286 ENFORCE_PERMISSION(NETWORK_STACK);
1287 auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(uid);
1288 *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1289 gLog.log(entry.returns(*ret).withAutomaticDuration());
1290 return binder::Status::ok();
1291}
1292
Luke Huange64fa382018-07-24 16:38:22 +0800[diff] [blame]1293namespace {
1294std::string ruleToString(int32_t rule) {
1295 switch (rule) {
1296 case INetd::FIREWALL_RULE_DENY:
1297 return "DENY";
1298 case INetd::FIREWALL_RULE_ALLOW:
1299 return "ALLOW";
1300 default:
1301 return "INVALID";
1302 }
1303}
1304
1305std::string typeToString(int32_t type) {
1306 switch (type) {
1307 case INetd::FIREWALL_WHITELIST:
1308 return "WHITELIST";
1309 case INetd::FIREWALL_BLACKLIST:
1310 return "BLACKLIST";
1311 default:
1312 return "INVALID";
1313 }
1314}
1315
1316std::string chainToString(int32_t chain) {
1317 switch (chain) {
1318 case INetd::FIREWALL_CHAIN_NONE:
1319 return "NONE";
1320 case INetd::FIREWALL_CHAIN_DOZABLE:
1321 return "DOZABLE";
1322 case INetd::FIREWALL_CHAIN_STANDBY:
1323 return "STANDBY";
1324 case INetd::FIREWALL_CHAIN_POWERSAVE:
1325 return "POWERSAVE";
1326 default:
1327 return "INVALID";
1328 }
1329}
1330
1331} // namespace
1332
1333binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1334 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1335 auto entry =
1336 gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(typeToString(firewallType));
1337 auto type = static_cast<FirewallType>(firewallType);
1338
1339 int res = gCtls->firewallCtrl.setFirewallType(type);
1340 gLog.log(entry.returns(res).withAutomaticDuration());
1341 return statusFromErrcode(res);
1342}
1343
1344binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1345 int32_t firewallRule) {
1346 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1347 auto entry = gLog.newEntry()
1348 .prettyFunction(__PRETTY_FUNCTION__)
1349 .args(ifName, ruleToString(firewallRule));
1350 auto rule = static_cast<FirewallRule>(firewallRule);
1351
1352 int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1353 gLog.log(entry.returns(res).withAutomaticDuration());
1354 return statusFromErrcode(res);
1355}
1356
1357binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1358 int32_t firewallRule) {
1359 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1360 auto entry = gLog.newEntry()
1361 .prettyFunction(__PRETTY_FUNCTION__)
1362 .args(chainToString(childChain), uid, ruleToString(firewallRule));
1363 auto chain = static_cast<ChildChain>(childChain);
1364 auto rule = static_cast<FirewallRule>(firewallRule);
1365
1366 int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1367 gLog.log(entry.returns(res).withAutomaticDuration());
1368 return statusFromErrcode(res);
1369}
1370
1371binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1372 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->firewallCtrl.lock);
1373 auto entry = gLog.newEntry()
1374 .prettyFunction(__PRETTY_FUNCTION__)
1375 .args(chainToString(childChain), enable);
1376 auto chain = static_cast<ChildChain>(childChain);
1377
1378 int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1379 gLog.log(entry.returns(res).withAutomaticDuration());
1380 return statusFromErrcode(res);
1381}
1382
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1383} // namespace net
1384} // namespace android