Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 72bc600be2e552e202a8e038f5a00f1a568819e7 / . / service / jni / com_android_server_BpfNetMaps.cpp
blob: 77cffdaac3699d2983106bff12775f5f71fd3bb1 [file] [log] [blame]
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]1/*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "TrafficControllerJni"
18
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]19#include "TrafficController.h"
20
Maciej Żenczykowski513474c2022-12-08 16:20:43 +0000[diff] [blame]21#include "netd.h"
22
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]23#include <jni.h>
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]24#include <log/log.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]25#include <nativehelper/JNIHelp.h>
26#include <nativehelper/ScopedUtfChars.h>
27#include <nativehelper/ScopedPrimitiveArray.h>
Ken Chene6d511f2022-01-25 11:10:42 +0800[diff] [blame]28#include <netjniutils/netjniutils.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]29#include <net/if.h>
Maciej Żenczykowski990635c2022-07-27 08:04:33 +0000[diff] [blame]30#include <private/android_filesystem_config.h>
31#include <unistd.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]32#include <vector>
33
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]34
35using android::net::TrafficController;
36using android::netdutils::Status;
37
38using UidOwnerMatchType::PENALTY_BOX_MATCH;
39using UidOwnerMatchType::HAPPY_BOX_MATCH;
40
41static android::net::TrafficController mTc;
42
43namespace android {
44
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]45#define CHECK_LOG(status) \
46 do { \
47 if (!isOk(status)) \
48 ALOGE("%s failed, error code = %d", __func__, status.code()); \
49 } while (0)
50
Motomu Utsumi3af8f0e2022-09-02 23:42:13 +0900[diff] [blame]51static void native_init(JNIEnv* env, jclass clazz, jboolean startSkDestroyListener) {
52 Status status = mTc.start(startSkDestroyListener);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]53 CHECK_LOG(status);
Maciej Żenczykowski990635c2022-07-27 08:04:33 +0000[diff] [blame]54 if (!isOk(status)) {
55 uid_t uid = getuid();
56 ALOGE("BpfNetMaps jni init failure as uid=%d", uid);
57 // TODO: Fix tests to not use this jni lib, so we can unconditionally abort()
58 if (uid == AID_SYSTEM || uid == AID_NETWORK_STACK) abort();
59 }
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]60}
61
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]62static jint native_addNaughtyApp(JNIEnv* env, jobject self, jint uid) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]63 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
64 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
65 TrafficController::IptOp::IptOpInsert);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]66 CHECK_LOG(status);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]67 return (jint)status.code();
68}
69
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]70static jint native_removeNaughtyApp(JNIEnv* env, jobject self, jint uid) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]71 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
72 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
73 TrafficController::IptOp::IptOpDelete);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]74 CHECK_LOG(status);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]75 return (jint)status.code();
76}
77
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]78static jint native_addNiceApp(JNIEnv* env, jobject self, jint uid) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]79 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
80 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
81 TrafficController::IptOp::IptOpInsert);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]82 CHECK_LOG(status);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]83 return (jint)status.code();
84}
85
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]86static jint native_removeNiceApp(JNIEnv* env, jobject self, jint uid) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]87 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
88 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
89 TrafficController::IptOp::IptOpDelete);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]90 CHECK_LOG(status);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]91 return (jint)status.code();
92}
93
Motomu Utsumi114cd9c2022-08-01 02:08:35 +0000[diff] [blame]94static jint native_setChildChain(JNIEnv* env, jobject self, jint childChain, jboolean enable) {
95 auto chain = static_cast<ChildChain>(childChain);
96 int res = mTc.toggleUidOwnerMap(chain, enable);
97 if (res) ALOGE("%s failed, error code = %d", __func__, res);
98 return (jint)res;
99}
100
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]101static jint native_replaceUidChain(JNIEnv* env, jobject self, jstring name, jboolean isAllowlist,
102 jintArray jUids) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]103 const ScopedUtfChars chainNameUtf8(env, name);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]104 if (chainNameUtf8.c_str() == nullptr) return -EINVAL;
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]105 const std::string chainName(chainNameUtf8.c_str());
106
107 ScopedIntArrayRO uids(env, jUids);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]108 if (uids.get() == nullptr) return -EINVAL;
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]109
110 size_t size = uids.size();
Wayne Ma55452912022-02-18 14:09:04 +0800[diff] [blame]111 static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]112 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
113 int res = mTc.replaceUidOwnerMap(chainName, isAllowlist, data);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]114 if (res) ALOGE("%s failed, error code = %d", __func__, res);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]115 return (jint)res;
116}
117
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]118static jint native_setUidRule(JNIEnv* env, jobject self, jint childChain, jint uid,
119 jint firewallRule) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]120 auto chain = static_cast<ChildChain>(childChain);
121 auto rule = static_cast<FirewallRule>(firewallRule);
Wayne Ma510c2f42022-02-15 14:36:07 +0800[diff] [blame]122 FirewallType fType = mTc.getFirewallType(chain);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]123
124 int res = mTc.changeUidOwnerRule(chain, uid, rule, fType);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]125 if (res) ALOGE("%s failed, error code = %d", __func__, res);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]126 return (jint)res;
127}
128
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]129static jint native_addUidInterfaceRules(JNIEnv* env, jobject self, jstring ifName,
130 jintArray jUids) {
Motomu Utsumib08654c2022-05-11 05:56:26 +0000[diff] [blame]131 // Null ifName is a wildcard to allow apps to receive packets on all interfaces and ifIndex is
132 // set to 0.
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]133 int ifIndex = 0;
Motomu Utsumib08654c2022-05-11 05:56:26 +0000[diff] [blame]134 if (ifName != nullptr) {
135 const ScopedUtfChars ifNameUtf8(env, ifName);
136 const std::string interfaceName(ifNameUtf8.c_str());
137 ifIndex = if_nametoindex(interfaceName.c_str());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]138 }
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]139
140 ScopedIntArrayRO uids(env, jUids);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]141 if (uids.get() == nullptr) return -EINVAL;
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]142
143 size_t size = uids.size();
Wayne Ma55452912022-02-18 14:09:04 +0800[diff] [blame]144 static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]145 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
146 Status status = mTc.addUidInterfaceRules(ifIndex, data);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]147 CHECK_LOG(status);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]148 return (jint)status.code();
149}
150
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]151static jint native_removeUidInterfaceRules(JNIEnv* env, jobject self, jintArray jUids) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]152 ScopedIntArrayRO uids(env, jUids);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]153 if (uids.get() == nullptr) return -EINVAL;
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]154
155 size_t size = uids.size();
Wayne Ma55452912022-02-18 14:09:04 +0800[diff] [blame]156 static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]157 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
158 Status status = mTc.removeUidInterfaceRules(data);
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]159 CHECK_LOG(status);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]160 return (jint)status.code();
161}
162
Motomu Utsumi8b42e6d2022-05-19 06:23:40 +0000[diff] [blame]163static jint native_updateUidLockdownRule(JNIEnv* env, jobject self, jint uid, jboolean add) {
164 Status status = mTc.updateUidLockdownRule(uid, add);
165 CHECK_LOG(status);
166 return (jint)status.code();
167}
168
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]169static jint native_swapActiveStatsMap(JNIEnv* env, jobject self) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]170 Status status = mTc.swapActiveStatsMap();
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]171 CHECK_LOG(status);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]172 return (jint)status.code();
173}
174
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]175static void native_setPermissionForUids(JNIEnv* env, jobject self, jint permission,
176 jintArray jUids) {
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]177 ScopedIntArrayRO uids(env, jUids);
178 if (uids.get() == nullptr) return;
179
180 size_t size = uids.size();
181 static_assert(sizeof(*(uids.get())) == sizeof(uid_t));
182 std::vector<uid_t> data ((uid_t *)&uids[0], (uid_t*)&uids[size]);
183 mTc.setPermissionForUids(permission, data);
184}
185
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]186static void native_dump(JNIEnv* env, jobject self, jobject javaFd, jboolean verbose) {
Ken Chene6d511f2022-01-25 11:10:42 +0800[diff] [blame]187 int fd = netjniutils::GetNativeFileDescriptor(env, javaFd);
188 if (fd < 0) {
189 jniThrowExceptionFmt(env, "java/io/IOException", "Invalid file descriptor");
190 return;
191 }
192 mTc.dump(fd, verbose);
193}
194
Motomu Utsumi7abeaa42022-07-20 07:54:18 +0000[diff] [blame]195static jint native_synchronizeKernelRCU(JNIEnv* env, jobject self) {
196 return -bpf::synchronizeKernelRCU();
197}
198
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]199/*
200 * JNI registration.
201 */
202// clang-format off
203static const JNINativeMethod gMethods[] = {
204 /* name, signature, funcPtr */
Motomu Utsumi3af8f0e2022-09-02 23:42:13 +0900[diff] [blame]205 {"native_init", "(Z)V",
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]206 (void*)native_init},
207 {"native_addNaughtyApp", "(I)I",
208 (void*)native_addNaughtyApp},
209 {"native_removeNaughtyApp", "(I)I",
210 (void*)native_removeNaughtyApp},
211 {"native_addNiceApp", "(I)I",
212 (void*)native_addNiceApp},
213 {"native_removeNiceApp", "(I)I",
214 (void*)native_removeNiceApp},
Motomu Utsumi114cd9c2022-08-01 02:08:35 +0000[diff] [blame]215 {"native_setChildChain", "(IZ)I",
216 (void*)native_setChildChain},
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]217 {"native_replaceUidChain", "(Ljava/lang/String;Z[I)I",
218 (void*)native_replaceUidChain},
219 {"native_setUidRule", "(III)I",
220 (void*)native_setUidRule},
221 {"native_addUidInterfaceRules", "(Ljava/lang/String;[I)I",
222 (void*)native_addUidInterfaceRules},
223 {"native_removeUidInterfaceRules", "([I)I",
224 (void*)native_removeUidInterfaceRules},
Motomu Utsumi8b42e6d2022-05-19 06:23:40 +0000[diff] [blame]225 {"native_updateUidLockdownRule", "(IZ)I",
226 (void*)native_updateUidLockdownRule},
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]227 {"native_swapActiveStatsMap", "()I",
228 (void*)native_swapActiveStatsMap},
229 {"native_setPermissionForUids", "(I[I)V",
230 (void*)native_setPermissionForUids},
Ken Chene6d511f2022-01-25 11:10:42 +0800[diff] [blame]231 {"native_dump", "(Ljava/io/FileDescriptor;Z)V",
232 (void*)native_dump},
Motomu Utsumi7abeaa42022-07-20 07:54:18 +0000[diff] [blame]233 {"native_synchronizeKernelRCU", "()I",
234 (void*)native_synchronizeKernelRCU},
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]235};
236// clang-format on
237
238int register_com_android_server_BpfNetMaps(JNIEnv* env) {
Mark53e71c32023-01-13 07:00:25 +0000[diff] [blame]239 return jniRegisterNativeMethods(env, "android/net/connectivity/com/android/server/BpfNetMaps",
Maciej Żenczykowski932ef5b2022-05-24 13:36:20 +0000[diff] [blame]240 gMethods, NELEM(gMethods));
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]241}
242
243}; // namespace android