Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 83fb6742ac342318c57532f9af387c43fea9c3d7 / . / service / jni / com_android_server_BpfNetMaps.cpp
blob: 2aaa4c3b8a332cccb546fcb8b403270b8403ff3c [file] [log] [blame]
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]1/*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "TrafficControllerJni"
18
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]19#include "TrafficController.h"
20
21#include <bpf_shared.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]22#include <jni.h>
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]23#include <log/log.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]24#include <nativehelper/JNIHelp.h>
25#include <nativehelper/ScopedUtfChars.h>
26#include <nativehelper/ScopedPrimitiveArray.h>
27#include <net/if.h>
28#include <vector>
29
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]30
31using android::net::TrafficController;
32using android::netdutils::Status;
33
34using UidOwnerMatchType::PENALTY_BOX_MATCH;
35using UidOwnerMatchType::HAPPY_BOX_MATCH;
36
37static android::net::TrafficController mTc;
38
39namespace android {
40
41static void native_init(JNIEnv* env, jobject clazz) {
Patrick Rohr2b1b2c72022-02-01 15:57:48 +0100[diff] [blame]42 Status status = mTc.start();
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]43 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame^]44 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]45 }
46}
47
48static jint native_addNaughtyApp(JNIEnv* env, jobject clazz, jint uid) {
49 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
50 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
51 TrafficController::IptOp::IptOpInsert);
52 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame^]53 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]54 }
55 return (jint)status.code();
56}
57
58static jint native_removeNaughtyApp(JNIEnv* env, jobject clazz, jint uid) {
59 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
60 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
61 TrafficController::IptOp::IptOpDelete);
62 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame^]63 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]64 }
65 return (jint)status.code();
66}
67
68static jint native_addNiceApp(JNIEnv* env, jobject clazz, jint uid) {
69 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
70 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
71 TrafficController::IptOp::IptOpInsert);
72 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame^]73 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]74 }
75 return (jint)status.code();
76}
77
78static jint native_removeNiceApp(JNIEnv* env, jobject clazz, jint uid) {
79 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
80 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
81 TrafficController::IptOp::IptOpDelete);
82 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame^]83 ALOGD("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]84 }
85 return (jint)status.code();
86}
87
88static jint native_setChildChain(JNIEnv* env, jobject clazz, jint childChain, jboolean enable) {
89 auto chain = static_cast<ChildChain>(childChain);
90 int res = mTc.toggleUidOwnerMap(chain, enable);
91 if (res) {
92 ALOGE("%s failed, error code = %d", __func__, res);
93 }
94 return (jint)res;
95}
96
97static jint native_replaceUidChain(JNIEnv* env, jobject clazz, jstring name, jboolean isAllowlist,
98 jintArray jUids) {
99 const ScopedUtfChars chainNameUtf8(env, name);
100 if (chainNameUtf8.c_str() == nullptr) {
101 return -EINVAL;
102 }
103 const std::string chainName(chainNameUtf8.c_str());
104
105 ScopedIntArrayRO uids(env, jUids);
106 if (uids.get() == nullptr) {
107 return -EINVAL;
108 }
109
110 size_t size = uids.size();
111 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
112 int res = mTc.replaceUidOwnerMap(chainName, isAllowlist, data);
113 if (res) {
114 ALOGE("%s failed, error code = %d", __func__, res);
115 }
116 return (jint)res;
117}
118
119static FirewallType getFirewallType(ChildChain chain) {
120 switch (chain) {
121 case DOZABLE:
122 return ALLOWLIST;
123 case STANDBY:
124 return DENYLIST;
125 case POWERSAVE:
126 return ALLOWLIST;
127 case RESTRICTED:
128 return ALLOWLIST;
129 case NONE:
130 default:
131 return DENYLIST;
132 }
133}
134
135static jint native_setUidRule(JNIEnv* env, jobject clazz, jint childChain, jint uid,
136 jint firewallRule) {
137 auto chain = static_cast<ChildChain>(childChain);
138 auto rule = static_cast<FirewallRule>(firewallRule);
139 FirewallType fType = getFirewallType(chain);
140
141 int res = mTc.changeUidOwnerRule(chain, uid, rule, fType);
142 if (res) {
143 ALOGE("%s failed, error code = %d", __func__, res);
144 }
145 return (jint)res;
146}
147
148static jint native_addUidInterfaceRules(JNIEnv* env, jobject clazz, jstring ifName,
149 jintArray jUids) {
150 const ScopedUtfChars ifNameUtf8(env, ifName);
151 if (ifNameUtf8.c_str() == nullptr) {
152 return -EINVAL;
153 }
154 const std::string interfaceName(ifNameUtf8.c_str());
155 const int ifIndex = if_nametoindex(interfaceName.c_str());
156
157 ScopedIntArrayRO uids(env, jUids);
158 if (uids.get() == nullptr) {
159 return -EINVAL;
160 }
161
162 size_t size = uids.size();
163 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
164 Status status = mTc.addUidInterfaceRules(ifIndex, data);
165 if (!isOk(status)) {
166 ALOGE("%s failed, error code = %d", __func__, status.code());
167 }
168 return (jint)status.code();
169}
170
171static jint native_removeUidInterfaceRules(JNIEnv* env, jobject clazz, jintArray jUids) {
172 ScopedIntArrayRO uids(env, jUids);
173 if (uids.get() == nullptr) {
174 return -EINVAL;
175 }
176
177 size_t size = uids.size();
178 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
179 Status status = mTc.removeUidInterfaceRules(data);
180 if (!isOk(status)) {
181 ALOGE("%s failed, error code = %d", __func__, status.code());
182 }
183 return (jint)status.code();
184}
185
186static jint native_swapActiveStatsMap(JNIEnv* env, jobject clazz) {
187 Status status = mTc.swapActiveStatsMap();
188 if (!isOk(status)) {
189 ALOGD("%s failed, error code = %d", __func__, status.code());
190 }
191 return (jint)status.code();
192}
193
194static void native_setPermissionForUids(JNIEnv* env, jobject clazz, jint permission,
195 jintArray jUids) {
196 ScopedIntArrayRO uids(env, jUids);
197 if (uids.get() == nullptr) return;
198
199 size_t size = uids.size();
200 static_assert(sizeof(*(uids.get())) == sizeof(uid_t));
201 std::vector<uid_t> data ((uid_t *)&uids[0], (uid_t*)&uids[size]);
202 mTc.setPermissionForUids(permission, data);
203}
204
205static jint native_setCounterSet(JNIEnv* env, jobject clazz, jint setNum, jint uid) {
206 uid_t callingUid = getuid();
207 int res = mTc.setCounterSet(setNum, (uid_t)uid, callingUid);
208 if (res) {
209 ALOGE("%s failed, error code = %d", __func__, res);
210 }
211 return (jint)res;
212}
213
214static jint native_deleteTagData(JNIEnv* env, jobject clazz, jint tagNum, jint uid) {
215 uid_t callingUid = getuid();
216 int res = mTc.deleteTagData(tagNum, (uid_t)uid, callingUid);
217 if (res) {
218 ALOGE("%s failed, error code = %d", __func__, res);
219 }
220 return (jint)res;
221}
222
223/*
224 * JNI registration.
225 */
226// clang-format off
227static const JNINativeMethod gMethods[] = {
228 /* name, signature, funcPtr */
229 {"native_init", "()V",
230 (void*)native_init},
231 {"native_addNaughtyApp", "(I)I",
232 (void*)native_addNaughtyApp},
233 {"native_removeNaughtyApp", "(I)I",
234 (void*)native_removeNaughtyApp},
235 {"native_addNiceApp", "(I)I",
236 (void*)native_addNiceApp},
237 {"native_removeNiceApp", "(I)I",
238 (void*)native_removeNiceApp},
239 {"native_setChildChain", "(IZ)I",
240 (void*)native_setChildChain},
241 {"native_replaceUidChain", "(Ljava/lang/String;Z[I)I",
242 (void*)native_replaceUidChain},
243 {"native_setUidRule", "(III)I",
244 (void*)native_setUidRule},
245 {"native_addUidInterfaceRules", "(Ljava/lang/String;[I)I",
246 (void*)native_addUidInterfaceRules},
247 {"native_removeUidInterfaceRules", "([I)I",
248 (void*)native_removeUidInterfaceRules},
249 {"native_swapActiveStatsMap", "()I",
250 (void*)native_swapActiveStatsMap},
251 {"native_setPermissionForUids", "(I[I)V",
252 (void*)native_setPermissionForUids},
253 {"native_setCounterSet", "(II)I",
254 (void*)native_setCounterSet},
255 {"native_deleteTagData", "(II)I",
256 (void*)native_deleteTagData},
257};
258// clang-format on
259
260int register_com_android_server_BpfNetMaps(JNIEnv* env) {
261 return jniRegisterNativeMethods(env,
262 "com/android/server/BpfNetMaps",
263 gMethods, NELEM(gMethods));
264}
265
266}; // namespace android