Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / 88f253679b410d3d9702177babe7524a4b8055dc / . / service / jni / com_android_server_BpfNetMaps.cpp
blob: 7b1f59ca2282d38b1d08568ddf40579750246572 [file] [log] [blame]
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]1/*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "TrafficControllerJni"
18
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]19#include "TrafficController.h"
20
21#include <bpf_shared.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]22#include <jni.h>
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]23#include <log/log.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]24#include <nativehelper/JNIHelp.h>
25#include <nativehelper/ScopedUtfChars.h>
26#include <nativehelper/ScopedPrimitiveArray.h>
Ken Chene6d511f2022-01-25 11:10:42 +0800[diff] [blame]27#include <netjniutils/netjniutils.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]28#include <net/if.h>
29#include <vector>
30
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]31
32using android::net::TrafficController;
33using android::netdutils::Status;
34
35using UidOwnerMatchType::PENALTY_BOX_MATCH;
36using UidOwnerMatchType::HAPPY_BOX_MATCH;
37
38static android::net::TrafficController mTc;
39
40namespace android {
41
42static void native_init(JNIEnv* env, jobject clazz) {
Patrick Rohr2b1b2c72022-02-01 15:57:48 +0100[diff] [blame]43 Status status = mTc.start();
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]44 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame]45 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]46 }
47}
48
49static jint native_addNaughtyApp(JNIEnv* env, jobject clazz, jint uid) {
50 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
51 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
52 TrafficController::IptOp::IptOpInsert);
53 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame]54 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]55 }
56 return (jint)status.code();
57}
58
59static jint native_removeNaughtyApp(JNIEnv* env, jobject clazz, jint uid) {
60 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
61 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
62 TrafficController::IptOp::IptOpDelete);
63 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame]64 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]65 }
66 return (jint)status.code();
67}
68
69static jint native_addNiceApp(JNIEnv* env, jobject clazz, jint uid) {
70 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
71 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
72 TrafficController::IptOp::IptOpInsert);
73 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame]74 ALOGE("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]75 }
76 return (jint)status.code();
77}
78
79static jint native_removeNiceApp(JNIEnv* env, jobject clazz, jint uid) {
80 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
81 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
82 TrafficController::IptOp::IptOpDelete);
83 if (!isOk(status)) {
Patrick Rohr83fb6742022-02-01 16:58:57 +0100[diff] [blame]84 ALOGD("%s failed, error code = %d", __func__, status.code());
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]85 }
86 return (jint)status.code();
87}
88
89static jint native_setChildChain(JNIEnv* env, jobject clazz, jint childChain, jboolean enable) {
90 auto chain = static_cast<ChildChain>(childChain);
91 int res = mTc.toggleUidOwnerMap(chain, enable);
92 if (res) {
93 ALOGE("%s failed, error code = %d", __func__, res);
94 }
95 return (jint)res;
96}
97
98static jint native_replaceUidChain(JNIEnv* env, jobject clazz, jstring name, jboolean isAllowlist,
99 jintArray jUids) {
100 const ScopedUtfChars chainNameUtf8(env, name);
101 if (chainNameUtf8.c_str() == nullptr) {
102 return -EINVAL;
103 }
104 const std::string chainName(chainNameUtf8.c_str());
105
106 ScopedIntArrayRO uids(env, jUids);
107 if (uids.get() == nullptr) {
108 return -EINVAL;
109 }
110
111 size_t size = uids.size();
Wayne Ma55452912022-02-18 14:09:04 +0800[diff] [blame]112 static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]113 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
114 int res = mTc.replaceUidOwnerMap(chainName, isAllowlist, data);
115 if (res) {
116 ALOGE("%s failed, error code = %d", __func__, res);
117 }
118 return (jint)res;
119}
120
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]121static jint native_setUidRule(JNIEnv* env, jobject clazz, jint childChain, jint uid,
122 jint firewallRule) {
123 auto chain = static_cast<ChildChain>(childChain);
124 auto rule = static_cast<FirewallRule>(firewallRule);
Wayne Ma510c2f42022-02-15 14:36:07 +0800[diff] [blame]125 FirewallType fType = mTc.getFirewallType(chain);
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]126
127 int res = mTc.changeUidOwnerRule(chain, uid, rule, fType);
128 if (res) {
129 ALOGE("%s failed, error code = %d", __func__, res);
130 }
131 return (jint)res;
132}
133
134static jint native_addUidInterfaceRules(JNIEnv* env, jobject clazz, jstring ifName,
135 jintArray jUids) {
Motomu Utsumi966ff7f2022-05-11 05:56:26 +0000[diff] [blame]136 // Null ifName is a wildcard to allow apps to receive packets on all interfaces and ifIndex is
137 // set to 0.
138 int ifIndex;
139 if (ifName != nullptr) {
140 const ScopedUtfChars ifNameUtf8(env, ifName);
141 const std::string interfaceName(ifNameUtf8.c_str());
142 ifIndex = if_nametoindex(interfaceName.c_str());
143 } else {
144 ifIndex = 0;
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]145 }
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]146
147 ScopedIntArrayRO uids(env, jUids);
148 if (uids.get() == nullptr) {
149 return -EINVAL;
150 }
151
152 size_t size = uids.size();
Wayne Ma55452912022-02-18 14:09:04 +0800[diff] [blame]153 static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]154 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
155 Status status = mTc.addUidInterfaceRules(ifIndex, data);
156 if (!isOk(status)) {
157 ALOGE("%s failed, error code = %d", __func__, status.code());
158 }
159 return (jint)status.code();
160}
161
162static jint native_removeUidInterfaceRules(JNIEnv* env, jobject clazz, jintArray jUids) {
163 ScopedIntArrayRO uids(env, jUids);
164 if (uids.get() == nullptr) {
165 return -EINVAL;
166 }
167
168 size_t size = uids.size();
Wayne Ma55452912022-02-18 14:09:04 +0800[diff] [blame]169 static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]170 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
171 Status status = mTc.removeUidInterfaceRules(data);
172 if (!isOk(status)) {
173 ALOGE("%s failed, error code = %d", __func__, status.code());
174 }
175 return (jint)status.code();
176}
177
178static jint native_swapActiveStatsMap(JNIEnv* env, jobject clazz) {
179 Status status = mTc.swapActiveStatsMap();
180 if (!isOk(status)) {
181 ALOGD("%s failed, error code = %d", __func__, status.code());
182 }
183 return (jint)status.code();
184}
185
186static void native_setPermissionForUids(JNIEnv* env, jobject clazz, jint permission,
187 jintArray jUids) {
188 ScopedIntArrayRO uids(env, jUids);
189 if (uids.get() == nullptr) return;
190
191 size_t size = uids.size();
192 static_assert(sizeof(*(uids.get())) == sizeof(uid_t));
193 std::vector<uid_t> data ((uid_t *)&uids[0], (uid_t*)&uids[size]);
194 mTc.setPermissionForUids(permission, data);
195}
196
Ken Chene6d511f2022-01-25 11:10:42 +0800[diff] [blame]197static void native_dump(JNIEnv* env, jobject clazz, jobject javaFd, jboolean verbose) {
198 int fd = netjniutils::GetNativeFileDescriptor(env, javaFd);
199 if (fd < 0) {
200 jniThrowExceptionFmt(env, "java/io/IOException", "Invalid file descriptor");
201 return;
202 }
203 mTc.dump(fd, verbose);
204}
205
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]206/*
207 * JNI registration.
208 */
209// clang-format off
210static const JNINativeMethod gMethods[] = {
211 /* name, signature, funcPtr */
212 {"native_init", "()V",
213 (void*)native_init},
214 {"native_addNaughtyApp", "(I)I",
215 (void*)native_addNaughtyApp},
216 {"native_removeNaughtyApp", "(I)I",
217 (void*)native_removeNaughtyApp},
218 {"native_addNiceApp", "(I)I",
219 (void*)native_addNiceApp},
220 {"native_removeNiceApp", "(I)I",
221 (void*)native_removeNiceApp},
222 {"native_setChildChain", "(IZ)I",
223 (void*)native_setChildChain},
224 {"native_replaceUidChain", "(Ljava/lang/String;Z[I)I",
225 (void*)native_replaceUidChain},
226 {"native_setUidRule", "(III)I",
227 (void*)native_setUidRule},
228 {"native_addUidInterfaceRules", "(Ljava/lang/String;[I)I",
229 (void*)native_addUidInterfaceRules},
230 {"native_removeUidInterfaceRules", "([I)I",
231 (void*)native_removeUidInterfaceRules},
232 {"native_swapActiveStatsMap", "()I",
233 (void*)native_swapActiveStatsMap},
234 {"native_setPermissionForUids", "(I[I)V",
235 (void*)native_setPermissionForUids},
Ken Chene6d511f2022-01-25 11:10:42 +0800[diff] [blame]236 {"native_dump", "(Ljava/io/FileDescriptor;Z)V",
237 (void*)native_dump},
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]238};
239// clang-format on
240
241int register_com_android_server_BpfNetMaps(JNIEnv* env) {
242 return jniRegisterNativeMethods(env,
243 "com/android/server/BpfNetMaps",
244 gMethods, NELEM(gMethods));
245}
246
247}; // namespace android