Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / d817436f17ba1d1186d259d46340c63f78854ea4 / . / service / jni / com_android_server_BpfNetMaps.cpp
blob: bde52a59b2f79ba9fc2a562166b925c24249e284 [file] [log] [blame]
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]1/*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "TrafficControllerJni"
18
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]19#include "TrafficController.h"
20
21#include <bpf_shared.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]22#include <jni.h>
Patrick Rohr313bc6c2022-01-31 15:51:09 +0100[diff] [blame]23#include <log/log.h>
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]24#include <nativehelper/JNIHelp.h>
25#include <nativehelper/ScopedUtfChars.h>
26#include <nativehelper/ScopedPrimitiveArray.h>
27#include <net/if.h>
28#include <vector>
29
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]30
31using android::net::TrafficController;
32using android::netdutils::Status;
33
34using UidOwnerMatchType::PENALTY_BOX_MATCH;
35using UidOwnerMatchType::HAPPY_BOX_MATCH;
36
37static android::net::TrafficController mTc;
38
39namespace android {
40
41static void native_init(JNIEnv* env, jobject clazz) {
Patrick Rohrc2984fd2022-01-31 18:06:19 +0100[diff] [blame]42 // start is still being called by netd
43 Status status = mTc.initMaps();
Wayne Ma790c83e2022-01-13 10:35:05 +0800[diff] [blame]44 if (!isOk(status)) {
45 ALOGE("%s failed", __func__);
46 }
47}
48
49static jint native_addNaughtyApp(JNIEnv* env, jobject clazz, jint uid) {
50 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
51 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
52 TrafficController::IptOp::IptOpInsert);
53 if (!isOk(status)) {
54 ALOGE("%s failed, errer code = %d", __func__, status.code());
55 }
56 return (jint)status.code();
57}
58
59static jint native_removeNaughtyApp(JNIEnv* env, jobject clazz, jint uid) {
60 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
61 Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
62 TrafficController::IptOp::IptOpDelete);
63 if (!isOk(status)) {
64 ALOGE("%s failed, errer code = %d", __func__, status.code());
65 }
66 return (jint)status.code();
67}
68
69static jint native_addNiceApp(JNIEnv* env, jobject clazz, jint uid) {
70 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
71 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
72 TrafficController::IptOp::IptOpInsert);
73 if (!isOk(status)) {
74 ALOGE("%s failed, errer code = %d", __func__, status.code());
75 }
76 return (jint)status.code();
77}
78
79static jint native_removeNiceApp(JNIEnv* env, jobject clazz, jint uid) {
80 const uint32_t appUids = static_cast<uint32_t>(abs(uid));
81 Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
82 TrafficController::IptOp::IptOpDelete);
83 if (!isOk(status)) {
84 ALOGD("%s failed, errer code = %d", __func__, status.code());
85 }
86 return (jint)status.code();
87}
88
89static jint native_setChildChain(JNIEnv* env, jobject clazz, jint childChain, jboolean enable) {
90 auto chain = static_cast<ChildChain>(childChain);
91 int res = mTc.toggleUidOwnerMap(chain, enable);
92 if (res) {
93 ALOGE("%s failed, error code = %d", __func__, res);
94 }
95 return (jint)res;
96}
97
98static jint native_replaceUidChain(JNIEnv* env, jobject clazz, jstring name, jboolean isAllowlist,
99 jintArray jUids) {
100 const ScopedUtfChars chainNameUtf8(env, name);
101 if (chainNameUtf8.c_str() == nullptr) {
102 return -EINVAL;
103 }
104 const std::string chainName(chainNameUtf8.c_str());
105
106 ScopedIntArrayRO uids(env, jUids);
107 if (uids.get() == nullptr) {
108 return -EINVAL;
109 }
110
111 size_t size = uids.size();
112 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
113 int res = mTc.replaceUidOwnerMap(chainName, isAllowlist, data);
114 if (res) {
115 ALOGE("%s failed, error code = %d", __func__, res);
116 }
117 return (jint)res;
118}
119
120static FirewallType getFirewallType(ChildChain chain) {
121 switch (chain) {
122 case DOZABLE:
123 return ALLOWLIST;
124 case STANDBY:
125 return DENYLIST;
126 case POWERSAVE:
127 return ALLOWLIST;
128 case RESTRICTED:
129 return ALLOWLIST;
130 case NONE:
131 default:
132 return DENYLIST;
133 }
134}
135
136static jint native_setUidRule(JNIEnv* env, jobject clazz, jint childChain, jint uid,
137 jint firewallRule) {
138 auto chain = static_cast<ChildChain>(childChain);
139 auto rule = static_cast<FirewallRule>(firewallRule);
140 FirewallType fType = getFirewallType(chain);
141
142 int res = mTc.changeUidOwnerRule(chain, uid, rule, fType);
143 if (res) {
144 ALOGE("%s failed, error code = %d", __func__, res);
145 }
146 return (jint)res;
147}
148
149static jint native_addUidInterfaceRules(JNIEnv* env, jobject clazz, jstring ifName,
150 jintArray jUids) {
151 const ScopedUtfChars ifNameUtf8(env, ifName);
152 if (ifNameUtf8.c_str() == nullptr) {
153 return -EINVAL;
154 }
155 const std::string interfaceName(ifNameUtf8.c_str());
156 const int ifIndex = if_nametoindex(interfaceName.c_str());
157
158 ScopedIntArrayRO uids(env, jUids);
159 if (uids.get() == nullptr) {
160 return -EINVAL;
161 }
162
163 size_t size = uids.size();
164 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
165 Status status = mTc.addUidInterfaceRules(ifIndex, data);
166 if (!isOk(status)) {
167 ALOGE("%s failed, error code = %d", __func__, status.code());
168 }
169 return (jint)status.code();
170}
171
172static jint native_removeUidInterfaceRules(JNIEnv* env, jobject clazz, jintArray jUids) {
173 ScopedIntArrayRO uids(env, jUids);
174 if (uids.get() == nullptr) {
175 return -EINVAL;
176 }
177
178 size_t size = uids.size();
179 std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
180 Status status = mTc.removeUidInterfaceRules(data);
181 if (!isOk(status)) {
182 ALOGE("%s failed, error code = %d", __func__, status.code());
183 }
184 return (jint)status.code();
185}
186
187static jint native_swapActiveStatsMap(JNIEnv* env, jobject clazz) {
188 Status status = mTc.swapActiveStatsMap();
189 if (!isOk(status)) {
190 ALOGD("%s failed, error code = %d", __func__, status.code());
191 }
192 return (jint)status.code();
193}
194
195static void native_setPermissionForUids(JNIEnv* env, jobject clazz, jint permission,
196 jintArray jUids) {
197 ScopedIntArrayRO uids(env, jUids);
198 if (uids.get() == nullptr) return;
199
200 size_t size = uids.size();
201 static_assert(sizeof(*(uids.get())) == sizeof(uid_t));
202 std::vector<uid_t> data ((uid_t *)&uids[0], (uid_t*)&uids[size]);
203 mTc.setPermissionForUids(permission, data);
204}
205
206static jint native_setCounterSet(JNIEnv* env, jobject clazz, jint setNum, jint uid) {
207 uid_t callingUid = getuid();
208 int res = mTc.setCounterSet(setNum, (uid_t)uid, callingUid);
209 if (res) {
210 ALOGE("%s failed, error code = %d", __func__, res);
211 }
212 return (jint)res;
213}
214
215static jint native_deleteTagData(JNIEnv* env, jobject clazz, jint tagNum, jint uid) {
216 uid_t callingUid = getuid();
217 int res = mTc.deleteTagData(tagNum, (uid_t)uid, callingUid);
218 if (res) {
219 ALOGE("%s failed, error code = %d", __func__, res);
220 }
221 return (jint)res;
222}
223
224/*
225 * JNI registration.
226 */
227// clang-format off
228static const JNINativeMethod gMethods[] = {
229 /* name, signature, funcPtr */
230 {"native_init", "()V",
231 (void*)native_init},
232 {"native_addNaughtyApp", "(I)I",
233 (void*)native_addNaughtyApp},
234 {"native_removeNaughtyApp", "(I)I",
235 (void*)native_removeNaughtyApp},
236 {"native_addNiceApp", "(I)I",
237 (void*)native_addNiceApp},
238 {"native_removeNiceApp", "(I)I",
239 (void*)native_removeNiceApp},
240 {"native_setChildChain", "(IZ)I",
241 (void*)native_setChildChain},
242 {"native_replaceUidChain", "(Ljava/lang/String;Z[I)I",
243 (void*)native_replaceUidChain},
244 {"native_setUidRule", "(III)I",
245 (void*)native_setUidRule},
246 {"native_addUidInterfaceRules", "(Ljava/lang/String;[I)I",
247 (void*)native_addUidInterfaceRules},
248 {"native_removeUidInterfaceRules", "([I)I",
249 (void*)native_removeUidInterfaceRules},
250 {"native_swapActiveStatsMap", "()I",
251 (void*)native_swapActiveStatsMap},
252 {"native_setPermissionForUids", "(I[I)V",
253 (void*)native_setPermissionForUids},
254 {"native_setCounterSet", "(II)I",
255 (void*)native_setCounterSet},
256 {"native_deleteTagData", "(II)I",
257 (void*)native_deleteTagData},
258};
259// clang-format on
260
261int register_com_android_server_BpfNetMaps(JNIEnv* env) {
262 return jniRegisterNativeMethods(env,
263 "com/android/server/BpfNetMaps",
264 gMethods, NELEM(gMethods));
265}
266
267}; // namespace android