Blame - server/NetdNativeService.cpp - platform_system_netd

2016-02-02 17:19:04 +0900

[diff] [blame]

/**

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

17

#define LOG_TAG "Netd"

18

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

19

#include <cinttypes>

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

20

#include <numeric>

Ben Schwartz

4204ecf

2017-10-02 12:35:48 -0400

[diff] [blame]

21

#include <set>

Xiao Ma

64b15b7

2019-03-20 11:33:15 +0900

[diff] [blame]

22

#include <string>

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

23

#include <tuple>

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

24

#include <vector>

25

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

26

#include <android-base/file.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

27

#include <android-base/stringprintf.h>

Ben Schwartz

4204ecf

2017-10-02 12:35:48 -0400

[diff] [blame]

28

#include <android-base/strings.h>

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

29

#include <binder/IPCThreadState.h>

30

#include <binder/IServiceManager.h>

31

#include <binder/Status.h>

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

32

#include <cutils/properties.h>

Logan Chien

3f46148

2018-04-23 14:31:32 +0800

[diff] [blame]

33

#include <log/log.h>

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

34

#include <netdutils/DumpWriter.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

35

#include <utils/Errors.h>

Pierre Imai

beedec3

2016-04-13 06:44:51 +0900

[diff] [blame]

36

#include <utils/String16.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

37

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

38

#include "Controllers.h"

Chiachang Wang

00fc62f

2019-12-04 20:38:26 +0800

[diff] [blame]

39

#include "Fwmark.h"

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

40

#include "InterfaceController.h"

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

41

#include "NetdNativeService.h"

Luke Huang

0e5e69d

2019-03-06 15:42:38 +0800

[diff] [blame]

42

#include "OemNetdListener.h"

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

43

#include "Permission.h"

Erik Kline

8589004

2018-05-25 19:19:11 +0900

[diff] [blame]

44

#include "Process.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

45

#include "RouteController.h"

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

46

#include "SockDiag.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

47

#include "UidRanges.h"

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

48

#include "android/net/BnNetd.h"

Luke Huang

743e031

2020-05-26 17:21:28 +0800

[diff] [blame]

49

#include "binder_utils/BinderUtil.h"

50

#include "binder_utils/NetdPermissions.h"

Bernie Innocenti

189eb50

2018-10-01 23:10:18 +0900

[diff] [blame]

51

#include "netid_client.h" // NETID_UNSET

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

52

53

using android::base::StringPrintf;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

54

using android::base::WriteStringToFile;

Ken Chen

2021-04-04 11:28:06 +0800

[diff] [blame]

55

using android::net::NativeNetworkType;

Lorenzo Colitti

182cd3c

2020-04-04 00:44:01 +0900

[diff] [blame]

56

using android::net::TetherOffloadRuleParcel;

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

57

using android::net::TetherStatsParcel;

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

58

using android::net::UidRangeParcel;

Ken Chen

d9aa98a

2021-05-23 14:56:43 +0800

[diff] [blame]

59

using android::net::netd::aidl::NativeUidRangeConfig;

Luke Huang

b257d61

2019-03-14 21:19:13 +0800

[diff] [blame]

60

using android::netdutils::DumpWriter;

61

using android::netdutils::ScopedIndent;

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

62

using android::os::ParcelFileDescriptor;

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

namespace android {

namespace net {

namespace {

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

68

const char OPT_SHORT[] = "--short";

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

69

markchien

f97bab6

2020-02-24 11:52:20 +0800

[diff] [blame]

70

// The input permissions should be equivalent that this function would return ok if any of them is

71

// granted.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

72

binder::Status checkAnyPermission(const std::vector<const char*>& permissions) {

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

73

pid_t pid = IPCThreadState::self()->getCallingPid();

74

uid_t uid = IPCThreadState::self()->getCallingUid();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

75

markchien

f97bab6

2020-02-24 11:52:20 +0800

[diff] [blame]

76

// TODO: Do the pure permission check in this function. Have another method

77

// (e.g. checkNetworkStackPermission) to wrap AID_SYSTEM and

78

// AID_NETWORK_STACK uid check.

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

79

// If the caller is the system UID, don't check permissions.

80

// Otherwise, if the system server's binder thread pool is full, and all the threads are

81

// blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492

82

//

83

// From a security perspective, there is currently no difference, because:

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

84

// 1. The system server has the NETWORK_STACK permission, which grants access to all the

85

// IPCs in this file.

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

86

// 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

87

if (uid == AID_SYSTEM) {

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

88

return binder::Status::ok();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

89

}

markchien

f97bab6

2020-02-24 11:52:20 +0800

[diff] [blame]

90

// AID_NETWORK_STACK own MAINLINE_NETWORK_STACK permission, don't IPC to system server to check

91

// MAINLINE_NETWORK_STACK permission. Cross-process(netd, networkstack and system server)

92

// deadlock: http://b/149766727

93

if (uid == AID_NETWORK_STACK) {

94

for (const char* permission : permissions) {

95

if (std::strcmp(permission, PERM_MAINLINE_NETWORK_STACK) == 0) {

96

return binder::Status::ok();

97

}

98

}

99

}

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

100

101

for (const char* permission : permissions) {

102

if (checkPermission(String16(permission), pid, uid)) {

103

return binder::Status::ok();

}

}

auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s",

108

uid, pid, android::base::Join(permissions, ',').c_str());

109

return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, err.c_str());

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

110

}

111

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

112

#define ENFORCE_ANY_PERMISSION(...) \

113

do { \

114

binder::Status status = checkAnyPermission({__VA_ARGS__}); \

115

if (!status.isOk()) { \

116

return status; \

117

} \

118

} while (0)

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

119

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

120

#define NETD_LOCKING_RPC(lock, ... /* permissions */) \

121

ENFORCE_ANY_PERMISSION(__VA_ARGS__); \

Bernie Innocenti

abf8a34

2018-08-10 15:17:16 +0900

[diff] [blame]

122

std::lock_guard _lock(lock);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

123

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

124

#define NETD_BIG_LOCK_RPC(... /* permissions */) NETD_LOCKING_RPC(gBigNetdLock, __VA_ARGS__)

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

125

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

126

#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \

127

do { \

128

if (!isOk((res))) { \

129

logErrorStatus((logEntry), (res)); \

130

return asBinderStatus((res)); \

} \

} while (0)

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

134

#define ENFORCE_NETWORK_STACK_PERMISSIONS() \

135

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK)

136

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

137

void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {

138

gLog.log(logEntry.returns(status.code()).withAutomaticDuration());

139

}

140

Bernie Innocenti

97f388f

2018-10-16 19:17:08 +0900

[diff] [blame]

141

binder::Status asBinderStatus(const netdutils::Status& status) {

142

if (isOk(status)) {

143

return binder::Status::ok();

144

}

145

return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());

146

}

147

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

148

template <typename T>

149

binder::Status asBinderStatus(const base::Result<T> result) {

150

if (result.ok()) return binder::Status::ok();

151

152

return binder::Status::fromServiceSpecificError(result.error().code(),

153

result.error().message().c_str());

154

}

155

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

156

inline binder::Status statusFromErrcode(int ret) {

157

if (ret) {

158

return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));

159

}

160

return binder::Status::ok();

161

}

162

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

163

bool contains(const Vector<String16>& words, const String16& word) {

164

for (const auto& w : words) {

165

if (w == word) return true;

166

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

167

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

return false;

}

} // namespace

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

172

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

173

NetdNativeService::NetdNativeService() {

174

// register log callback to BnNetd::logFunc

Jooyung Han

f242258

2020-11-04 14:21:46 +0900

[diff] [blame]

175

BnNetd::logFunc = [](const auto& log) {

176

binderCallLogFn(log, [](const std::string& msg) { gLog.info("%s", msg.c_str()); });

177

};

Luke Huang

2019-05-02 18:10:15 +0800

[diff] [blame]

178

}

179

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

180

status_t NetdNativeService::start() {

181

IPCThreadState::self()->disableBackgroundScheduling(true);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

182

const status_t ret = BinderService<NetdNativeService>::publish();

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

183

if (ret != android::OK) {

184

return ret;

185

}

186

sp<ProcessState> ps(ProcessState::self());

187

ps->startThreadPool();

188

ps->giveThreadPoolName();

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

189

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

return android::OK;

}

Hugo Benichi

2018-01-15 21:54:00 +0900

[diff] [blame]

193

status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

194

const binder::Status dump_permission = checkAnyPermission({PERM_DUMP});

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

195

if (!dump_permission.isOk()) {

196

const String8 msg(dump_permission.toString8());

197

write(fd, msg.string(), msg.size());

198

return PERMISSION_DENIED;

199

}

200

201

// This method does not grab any locks. If individual classes need locking

202

// their dump() methods MUST handle locking appropriately.

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

203

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

204

DumpWriter dw(fd);

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

205

206

if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {

207

dw.blankline();

208

gCtls->tcpSocketMonitor.dump(dw);

dw.blankline();

return NO_ERROR;

}

Chenbo Feng

2018-03-26 10:53:33 -0700

[diff] [blame]

213

if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {

214

dw.blankline();

215

gCtls->trafficCtrl.dump(dw, true);

dw.blankline();

return NO_ERROR;

}

Erik Kline

2018-05-25 19:19:11 +0900

[diff] [blame]

220

process::dump(dw);

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

221

dw.blankline();

222

gCtls->netCtrl.dump(dw);

223

dw.blankline();

224

Chenbo Feng

ef29717

2018-03-26 10:53:33 -0700

[diff] [blame]

225

gCtls->trafficCtrl.dump(dw, false);

226

dw.blankline();

227

Benedict Wong

af85543

2018-05-10 17:07:37 -0700

[diff] [blame]

228

gCtls->xfrmCtrl.dump(dw);

229

dw.blankline();

230

Maciej Żenczykowski

5526271

2019-03-29 23:44:56 -0700

[diff] [blame]

231

gCtls->clatdCtrl.dump(dw);

232

dw.blankline();

233

Lorenzo Colitti

52db391

2020-02-17 23:59:45 +0900

[diff] [blame]

234

gCtls->tetherCtrl.dump(dw);

235

dw.blankline();

236

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

237

{

238

ScopedIndent indentLog(dw);

239

if (contains(args, String16(OPT_SHORT))) {

240

dw.println("Log: <omitted>");

241

} else {

242

dw.println("Log:");

243

ScopedIndent indentLogEntries(dw);

244

gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Luke Huang

2018-08-29 19:06:05 +0800

[diff] [blame]

249

{

250

ScopedIndent indentLog(dw);

251

if (contains(args, String16(OPT_SHORT))) {

252

dw.println("UnsolicitedLog: <omitted>");

253

} else {

254

dw.println("UnsolicitedLog:");

255

ScopedIndent indentLogEntries(dw);

256

gUnsolicitedLog.forEachEntry(

257

[&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

return NO_ERROR;

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

265

binder::Status NetdNativeService::isAlive(bool *alive) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

266

NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

267

268

*alive = true;

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

269

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

270

return binder::Status::ok();

271

}

272

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

273

binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,

Lorenzo Colitti

cdd79f1

2020-07-30 12:03:40 +0900

[diff] [blame]

274

bool isAllowlist,

275

const std::vector<int32_t>& uids,

276

bool* ret) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

277

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

cdd79f1

2020-07-30 12:03:40 +0900

[diff] [blame]

278

int err = gCtls->firewallCtrl.replaceUidChain(chainName, isAllowlist, uids);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

279

*ret = (err == 0);

280

return binder::Status::ok();

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

281

}

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

282

283

binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

284

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

285

int err = gCtls->bandwidthCtrl.enableDataSaver(enable);

286

*ret = (err == 0);

287

return binder::Status::ok();

288

}

289

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

290

binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,

291

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

292

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

293

int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

294

return statusFromErrcode(res);

295

}

296

297

binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

298

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

299

int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

300

return statusFromErrcode(res);

301

}

302

303

binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,

304

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

305

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

306

int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

307

return statusFromErrcode(res);

308

}

309

310

binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

311

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

312

int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

313

return statusFromErrcode(res);

314

}

315

316

binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

317

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

318

int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

319

return statusFromErrcode(res);

320

}

321

322

binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

323

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Patrick Rohr

2020-12-29 18:16:35 +0100

[diff] [blame]

324

std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};

325

int res = gCtls->bandwidthCtrl.addNaughtyApps(appUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

326

return statusFromErrcode(res);

327

}

328

329

binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

330

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Patrick Rohr

2020-12-29 18:16:35 +0100

[diff] [blame]

331

std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};

332

int res = gCtls->bandwidthCtrl.removeNaughtyApps(appUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

333

return statusFromErrcode(res);

334

}

335

336

binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

337

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Patrick Rohr

2020-12-29 18:16:35 +0100

[diff] [blame]

338

std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};

339

int res = gCtls->bandwidthCtrl.addNiceApps(appUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

340

return statusFromErrcode(res);

341

}

342

343

binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

344

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Patrick Rohr

2020-12-29 18:16:35 +0100

[diff] [blame]

345

std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};

346

int res = gCtls->bandwidthCtrl.removeNiceApps(appUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

347

return statusFromErrcode(res);

348

}

349

Ken Chen

2021-04-04 11:28:06 +0800

[diff] [blame]

350

// TODO: Remove this function when there are no users. Currently, it is still used by DNS resolver

351

// tests.

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

352

binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

353

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

354

int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

355

return statusFromErrcode(ret);

356

}

357

Ken Chen

2021-04-04 11:28:06 +0800

[diff] [blame]

358

// TODO: Remove this function when there are no users. Currently, it is still used by DNS resolver

359

// tests.

cken

67cd14c

2018-12-05 17:26:59 +0900

[diff] [blame]

360

binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

361

ENFORCE_NETWORK_STACK_PERMISSIONS();

Ken Chen

2021-04-04 11:28:06 +0800

[diff] [blame]

362

// The value of vpnType does not matter here, because it is not used in AOSP and is only

363

// implemented by OEMs. Also, the RPC is going to deprecate. Just pick a value defined in INetd

364

// as default.

365

int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure, NativeVpnType::LEGACY);

366

return statusFromErrcode(ret);

367

}

368

369

binder::Status NetdNativeService::networkCreate(const NativeNetworkConfig& config) {

370

ENFORCE_NETWORK_STACK_PERMISSIONS();

371

int ret = -EINVAL;

372

if (config.networkType == NativeNetworkType::PHYSICAL) {

373

ret = gCtls->netCtrl.createPhysicalNetwork(config.netId,

374

convertPermission(config.permission));

375

} else if (config.networkType == NativeNetworkType::VIRTUAL) {

376

ret = gCtls->netCtrl.createVirtualNetwork(config.netId, config.secure, config.vpnType);

377

}

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

378

return statusFromErrcode(ret);

379

}

380

381

binder::Status NetdNativeService::networkDestroy(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

382

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

d33a8f4

2019-03-14 16:10:04 +0800

[diff] [blame]

383

// NetworkController::destroyNetwork is thread-safe.

Mike Yu

4fe1b9c

2019-01-29 17:50:19 +0800

[diff] [blame]

384

const int ret = gCtls->netCtrl.destroyNetwork(netId);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

385

return statusFromErrcode(ret);

386

}

387

388

binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

389

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

390

int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());

391

return statusFromErrcode(ret);

392

}

393

394

binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

395

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

396

int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());

397

return statusFromErrcode(ret);

398

}

399

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

400

binder::Status NetdNativeService::networkAddUidRanges(

401

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

402

// NetworkController::addUsersToNetwork is thread-safe.

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

403

ENFORCE_NETWORK_STACK_PERMISSIONS();

Ken Chen

d9aa98a

2021-05-23 14:56:43 +0800

[diff] [blame]

404

int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray),

405

UidRanges::DEFAULT_SUB_PRIORITY);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

406

return statusFromErrcode(ret);

407

}

408

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

409

binder::Status NetdNativeService::networkRemoveUidRanges(

410

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

411

// NetworkController::removeUsersFromNetwork is thread-safe.

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

412

ENFORCE_NETWORK_STACK_PERMISSIONS();

Ken Chen

d9aa98a

2021-05-23 14:56:43 +0800

[diff] [blame]

413

int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray),

414

UidRanges::DEFAULT_SUB_PRIORITY);

415

return statusFromErrcode(ret);

416

}

417

418

binder::Status NetdNativeService::networkAddUidRangesParcel(const NativeUidRangeConfig& config) {

419

ENFORCE_NETWORK_STACK_PERMISSIONS();

420

int ret = gCtls->netCtrl.addUsersToNetwork(config.netId, UidRanges(config.uidRanges),

421

config.subPriority);

422

return statusFromErrcode(ret);

423

}

424

425

binder::Status NetdNativeService::networkRemoveUidRangesParcel(const NativeUidRangeConfig& config) {

426

ENFORCE_NETWORK_STACK_PERMISSIONS();

427

int ret = gCtls->netCtrl.removeUsersFromNetwork(config.netId, UidRanges(config.uidRanges),

428

config.subPriority);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

429

return statusFromErrcode(ret);

430

}

431

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

432

binder::Status NetdNativeService::networkRejectNonSecureVpn(

433

bool add, const std::vector<UidRangeParcel>& uidRangeArray) {

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

434

// TODO: elsewhere RouteController is only used from the tethering and network controllers, so

435

// it should be possible to use the same lock as NetworkController. However, every call through

436

// the CommandListener "network" command will need to hold this lock too, not just the ones that

437

// read/modify network internal state (that is sufficient for ::dump() because it doesn't

438

// look at routes, but it's not enough here).

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

439

NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

440

UidRanges uidRanges(uidRangeArray);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

int err;

if (add) {

err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);

445

} else {

446

err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);

447

}

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

448

return statusFromErrcode(err);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

449

}

450

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

451

binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,

452

const std::vector<int32_t>& skipUids) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

453

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

SockDiag sd;

if (!sd.open()) {

return binder::Status::fromServiceSpecificError(EIO,

458

String8("Could not open SOCK_DIAG socket"));

459

}

460

461

UidRanges uidRanges(uids);

Lorenzo Colitti

e5c3c99

2016-07-26 17:53:50 +0900

[diff] [blame]

462

int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),

463

true /* excludeLoopback */);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

464

if (err) {

465

return binder::Status::fromServiceSpecificError(-err,

466

String8::format("destroySockets: %s", strerror(-err)));

467

}

Pierre Imai

beedec3

2016-04-13 06:44:51 +0900

[diff] [blame]

468

return binder::Status::ok();

469

}

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

470

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

471

binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

472

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

473

*ret = gCtls->tetherCtrl.applyDnsInterfaces();

474

return binder::Status::ok();

475

}

476

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

477

namespace {

478

Hungming Chen

2020-03-12 16:21:03 +0800

[diff] [blame]

479

constexpr const int UNUSED_IFINDEX = 0;

480

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

481

void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,

482

const TetherController::TetherStats& tetherStats) {

483

if (tetherStatsParcel->extIface == tetherStats.extIface) {

484

tetherStatsParcel->rxBytes += tetherStats.rxBytes;

485

tetherStatsParcel->rxPackets += tetherStats.rxPackets;

486

tetherStatsParcel->txBytes += tetherStats.txBytes;

487

tetherStatsParcel->txPackets += tetherStats.txPackets;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

488

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

489

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

490

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

491

TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {

492

TetherStatsParcel result;

493

result.iface = stats.extIface;

494

result.rxBytes = stats.rxBytes;

495

result.rxPackets = stats.rxPackets;

496

result.txBytes = stats.txBytes;

497

result.txPackets = stats.txPackets;

Hungming Chen

2020-03-12 16:21:03 +0800

[diff] [blame]

498

result.ifIndex = UNUSED_IFINDEX;

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

499

return result;

500

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

501

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

502

void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,

503

const TetherController::TetherStatsList& statsList) {

504

std::map<std::string, TetherController::TetherStats> statsMap;

505

for (const auto& stats : statsList) {

506

auto iter = statsMap.find(stats.extIface);

507

if (iter != statsMap.end()) {

508

tetherAddStatsByInterface(&(iter->second), stats);

509

} else {

510

statsMap.insert(

511

std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));

512

}

513

}

514

for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {

515

tetherStatsVec->push_back(toTetherStatsParcel(iter->second));

}

}

std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {

520

std::vector<std::string> result;

521

for (const auto& t : *tVec) {

522

result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,

523

t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,

524

t.txPackets));

525

}

526

return result;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

}

} // namespace

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

531

binder::Status NetdNativeService::tetherGetStats(

532

std::vector<TetherStatsParcel>* tetherStatsParcelVec) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

533

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

5192bf7

2017-09-04 13:30:59 +0900

[diff] [blame]

534

const auto& statsList = gCtls->tetherCtrl.getTetherStats();

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

535

if (!isOk(statsList)) {

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

536

return asBinderStatus(statsList);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

537

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

538

setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());

539

auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

540

return binder::Status::ok();

541

}

542

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

543

binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,

544

const std::string &addrString, int prefixLength) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

545

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

546

const int err = InterfaceController::addAddress(

547

ifName.c_str(), addrString.c_str(), prefixLength);

548

if (err != 0) {

549

return binder::Status::fromServiceSpecificError(-err,

550

String8::format("InterfaceController error: %s", strerror(-err)));

551

}

552

return binder::Status::ok();

553

}

554

555

binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,

556

const std::string &addrString, int prefixLength) {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

557

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

558

const int err = InterfaceController::delAddress(

559

ifName.c_str(), addrString.c_str(), prefixLength);

560

if (err != 0) {

561

return binder::Status::fromServiceSpecificError(-err,

562

String8::format("InterfaceController error: %s", strerror(-err)));

563

}

564

return binder::Status::ok();

565

}

566

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

567

namespace {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

568

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

569

std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,

570

int32_t category) {

571

const char* ipversionStr = nullptr;

572

switch (ipversion) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

573

case INetd::IPV4:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

574

ipversionStr = "ipv4";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

575

break;

576

case INetd::IPV6:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

577

ipversionStr = "ipv6";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

578

break;

579

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

580

return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),

581

nullptr, nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

582

}

583

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

584

const char* whichStr = nullptr;

585

switch (category) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

case INetd::CONF:

whichStr = "conf";

break;

case INetd::NEIGH:

whichStr = "neigh";

break;

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

593

return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,

594

nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

595

}

596

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

597

return {binder::Status::ok(), ipversionStr, whichStr};

}

} // namespace

binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,

603

const std::string& ifname,

604

const std::string& parameter, std::string* value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

605

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

606

const auto pathParts = getPathComponents(ipversion, which);

607

const auto& pathStatus = std::get<0>(pathParts);

608

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

609

return pathStatus;

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

610

}

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

611

612

const int err = InterfaceController::getParameter(std::get<1>(pathParts),

613

std::get<2>(pathParts), ifname.c_str(),

614

parameter.c_str(), value);

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

615

return statusFromErrcode(err);

616

}

617

618

binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,

619

const std::string& ifname,

620

const std::string& parameter,

621

const std::string& value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

622

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

623

const auto pathParts = getPathComponents(ipversion, which);

624

const auto& pathStatus = std::get<0>(pathParts);

625

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

return pathStatus;

}

const int err = InterfaceController::setParameter(std::get<1>(pathParts),

630

std::get<2>(pathParts), ifname.c_str(),

631

parameter.c_str(), value.c_str());

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

632

return statusFromErrcode(err);

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

633

}

634

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

635

binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,

636

int newUid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

637

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

638

639

uid_t callerUid = IPCThreadState::self()->getCallingUid();

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

640

return asBinderStatus(

641

gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

642

}

643

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

644

binder::Status NetdNativeService::ipSecAllocateSpi(

645

int32_t transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

646

const std::string& sourceAddress,

647

const std::string& destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

648

int32_t inSpi,

649

int32_t* outSpi) {

650

// Necessary locking done in IpSecService and kernel

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

651

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

652

return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

653

transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

654

sourceAddress,

655

destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

inSpi,

outSpi));

}

binder::Status NetdNativeService::ipSecAddSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

661

int32_t transformId, int32_t mode, const std::string& sourceAddress,

662

const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,

663

int32_t markValue, int32_t markMask, const std::string& authAlgo,

664

const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,

665

const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,

666

const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,

667

int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

668

// Necessary locking done in IpSecService and kernel

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

669

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

670

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

671

transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,

672

markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

673

aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,

674

interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

675

}

676

677

binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

678

int32_t transformId, const std::string& sourceAddress,

679

const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,

680

int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

681

// Necessary locking done in IpSecService and kernel

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

682

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

683

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

684

transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

685

}

686

687

binder::Status NetdNativeService::ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

688

const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,

689

const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

690

// Necessary locking done in IpSecService and kernel

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

691

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

692

return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

693

socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

694

}

695

696

binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

697

const ParcelFileDescriptor& socket) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

698

// Necessary locking done in IpSecService and kernel

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

699

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

700

return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

701

}

702

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

703

binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,

704

int32_t direction,

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

705

const std::string& tmplSrcAddress,

706

const std::string& tmplDstAddress,

707

int32_t spi, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

708

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

709

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

710

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

711

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

712

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

713

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

714

}

715

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

716

binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(

717

int32_t transformId, int32_t selAddrFamily, int32_t direction,

718

const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,

719

int32_t markValue, int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

720

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

721

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

722

return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

723

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

724

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

725

}

726

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

727

binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,

728

int32_t selAddrFamily,

729

int32_t direction, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

730

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

731

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

732

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

733

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

734

transformId, selAddrFamily, direction, markValue, markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

735

}

736

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

737

binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,

738

const std::string& localAddress,

739

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

740

int32_t iKey, int32_t oKey,

741

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

742

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

743

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

744

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

745

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

746

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

747

}

748

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

749

binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,

750

const std::string& localAddress,

751

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

752

int32_t iKey, int32_t oKey,

753

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

754

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

755

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

756

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

757

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

758

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

759

}

760

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

761

binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

762

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

763

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

764

netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

765

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

766

}

767

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

768

binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,

769

int32_t mode) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

770

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

771

return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

772

}

773

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

774

binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,

775

const std::string& prefix, int32_t mark,

776

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

777

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

778

return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

779

}

780

781

binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,

782

const std::string& prefix, int32_t mark,

783

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

784

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

785

return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

786

}

787

Chenbo Feng

873ae14

2019-04-10 12:26:06 -0700

[diff] [blame]

788

binder::Status NetdNativeService::trafficSwapActiveStatsMap() {

789

ENFORCE_NETWORK_STACK_PERMISSIONS();

790

return asBinderStatus(gCtls->trafficCtrl.swapActiveStatsMap());

791

}

792

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

793

binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,

794

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

795

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

796

int res =

797

gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

798

return statusFromErrcode(res);

799

}

800

801

binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,

802

int32_t timeout,

803

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

804

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

805

int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,

806

classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

807

return statusFromErrcode(res);

808

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

809

810

binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

811

NETD_LOCKING_RPC(gCtls->strictCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

812

StrictPenalty penalty;

813

switch (policyPenalty) {

814

case INetd::PENALTY_POLICY_REJECT:

815

penalty = REJECT;

816

break;

817

case INetd::PENALTY_POLICY_LOG:

818

penalty = LOG;

819

break;

820

case INetd::PENALTY_POLICY_ACCEPT:

penalty = ACCEPT;

break;

default:

return statusFromErrcode(-EINVAL);

825

break;

826

}

827

int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

828

return statusFromErrcode(res);

829

}

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

830

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

831

binder::Status NetdNativeService::clatdStart(const std::string& ifName,

832

const std::string& nat64Prefix, std::string* v6Addr) {

Maciej Żenczykowski

5628027

2019-03-30 03:32:51 -0700

[diff] [blame]

833

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

834

int res = gCtls->clatdCtrl.startClatd(ifName.c_str(), nat64Prefix, v6Addr);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

835

return statusFromErrcode(res);

836

}

837

838

binder::Status NetdNativeService::clatdStop(const std::string& ifName) {

Maciej Żenczykowski

5628027

2019-03-30 03:32:51 -0700

[diff] [blame]

839

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

840

int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

841

return statusFromErrcode(res);

842

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

843

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

844

binder::Status NetdNativeService::ipfwdEnabled(bool* status) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

845

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

728cf4c

2019-03-14 19:43:02 +0800

[diff] [blame]

846

*status = (gCtls->tetherCtrl.getIpfwdRequesterList().size() > 0) ? true : false;

847

return binder::Status::ok();

848

}

849

850

binder::Status NetdNativeService::ipfwdGetRequesterList(std::vector<std::string>* requesterList) {

851

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

852

for (const auto& requester : gCtls->tetherCtrl.getIpfwdRequesterList()) {

853

requesterList->push_back(requester);

854

}

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

855

return binder::Status::ok();

856

}

857

858

binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

859

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

860

int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

861

return statusFromErrcode(res);

862

}

863

864

binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

865

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

866

int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

867

return statusFromErrcode(res);

868

}

869

870

binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,

871

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

872

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

873

int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

874

return statusFromErrcode(res);

875

}

876

877

binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,

878

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

879

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

880

int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

881

return statusFromErrcode(res);

882

}

883

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

884

namespace {

Luke Huang

2020-03-04 16:43:12 +0800

[diff] [blame]

885

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

886

std::string addCurlyBrackets(const std::string& s) {

887

return "{" + s + "}";

888

}

889

890

} // namespace

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

891

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

892

binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

893

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

894

const auto& ifaceList = InterfaceController::getIfaceNames();

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

895

896

interfaceListResult->clear();

897

interfaceListResult->reserve(ifaceList.value().size());

898

interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),

899

end(ifaceList.value()));

900

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

901

return binder::Status::ok();

902

}

903

904

std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {

905

std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,

906

std::to_string(cfg.prefixLength)};

907

result.insert(end(result), begin(cfg.flags), end(cfg.flags));

908

return addCurlyBrackets(base::Join(result, ", "));

909

}

910

911

binder::Status NetdNativeService::interfaceGetCfg(

912

const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

913

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

914

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

915

916

const auto& cfgRes = InterfaceController::getCfg(ifName);

917

RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);

918

919

*interfaceGetCfgResult = cfgRes.value();

920

gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))

921

.withAutomaticDuration());

922

return binder::Status::ok();

923

}

924

925

binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

926

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

927

auto entry = gLog.newEntry()

928

.prettyFunction(__PRETTY_FUNCTION__)

929

.arg(interfaceConfigurationParcelToString(cfg));

930

931

const auto& res = InterfaceController::setCfg(cfg);

932

RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);

933

934

gLog.log(entry.withAutomaticDuration());

935

return binder::Status::ok();

936

}

937

938

binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,

939

bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

940

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

941

int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

942

return statusFromErrcode(res);

943

}

944

945

binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

946

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

947

int res = InterfaceController::clearAddrs(ifName.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

948

return statusFromErrcode(res);

949

}

950

951

binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

952

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

953

int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

954

return statusFromErrcode(res);

955

}

956

957

binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

958

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

959

std::string mtu = std::to_string(mtuValue);

960

int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

961

return statusFromErrcode(res);

962

}

963

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

964

binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

965

TetherConfigParcel config;

966

config.usingLegacyDnsProxy = true;

967

config.dhcpRanges = dhcpRanges;

968

return tetherStartWithConfiguration(config);

Luke Huang

91bd3e1

2019-08-20 11:33:52 +0800

[diff] [blame]

969

}

970

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

971

binder::Status NetdNativeService::tetherStartWithConfiguration(const TetherConfigParcel& config) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

972

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

973

if (config.dhcpRanges.size() % 2 == 1) {

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

974

return statusFromErrcode(-EINVAL);

975

}

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

976

// TODO: Pass TetherConfigParcel directly.

977

int res = gCtls->tetherCtrl.startTethering(config.usingLegacyDnsProxy, config.dhcpRanges);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

978

return statusFromErrcode(res);

979

}

980

981

binder::Status NetdNativeService::tetherStop() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

982

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

983

int res = gCtls->tetherCtrl.stopTethering();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

984

return statusFromErrcode(res);

985

}

986

987

binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

988

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

989

*enabled = gCtls->tetherCtrl.isTetheringStarted();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

990

return binder::Status::ok();

991

}

992

993

binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

994

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

995

int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

996

return statusFromErrcode(res);

997

}

998

999

binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1000

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1001

int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1002

return statusFromErrcode(res);

1003

}

1004

1005

binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1006

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1007

for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {

1008

ifList->push_back(ifname);

1009

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1010

return binder::Status::ok();

1011

}

1012

1013

binder::Status NetdNativeService::tetherDnsSet(int32_t netId,

1014

const std::vector<std::string>& dnsAddrs) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1015

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1016

int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1017

return statusFromErrcode(res);

1018

}

1019

1020

binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1021

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1022

for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {

1023

dnsList->push_back(fwdr);

1024

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1025

return binder::Status::ok();

1026

}

1027

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1028

binder::Status NetdNativeService::networkAddRouteParcel(int32_t netId,

1029

const RouteInfoParcel& route) {

1030

// Public methods of NetworkController are thread-safe.

1031

ENFORCE_NETWORK_STACK_PERMISSIONS();

1032

bool legacy = false;

1033

uid_t uid = 0; // UID is only meaningful for legacy routes.

1034

1035

// convert Parcel to parameters

1036

int res = gCtls->netCtrl.addRoute(netId, route.ifName.c_str(), route.destination.c_str(),

1037

route.nextHop.empty() ? nullptr : route.nextHop.c_str(),

1038

legacy, uid, route.mtu);

1039

return statusFromErrcode(res);

1040

}

1041

1042

binder::Status NetdNativeService::networkUpdateRouteParcel(int32_t netId,

1043

const RouteInfoParcel& route) {

1044

// Public methods of NetworkController are thread-safe.

1045

ENFORCE_NETWORK_STACK_PERMISSIONS();

1046

bool legacy = false;

1047

uid_t uid = 0; // UID is only meaningful for legacy routes.

1048

1049

// convert Parcel to parameters

1050

int res = gCtls->netCtrl.updateRoute(netId, route.ifName.c_str(), route.destination.c_str(),

1051

route.nextHop.empty() ? nullptr : route.nextHop.c_str(),

1052

legacy, uid, route.mtu);

1053

return statusFromErrcode(res);

1054

}

1055

1056

binder::Status NetdNativeService::networkRemoveRouteParcel(int32_t netId,

1057

const RouteInfoParcel& route) {

1058

return networkRemoveRoute(netId, route.ifName, route.destination, route.nextHop);

1059

}

1060

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1061

binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,

1062

const std::string& destination,

1063

const std::string& nextHop) {

1064

// Public methods of NetworkController are thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1065

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1066

bool legacy = false;

1067

uid_t uid = 0; // UID is only meaningful for legacy routes.

1068

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1069

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid, 0);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1070

return statusFromErrcode(res);

1071

}

1072

1073

binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,

1074

const std::string& destination,

1075

const std::string& nextHop) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1076

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1077

bool legacy = false;

1078

uid_t uid = 0; // UID is only meaningful for legacy routes.

1079

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1080

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1081

return statusFromErrcode(res);

1082

}

1083

1084

binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,

1085

const std::string& destination,

1086

const std::string& nextHop, int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1087

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1088

bool legacy = true;

1089

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

1090

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1091

(uid_t)uid, 0);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1092

return statusFromErrcode(res);

1093

}

1094

1095

binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,

1096

const std::string& destination,

1097

const std::string& nextHop,

1098

int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1099

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1100

bool legacy = true;

1101

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1102

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

1103

(uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1104

return statusFromErrcode(res);

1105

}

1106

1107

binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1108

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1109

*netId = gCtls->netCtrl.getDefaultNetwork();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1110

return binder::Status::ok();

1111

}

1112

1113

binder::Status NetdNativeService::networkSetDefault(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1114

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1115

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1116

return statusFromErrcode(res);

1117

}

1118

1119

binder::Status NetdNativeService::networkClearDefault() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1120

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1121

unsigned netId = NETID_UNSET;

1122

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1123

return statusFromErrcode(res);

1124

}

1125

1126

std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {

1127

return {begin(intUids), end(intUids)};

1128

}

1129

1130

Permission NetdNativeService::convertPermission(int32_t permission) {

1131

switch (permission) {

1132

case INetd::PERMISSION_NETWORK:

1133

return Permission::PERMISSION_NETWORK;

1134

case INetd::PERMISSION_SYSTEM:

1135

return Permission::PERMISSION_SYSTEM;

1136

default:

1137

return Permission::PERMISSION_NONE;

}

}

binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,

1142

int32_t permission) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1143

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1144

std::vector<unsigned> netIds = {(unsigned) netId};

1145

int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1146

return statusFromErrcode(res);

1147

}

1148

1149

binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,

1150

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1151

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1152

gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1153

return binder::Status::ok();

1154

}

1155

1156

binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1157

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1158

Permission permission = Permission::PERMISSION_NONE;

1159

gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1160

return binder::Status::ok();

1161

}

1162

Ken Chen

155fb6a

2020-12-10 18:50:19 +0800

[diff] [blame]

1163

binder::Status NetdNativeService::networkSetProtectAllow(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1164

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1165

std::vector<uid_t> uids = {(uid_t) uid};

1166

gCtls->netCtrl.allowProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1167

return binder::Status::ok();

1168

}

1169

1170

binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1171

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1172

std::vector<uid_t> uids = {(uid_t) uid};

1173

gCtls->netCtrl.denyProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1174

return binder::Status::ok();

1175

}

1176

1177

binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1178

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1179

*ret = gCtls->netCtrl.canProtect((uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1180

return binder::Status::ok();

1181

}

1182

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1183

binder::Status NetdNativeService::trafficSetNetPermForUids(int32_t permission,

1184

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1185

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1186

gCtls->trafficCtrl.setPermissionForUids(permission, intsToUids(uids));

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1187

return binder::Status::ok();

1188

}

1189

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1190

binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1191

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1192

auto type = static_cast<FirewallType>(firewallType);

1193

1194

int res = gCtls->firewallCtrl.setFirewallType(type);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1195

return statusFromErrcode(res);

1196

}

1197

1198

binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,

1199

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1200

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1201

auto rule = static_cast<FirewallRule>(firewallRule);

1202

1203

int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1204

return statusFromErrcode(res);

1205

}

1206

1207

binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,

1208

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1209

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1210

auto chain = static_cast<ChildChain>(childChain);

1211

auto rule = static_cast<FirewallRule>(firewallRule);

1212

1213

int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1214

return statusFromErrcode(res);

1215

}

1216

1217

binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1218

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1219

auto chain = static_cast<ChildChain>(childChain);

1220

1221

int res = gCtls->firewallCtrl.enableChildChains(chain, enable);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1222

return statusFromErrcode(res);

1223

}

1224

Rubin Xu

ec27ff2

2019-01-08 21:33:03 +0000

[diff] [blame]

1225

binder::Status NetdNativeService::firewallAddUidInterfaceRules(const std::string& ifName,

1226

const std::vector<int32_t>& uids) {

1227

ENFORCE_NETWORK_STACK_PERMISSIONS();

1228

1229

return asBinderStatus(gCtls->trafficCtrl.addUidInterfaceRules(

1230

RouteController::getIfIndex(ifName.c_str()), uids));

1231

}

1232

1233

binder::Status NetdNativeService::firewallRemoveUidInterfaceRules(

1234

const std::vector<int32_t>& uids) {

1235

ENFORCE_NETWORK_STACK_PERMISSIONS();

1236

1237

return asBinderStatus(gCtls->trafficCtrl.removeUidInterfaceRules(uids));

1238

}

1239

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1240

binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,

1241

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1242

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1243

1244

int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1245

return statusFromErrcode(res);

1246

}

1247

1248

binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,

1249

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1250

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

ae038f8

2018-11-05 11:17:31 +0900

[diff] [blame]

1251

int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1252

return statusFromErrcode(res);

1253

}

1254

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1255

binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,

1256

const std::string& wmemValues) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1257

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1258

if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {

1259

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1260

return statusFromErrcode(ret);

1261

}

1262

1263

if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {

1264

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1265

return statusFromErrcode(ret);

1266

}

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1267

return binder::Status::ok();

1268

}

1269

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1270

binder::Status NetdNativeService::registerUnsolicitedEventListener(

1271

const android::sp<android::net::INetdUnsolicitedEventListener>& listener) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1272

ENFORCE_NETWORK_STACK_PERMISSIONS();

Bernie Innocenti

9ee088d

2019-02-01 17:14:32 +0900

[diff] [blame]

1273

gCtls->eventReporter.registerUnsolEventListener(listener);

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1274

return binder::Status::ok();

1275

}

1276

Luke Huang

e60bfd8

2019-04-26 11:39:31 +0800

[diff] [blame]

1277

binder::Status NetdNativeService::getOemNetd(android::sp<android::IBinder>* listener) {

1278

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

0e5e69d

2019-03-06 15:42:38 +0800

[diff] [blame]

1279

*listener = com::android::internal::net::OemNetdListener::getListener();

1280

Luke Huang

e60bfd8

2019-04-26 11:39:31 +0800

[diff] [blame]

1281

return binder::Status::ok();

1282

}

1283

Chiachang Wang

00fc62f

2019-12-04 20:38:26 +0800

[diff] [blame]

1284

binder::Status NetdNativeService::getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markMask) {

1285

ENFORCE_NETWORK_STACK_PERMISSIONS();

1286

1287

Fwmark fwmark;

1288

fwmark.netId = netId;

1289

markMask->mask = FWMARK_NET_ID_MASK;

1290

markMask->mark = fwmark.intValue;

1291

return binder::Status::ok();

1292

}

1293

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1294

// TODO: remark @deprecated in INetd.aidl.

1295

binder::Status NetdNativeService::tetherOffloadRuleAdd(const TetherOffloadRuleParcel& /* rule */) {

1296

// deprecated

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1297

ENFORCE_NETWORK_STACK_PERMISSIONS();

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1298

return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1299

}

1300

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1301

// TODO: remark @deprecated in INetd.aidl.

1302

binder::Status NetdNativeService::tetherOffloadRuleRemove(

1303

const TetherOffloadRuleParcel& /* rule */) {

1304

// deprecated

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1305

ENFORCE_NETWORK_STACK_PERMISSIONS();

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1306

return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1307

}

1308

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1309

// TODO: remark @deprecated in INetd.aidl.

Hungming Chen

2020-03-12 16:21:03 +0800

[diff] [blame]

1310

binder::Status NetdNativeService::tetherOffloadGetStats(

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1311

std::vector<TetherStatsParcel>* /* tetherStatsParcelVec */) {

1312

// deprecated

Hungming Chen

2020-03-12 16:21:03 +0800

[diff] [blame]

1313

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1314

return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);

Hungming Chen

2020-03-12 16:21:03 +0800

[diff] [blame]

1315

}

1316

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1317

// TODO: remark @deprecated in INetd.aidl.

1318

binder::Status NetdNativeService::tetherOffloadSetInterfaceQuota(int /* ifIndex */,

1319

int64_t /* quotaBytes */) {

1320

// deprecated

Hungming Chen

0c47671

2020-03-16 13:53:19 +0800

[diff] [blame]

1321

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1322

return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);

Hungming Chen

0c47671

2020-03-16 13:53:19 +0800

[diff] [blame]

1323

}

1324

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1325

// TODO: remark @deprecated in INetd.aidl.

Hungming Chen

468a20c

2020-04-17 20:00:27 +0800

[diff] [blame]

1326

binder::Status NetdNativeService::tetherOffloadGetAndClearStats(

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1327

int /* ifIndex */, android::net::TetherStatsParcel* /* tetherStats */) {

1328

// deprecated

Hungming Chen

468a20c

2020-04-17 20:00:27 +0800

[diff] [blame]

1329

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Hungming Chen

2021-02-04 20:31:52 +0800

[diff] [blame]

1330

return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);

Hungming Chen

468a20c

2020-04-17 20:00:27 +0800

[diff] [blame]

1331

}

1332

Lorenzo Colitti