Gitiles
Code Review Sign In
review.blissroms.org / platform_system_netd / refs/heads/p9.0 / . / server / NetdNativeService.cpp
blob: c1e3ffa3ba13c737143a0a7ff4b8761fa1275d3f [file] [log] [blame]
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]1/**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "Netd"
18
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]19#include <set>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]20#include <vector>
21
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]22#include <android-base/stringprintf.h>
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]23#include <android-base/strings.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]24#include <cutils/log.h>
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]25#include <cutils/properties.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]26#include <utils/Errors.h>
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]27#include <utils/String16.h>
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]28
29#include <binder/IPCThreadState.h>
30#include <binder/IServiceManager.h>
31#include "android/net/BnNetd.h"
32
Ben Schwartze7601812017-04-28 16:38:29 -0400[diff] [blame]33#include <openssl/base64.h>
34
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]35#include "Controllers.h"
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]36#include "DumpWriter.h"
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]37#include "EventReporter.h"
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]38#include "InterfaceController.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]39#include "NetdConstants.h"
40#include "NetdNativeService.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]41#include "RouteController.h"
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]42#include "SockDiag.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]43#include "UidRanges.h"
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]44
45using android::base::StringPrintf;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]46using android::os::PersistableBundle;
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]47
48namespace android {
49namespace net {
50
51namespace {
52
53const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]54const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]55const char DUMP[] = "android.permission.DUMP";
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]56
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]57binder::Status toBinderStatus(const netdutils::Status s) {
58 if (isOk(s)) {
59 return binder::Status::ok();
60 }
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]61 return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str());
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]62}
63
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]64binder::Status checkPermission(const char *permission) {
65 pid_t pid;
66 uid_t uid;
67
68 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
69 return binder::Status::ok();
70 } else {
71 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
72 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
73 }
74}
75
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]76#define ENFORCE_DEBUGGABLE() { \
77 char value[PROPERTY_VALUE_MAX + 1]; \
78 if (property_get("ro.debuggable", value, NULL) != 1 \
79 || value[0] != '1') { \
80 return binder::Status::fromExceptionCode( \
81 binder::Status::EX_SECURITY, \
82 String8("Not available in production builds.") \
83 ); \
84 } \
85}
86
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]87#define ENFORCE_PERMISSION(permission) { \
88 binder::Status status = checkPermission((permission)); \
89 if (!status.isOk()) { \
90 return status; \
91 } \
92}
93
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]94#define NETD_LOCKING_RPC(permission, lock) \
95 ENFORCE_PERMISSION(permission); \
96 android::RWLock::AutoWLock _lock(lock);
97
98#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]99
100inline binder::Status statusFromErrcode(int ret) {
101 if (ret) {
102 return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
103 }
104 return binder::Status::ok();
105}
106
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]107} // namespace
108
109
Lorenzo Colittie4851de2016-03-17 13:23:28 +0900[diff] [blame]110status_t NetdNativeService::start() {
111 IPCThreadState::self()->disableBackgroundScheduling(true);
112 status_t ret = BinderService<NetdNativeService>::publish();
113 if (ret != android::OK) {
114 return ret;
115 }
116 sp<ProcessState> ps(ProcessState::self());
117 ps->startThreadPool();
118 ps->giveThreadPoolName();
119 return android::OK;
120}
121
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]122status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]123 const binder::Status dump_permission = checkPermission(DUMP);
124 if (!dump_permission.isOk()) {
125 const String8 msg(dump_permission.toString8());
126 write(fd, msg.string(), msg.size());
127 return PERMISSION_DENIED;
128 }
129
130 // This method does not grab any locks. If individual classes need locking
131 // their dump() methods MUST handle locking appropriately.
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]132
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]133 DumpWriter dw(fd);
Hugo Benichi7b314e12018-01-15 21:54:00 +0900[diff] [blame]134
135 if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
136 dw.blankline();
137 gCtls->tcpSocketMonitor.dump(dw);
138 dw.blankline();
139 return NO_ERROR;
140 }
141
Chenbo Feng132065d2018-03-26 10:53:33 -0700[diff] [blame]142 if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
143 dw.blankline();
144 gCtls->trafficCtrl.dump(dw, true);
145 dw.blankline();
146 return NO_ERROR;
147 }
148
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]149 dw.blankline();
150 gCtls->netCtrl.dump(dw);
151 dw.blankline();
152
Chenbo Feng132065d2018-03-26 10:53:33 -0700[diff] [blame]153 gCtls->trafficCtrl.dump(dw, false);
154 dw.blankline();
155
Erik Kline2d3a1632016-03-15 16:33:48 +0900[diff] [blame]156 return NO_ERROR;
157}
158
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]159binder::Status NetdNativeService::isAlive(bool *alive) {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]160 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]161
162 *alive = true;
163 return binder::Status::ok();
164}
165
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]166binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
167 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
168 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
169
170 android::String8 name = android::String8(chainName);
171 int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
172 *ret = (err == 0);
173 return binder::Status::ok();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]174}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]175
176binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
177 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
178
179 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
180 *ret = (err == 0);
181 return binder::Status::ok();
182}
183
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]184binder::Status NetdNativeService::networkCreatePhysical(int32_t netId,
185 const std::string& permission) {
186 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
187 int ret = gCtls->netCtrl.createPhysicalNetwork(netId, stringToPermission(permission.c_str()));
188 return statusFromErrcode(ret);
189}
190
191binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
192 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
193 int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
194 return statusFromErrcode(ret);
195}
196
197binder::Status NetdNativeService::networkDestroy(int32_t netId) {
Erik Klinec8b6a9c2018-01-15 17:06:48 +0900[diff] [blame]198 ENFORCE_PERMISSION(NETWORK_STACK);
199 // Both of these functions manage their own locking internally.
200 const int ret = gCtls->netCtrl.destroyNetwork(netId);
201 gCtls->resolverCtrl.clearDnsServers(netId);
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]202 return statusFromErrcode(ret);
203}
204
205binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
206 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
207 int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
208 return statusFromErrcode(ret);
209}
210
211binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
212 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
213 int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
214 return statusFromErrcode(ret);
215}
216
217binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,
218 const std::vector<UidRange>& uidRangeArray) {
219 // NetworkController::addUsersToNetwork is thread-safe.
220 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
221 int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
222 return statusFromErrcode(ret);
223}
224
225binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,
226 const std::vector<UidRange>& uidRangeArray) {
227 // NetworkController::removeUsersFromNetwork is thread-safe.
228 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
229 int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
230 return statusFromErrcode(ret);
231}
232
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]233binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
234 const std::vector<UidRange>& uidRangeArray) {
235 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
236 // it should be possible to use the same lock as NetworkController. However, every call through
237 // the CommandListener "network" command will need to hold this lock too, not just the ones that
238 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
239 // look at routes, but it's not enough here).
240 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
241
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]242 UidRanges uidRanges(uidRangeArray);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]243
244 int err;
245 if (add) {
246 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
247 } else {
248 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
249 }
250
Lorenzo Colittid33e96d2016-12-15 23:59:01 +0900[diff] [blame]251 return statusFromErrcode(err);
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame]252}
253
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]254binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
255 const std::vector<int32_t>& skipUids) {
256
257 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
258
259 SockDiag sd;
260 if (!sd.open()) {
261 return binder::Status::fromServiceSpecificError(EIO,
262 String8("Could not open SOCK_DIAG socket"));
263 }
264
265 UidRanges uidRanges(uids);
Lorenzo Colittie5c3c992016-07-26 17:53:50 +0900[diff] [blame]266 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
267 true /* excludeLoopback */);
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]268
269 if (err) {
270 return binder::Status::fromServiceSpecificError(-err,
271 String8::format("destroySockets: %s", strerror(-err)));
272 }
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]273 return binder::Status::ok();
274}
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]275
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]276// Parse a base64 encoded string into a vector of bytes.
277// On failure, return an empty vector.
278static std::vector<uint8_t> parseBase64(const std::string& input) {
279 std::vector<uint8_t> decoded;
280 size_t out_len;
281 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
282 return decoded;
283 }
284 // out_len is now an upper bound on the output length.
285 decoded.resize(out_len);
286 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
287 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
288 // Possibly shrink the vector if the actual output was smaller than the bound.
289 decoded.resize(out_len);
290 } else {
291 decoded.clear();
292 }
293 if (out_len != SHA256_SIZE) {
294 decoded.clear();
295 }
296 return decoded;
297}
298
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]299binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
300 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
Erik Kline50c6dfc2018-03-04 21:01:56 +0900[diff] [blame]301 const std::vector<int32_t>& params, const std::string& tlsName,
302 const std::vector<std::string>& tlsServers,
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]303 const std::vector<std::string>& tlsFingerprints) {
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]304 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
305 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
306
Ben Schwartz4204ecf2017-10-02 12:35:48 -0400[diff] [blame]307 std::set<std::vector<uint8_t>> decoded_fingerprints;
308 for (const std::string& fingerprint : tlsFingerprints) {
309 std::vector<uint8_t> decoded = parseBase64(fingerprint);
310 if (decoded.empty()) {
311 return binder::Status::fromServiceSpecificError(EINVAL,
312 String8::format("ResolverController error: bad fingerprint"));
313 }
314 decoded_fingerprints.emplace(decoded);
315 }
316
317 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
Erik Kline50c6dfc2018-03-04 21:01:56 +0900[diff] [blame]318 tlsName, tlsServers, decoded_fingerprints);
Pierre Imaibeedec32016-04-13 06:44:51 +0900[diff] [blame]319 if (err != 0) {
320 return binder::Status::fromServiceSpecificError(-err,
321 String8::format("ResolverController error: %s", strerror(-err)));
322 }
323 return binder::Status::ok();
324}
325
326binder::Status NetdNativeService::getResolverInfo(int32_t netId,
327 std::vector<std::string>* servers, std::vector<std::string>* domains,
328 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
329 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
330 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
331
332 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
333 if (err != 0) {
334 return binder::Status::fromServiceSpecificError(-err,
335 String8::format("ResolverController error: %s", strerror(-err)));
336 }
Lorenzo Colitti563d98b2016-04-24 13:13:14 +0900[diff] [blame]337 return binder::Status::ok();
338}
339
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]340binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]341 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
Erik Klinef48e4dd2016-07-18 04:02:07 +0900[diff] [blame]342
343 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
344 return binder::Status::ok();
345}
346
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]347namespace {
348
349void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
350 String16 iface = String16(stats.extIface.c_str());
351 std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
352
353 bundle->getLongVector(iface, &statsVector);
354 if (statsVector.size() == 0) {
355 for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
356 }
357
Lorenzo Colitti9a65ac62017-09-04 18:07:56 +0900[diff] [blame]358 statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
359 statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
360 statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
361 statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]362
363 bundle->putLongVector(iface, statsVector);
364}
365
366} // namespace
367
368binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
369 NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
370
Lorenzo Colitti5192bf72017-09-04 13:30:59 +0900[diff] [blame]371 const auto& statsList = gCtls->tetherCtrl.getTetherStats();
Lorenzo Colitti9a8a9ff2017-01-31 19:06:59 +0900[diff] [blame]372 if (!isOk(statsList)) {
373 return toBinderStatus(statsList);
374 }
375
376 for (const auto& stats : statsList.value()) {
377 tetherAddStats(bundle, stats);
378 }
379
380 return binder::Status::ok();
381}
382
Erik Kline53c20882016-08-02 15:22:53 +0900[diff] [blame]383binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
384 const std::string &addrString, int prefixLength) {
385 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
386
387 const int err = InterfaceController::addAddress(
388 ifName.c_str(), addrString.c_str(), prefixLength);
389 if (err != 0) {
390 return binder::Status::fromServiceSpecificError(-err,
391 String8::format("InterfaceController error: %s", strerror(-err)));
392 }
393 return binder::Status::ok();
394}
395
396binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
397 const std::string &addrString, int prefixLength) {
398 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
399
400 const int err = InterfaceController::delAddress(
401 ifName.c_str(), addrString.c_str(), prefixLength);
402 if (err != 0) {
403 return binder::Status::fromServiceSpecificError(-err,
404 String8::format("InterfaceController error: %s", strerror(-err)));
405 }
406 return binder::Status::ok();
407}
408
Erik Kline55b06f82016-07-04 09:57:18 +0900[diff] [blame]409binder::Status NetdNativeService::setProcSysNet(
410 int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
411 const std::string &value) {
412 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
413
414 const char *familyStr;
415 switch (family) {
416 case INetd::IPV4:
417 familyStr = "ipv4";
418 break;
419 case INetd::IPV6:
420 familyStr = "ipv6";
421 break;
422 default:
423 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
424 }
425
426 const char *whichStr;
427 switch (which) {
428 case INetd::CONF:
429 whichStr = "conf";
430 break;
431 case INetd::NEIGH:
432 whichStr = "neigh";
433 break;
434 default:
435 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
436 }
437
438 const int err = InterfaceController::setParameter(
439 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
440 value.c_str());
441 if (err != 0) {
442 return binder::Status::fromServiceSpecificError(-err,
443 String8::format("ResolverController error: %s", strerror(-err)));
444 }
445 return binder::Status::ok();
446}
447
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]448binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
449 // This function intentionally does not lock, since the only thing it does is one read from an
450 // atomic_int.
451 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
452 ENFORCE_DEBUGGABLE();
453
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]454 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]455 return binder::Status::ok();
456}
457
458binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
459 // This function intentionally does not lock, since the only thing it does is one write to an
460 // atomic_int.
461 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
462 ENFORCE_DEBUGGABLE();
463
Michal Karpinskid5440112016-10-06 16:56:04 +0100[diff] [blame]464 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
465 ? binder::Status::ok()
466 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
Robin Lee2cf56172016-09-13 18:55:42 +0900[diff] [blame]467}
468
Benedict Wongb2daefb2017-12-06 22:05:46 -0800[diff] [blame]469binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
470 int newUid) {
471 ENFORCE_PERMISSION(NETWORK_STACK)
472 ALOGD("ipSecSetEncapSocketOwner()");
473
474 uid_t callerUid = IPCThreadState::self()->getCallingUid();
475 return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
476}
477
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]478binder::Status NetdNativeService::ipSecAllocateSpi(
479 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]480 const std::string& sourceAddress,
481 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]482 int32_t inSpi,
483 int32_t* outSpi) {
484 // Necessary locking done in IpSecService and kernel
485 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
486 ALOGD("ipSecAllocateSpi()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]487 return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]488 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]489 sourceAddress,
490 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]491 inSpi,
492 outSpi));
493}
494
495binder::Status NetdNativeService::ipSecAddSecurityAssociation(
496 int32_t transformId,
497 int32_t mode,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]498 const std::string& sourceAddress,
499 const std::string& destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]500 int32_t underlyingNetId,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]501 int32_t spi,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]502 int32_t markValue,
503 int32_t markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]504 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
505 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]506 const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]507 int32_t encapType,
508 int32_t encapLocalPort,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]509 int32_t encapRemotePort) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]510 // Necessary locking done in IpSecService and kernel
511 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
512 ALOGD("ipSecAddSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]513 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]514 transformId, mode, sourceAddress, destinationAddress,
Benedict Wong96abf482018-01-22 13:56:41 -0800[diff] [blame]515 underlyingNetId,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]516 spi, markValue, markMask,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]517 authAlgo, authKey, authTruncBits,
518 cryptAlgo, cryptKey, cryptTruncBits,
Benedict Wongbe65b432017-08-22 21:43:14 -0700[diff] [blame]519 aeadAlgo, aeadKey, aeadIcvBits,
ludiec836052017-05-20 14:17:05 -0700[diff] [blame]520 encapType, encapLocalPort, encapRemotePort));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]521}
522
523binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
524 int32_t transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]525 const std::string& sourceAddress,
526 const std::string& destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]527 int32_t spi,
528 int32_t markValue,
529 int32_t markMask) {
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]530 // Necessary locking done in IpSecService and kernel
531 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
532 ALOGD("ipSecDeleteSecurityAssociation()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]533 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]534 transformId,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]535 sourceAddress,
536 destinationAddress,
Di Lu2ccb3e52018-01-03 16:19:20 -0800[diff] [blame]537 spi,
538 markValue,
539 markMask));
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]540}
541
542binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
543 const android::base::unique_fd& socket,
544 int32_t transformId,
545 int32_t direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]546 const std::string& sourceAddress,
547 const std::string& destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]548 int32_t spi) {
549 // Necessary locking done in IpSecService and kernel
550 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
551 ALOGD("ipSecApplyTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]552 return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]553 socket,
554 transformId,
555 direction,
Nathan Haroldda54f122018-01-09 16:42:57 -0800[diff] [blame]556 sourceAddress,
557 destinationAddress,
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]558 spi));
559}
560
561binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
562 const android::base::unique_fd& socket) {
563 // Necessary locking done in IpSecService and kernel
564 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
565 ALOGD("ipSecRemoveTransportModeTransform()");
ludi6e8eccd2017-08-14 14:40:37 -0700[diff] [blame]566 return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
Nathan Harold1a371532017-01-30 12:30:48 -0800[diff] [blame]567 socket));
568}
569
Benedict Wong84a8dca2018-01-19 12:12:17 -0800[diff] [blame]570binder::Status NetdNativeService::ipSecAddSecurityPolicy(
571 int32_t transformId,
572 int32_t direction,
573 const std::string& sourceAddress,
574 const std::string& destinationAddress,
575 int32_t spi,
576 int32_t markValue,
577 int32_t markMask){
578 // Necessary locking done in IpSecService and kernel
579 ENFORCE_PERMISSION(NETWORK_STACK);
580 ALOGD("ipSecAddSecurityPolicy()");
581 return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
582 transformId,
583 direction,
584 sourceAddress,
585 destinationAddress,
586 spi,
587 markValue,
588 markMask));
589}
590
591binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
592 int32_t transformId,
593 int32_t direction,
594 const std::string& sourceAddress,
595 const std::string& destinationAddress,
596 int32_t spi,
597 int32_t markValue,
598 int32_t markMask){
599 // Necessary locking done in IpSecService and kernel
600 ENFORCE_PERMISSION(NETWORK_STACK);
601 ALOGD("ipSecAddSecurityPolicy()");
602 return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
603 transformId,
604 direction,
605 sourceAddress,
606 destinationAddress,
607 spi,
608 markValue,
609 markMask));
610}
611
612binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(
613 int32_t transformId,
614 int32_t direction,
615 const std::string& sourceAddress,
616 const std::string& destinationAddress,
617 int32_t markValue,
618 int32_t markMask){
619 // Necessary locking done in IpSecService and kernel
620 ENFORCE_PERMISSION(NETWORK_STACK);
621 ALOGD("ipSecAddSecurityPolicy()");
622 return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
623 transformId,
624 direction,
625 sourceAddress,
626 destinationAddress,
627 markValue,
628 markMask));
629}
630
manojboopathi8707f232018-01-02 14:45:47 -0800[diff] [blame]631binder::Status NetdNativeService::addVirtualTunnelInterface(
632 const std::string& deviceName,
633 const std::string& localAddress,
634 const std::string& remoteAddress,
635 int32_t iKey,
636 int32_t oKey) {
637 // Necessary locking done in IpSecService and kernel
638 ENFORCE_PERMISSION(NETWORK_STACK);
639 ALOGD("addVirtualTunnelInterface()");
640 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
641 deviceName,
642 localAddress,
643 remoteAddress,
644 iKey,
645 oKey,
646 false);
647
648 return (ret == 0) ? binder::Status::ok() :
649 asBinderStatus(netdutils::statusFromErrno(
650 ret, "Error in creating virtual tunnel interface."));
651}
652
653binder::Status NetdNativeService::updateVirtualTunnelInterface(
654 const std::string& deviceName,
655 const std::string& localAddress,
656 const std::string& remoteAddress,
657 int32_t iKey,
658 int32_t oKey) {
659 // Necessary locking done in IpSecService and kernel
660 ENFORCE_PERMISSION(NETWORK_STACK);
661 ALOGD("updateVirtualTunnelInterface()");
662 int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
663 deviceName,
664 localAddress,
665 remoteAddress,
666 iKey,
667 oKey,
668 true);
669
670 return (ret == 0) ? binder::Status::ok() :
671 asBinderStatus(netdutils::statusFromErrno(
672 ret, "Error in updating virtual tunnel interface."));
673}
674
675binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
676 // Necessary locking done in IpSecService and kernel
677 ENFORCE_PERMISSION(NETWORK_STACK);
678 ALOGD("removeVirtualTunnelInterface()");
679 int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
680
681 return (ret == 0) ? binder::Status::ok() :
682 asBinderStatus(netdutils::statusFromErrno(
683 ret, "Error in removing virtual tunnel interface."));
684}
685
Joel Scherpelzde937962017-06-01 13:20:21 +0900[diff] [blame]686binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
687 int32_t mode) {
688 ENFORCE_PERMISSION(NETWORK_STACK);
689 return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
690}
691
Joel Scherpelz08b84cd2017-05-22 13:11:54 +0900[diff] [blame]692binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
693 const std::string& prefix, int32_t mark,
694 int32_t mask) {
695 ENFORCE_PERMISSION(NETWORK_STACK);
696 return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
697}
698
699binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
700 const std::string& prefix, int32_t mark,
701 int32_t mask) {
702 ENFORCE_PERMISSION(NETWORK_STACK);
703 return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
704}
705
Chenbo Feng07d43fe2017-12-21 14:38:51 -0800[diff] [blame]706binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
707 ENFORCE_PERMISSION(NETWORK_STACK);
708 *ret = gCtls->trafficCtrl.checkBpfStatsEnable();
709 return binder::Status::ok();
710}
711
Lorenzo Colittie4d626e2016-02-02 17:19:04 +0900[diff] [blame]712} // namespace net
713} // namespace android