Blame - server/NetdNativeService.cpp - platform_system_netd

2016-02-02 17:19:04 +0900

[diff] [blame]

/**

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

17

#define LOG_TAG "Netd"

18

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

19

#include <cinttypes>

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

20

#include <numeric>

Ben Schwartz

4204ecf

2017-10-02 12:35:48 -0400

[diff] [blame]

21

#include <set>

Xiao Ma

64b15b7

2019-03-20 11:33:15 +0900

[diff] [blame]

22

#include <string>

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

23

#include <tuple>

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

24

#include <vector>

25

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

26

#include <android-base/file.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

27

#include <android-base/stringprintf.h>

Ben Schwartz

4204ecf

2017-10-02 12:35:48 -0400

[diff] [blame]

28

#include <android-base/strings.h>

Luke Huang

e3f1181

2019-05-02 18:10:15 +0800

[diff] [blame]

29

#include <binder/IPCThreadState.h>

30

#include <binder/IServiceManager.h>

31

#include <binder/Status.h>

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

32

#include <cutils/properties.h>

Logan Chien

3f46148

2018-04-23 14:31:32 +0800

[diff] [blame]

33

#include <log/log.h>

Luke Huang

e3f1181

2019-05-02 18:10:15 +0800

[diff] [blame]

34

#include <netdutils/DumpWriter.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

35

#include <utils/Errors.h>

Pierre Imai

beedec3

2016-04-13 06:44:51 +0900

[diff] [blame]

36

#include <utils/String16.h>

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

37

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

38

#include "Controllers.h"

Chiachang Wang

00fc62f

2019-12-04 20:38:26 +0800

[diff] [blame]

39

#include "Fwmark.h"

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

40

#include "InterfaceController.h"

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

41

#include "NetdNativeService.h"

Luke Huang

0e5e69d

2019-03-06 15:42:38 +0800

[diff] [blame]

42

#include "OemNetdListener.h"

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

43

#include "Permission.h"

Erik Kline

8589004

2018-05-25 19:19:11 +0900

[diff] [blame]

44

#include "Process.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

45

#include "RouteController.h"

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

46

#include "SockDiag.h"

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

47

#include "UidRanges.h"

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

48

#include "android/net/BnNetd.h"

Luke Huang

3b56e5c

2020-05-26 17:21:28 +0800

[diff] [blame]

49

#include "binder_utils/BinderUtil.h"

50

#include "binder_utils/NetdPermissions.h"

Bernie Innocenti

189eb50

2018-10-01 23:10:18 +0900

[diff] [blame]

51

#include "netid_client.h" // NETID_UNSET

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

52

53

using android::base::StringPrintf;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

54

using android::base::WriteStringToFile;

Lorenzo Colitti

2020-04-06 09:19:57 +0000

[diff] [blame]

55

using android::net::TetherOffloadRuleParcel;

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

56

using android::net::TetherStatsParcel;

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

57

using android::net::UidRangeParcel;

Luke Huang

b257d61

2019-03-14 21:19:13 +0800

[diff] [blame]

58

using android::netdutils::DumpWriter;

59

using android::netdutils::ScopedIndent;

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

60

using android::os::ParcelFileDescriptor;

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

namespace android {

namespace net {

namespace {

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

66

const char OPT_SHORT[] = "--short";

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

67

Automerger Merge Worker

2b0f586

2020-03-05 12:25:24 +0000

[diff] [blame]

68

// The input permissions should be equivalent that this function would return ok if any of them is

69

// granted.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

70

binder::Status checkAnyPermission(const std::vector<const char*>& permissions) {

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

71

pid_t pid = IPCThreadState::self()->getCallingPid();

72

uid_t uid = IPCThreadState::self()->getCallingUid();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

73

Automerger Merge Worker

2b0f586

2020-03-05 12:25:24 +0000

[diff] [blame]

74

// TODO: Do the pure permission check in this function. Have another method

75

// (e.g. checkNetworkStackPermission) to wrap AID_SYSTEM and

76

// AID_NETWORK_STACK uid check.

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

77

// If the caller is the system UID, don't check permissions.

78

// Otherwise, if the system server's binder thread pool is full, and all the threads are

79

// blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492

80

//

81

// From a security perspective, there is currently no difference, because:

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

82

// 1. The system server has the NETWORK_STACK permission, which grants access to all the

83

// IPCs in this file.

Luke Huang

a38b65c

2018-09-26 16:31:03 +0800

[diff] [blame]

84

// 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

85

if (uid == AID_SYSTEM) {

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

86

return binder::Status::ok();

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

87

}

Automerger Merge Worker

2b0f586

2020-03-05 12:25:24 +0000

[diff] [blame]

88

// AID_NETWORK_STACK own MAINLINE_NETWORK_STACK permission, don't IPC to system server to check

89

// MAINLINE_NETWORK_STACK permission. Cross-process(netd, networkstack and system server)

90

// deadlock: http://b/149766727

91

if (uid == AID_NETWORK_STACK) {

92

for (const char* permission : permissions) {

93

if (std::strcmp(permission, PERM_MAINLINE_NETWORK_STACK) == 0) {

94

return binder::Status::ok();

95

}

96

}

97

}

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

98

99

for (const char* permission : permissions) {

100

if (checkPermission(String16(permission), pid, uid)) {

101

return binder::Status::ok();

}

}

auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s",

106

uid, pid, android::base::Join(permissions, ',').c_str());

107

return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, err.c_str());

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

108

}

109

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

110

#define ENFORCE_ANY_PERMISSION(...) \

111

do { \

112

binder::Status status = checkAnyPermission({__VA_ARGS__}); \

113

if (!status.isOk()) { \

114

return status; \

115

} \

116

} while (0)

Robin Lee

2cf5617

2016-09-13 18:55:42 +0900

[diff] [blame]

117

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

118

#define NETD_LOCKING_RPC(lock, ... /* permissions */) \

119

ENFORCE_ANY_PERMISSION(__VA_ARGS__); \

Bernie Innocenti

abf8a34

2018-08-10 15:17:16 +0900

[diff] [blame]

120

std::lock_guard _lock(lock);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

121

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

122

#define NETD_BIG_LOCK_RPC(... /* permissions */) NETD_LOCKING_RPC(gBigNetdLock, __VA_ARGS__)

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

123

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

124

#define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \

125

do { \

126

if (!isOk((res))) { \

127

logErrorStatus((logEntry), (res)); \

128

return asBinderStatus((res)); \

} \

} while (0)

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

132

#define ENFORCE_NETWORK_STACK_PERMISSIONS() \

133

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK)

134

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

135

void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {

136

gLog.log(logEntry.returns(status.code()).withAutomaticDuration());

137

}

138

Bernie Innocenti

97f388f

2018-10-16 19:17:08 +0900

[diff] [blame]

139

binder::Status asBinderStatus(const netdutils::Status& status) {

140

if (isOk(status)) {

141

return binder::Status::ok();

142

}

143

return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());

144

}

145

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

146

template <typename T>

147

binder::Status asBinderStatus(const base::Result<T> result) {

148

if (result.ok()) return binder::Status::ok();

149

150

return binder::Status::fromServiceSpecificError(result.error().code(),

151

result.error().message().c_str());

152

}

153

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

154

inline binder::Status statusFromErrcode(int ret) {

155

if (ret) {

156

return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));

157

}

158

return binder::Status::ok();

159

}

160

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

161

bool contains(const Vector<String16>& words, const String16& word) {

162

for (const auto& w : words) {

163

if (w == word) return true;

164

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

165

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

return false;

}

} // namespace

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

170

Luke Huang

e3f1181

2019-05-02 18:10:15 +0800

[diff] [blame]

171

NetdNativeService::NetdNativeService() {

172

// register log callback to BnNetd::logFunc

173

BnNetd::logFunc = std::bind(binderCallLogFn, std::placeholders::_1,

174

[](const std::string& msg) { gLog.info("%s", msg.c_str()); });

175

}

176

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

177

status_t NetdNativeService::start() {

178

IPCThreadState::self()->disableBackgroundScheduling(true);

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

179

const status_t ret = BinderService<NetdNativeService>::publish();

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

180

if (ret != android::OK) {

181

return ret;

182

}

183

sp<ProcessState> ps(ProcessState::self());

184

ps->startThreadPool();

185

ps->giveThreadPoolName();

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

186

Lorenzo Colitti

e4851de

2016-03-17 13:23:28 +0900

[diff] [blame]

return android::OK;

}

Hugo Benichi

2018-01-15 21:54:00 +0900

[diff] [blame]

190

status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

191

const binder::Status dump_permission = checkAnyPermission({PERM_DUMP});

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

192

if (!dump_permission.isOk()) {

193

const String8 msg(dump_permission.toString8());

194

write(fd, msg.string(), msg.size());

195

return PERMISSION_DENIED;

196

}

197

198

// This method does not grab any locks. If individual classes need locking

199

// their dump() methods MUST handle locking appropriately.

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

200

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

201

DumpWriter dw(fd);

Hugo Benichi

7b314e1

2018-01-15 21:54:00 +0900

[diff] [blame]

202

203

if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {

204

dw.blankline();

205

gCtls->tcpSocketMonitor.dump(dw);

dw.blankline();

return NO_ERROR;

}

Chenbo Feng

2018-03-26 10:53:33 -0700

[diff] [blame]

210

if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {

211

dw.blankline();

212

gCtls->trafficCtrl.dump(dw, true);

dw.blankline();

return NO_ERROR;

}

Erik Kline

2018-05-25 19:19:11 +0900

[diff] [blame]

217

process::dump(dw);

Erik Kline

2d3a163

2016-03-15 16:33:48 +0900

[diff] [blame]

218

dw.blankline();

219

gCtls->netCtrl.dump(dw);

220

dw.blankline();

221

Chenbo Feng

ef29717

2018-03-26 10:53:33 -0700

[diff] [blame]

222

gCtls->trafficCtrl.dump(dw, false);

223

dw.blankline();

224

Benedict Wong

af85543

2018-05-10 17:07:37 -0700

[diff] [blame]

225

gCtls->xfrmCtrl.dump(dw);

226

dw.blankline();

227

Maciej Żenczykowski

5526271

2019-03-29 23:44:56 -0700

[diff] [blame]

228

gCtls->clatdCtrl.dump(dw);

229

dw.blankline();

230

Lorenzo Colitti

52db391

2020-02-17 23:59:45 +0900

[diff] [blame]

231

gCtls->tetherCtrl.dump(dw);

232

dw.blankline();

233

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

234

{

235

ScopedIndent indentLog(dw);

236

if (contains(args, String16(OPT_SHORT))) {

237

dw.println("Log: <omitted>");

238

} else {

239

dw.println("Log:");

240

ScopedIndent indentLogEntries(dw);

241

gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Luke Huang

2018-08-29 19:06:05 +0800

[diff] [blame]

246

{

247

ScopedIndent indentLog(dw);

248

if (contains(args, String16(OPT_SHORT))) {

249

dw.println("UnsolicitedLog: <omitted>");

250

} else {

251

dw.println("UnsolicitedLog:");

252

ScopedIndent indentLogEntries(dw);

253

gUnsolicitedLog.forEachEntry(

254

[&dw](const std::string& entry) mutable { dw.println(entry); });

}

dw.blankline();

}

Erik Kline

2016-03-15 16:33:48 +0900

[diff] [blame]

return NO_ERROR;

}

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

262

binder::Status NetdNativeService::isAlive(bool *alive) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

263

NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

264

265

*alive = true;

Erik Kline

2018-06-06 20:50:11 +0900

[diff] [blame]

266

Lorenzo Colitti

2016-02-02 17:19:04 +0900

[diff] [blame]

267

return binder::Status::ok();

268

}

269

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

270

binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

271

bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

272

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Erik Kline

f52d452

2018-03-14 15:01:46 +0900

[diff] [blame]

273

int err = gCtls->firewallCtrl.replaceUidChain(chainName, isWhitelist, uids);

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

274

*ret = (err == 0);

275

return binder::Status::ok();

Lorenzo Colitti

2016-02-26 11:38:47 +0900

[diff] [blame]

276

}

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

277

278

binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

279

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

dedd271

2016-03-22 12:36:29 +0900

[diff] [blame]

280

int err = gCtls->bandwidthCtrl.enableDataSaver(enable);

281

*ret = (err == 0);

282

return binder::Status::ok();

283

}

284

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

285

binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,

286

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

287

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

288

int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

289

return statusFromErrcode(res);

290

}

291

292

binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

293

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

294

int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

295

return statusFromErrcode(res);

296

}

297

298

binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,

299

int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

300

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

301

int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

302

return statusFromErrcode(res);

303

}

304

305

binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

306

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

307

int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

308

return statusFromErrcode(res);

309

}

310

311

binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

312

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

313

int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

314

return statusFromErrcode(res);

315

}

316

317

binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

318

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

319

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

320

int res = gCtls->bandwidthCtrl.addNaughtyApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

321

return statusFromErrcode(res);

322

}

323

324

binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

325

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

326

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

327

int res = gCtls->bandwidthCtrl.removeNaughtyApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

328

return statusFromErrcode(res);

329

}

330

331

binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

332

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

333

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

334

int res = gCtls->bandwidthCtrl.addNiceApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

335

return statusFromErrcode(res);

336

}

337

338

binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

339

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

340

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

341

int res = gCtls->bandwidthCtrl.removeNiceApps(appStrUids);

Luke Huang

2018-08-03 15:19:05 +0800

[diff] [blame]

342

return statusFromErrcode(res);

343

}

344

Uldiniad

b198ec9

2018-03-01 08:54:00 -0500

[diff] [blame]

345

binder::Status NetdNativeService::bandwidthAddRestrictAppOnInterface(const std::string& usecase,

346

const std::string& ifName, int32_t uid) {

347

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

348

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

349

int res = gCtls->bandwidthCtrl.addRestrictAppsOnInterface(usecase, ifName, appStrUids);

350

return statusFromErrcode(res);

351

}

352

353

binder::Status NetdNativeService::bandwidthRemoveRestrictAppOnInterface(const std::string& usecase,

354

const std::string& ifName, int32_t uid) {

355

NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

356

std::vector<std::string> appStrUids = {std::to_string(abs(uid))};

357

int res = gCtls->bandwidthCtrl.removeRestrictAppsOnInterface(usecase, ifName, appStrUids);

358

return statusFromErrcode(res);

359

}

360

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

361

binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

362

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

363

int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

364

return statusFromErrcode(ret);

365

}

366

cken

67cd14c

2018-12-05 17:26:59 +0900

[diff] [blame]

367

binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

368

ENFORCE_NETWORK_STACK_PERMISSIONS();

cken

67cd14c

2018-12-05 17:26:59 +0900

[diff] [blame]

369

int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

370

return statusFromErrcode(ret);

371

}

372

373

binder::Status NetdNativeService::networkDestroy(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

374

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

d33a8f4

2019-03-14 16:10:04 +0800

[diff] [blame]

375

// NetworkController::destroyNetwork is thread-safe.

Mike Yu

4fe1b9c

2019-01-29 17:50:19 +0800

[diff] [blame]

376

const int ret = gCtls->netCtrl.destroyNetwork(netId);

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

377

return statusFromErrcode(ret);

378

}

379

380

binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

381

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

382

int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());

383

return statusFromErrcode(ret);

384

}

385

386

binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

387

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

388

int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());

389

return statusFromErrcode(ret);

390

}

391

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

392

binder::Status NetdNativeService::networkAddUidRanges(

393

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

394

// NetworkController::addUsersToNetwork is thread-safe.

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

395

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

396

int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));

397

return statusFromErrcode(ret);

398

}

399

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

400

binder::Status NetdNativeService::networkRemoveUidRanges(

401

int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

402

// NetworkController::removeUsersFromNetwork is thread-safe.

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

403

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

404

int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));

405

return statusFromErrcode(ret);

406

}

407

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

408

binder::Status NetdNativeService::networkRejectNonSecureVpn(

409

bool add, const std::vector<UidRangeParcel>& uidRangeArray) {

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

410

// TODO: elsewhere RouteController is only used from the tethering and network controllers, so

411

// it should be possible to use the same lock as NetworkController. However, every call through

412

// the CommandListener "network" command will need to hold this lock too, not just the ones that

413

// read/modify network internal state (that is sufficient for ::dump() because it doesn't

414

// look at routes, but it's not enough here).

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

415

NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

416

UidRanges uidRanges(uidRangeArray);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

int err;

if (add) {

err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);

421

} else {

422

err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);

423

}

Lorenzo Colitti

2016-12-15 23:59:01 +0900

[diff] [blame]

424

return statusFromErrcode(err);

Robin Lee

2016-03-30 18:43:08 +0100

[diff] [blame]

425

}

426

Luke Huang

2018-10-18 19:35:12 +0900

[diff] [blame]

427

binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,

428

const std::vector<int32_t>& skipUids) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

429

ENFORCE_NETWORK_STACK_PERMISSIONS();

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

SockDiag sd;

if (!sd.open()) {

return binder::Status::fromServiceSpecificError(EIO,

434

String8("Could not open SOCK_DIAG socket"));

435

}

436

437

UidRanges uidRanges(uids);

Lorenzo Colitti

e5c3c99

2016-07-26 17:53:50 +0900

[diff] [blame]

438

int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),

439

true /* excludeLoopback */);

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

440

if (err) {

441

return binder::Status::fromServiceSpecificError(-err,

442

String8::format("destroySockets: %s", strerror(-err)));

443

}

Pierre Imai

beedec3

2016-04-13 06:44:51 +0900

[diff] [blame]

444

return binder::Status::ok();

445

}

Lorenzo Colitti

2016-04-24 13:13:14 +0900

[diff] [blame]

446

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

447

binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

448

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Erik Kline

f48e4dd

2016-07-18 04:02:07 +0900

[diff] [blame]

449

*ret = gCtls->tetherCtrl.applyDnsInterfaces();

450

return binder::Status::ok();

451

}

452

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

453

namespace {

454

Hungming Chen

41b0ed9

2020-06-02 00:13:20 +0000

[diff] [blame]

455

constexpr const int UNUSED_IFINDEX = 0;

456

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

457

void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,

458

const TetherController::TetherStats& tetherStats) {

459

if (tetherStatsParcel->extIface == tetherStats.extIface) {

460

tetherStatsParcel->rxBytes += tetherStats.rxBytes;

461

tetherStatsParcel->rxPackets += tetherStats.rxPackets;

462

tetherStatsParcel->txBytes += tetherStats.txBytes;

463

tetherStatsParcel->txPackets += tetherStats.txPackets;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

464

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

465

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

466

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

467

TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {

468

TetherStatsParcel result;

469

result.iface = stats.extIface;

470

result.rxBytes = stats.rxBytes;

471

result.rxPackets = stats.rxPackets;

472

result.txBytes = stats.txBytes;

473

result.txPackets = stats.txPackets;

Hungming Chen

41b0ed9

2020-06-02 00:13:20 +0000

[diff] [blame]

474

result.ifIndex = UNUSED_IFINDEX;

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

475

return result;

476

}

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

477

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

478

void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,

479

const TetherController::TetherStatsList& statsList) {

480

std::map<std::string, TetherController::TetherStats> statsMap;

481

for (const auto& stats : statsList) {

482

auto iter = statsMap.find(stats.extIface);

483

if (iter != statsMap.end()) {

484

tetherAddStatsByInterface(&(iter->second), stats);

485

} else {

486

statsMap.insert(

487

std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));

488

}

489

}

490

for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {

491

tetherStatsVec->push_back(toTetherStatsParcel(iter->second));

}

}

std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {

496

std::vector<std::string> result;

497

for (const auto& t : *tVec) {

498

result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,

499

t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,

500

t.txPackets));

501

}

502

return result;

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

}

} // namespace

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

507

binder::Status NetdNativeService::tetherGetStats(

508

std::vector<TetherStatsParcel>* tetherStatsParcelVec) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

509

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

5192bf7

2017-09-04 13:30:59 +0900

[diff] [blame]

510

const auto& statsList = gCtls->tetherCtrl.getTetherStats();

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

511

if (!isOk(statsList)) {

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

512

return asBinderStatus(statsList);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

513

}

Luke Huang

2018-09-27 20:37:14 +0800

[diff] [blame]

514

setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());

515

auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);

Lorenzo Colitti

2017-01-31 19:06:59 +0900

[diff] [blame]

516

return binder::Status::ok();

517

}

518

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

519

binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,

520

const std::string &addrString, int prefixLength) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

521

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

522

const int err = InterfaceController::addAddress(

523

ifName.c_str(), addrString.c_str(), prefixLength);

524

if (err != 0) {

525

return binder::Status::fromServiceSpecificError(-err,

526

String8::format("InterfaceController error: %s", strerror(-err)));

527

}

528

return binder::Status::ok();

529

}

530

531

binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,

532

const std::string &addrString, int prefixLength) {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

533

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

53c2088

2016-08-02 15:22:53 +0900

[diff] [blame]

534

const int err = InterfaceController::delAddress(

535

ifName.c_str(), addrString.c_str(), prefixLength);

536

if (err != 0) {

537

return binder::Status::fromServiceSpecificError(-err,

538

String8::format("InterfaceController error: %s", strerror(-err)));

539

}

540

return binder::Status::ok();

541

}

542

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

543

namespace {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

544

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

545

std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,

546

int32_t category) {

547

const char* ipversionStr = nullptr;

548

switch (ipversion) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

549

case INetd::IPV4:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

550

ipversionStr = "ipv4";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

551

break;

552

case INetd::IPV6:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

553

ipversionStr = "ipv6";

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

554

break;

555

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

556

return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),

557

nullptr, nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

558

}

559

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

560

const char* whichStr = nullptr;

561

switch (category) {

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

case INetd::CONF:

whichStr = "conf";

break;

case INetd::NEIGH:

whichStr = "neigh";

break;

default:

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

569

return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,

570

nullptr};

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

571

}

572

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

573

return {binder::Status::ok(), ipversionStr, whichStr};

}

} // namespace

binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,

579

const std::string& ifname,

580

const std::string& parameter, std::string* value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

581

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

582

const auto pathParts = getPathComponents(ipversion, which);

583

const auto& pathStatus = std::get<0>(pathParts);

584

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

585

return pathStatus;

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

586

}

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

587

588

const int err = InterfaceController::getParameter(std::get<1>(pathParts),

589

std::get<2>(pathParts), ifname.c_str(),

590

parameter.c_str(), value);

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

591

return statusFromErrcode(err);

592

}

593

594

binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,

595

const std::string& ifname,

596

const std::string& parameter,

597

const std::string& value) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

598

ENFORCE_NETWORK_STACK_PERMISSIONS();

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

599

const auto pathParts = getPathComponents(ipversion, which);

600

const auto& pathStatus = std::get<0>(pathParts);

601

if (!pathStatus.isOk()) {

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

return pathStatus;

}

const int err = InterfaceController::setParameter(std::get<1>(pathParts),

606

std::get<2>(pathParts), ifname.c_str(),

607

parameter.c_str(), value.c_str());

Erik Kline

2018-09-06 20:14:44 +0900

[diff] [blame]

608

return statusFromErrcode(err);

Erik Kline

2016-07-04 09:57:18 +0900

[diff] [blame]

609

}

610

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

611

binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,

612

int newUid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

613

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

614

615

uid_t callerUid = IPCThreadState::self()->getCallingUid();

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

616

return asBinderStatus(

617

gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));

Benedict Wong

b2daefb

2017-12-06 22:05:46 -0800

[diff] [blame]

618

}

619

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

620

binder::Status NetdNativeService::ipSecAllocateSpi(

621

int32_t transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

622

const std::string& sourceAddress,

623

const std::string& destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

624

int32_t inSpi,

625

int32_t* outSpi) {

626

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

627

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

628

return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

629

transformId,

Nathan Harold

da54f12

2018-01-09 16:42:57 -0800

[diff] [blame]

630

sourceAddress,

631

destinationAddress,

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

inSpi,

outSpi));

}

binder::Status NetdNativeService::ipSecAddSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

637

int32_t transformId, int32_t mode, const std::string& sourceAddress,

638

const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,

639

int32_t markValue, int32_t markMask, const std::string& authAlgo,

640

const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,

641

const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,

642

const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,

643

int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

644

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

645

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

646

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

647

transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,

648

markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

649

aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,

650

interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

651

}

652

653

binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

654

int32_t transformId, const std::string& sourceAddress,

655

const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,

656

int32_t interfaceId) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

657

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

658

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

659

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

660

transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

661

}

662

663

binder::Status NetdNativeService::ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

664

const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,

665

const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

666

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

667

ENFORCE_NETWORK_STACK_PERMISSIONS();

ludi

2017-08-14 14:40:37 -0700

[diff] [blame]

668

return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

669

socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

670

}

671

672

binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

673

const ParcelFileDescriptor& socket) {

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

674

// Necessary locking done in IpSecService and kernel

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

675

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-11-23 11:47:28 +0800

[diff] [blame]

676

return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));

Nathan Harold

2017-01-30 12:30:48 -0800

[diff] [blame]

677

}

678

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

679

binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,

680

int32_t direction,

Benedict Wong

ad600cb

2018-05-14 17:22:35 -0700

[diff] [blame]

681

const std::string& tmplSrcAddress,

682

const std::string& tmplDstAddress,

683

int32_t spi, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

684

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

685

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

686

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

687

return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

688

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

689

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

690

}

691

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

692

binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(

693

int32_t transformId, int32_t selAddrFamily, int32_t direction,

694

const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,

695

int32_t markValue, int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

696

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

697

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

698

return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

699

transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

700

markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

701

}

702

Benedict Wong

2018-05-09 21:42:42 -0700

[diff] [blame]

703

binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,

704

int32_t selAddrFamily,

705

int32_t direction, int32_t markValue,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

706

int32_t markMask, int32_t interfaceId) {

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

707

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

708

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

709

return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

710

transformId, selAddrFamily, direction, markValue, markMask, interfaceId));

Benedict Wong

2018-01-19 12:12:17 -0800

[diff] [blame]

711

}

712

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

713

binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,

714

const std::string& localAddress,

715

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

716

int32_t iKey, int32_t oKey,

717

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

718

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

719

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

720

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

721

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

722

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

723

}

724

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

725

binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,

726

const std::string& localAddress,

727

const std::string& remoteAddress,

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

728

int32_t iKey, int32_t oKey,

729

int32_t interfaceId) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

730

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

731

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

732

netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(

Benedict Wong

2018-05-07 10:29:02 -0700

[diff] [blame]

733

deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

734

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

735

}

736

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

737

binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

738

// Necessary locking done in IpSecService and kernel

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

739

ENFORCE_NETWORK_STACK_PERMISSIONS();

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

740

netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);

Benedict Wong

2018-05-15 17:06:44 -0700

[diff] [blame]

741

return binder::Status::ok();

manojboopathi

2018-01-02 14:45:47 -0800

[diff] [blame]

742

}

743

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

744

binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,

745

int32_t mode) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

746

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

747

return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));

Joel Scherpelz

de93796

2017-06-01 13:20:21 +0900

[diff] [blame]

748

}

749

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

750

binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,

751

const std::string& prefix, int32_t mark,

752

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

753

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

754

return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

755

}

756

757

binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,

758

const std::string& prefix, int32_t mark,

759

int32_t mask) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

760

ENFORCE_NETWORK_STACK_PERMISSIONS();

Nathan Harold

2018-03-16 19:02:47 -0700

[diff] [blame]

761

return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));

Joel Scherpelz

08b84cd

2017-05-22 13:11:54 +0900

[diff] [blame]

762

}

763

Chenbo Feng

873ae14

2019-04-10 12:26:06 -0700

[diff] [blame]

764

binder::Status NetdNativeService::trafficSwapActiveStatsMap() {

765

ENFORCE_NETWORK_STACK_PERMISSIONS();

766

return asBinderStatus(gCtls->trafficCtrl.swapActiveStatsMap());

767

}

768

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

769

binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,

770

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

771

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

772

int res =

773

gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

774

return statusFromErrcode(res);

775

}

776

777

binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,

778

int32_t timeout,

779

const std::string& classLabel) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

780

NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

781

int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,

782

classLabel.c_str());

Luke Huang

2018-07-23 20:30:16 +0800

[diff] [blame]

783

return statusFromErrcode(res);

784

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

785

786

binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

787

NETD_LOCKING_RPC(gCtls->strictCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

788

StrictPenalty penalty;

789

switch (policyPenalty) {

790

case INetd::PENALTY_POLICY_REJECT:

791

penalty = REJECT;

792

break;

793

case INetd::PENALTY_POLICY_LOG:

794

penalty = LOG;

795

break;

796

case INetd::PENALTY_POLICY_ACCEPT:

penalty = ACCEPT;

break;

default:

return statusFromErrcode(-EINVAL);

801

break;

802

}

803

int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

804

return statusFromErrcode(res);

805

}

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

806

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

807

binder::Status NetdNativeService::clatdStart(const std::string& ifName,

808

const std::string& nat64Prefix, std::string* v6Addr) {

Maciej Żenczykowski

5628027

2019-03-30 03:32:51 -0700

[diff] [blame]

809

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Lorenzo Colitti

7ef8c0f

2019-01-11 22:34:58 +0900

[diff] [blame]

810

int res = gCtls->clatdCtrl.startClatd(ifName.c_str(), nat64Prefix, v6Addr);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

811

return statusFromErrcode(res);

812

}

813

814

binder::Status NetdNativeService::clatdStop(const std::string& ifName) {

Maciej Żenczykowski

5628027

2019-03-30 03:32:51 -0700

[diff] [blame]

815

ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

816

int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());

Luke Huang

6d30123

2018-08-01 14:05:18 +0800

[diff] [blame]

817

return statusFromErrcode(res);

818

}

Luke Huang

2018-07-17 19:58:25 +0800

[diff] [blame]

819

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

820

binder::Status NetdNativeService::ipfwdEnabled(bool* status) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

821

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

728cf4c

2019-03-14 19:43:02 +0800

[diff] [blame]

822

*status = (gCtls->tetherCtrl.getIpfwdRequesterList().size() > 0) ? true : false;

823

return binder::Status::ok();

824

}

825

826

binder::Status NetdNativeService::ipfwdGetRequesterList(std::vector<std::string>* requesterList) {

827

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

828

for (const auto& requester : gCtls->tetherCtrl.getIpfwdRequesterList()) {

829

requesterList->push_back(requester);

830

}

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

831

return binder::Status::ok();

832

}

833

834

binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

835

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

836

int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

837

return statusFromErrcode(res);

838

}

839

840

binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

841

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

842

int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

843

return statusFromErrcode(res);

844

}

845

846

binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,

847

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

848

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

849

int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

850

return statusFromErrcode(res);

851

}

852

853

binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,

854

const std::string& toIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

855

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

856

int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());

Luke Huang

2018-08-16 15:39:15 +0800

[diff] [blame]

857

return statusFromErrcode(res);

858

}

859

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

860

namespace {

Automerger Merge Worker

2020-03-05 10:29:36 +0000

[diff] [blame]

861

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

862

std::string addCurlyBrackets(const std::string& s) {

863

return "{" + s + "}";

864

}

865

866

} // namespace

Xiao Ma

2018-12-16 16:27:38 +0900

[diff] [blame]

867

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

868

binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

869

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

870

const auto& ifaceList = InterfaceController::getIfaceNames();

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

871

872

interfaceListResult->clear();

873

interfaceListResult->reserve(ifaceList.value().size());

874

interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),

875

end(ifaceList.value()));

876

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

877

return binder::Status::ok();

878

}

879

880

std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {

881

std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,

882

std::to_string(cfg.prefixLength)};

883

result.insert(end(result), begin(cfg.flags), end(cfg.flags));

884

return addCurlyBrackets(base::Join(result, ", "));

885

}

886

887

binder::Status NetdNativeService::interfaceGetCfg(

888

const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

889

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

890

auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);

891

892

const auto& cfgRes = InterfaceController::getCfg(ifName);

893

RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);

894

895

*interfaceGetCfgResult = cfgRes.value();

896

gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))

897

.withAutomaticDuration());

898

return binder::Status::ok();

899

}

900

901

binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

902

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

903

auto entry = gLog.newEntry()

904

.prettyFunction(__PRETTY_FUNCTION__)

905

.arg(interfaceConfigurationParcelToString(cfg));

906

907

const auto& res = InterfaceController::setCfg(cfg);

908

RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);

909

910

gLog.log(entry.withAutomaticDuration());

911

return binder::Status::ok();

912

}

913

914

binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,

915

bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

916

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

917

int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

918

return statusFromErrcode(res);

919

}

920

921

binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

922

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

923

int res = InterfaceController::clearAddrs(ifName.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

924

return statusFromErrcode(res);

925

}

926

927

binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

928

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

929

int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

930

return statusFromErrcode(res);

931

}

932

933

binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

934

NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

935

std::string mtu = std::to_string(mtuValue);

936

int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());

Luke Huang

2018-08-08 13:13:04 +0800

[diff] [blame]

937

return statusFromErrcode(res);

938

}

939

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

940

binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

941

TetherConfigParcel config;

942

config.usingLegacyDnsProxy = true;

943

config.dhcpRanges = dhcpRanges;

944

return tetherStartWithConfiguration(config);

Luke Huang

91bd3e1

2019-08-20 11:33:52 +0800

[diff] [blame]

945

}

946

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

947

binder::Status NetdNativeService::tetherStartWithConfiguration(const TetherConfigParcel& config) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

948

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

949

if (config.dhcpRanges.size() % 2 == 1) {

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

950

return statusFromErrcode(-EINVAL);

951

}

Chiachang Wang

2019-12-10 09:53:24 +0800

[diff] [blame]

952

// TODO: Pass TetherConfigParcel directly.

953

int res = gCtls->tetherCtrl.startTethering(config.usingLegacyDnsProxy, config.dhcpRanges);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

954

return statusFromErrcode(res);

955

}

956

957

binder::Status NetdNativeService::tetherStop() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

958

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

959

int res = gCtls->tetherCtrl.stopTethering();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

960

return statusFromErrcode(res);

961

}

962

963

binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

964

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

965

*enabled = gCtls->tetherCtrl.isTetheringStarted();

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

966

return binder::Status::ok();

967

}

968

969

binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

970

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

971

int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

972

return statusFromErrcode(res);

973

}

974

975

binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

976

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

977

int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

978

return statusFromErrcode(res);

979

}

980

981

binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

982

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

983

for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {

984

ifList->push_back(ifname);

985

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

986

return binder::Status::ok();

987

}

988

989

binder::Status NetdNativeService::tetherDnsSet(int32_t netId,

990

const std::vector<std::string>& dnsAddrs) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

991

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

992

int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

993

return statusFromErrcode(res);

994

}

995

996

binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

997

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

998

for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {

999

dnsList->push_back(fwdr);

1000

}

Luke Huang

2018-08-21 17:17:19 +0800

[diff] [blame]

1001

return binder::Status::ok();

1002

}

1003

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1004

binder::Status NetdNativeService::networkAddRouteParcel(int32_t netId,

1005

const RouteInfoParcel& route) {

1006

// Public methods of NetworkController are thread-safe.

1007

ENFORCE_NETWORK_STACK_PERMISSIONS();

1008

bool legacy = false;

1009

uid_t uid = 0; // UID is only meaningful for legacy routes.

1010

1011

// convert Parcel to parameters

1012

int res = gCtls->netCtrl.addRoute(netId, route.ifName.c_str(), route.destination.c_str(),

1013

route.nextHop.empty() ? nullptr : route.nextHop.c_str(),

1014

legacy, uid, route.mtu);

1015

return statusFromErrcode(res);

1016

}

1017

1018

binder::Status NetdNativeService::networkUpdateRouteParcel(int32_t netId,

1019

const RouteInfoParcel& route) {

1020

// Public methods of NetworkController are thread-safe.

1021

ENFORCE_NETWORK_STACK_PERMISSIONS();

1022

bool legacy = false;

1023

uid_t uid = 0; // UID is only meaningful for legacy routes.

1024

1025

// convert Parcel to parameters

1026

int res = gCtls->netCtrl.updateRoute(netId, route.ifName.c_str(), route.destination.c_str(),

1027

route.nextHop.empty() ? nullptr : route.nextHop.c_str(),

1028

legacy, uid, route.mtu);

1029

return statusFromErrcode(res);

1030

}

1031

1032

binder::Status NetdNativeService::networkRemoveRouteParcel(int32_t netId,

1033

const RouteInfoParcel& route) {

1034

return networkRemoveRoute(netId, route.ifName, route.destination, route.nextHop);

1035

}

1036

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1037

binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,

1038

const std::string& destination,

1039

const std::string& nextHop) {

1040

// Public methods of NetworkController are thread-safe.

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1041

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1042

bool legacy = false;

1043

uid_t uid = 0; // UID is only meaningful for legacy routes.

1044

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1045

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid, 0);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1046

return statusFromErrcode(res);

1047

}

1048

1049

binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,

1050

const std::string& destination,

1051

const std::string& nextHop) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1052

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1053

bool legacy = false;

1054

uid_t uid = 0; // UID is only meaningful for legacy routes.

1055

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1056

nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1057

return statusFromErrcode(res);

1058

}

1059

1060

binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,

1061

const std::string& destination,

1062

const std::string& nextHop, int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1063

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1064

bool legacy = true;

1065

int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),

1066

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

Tyler Wear

fa94a27

2019-12-05 15:01:48 -0800

[diff] [blame]

1067

(uid_t)uid, 0);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1068

return statusFromErrcode(res);

1069

}

1070

1071

binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,

1072

const std::string& destination,

1073

const std::string& nextHop,

1074

int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1075

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1076

bool legacy = true;

1077

int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),

1078

nextHop.empty() ? nullptr : nextHop.c_str(), legacy,

1079

(uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1080

return statusFromErrcode(res);

1081

}

1082

1083

binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1084

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1085

*netId = gCtls->netCtrl.getDefaultNetwork();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1086

return binder::Status::ok();

1087

}

1088

1089

binder::Status NetdNativeService::networkSetDefault(int32_t netId) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1090

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1091

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1092

return statusFromErrcode(res);

1093

}

1094

1095

binder::Status NetdNativeService::networkClearDefault() {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1096

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1097

unsigned netId = NETID_UNSET;

1098

int res = gCtls->netCtrl.setDefaultNetwork(netId);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1099

return statusFromErrcode(res);

1100

}

1101

1102

std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {

1103

return {begin(intUids), end(intUids)};

1104

}

1105

1106

Permission NetdNativeService::convertPermission(int32_t permission) {

1107

switch (permission) {

1108

case INetd::PERMISSION_NETWORK:

1109

return Permission::PERMISSION_NETWORK;

1110

case INetd::PERMISSION_SYSTEM:

1111

return Permission::PERMISSION_SYSTEM;

1112

default:

1113

return Permission::PERMISSION_NONE;

}

}

binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,

1118

int32_t permission) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1119

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1120

std::vector<unsigned> netIds = {(unsigned) netId};

1121

int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1122

return statusFromErrcode(res);

1123

}

1124

1125

binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,

1126

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1127

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1128

gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1129

return binder::Status::ok();

1130

}

1131

1132

binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1133

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1134

Permission permission = Permission::PERMISSION_NONE;

1135

gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1136

return binder::Status::ok();

1137

}

1138

1139

binder::Status NetdNativeService::NetdNativeService::networkSetProtectAllow(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1140

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1141

std::vector<uid_t> uids = {(uid_t) uid};

1142

gCtls->netCtrl.allowProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1143

return binder::Status::ok();

1144

}

1145

1146

binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1147

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1148

std::vector<uid_t> uids = {(uid_t) uid};

1149

gCtls->netCtrl.denyProtect(uids);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1150

return binder::Status::ok();

1151

}

1152

1153

binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1154

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1155

*ret = gCtls->netCtrl.canProtect((uid_t) uid);

Luke Huang

2018-08-23 20:01:13 +0800

[diff] [blame]

1156

return binder::Status::ok();

1157

}

1158

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1159

binder::Status NetdNativeService::trafficSetNetPermForUids(int32_t permission,

1160

const std::vector<int32_t>& uids) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1161

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1162

gCtls->trafficCtrl.setPermissionForUids(permission, intsToUids(uids));

Chenbo Feng

48eaed3

2018-12-26 17:40:21 -0800

[diff] [blame]

1163

return binder::Status::ok();

1164

}

1165

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1166

binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1167

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1168

auto type = static_cast<FirewallType>(firewallType);

1169

1170

int res = gCtls->firewallCtrl.setFirewallType(type);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1171

return statusFromErrcode(res);

1172

}

1173

1174

binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,

1175

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1176

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1177

auto rule = static_cast<FirewallRule>(firewallRule);

1178

1179

int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1180

return statusFromErrcode(res);

1181

}

1182

1183

binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,

1184

int32_t firewallRule) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1185

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1186

auto chain = static_cast<ChildChain>(childChain);

1187

auto rule = static_cast<FirewallRule>(firewallRule);

1188

1189

int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1190

return statusFromErrcode(res);

1191

}

1192

cjybyjk

7fd8535

2021-01-22 17:12:21 +0800

[diff] [blame]

1193

binder::Status NetdNativeService::firewallSetMACAddressRule(const std::string& macAddr,

1194

int32_t firewallRule) {

1195

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

1196

auto rule = static_cast<FirewallRule>(firewallRule);

1197

1198

int res = gCtls->firewallCtrl.setMACAddressRule(macAddr.c_str(), rule);

1199

return statusFromErrcode(res);

1200

}

1201

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1202

binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1203

NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1204

auto chain = static_cast<ChildChain>(childChain);

1205

1206

int res = gCtls->firewallCtrl.enableChildChains(chain, enable);

Luke Huang

2018-07-24 16:38:22 +0800

[diff] [blame]

1207

return statusFromErrcode(res);

1208

}

1209

Rubin Xu

ec27ff2

2019-01-08 21:33:03 +0000

[diff] [blame]

1210

binder::Status NetdNativeService::firewallAddUidInterfaceRules(const std::string& ifName,

1211

const std::vector<int32_t>& uids) {

1212

ENFORCE_NETWORK_STACK_PERMISSIONS();

1213

1214

return asBinderStatus(gCtls->trafficCtrl.addUidInterfaceRules(

1215

RouteController::getIfIndex(ifName.c_str()), uids));

1216

}

1217

1218

binder::Status NetdNativeService::firewallRemoveUidInterfaceRules(

1219

const std::vector<int32_t>& uids) {

1220

ENFORCE_NETWORK_STACK_PERMISSIONS();

1221

1222

return asBinderStatus(gCtls->trafficCtrl.removeUidInterfaceRules(uids));

1223

}

1224

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1225

binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,

1226

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1227

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1228

1229

int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1230

return statusFromErrcode(res);

1231

}

1232

1233

binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,

1234

const std::string& extIface) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1235

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

Luke Huang

ae038f8

2018-11-05 11:17:31 +0900

[diff] [blame]

1236

int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());

Luke Huang

2018-10-22 12:12:05 +0900

[diff] [blame]

1237

return statusFromErrcode(res);

1238

}

1239

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1240

binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,

1241

const std::string& wmemValues) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1242

ENFORCE_NETWORK_STACK_PERMISSIONS();

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1243

if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {

1244

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1245

return statusFromErrcode(ret);

1246

}

1247

1248

if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {

1249

int ret = -errno;

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1250

return statusFromErrcode(ret);

1251

}

Chenbo Feng

2018-11-08 16:10:48 -0800

[diff] [blame]

1252

return binder::Status::ok();

1253

}

1254

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1255

binder::Status NetdNativeService::registerUnsolicitedEventListener(

1256

const android::sp<android::net::INetdUnsolicitedEventListener>& listener) {

Remi NGUYEN VAN

2019-02-07 12:25:23 +0900

[diff] [blame]

1257

ENFORCE_NETWORK_STACK_PERMISSIONS();

Bernie Innocenti

9ee088d

2019-02-01 17:14:32 +0900

[diff] [blame]

1258

gCtls->eventReporter.registerUnsolEventListener(listener);

Luke Huang

528af60

2018-08-29 19:06:05 +0800

[diff] [blame]

1259

return binder::Status::ok();

1260

}

1261

Luke Huang

e60bfd8

2019-04-26 11:39:31 +0800

[diff] [blame]

1262

binder::Status NetdNativeService::getOemNetd(android::sp<android::IBinder>* listener) {

1263

ENFORCE_NETWORK_STACK_PERMISSIONS();

Luke Huang

0e5e69d

2019-03-06 15:42:38 +0800

[diff] [blame]

1264

*listener = com::android::internal::net::OemNetdListener::getListener();

1265

Luke Huang

e60bfd8

2019-04-26 11:39:31 +0800

[diff] [blame]

1266

return binder::Status::ok();

1267

}

1268

Chiachang Wang

00fc62f

2019-12-04 20:38:26 +0800

[diff] [blame]

1269

binder::Status NetdNativeService::getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markMask) {

1270

ENFORCE_NETWORK_STACK_PERMISSIONS();

1271

1272

Fwmark fwmark;

1273

fwmark.netId = netId;

1274

markMask->mask = FWMARK_NET_ID_MASK;

1275

markMask->mark = fwmark.intValue;

1276

return binder::Status::ok();

1277

}

1278

Lorenzo Colitti

2020-04-06 09:19:57 +0000

[diff] [blame]

1279

binder::Status NetdNativeService::tetherOffloadRuleAdd(const TetherOffloadRuleParcel& rule) {

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1280

ENFORCE_NETWORK_STACK_PERMISSIONS();

1281

Lorenzo Colitti

2020-04-06 09:19:57 +0000

[diff] [blame]

1282

return asBinderStatus(gCtls->tetherCtrl.addOffloadRule(rule));

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1283

}

1284

Lorenzo Colitti

2020-04-06 09:19:57 +0000

[diff] [blame]

1285

binder::Status NetdNativeService::tetherOffloadRuleRemove(const TetherOffloadRuleParcel& rule) {

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1286

ENFORCE_NETWORK_STACK_PERMISSIONS();

1287

Lorenzo Colitti

2020-04-06 09:19:57 +0000

[diff] [blame]

1288

return asBinderStatus(gCtls->tetherCtrl.removeOffloadRule(rule));

Lorenzo Colitti

2020-02-18 00:00:35 +0900

[diff] [blame]

1289

}

1290

Hungming Chen

41b0ed9

2020-06-02 00:13:20 +0000

[diff] [blame]

1291

namespace {

1292

1293

constexpr const char UNUSED_IFNAME[] = "";

1294

1295

TetherStatsParcel toTetherStatsParcel(const TetherController::TetherOffloadStats& stats) {

1296

TetherStatsParcel result;

1297

result.iface = UNUSED_IFNAME;

1298

result.rxBytes = stats.rxBytes;

1299

result.rxPackets = stats.rxPackets;

1300

result.txBytes = stats.txBytes;

1301

result.txPackets = stats.txPackets;

1302

result.ifIndex = stats.ifIndex;

return result;

}

} // namespace

binder::Status NetdNativeService::tetherOffloadGetStats(

1309

std::vector<TetherStatsParcel>* tetherStatsParcelVec) {

1310

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

1311

1312

tetherStatsParcelVec->clear();

1313

const auto& statsList = gCtls->tetherCtrl.getTetherOffloadStats();

1314

if (!isOk(statsList)) {

1315

return asBinderStatus(statsList);

1316

}

1317

for (const auto& stats : statsList.value()) {

1318

tetherStatsParcelVec->push_back(toTetherStatsParcel(stats));

1319

}

1320

return binder::Status::ok();

1321

}

1322

Hungming Chen

93a39d2

2020-03-16 13:53:19 +0800

[diff] [blame]

1323

binder::Status NetdNativeService::tetherOffloadSetInterfaceQuota(int ifIndex, int64_t quotaBytes) {

1324

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

1325

int res = gCtls->tetherCtrl.setTetherOffloadInterfaceQuota(ifIndex, quotaBytes);

1326

return statusFromErrcode(res);

1327

}

1328

Hungming Chen

af0dbed

2020-04-17 20:00:27 +0800

[diff] [blame]

1329

binder::Status NetdNativeService::tetherOffloadGetAndClearStats(

1330

int ifIndex, android::net::TetherStatsParcel* tetherStats) {

1331

NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);

1332

const auto& stats = gCtls->tetherCtrl.getAndClearTetherOffloadStats(ifIndex);

1333

if (!stats.ok()) {

1334

return asBinderStatus(stats);

1335

}

1336

*tetherStats = toTetherStatsParcel(stats.value());

1337

return binder::Status::ok();

1338

}

1339

Lorenzo Colitti