1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <sys/types.h>
20#include <sys/wait.h>
21#include <errno.h>
22#include <string.h>
23#include <unistd.h>
24
25#define LOG_TAG "OemIptablesHook"
26#include <cutils/log.h>
27#include <logwrap/logwrap.h>
28#include "NetdConstants.h"
29
30static int runIptablesCmd(int argc, const char **argv) {
31    int res;
32
33    res = android_fork_execvp(argc, (char **)argv, NULL, false, false);
34    return res;
35}
36
37static bool oemCleanupHooks() {
38    const char *cmd1[] = {
39            IPTABLES_PATH,
40            "-F",
41            "oem_out"
42    };
43    runIptablesCmd(ARRAY_SIZE(cmd1), cmd1);
44
45    const char *cmd2[] = {
46            IPTABLES_PATH,
47            "-F",
48            "oem_fwd"
49    };
50    runIptablesCmd(ARRAY_SIZE(cmd2), cmd2);
51
52    const char *cmd3[] = {
53            IPTABLES_PATH,
54            "-t",
55            "nat",
56            "-F",
57            "oem_nat_pre"
58    };
59    runIptablesCmd(ARRAY_SIZE(cmd3), cmd3);
60    return true;
61}
62
63static bool oemInitChains() {
64    int ret = system(OEM_SCRIPT_PATH);
65    if ((-1 == ret) || (0 != WEXITSTATUS(ret))) {
66        ALOGE("%s failed: %s", OEM_SCRIPT_PATH, strerror(errno));
67        oemCleanupHooks();
68        return false;
69    }
70    return true;
71}
72
73
74void setupOemIptablesHook() {
75    if (0 == access(OEM_SCRIPT_PATH, R_OK | X_OK)) {
76        // The call to oemCleanupHooks() is superfluous when done on bootup,
77        // but is needed for the case where netd has crashed/stopped and is
78        // restarted.
79        if (oemCleanupHooks() && oemInitChains()) {
80            ALOGI("OEM iptable hook installed.");
81        }
82    }
83}
84