14ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo/*
24ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * Copyright (C) 2012 The Android Open Source Project
34ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo *
44ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * Licensed under the Apache License, Version 2.0 (the "License");
54ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * you may not use this file except in compliance with the License.
64ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * You may obtain a copy of the License at
74ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo *
84ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo *      http://www.apache.org/licenses/LICENSE-2.0
94ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo *
104ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * Unless required by applicable law or agreed to in writing, software
114ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * distributed under the License is distributed on an "AS IS" BASIS,
124ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
134ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * See the License for the specific language governing permissions and
144ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo * limitations under the License.
154ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo */
164ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
174ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <stdio.h>
184ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <stdlib.h>
194ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <sys/types.h>
204ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <sys/wait.h>
214ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <errno.h>
224ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <string.h>
234ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <unistd.h>
244ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
254ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#define LOG_TAG "OemIptablesHook"
264ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo#include <cutils/log.h>
27001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand#include <logwrap/logwrap.h>
28c462177bd58e3bf0ac4f618934dae060569e3e0bRobert Greenwalt#include "NetdConstants.h"
294ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
30001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchandstatic int runIptablesCmd(int argc, const char **argv) {
314ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    int res;
324ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
33001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    res = android_fork_execvp(argc, (char **)argv, NULL, false, false);
344ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    return res;
354ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo}
364ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
374ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondostatic bool oemCleanupHooks() {
38001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    const char *cmd1[] = {
39001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            IPTABLES_PATH,
40001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "-F",
41001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "oem_out"
42001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    };
43001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    runIptablesCmd(ARRAY_SIZE(cmd1), cmd1);
44001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand
45001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    const char *cmd2[] = {
46001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            IPTABLES_PATH,
47001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "-F",
48001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "oem_fwd"
49001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    };
50001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    runIptablesCmd(ARRAY_SIZE(cmd2), cmd2);
51001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand
52001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    const char *cmd3[] = {
53001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            IPTABLES_PATH,
54001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "-t",
55001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "nat",
56001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "-F",
57001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand            "oem_nat_pre"
58001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    };
59001f0a436e9fe0353dccd98ee34b91095d9ed1a1Rom Lemarchand    runIptablesCmd(ARRAY_SIZE(cmd3), cmd3);
604ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    return true;
614ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo}
624ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
634ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondostatic bool oemInitChains() {
644ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    int ret = system(OEM_SCRIPT_PATH);
654ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    if ((-1 == ret) || (0 != WEXITSTATUS(ret))) {
667c73e8951d91b5afe9d52f88d7ed3a09d120a725JP Abgrall        ALOGE("%s failed: %s", OEM_SCRIPT_PATH, strerror(errno));
674ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo        oemCleanupHooks();
684ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo        return false;
694ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    }
704ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    return true;
714ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo}
724ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
734ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo
744ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondovoid setupOemIptablesHook() {
754ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    if (0 == access(OEM_SCRIPT_PATH, R_OK | X_OK)) {
764ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo        // The call to oemCleanupHooks() is superfluous when done on bootup,
774ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo        // but is needed for the case where netd has crashed/stopped and is
784ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo        // restarted.
798e188ed5c989ddcc07f0f5e9839493c22d17e7b6Jeff Sharkey        if (oemCleanupHooks() && oemInitChains()) {
807c73e8951d91b5afe9d52f88d7ed3a09d120a725JP Abgrall            ALOGI("OEM iptable hook installed.");
814ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo        }
824ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo    }
834ab468577647d1ee73810b89d2287eaa5546fecbKazuhiro Ondo}
84