NetworkController.h revision 72604075e74af459fb4637404fbf030422c6b6b6 
1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef NETD_SERVER_NETWORK_CONTROLLER_H
18#define NETD_SERVER_NETWORK_CONTROLLER_H
19
20#include "Permission.h"
21#include "utils/RWLock.h"
22
23#include <list>
24#include <map>
25#include <set>
26#include <stddef.h>
27#include <stdint.h>
28#include <string>
29#include <utility>
30#include <vector>
31
32class PermissionsController;
33class RouteController;
34
35/*
36 * Keeps track of default, per-pid, and per-uid-range network selection, as
37 * well as the mark associated with each network. Networks are identified
38 * by netid. In all set* commands netid == 0 means "unspecified" and is
39 * equivalent to clearing the mapping.
40 */
41class NetworkController {
42public:
43    NetworkController(PermissionsController* permissionsController,
44                      RouteController* routeController);
45
46    void clearNetworkPreference();
47    unsigned getDefaultNetwork() const;
48    bool setDefaultNetwork(unsigned netId);
49    bool setNetworkForUidRange(int uid_start, int uid_end, unsigned netId, bool forward_dns);
50    bool clearNetworkForUidRange(int uid_start, int uid_end, unsigned netId);
51
52    // Order of preference: UID-specific, requested_netId, PID-specific, default.
53    // Specify NETID_UNSET for requested_netId if the default network is preferred.
54    // for_dns indicates if we're querrying the netId for a DNS request.  This avoids sending DNS
55    // requests to VPNs without DNS servers.
56    unsigned getNetwork(int uid, unsigned requested_netId, bool for_dns) const;
57
58    unsigned getNetworkId(const char* interface) const;
59
60    bool createNetwork(unsigned netId, Permission permission);
61    bool destroyNetwork(unsigned netId);
62    bool addInterfaceToNetwork(unsigned netId, const char* interface);
63    bool removeInterfaceFromNetwork(unsigned netId, const char* interface);
64
65    bool setPermissionForUser(Permission permission, const std::vector<unsigned>& uid);
66    bool setPermissionForNetwork(Permission permission, const std::vector<unsigned>& netId);
67
68    // Routes are added to tables determined by the interface, so only |interface| is actually used.
69    // |netId| is given only to sanity check that the interface has the correct netId.
70    bool addRoute(unsigned netId, const char* interface, const char* destination,
71                  const char* nexthop);
72    bool removeRoute(unsigned netId, const char* interface, const char* destination,
73                     const char* nexthop);
74
75    bool isValidNetwork(unsigned netId) const;
76
77private:
78    typedef std::multimap<unsigned, std::string>::const_iterator InterfaceIteratorConst;
79    typedef std::multimap<unsigned, std::string>::iterator InterfaceIterator;
80    typedef std::pair<InterfaceIterator, InterfaceIterator> InterfaceRange;
81
82    bool modifyRoute(unsigned netId, const char* interface, const char* destination,
83                     const char* nexthop, bool add);
84
85    struct UidEntry {
86        int uid_start;
87        int uid_end;
88        unsigned netId;
89        bool forward_dns;
90        UidEntry(int uid_start, int uid_end, unsigned netId, bool forward_dns);
91    };
92
93    // mRWLock guards all accesses to mUidMap, mDefaultNetId and mValidNetworks.
94    mutable android::RWLock mRWLock;
95    std::list<UidEntry> mUidMap;
96    unsigned mDefaultNetId;
97    std::set<unsigned> mValidNetworks;
98
99    PermissionsController* const mPermissionsController;
100    RouteController* const mRouteController;
101
102    // Maps a netId to all its interfaces.
103    //
104    // We need to know interface names to configure incoming packet marking and because routing
105    // tables are associated with interfaces and not with netIds.
106    //
107    // An interface may belong to at most one netId, but a netId may have multiple interfaces.
108    std::multimap<unsigned, std::string> mNetIdToInterfaces;
109};
110
111#endif  // NETD_SERVER_NETWORK_CONTROLLER_H
112