NetworkController.h revision 72604075e74af459fb4637404fbf030422c6b6b6
1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#ifndef NETD_SERVER_NETWORK_CONTROLLER_H 18#define NETD_SERVER_NETWORK_CONTROLLER_H 19 20#include "Permission.h" 21#include "utils/RWLock.h" 22 23#include <list> 24#include <map> 25#include <set> 26#include <stddef.h> 27#include <stdint.h> 28#include <string> 29#include <utility> 30#include <vector> 31 32class PermissionsController; 33class RouteController; 34 35/* 36 * Keeps track of default, per-pid, and per-uid-range network selection, as 37 * well as the mark associated with each network. Networks are identified 38 * by netid. In all set* commands netid == 0 means "unspecified" and is 39 * equivalent to clearing the mapping. 40 */ 41class NetworkController { 42public: 43 NetworkController(PermissionsController* permissionsController, 44 RouteController* routeController); 45 46 void clearNetworkPreference(); 47 unsigned getDefaultNetwork() const; 48 bool setDefaultNetwork(unsigned netId); 49 bool setNetworkForUidRange(int uid_start, int uid_end, unsigned netId, bool forward_dns); 50 bool clearNetworkForUidRange(int uid_start, int uid_end, unsigned netId); 51 52 // Order of preference: UID-specific, requested_netId, PID-specific, default. 53 // Specify NETID_UNSET for requested_netId if the default network is preferred. 54 // for_dns indicates if we're querrying the netId for a DNS request. This avoids sending DNS 55 // requests to VPNs without DNS servers. 56 unsigned getNetwork(int uid, unsigned requested_netId, bool for_dns) const; 57 58 unsigned getNetworkId(const char* interface) const; 59 60 bool createNetwork(unsigned netId, Permission permission); 61 bool destroyNetwork(unsigned netId); 62 bool addInterfaceToNetwork(unsigned netId, const char* interface); 63 bool removeInterfaceFromNetwork(unsigned netId, const char* interface); 64 65 bool setPermissionForUser(Permission permission, const std::vector<unsigned>& uid); 66 bool setPermissionForNetwork(Permission permission, const std::vector<unsigned>& netId); 67 68 // Routes are added to tables determined by the interface, so only |interface| is actually used. 69 // |netId| is given only to sanity check that the interface has the correct netId. 70 bool addRoute(unsigned netId, const char* interface, const char* destination, 71 const char* nexthop); 72 bool removeRoute(unsigned netId, const char* interface, const char* destination, 73 const char* nexthop); 74 75 bool isValidNetwork(unsigned netId) const; 76 77private: 78 typedef std::multimap<unsigned, std::string>::const_iterator InterfaceIteratorConst; 79 typedef std::multimap<unsigned, std::string>::iterator InterfaceIterator; 80 typedef std::pair<InterfaceIterator, InterfaceIterator> InterfaceRange; 81 82 bool modifyRoute(unsigned netId, const char* interface, const char* destination, 83 const char* nexthop, bool add); 84 85 struct UidEntry { 86 int uid_start; 87 int uid_end; 88 unsigned netId; 89 bool forward_dns; 90 UidEntry(int uid_start, int uid_end, unsigned netId, bool forward_dns); 91 }; 92 93 // mRWLock guards all accesses to mUidMap, mDefaultNetId and mValidNetworks. 94 mutable android::RWLock mRWLock; 95 std::list<UidEntry> mUidMap; 96 unsigned mDefaultNetId; 97 std::set<unsigned> mValidNetworks; 98 99 PermissionsController* const mPermissionsController; 100 RouteController* const mRouteController; 101 102 // Maps a netId to all its interfaces. 103 // 104 // We need to know interface names to configure incoming packet marking and because routing 105 // tables are associated with interfaces and not with netIds. 106 // 107 // An interface may belong to at most one netId, but a netId may have multiple interfaces. 108 std::multimap<unsigned, std::string> mNetIdToInterfaces; 109}; 110 111#endif // NETD_SERVER_NETWORK_CONTROLLER_H 112