oem_iptables_hook.cpp revision 94b2ab92f6e886d24092781159714be75c9f3954 
1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <sys/types.h>
20#include <sys/wait.h>
21#include <errno.h>
22#include <string.h>
23#include <unistd.h>
24
25#define LOG_TAG "OemIptablesHook"
26#include <cutils/log.h>
27#include <logwrap/logwrap.h>
28#include "NetdConstants.h"
29
30static int runIptablesCmd(int argc, const char **argv) {
31    int res;
32
33    res = android_fork_execvp(argc, (char **)argv, NULL, false, false);
34    return res;
35}
36
37static bool oemCleanupHooks() {
38    const char *cmd1[] = {
39            IPTABLES_PATH,
40            "-w",
41            "-F",
42            "oem_out"
43    };
44    runIptablesCmd(ARRAY_SIZE(cmd1), cmd1);
45
46    const char *cmd2[] = {
47            IPTABLES_PATH,
48            "-w",
49            "-F",
50            "oem_fwd"
51    };
52    runIptablesCmd(ARRAY_SIZE(cmd2), cmd2);
53
54    const char *cmd3[] = {
55            IPTABLES_PATH,
56            "-w",
57            "-t",
58            "nat",
59            "-F",
60            "oem_nat_pre"
61    };
62    runIptablesCmd(ARRAY_SIZE(cmd3), cmd3);
63    return true;
64}
65
66static bool oemInitChains() {
67    int ret = system(OEM_SCRIPT_PATH);
68    if ((-1 == ret) || (0 != WEXITSTATUS(ret))) {
69        ALOGE("%s failed: %s", OEM_SCRIPT_PATH, strerror(errno));
70        oemCleanupHooks();
71        return false;
72    }
73    return true;
74}
75
76
77void setupOemIptablesHook() {
78    if (0 == access(OEM_SCRIPT_PATH, R_OK | X_OK)) {
79        // The call to oemCleanupHooks() is superfluous when done on bootup,
80        // but is needed for the case where netd has crashed/stopped and is
81        // restarted.
82        if (oemCleanupHooks() && oemInitChains()) {
83            ALOGI("OEM iptable hook installed.");
84        }
85    }
86}
87