oem_iptables_hook.cpp revision 94b2ab92f6e886d24092781159714be75c9f3954
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdio.h> 18#include <stdlib.h> 19#include <sys/types.h> 20#include <sys/wait.h> 21#include <errno.h> 22#include <string.h> 23#include <unistd.h> 24 25#define LOG_TAG "OemIptablesHook" 26#include <cutils/log.h> 27#include <logwrap/logwrap.h> 28#include "NetdConstants.h" 29 30static int runIptablesCmd(int argc, const char **argv) { 31 int res; 32 33 res = android_fork_execvp(argc, (char **)argv, NULL, false, false); 34 return res; 35} 36 37static bool oemCleanupHooks() { 38 const char *cmd1[] = { 39 IPTABLES_PATH, 40 "-w", 41 "-F", 42 "oem_out" 43 }; 44 runIptablesCmd(ARRAY_SIZE(cmd1), cmd1); 45 46 const char *cmd2[] = { 47 IPTABLES_PATH, 48 "-w", 49 "-F", 50 "oem_fwd" 51 }; 52 runIptablesCmd(ARRAY_SIZE(cmd2), cmd2); 53 54 const char *cmd3[] = { 55 IPTABLES_PATH, 56 "-w", 57 "-t", 58 "nat", 59 "-F", 60 "oem_nat_pre" 61 }; 62 runIptablesCmd(ARRAY_SIZE(cmd3), cmd3); 63 return true; 64} 65 66static bool oemInitChains() { 67 int ret = system(OEM_SCRIPT_PATH); 68 if ((-1 == ret) || (0 != WEXITSTATUS(ret))) { 69 ALOGE("%s failed: %s", OEM_SCRIPT_PATH, strerror(errno)); 70 oemCleanupHooks(); 71 return false; 72 } 73 return true; 74} 75 76 77void setupOemIptablesHook() { 78 if (0 == access(OEM_SCRIPT_PATH, R_OK | X_OK)) { 79 // The call to oemCleanupHooks() is superfluous when done on bootup, 80 // but is needed for the case where netd has crashed/stopped and is 81 // restarted. 82 if (oemCleanupHooks() && oemInitChains()) { 83 ALOGI("OEM iptable hook installed."); 84 } 85 } 86} 87