1e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/** 2e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Copyright (c) 2016, The Android Open Source Project 3e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 4e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License"); 5e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * you may not use this file except in compliance with the License. 6e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * You may obtain a copy of the License at 7e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 8e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * http://www.apache.org/licenses/LICENSE-2.0 9e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 10e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software 11e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS, 12e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * See the License for the specific language governing permissions and 14e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * limitations under the License. 15e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti */ 16e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 17e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittipackage android.net; 18e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 19b8087363143050d214d48e5620a330776ca95a69Robin Leeimport android.net.UidRange; 20b8087363143050d214d48e5620a330776ca95a69Robin Lee 21e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/** {@hide} */ 22e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittiinterface INetd { 2389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti /** 2489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * Returns true if the service is responding. 2589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti */ 26e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti boolean isAlive(); 2789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 2889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti /** 2989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * Replaces the contents of the specified UID-based firewall chain. 3089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * 3189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP 3289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN 3389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified 3489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * UIDs, and a DROP rule at the end. The chain will be created if it does not exist. 3589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * 3689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * @param chainName The name of the chain to replace. 3789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * @param isWhitelist Whether this is a whitelist or blacklist chain. 3889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * @param uids The list of UIDs to allow/deny. 3989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * @return true if the chain was successfully replaced, false otherwise. 4089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti */ 4189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids); 42dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 43dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti /** 44dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * Enables or disables data saver mode on costly network interfaces. 45dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * 46dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly 47dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * interfaces. Traffic to/from other apps or on other network interfaces is allowed. 48dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * - When enabled, only apps that are in the happy box chain and not in the penalty box chain 49dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * are allowed network connectivity on costly interfaces. All other packets on these 50dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * interfaces are rejected. The happy box chain always contains all system UIDs; to disallow 51dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * traffic from system UIDs, place them in the penalty box chain. 52dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * 53dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * By default, data saver mode is disabled. This command has no effect but might still return an 54dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * error) if {@code enable} is the same as the current value. 55dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * 56dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * @param enable whether to enable or disable data saver mode. 57dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti * @return true if the if the operation was successful, false otherwise. 58dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti */ 59dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti boolean bandwidthEnableDataSaver(boolean enable); 60b8087363143050d214d48e5620a330776ca95a69Robin Lee 61b8087363143050d214d48e5620a330776ca95a69Robin Lee /** 62b8087363143050d214d48e5620a330776ca95a69Robin Lee * Adds or removes one rule for each supplied UID range to prohibit all network activity outside 63b8087363143050d214d48e5620a330776ca95a69Robin Lee * of secure VPN. 64b8087363143050d214d48e5620a330776ca95a69Robin Lee * 65b8087363143050d214d48e5620a330776ca95a69Robin Lee * When a UID is covered by one of these rules, traffic sent through any socket that is not 66b8087363143050d214d48e5620a330776ca95a69Robin Lee * protected or explicitly overriden by the system will be rejected. The kernel will respond 67b8087363143050d214d48e5620a330776ca95a69Robin Lee * with an ICMP prohibit message. 68b8087363143050d214d48e5620a330776ca95a69Robin Lee * 69b8087363143050d214d48e5620a330776ca95a69Robin Lee * Initially, there are no such rules. Any rules that are added will only last until the next 70b8087363143050d214d48e5620a330776ca95a69Robin Lee * restart of netd or the device. 71b8087363143050d214d48e5620a330776ca95a69Robin Lee * 72b8087363143050d214d48e5620a330776ca95a69Robin Lee * @param add {@code true} if the specified UID ranges should be denied access to any network 73b8087363143050d214d48e5620a330776ca95a69Robin Lee * which is not secure VPN by adding rules, {@code false} to remove existing rules. 74b8087363143050d214d48e5620a330776ca95a69Robin Lee * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or 75b8087363143050d214d48e5620a330776ca95a69Robin Lee * remove this restriction. 76b8087363143050d214d48e5620a330776ca95a69Robin Lee * <p> Added rules should not overlap with existing rules. Likewise, removed rules should 77b8087363143050d214d48e5620a330776ca95a69Robin Lee * each correspond to an existing rule. 78b8087363143050d214d48e5620a330776ca95a69Robin Lee * 79b8087363143050d214d48e5620a330776ca95a69Robin Lee * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 80b8087363143050d214d48e5620a330776ca95a69Robin Lee * unix errno. 81b8087363143050d214d48e5620a330776ca95a69Robin Lee */ 82b8087363143050d214d48e5620a330776ca95a69Robin Lee void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges); 83563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 84563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti /** 85563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti * Administratively closes sockets belonging to the specified UIDs. 86563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti */ 87563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti void socketDestroy(in UidRange[] uidRanges, in int[] exemptUids); 88beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 89beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // Array indices for resolver parameters. 90beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_PARAMS_SAMPLE_VALIDITY = 0; 91beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_PARAMS_SUCCESS_THRESHOLD = 1; 92beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_PARAMS_MIN_SAMPLES = 2; 93beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_PARAMS_MAX_SAMPLES = 3; 94beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_PARAMS_COUNT = 4; 95beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 96beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai /** 97beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * Sets the name servers, search domains and resolver params for the given network. Flushes the 98beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * cache as needed (i.e. when the servers or the number of samples to store changes). 99beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * 100beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param netId the network ID of the network for which information should be configured. 101beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param servers the DNS servers to configure for the network. 102beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param domains the search domains to configure. 103beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param params the params to set. This array contains RESOLVER_PARAMS_COUNT integers that 104beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * encode the contents of Bionic's __res_params struct, i.e. sample_validity is stored at 105beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * position RESOLVER_PARAMS_SAMPLE_VALIDITY, etc. 106beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 107beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * unix errno. 108beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai */ 109beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai void setResolverConfiguration(int netId, in @utf8InCpp String[] servers, 110beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai in @utf8InCpp String[] domains, in int[] params); 111beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 112beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // Array indices for resolver stats. 113beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_SUCCESSES = 0; 114beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_ERRORS = 1; 115beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_TIMEOUTS = 2; 116beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_INTERNAL_ERRORS = 3; 117beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_RTT_AVG = 4; 118beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_LAST_SAMPLE_TIME = 5; 119beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_USABLE = 6; 120beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const int RESOLVER_STATS_COUNT = 7; 121beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 122beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai /** 123beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * Retrieves the name servers, search domains and resolver stats associated with the given 124beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * network ID. 125beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * 126beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param netId the network ID of the network for which information should be retrieved. 127beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param servers the DNS servers that are currently configured for the network. 128beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param domains the search domains currently configured. 129beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param params the resolver parameters configured, i.e. the contents of __res_params in order. 130beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @param stats the stats for each server in the order specified by RESOLVER_STATS_XXX 131beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * constants, serialized as an int array. The contents of this array are the number of 132beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <ul> 133beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <li> successes, 134beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <li> errors, 135beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <li> timeouts, 136beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <li> internal errors, 137beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <li> the RTT average, 138beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <li> the time of the last recorded sample, 139beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * <li> and an integer indicating whether the server is usable (1) or broken (0). 140beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * </ul> 141beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * in this order. For example, the timeout counter for server N is stored at position 142beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * RESOLVER_STATS_COUNT*N + RESOLVER_STATS_TIMEOUTS 143beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 144beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai * unix errno. 145beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai */ 146beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai void getResolverInfo(int netId, out @utf8InCpp String[] servers, 147beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai out @utf8InCpp String[] domains, out int[] params, out int[] stats); 148212c405c296ed869eda927e683734aff80248872Erik Kline 149212c405c296ed869eda927e683734aff80248872Erik Kline /** 150212c405c296ed869eda927e683734aff80248872Erik Kline * Instruct the tethering DNS server to reevaluated serving interfaces. 151212c405c296ed869eda927e683734aff80248872Erik Kline * This is needed to for the DNS server to observe changes in the set 152212c405c296ed869eda927e683734aff80248872Erik Kline * of potential listening IP addresses. (Listening on wildcard addresses 153212c405c296ed869eda927e683734aff80248872Erik Kline * can turn the device into an open resolver; b/7530468) 154212c405c296ed869eda927e683734aff80248872Erik Kline * 155212c405c296ed869eda927e683734aff80248872Erik Kline * TODO: Return something richer than just a boolean. 156212c405c296ed869eda927e683734aff80248872Erik Kline */ 157212c405c296ed869eda927e683734aff80248872Erik Kline boolean tetherApplyDnsInterfaces(); 158c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline 159c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline /** 160c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * Add/Remove and IP address from an interface. 161c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * 162c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * @param ifName the interface name 163c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * @param addrString the IP address to add/remove as a string literal 164c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * @param prefixLength the prefix length associated with this IP address 165c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * 166c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 167c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline * unix errno. 168c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline */ 169c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, 170c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline int prefixLength); 171c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, 172c296f098b63a986265ded8adf13118ba512a0fa7Erik Kline int prefixLength); 173b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline 174a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee /** 175b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline * Set and get /proc/sys/net interface configuration parameters. 176b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline * 177b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline * @param family One of IPV4/IPV6 integers, indicating the desired address family directory. 178b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline * @param which One of CONF/NEIGH integers, indicating the desired parameter category directory. 179b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline * @param ifname The interface name portion of the path; may also be "all" or "default". 180b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline * @param parameter The parameter name portion of the path. 181b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline * @param value The value string to be written into the assembled path. 182b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline */ 183b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline 184b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline const int IPV4 = 4; 185b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline const int IPV6 = 6; 186b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline const int CONF = 1; 187b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline const int NEIGH = 2; 188b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline void setProcSysNet(int family, int which, in @utf8InCpp String ifname, 189b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline in @utf8InCpp String parameter, in @utf8InCpp String value); 190b218a87e0777d3d2c93231e03ef7315d783e3279Erik Kline // TODO: add corresponding getProcSysNet(). 191a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee 192a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee /** 193a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee * Get/Set metrics reporting level. 194a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee * 195a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee * Reporting level is one of: 196a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee * 0 (NONE) 197a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee * 1 (METRICS) 1988ef9907bdbbeaae00be914c77f3425e2e31c2f28Michal Karpinski * 2 (FULL) 199a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee */ 200a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee int getMetricsReportingLevel(); 201a0f5ae964233c91971711d61fc1b25d8b6b75b62Robin Lee void setMetricsReportingLevel(int level); 202e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 203