1e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/** 2e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Copyright (c) 2016, The Android Open Source Project 3e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 4e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License"); 5e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * you may not use this file except in compliance with the License. 6e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * You may obtain a copy of the License at 7e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 8e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * http://www.apache.org/licenses/LICENSE-2.0 9e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 10e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software 11e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS, 12e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * See the License for the specific language governing permissions and 14e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * limitations under the License. 15e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti */ 16e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 17e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define LOG_TAG "Netd" 18e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 1989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <vector> 2089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 21e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <android-base/stringprintf.h> 22e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <cutils/log.h> 232cf561722c2661cc0d4db502a44a3021609f307eRobin Lee#include <cutils/properties.h> 24e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <utils/Errors.h> 25beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai#include <utils/String16.h> 26e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 27e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IPCThreadState.h> 28e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IServiceManager.h> 29e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "android/net/BnNetd.h" 30e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 31e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz#include <openssl/base64.h> 32e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz 3389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "Controllers.h" 342d3a163433c435ff053402ae8965f8602c7ac6daErik Kline#include "DumpWriter.h" 35d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski#include "EventReporter.h" 3655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline#include "InterfaceController.h" 37e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdConstants.h" 38e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdNativeService.h" 39b8087363143050d214d48e5620a330776ca95a69Robin Lee#include "RouteController.h" 40563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti#include "SockDiag.h" 41b8087363143050d214d48e5620a330776ca95a69Robin Lee#include "UidRanges.h" 42e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 43e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittiusing android::base::StringPrintf; 44e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 45e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace android { 46e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace net { 47e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 48e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace { 49e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 50e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitticonst char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL"; 5108b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzconst char NETWORK_STACK[] = "android.permission.NETWORK_STACK"; 522d3a163433c435ff053402ae8965f8602c7ac6daErik Klineconst char DUMP[] = "android.permission.DUMP"; 53e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 5408b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzbinder::Status toBinderStatus(const netdutils::Status s) { 5508b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz if (isOk(s)) { 5608b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz return binder::Status::ok(); 5708b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz } 58de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str()); 5908b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz} 6008b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz 61e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status checkPermission(const char *permission) { 62e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti pid_t pid; 63e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti uid_t uid; 64e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 65e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) { 66e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 67e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } else { 68e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission); 69e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str())); 70e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } 71e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 72e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 731a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status getXfrmStatus(int xfrmCode) { 741a37153768aa605e0787591c39d73b674acd92c3Nathan Harold switch(xfrmCode) { 751a37153768aa605e0787591c39d73b674acd92c3Nathan Harold case 0: 761a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::ok(); 771a37153768aa605e0787591c39d73b674acd92c3Nathan Harold case -ENOENT: 781a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::fromServiceSpecificError(xfrmCode); 791a37153768aa605e0787591c39d73b674acd92c3Nathan Harold } 801a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::fromExceptionCode(xfrmCode); 811a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 821a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 832cf561722c2661cc0d4db502a44a3021609f307eRobin Lee#define ENFORCE_DEBUGGABLE() { \ 842cf561722c2661cc0d4db502a44a3021609f307eRobin Lee char value[PROPERTY_VALUE_MAX + 1]; \ 852cf561722c2661cc0d4db502a44a3021609f307eRobin Lee if (property_get("ro.debuggable", value, NULL) != 1 \ 862cf561722c2661cc0d4db502a44a3021609f307eRobin Lee || value[0] != '1') { \ 872cf561722c2661cc0d4db502a44a3021609f307eRobin Lee return binder::Status::fromExceptionCode( \ 882cf561722c2661cc0d4db502a44a3021609f307eRobin Lee binder::Status::EX_SECURITY, \ 892cf561722c2661cc0d4db502a44a3021609f307eRobin Lee String8("Not available in production builds.") \ 902cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ); \ 912cf561722c2661cc0d4db502a44a3021609f307eRobin Lee } \ 922cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 932cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 94e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define ENFORCE_PERMISSION(permission) { \ 95e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti binder::Status status = checkPermission((permission)); \ 96e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (!status.isOk()) { \ 97e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return status; \ 98e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } \ 99e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 100e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 10189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_LOCKING_RPC(permission, lock) \ 10289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti ENFORCE_PERMISSION(permission); \ 10389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::RWLock::AutoWLock _lock(lock); 10489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 10589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock) 106e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace 107e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 108e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 109e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colittistatus_t NetdNativeService::start() { 110e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti IPCThreadState::self()->disableBackgroundScheduling(true); 111e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti status_t ret = BinderService<NetdNativeService>::publish(); 112e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti if (ret != android::OK) { 113e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return ret; 114e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti } 115e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti sp<ProcessState> ps(ProcessState::self()); 116e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->startThreadPool(); 117e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->giveThreadPoolName(); 118e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return android::OK; 119e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti} 120e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti 1212d3a163433c435ff053402ae8965f8602c7ac6daErik Klinestatus_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) { 1222d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const binder::Status dump_permission = checkPermission(DUMP); 1232d3a163433c435ff053402ae8965f8602c7ac6daErik Kline if (!dump_permission.isOk()) { 1242d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const String8 msg(dump_permission.toString8()); 1252d3a163433c435ff053402ae8965f8602c7ac6daErik Kline write(fd, msg.string(), msg.size()); 1262d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return PERMISSION_DENIED; 1272d3a163433c435ff053402ae8965f8602c7ac6daErik Kline } 1282d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 1292d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // This method does not grab any locks. If individual classes need locking 1302d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // their dump() methods MUST handle locking appropriately. 1312d3a163433c435ff053402ae8965f8602c7ac6daErik Kline DumpWriter dw(fd); 1322d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 1332d3a163433c435ff053402ae8965f8602c7ac6daErik Kline gCtls->netCtrl.dump(dw); 1342d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 1352d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 1362d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return NO_ERROR; 1372d3a163433c435ff053402ae8965f8602c7ac6daErik Kline} 1382d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 139e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status NetdNativeService::isAlive(bool *alive) { 14089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 141e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 142e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *alive = true; 143e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 144e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 145e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 14689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittibinder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName, 14789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) { 14889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock); 14989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 15089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::String8 name = android::String8(chainName); 15189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids); 15289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti *ret = (err == 0); 15389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti return binder::Status::ok(); 154dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 155dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 156dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colittibinder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) { 157dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock); 15889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 159dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti int err = gCtls->bandwidthCtrl.enableDataSaver(enable); 160dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti *ret = (err == 0); 161dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return binder::Status::ok(); 16289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 163dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 164b8087363143050d214d48e5620a330776ca95a69Robin Leebinder::Status NetdNativeService::networkRejectNonSecureVpn(bool add, 165b8087363143050d214d48e5620a330776ca95a69Robin Lee const std::vector<UidRange>& uidRangeArray) { 166b8087363143050d214d48e5620a330776ca95a69Robin Lee // TODO: elsewhere RouteController is only used from the tethering and network controllers, so 167b8087363143050d214d48e5620a330776ca95a69Robin Lee // it should be possible to use the same lock as NetworkController. However, every call through 168b8087363143050d214d48e5620a330776ca95a69Robin Lee // the CommandListener "network" command will need to hold this lock too, not just the ones that 169b8087363143050d214d48e5620a330776ca95a69Robin Lee // read/modify network internal state (that is sufficient for ::dump() because it doesn't 170b8087363143050d214d48e5620a330776ca95a69Robin Lee // look at routes, but it's not enough here). 171b8087363143050d214d48e5620a330776ca95a69Robin Lee NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 172b8087363143050d214d48e5620a330776ca95a69Robin Lee 173563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti UidRanges uidRanges(uidRangeArray); 174b8087363143050d214d48e5620a330776ca95a69Robin Lee 175b8087363143050d214d48e5620a330776ca95a69Robin Lee int err; 176b8087363143050d214d48e5620a330776ca95a69Robin Lee if (add) { 177b8087363143050d214d48e5620a330776ca95a69Robin Lee err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges); 178b8087363143050d214d48e5620a330776ca95a69Robin Lee } else { 179b8087363143050d214d48e5620a330776ca95a69Robin Lee err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges); 180b8087363143050d214d48e5620a330776ca95a69Robin Lee } 181b8087363143050d214d48e5620a330776ca95a69Robin Lee 182b8087363143050d214d48e5620a330776ca95a69Robin Lee if (err != 0) { 183b8087363143050d214d48e5620a330776ca95a69Robin Lee return binder::Status::fromServiceSpecificError(-err, 184b8087363143050d214d48e5620a330776ca95a69Robin Lee String8::format("RouteController error: %s", strerror(-err))); 185b8087363143050d214d48e5620a330776ca95a69Robin Lee } 186b8087363143050d214d48e5620a330776ca95a69Robin Lee return binder::Status::ok(); 187b8087363143050d214d48e5620a330776ca95a69Robin Lee} 188b8087363143050d214d48e5620a330776ca95a69Robin Lee 189563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colittibinder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids, 190563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti const std::vector<int32_t>& skipUids) { 191563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 192563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 193563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 194563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti SockDiag sd; 195563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti if (!sd.open()) { 196563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::fromServiceSpecificError(EIO, 197563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti String8("Could not open SOCK_DIAG socket")); 198563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti } 199563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 200563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti UidRanges uidRanges(uids); 201e5c3c9971a5d1525380c18fff65c2816eb79923eLorenzo Colitti int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()), 202e5c3c9971a5d1525380c18fff65c2816eb79923eLorenzo Colitti true /* excludeLoopback */); 203563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 204563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti if (err) { 205563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::fromServiceSpecificError(-err, 206563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti String8::format("destroySockets: %s", strerror(-err))); 207563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti } 208beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::ok(); 209beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai} 210beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 211beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imaibinder::Status NetdNativeService::setResolverConfiguration(int32_t netId, 212beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const std::vector<std::string>& servers, const std::vector<std::string>& domains, 213beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const std::vector<int32_t>& params) { 214beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // This function intentionally does not lock within Netd, as Bionic is thread-safe. 215beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 216563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 217beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params); 218beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai if (err != 0) { 219beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::fromServiceSpecificError(-err, 220beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai String8::format("ResolverController error: %s", strerror(-err))); 221beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai } 222beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::ok(); 223beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai} 224beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 225beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imaibinder::Status NetdNativeService::getResolverInfo(int32_t netId, 226beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai std::vector<std::string>* servers, std::vector<std::string>* domains, 227beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai std::vector<int32_t>* params, std::vector<int32_t>* stats) { 228beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // This function intentionally does not lock within Netd, as Bionic is thread-safe. 229beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 230beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 231beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats); 232beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai if (err != 0) { 233beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::fromServiceSpecificError(-err, 234beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai String8::format("ResolverController error: %s", strerror(-err))); 235beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai } 236563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::ok(); 237563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti} 238563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 239e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartzbinder::Status NetdNativeService::addPrivateDnsServer(const std::string& server, int32_t port, 240e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz const std::string& fingerprintAlgorithm, const std::vector<std::string>& fingerprints) { 241e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 242e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz std::set<std::vector<uint8_t>> decoded_fingerprints; 243e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz for (const std::string& input : fingerprints) { 244e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz size_t out_len; 245e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (EVP_DecodedLength(&out_len, input.size()) != 1) { 246e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT, 247e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz "ResolverController error: bad fingerprint length"); 248e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 249e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz // out_len is now an upper bound on the output length. 250e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz std::vector<uint8_t> decoded(out_len); 251e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(), 252e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) { 253e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz // Possibly shrink the vector if the actual output was smaller than the bound. 254e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz decoded.resize(out_len); 255e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } else { 256e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT, 257e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz "ResolverController error: Base64 parsing failed"); 258e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 259e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz decoded_fingerprints.insert(decoded); 260e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 261e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz const int err = gCtls->resolverCtrl.addPrivateDnsServer(server, port, 262e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz fingerprintAlgorithm, decoded_fingerprints); 263e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (err != INetd::PRIVATE_DNS_SUCCESS) { 264e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(err, 265e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz String8::format("ResolverController error: %d", err)); 266e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 267e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::ok(); 268e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz} 269e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz 270e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartzbinder::Status NetdNativeService::removePrivateDnsServer(const std::string& server) { 271e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 272e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz const int err = gCtls->resolverCtrl.removePrivateDnsServer(server); 273e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (err != INetd::PRIVATE_DNS_SUCCESS) { 274e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(err, 275e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz String8::format("ResolverController error: %d", err)); 276e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 277e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::ok(); 278e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz} 279e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz 280f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Klinebinder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) { 281f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 282f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline 283f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline *ret = gCtls->tetherCtrl.applyDnsInterfaces(); 284f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline return binder::Status::ok(); 285f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline} 286f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline 28753c2088c4091e511c713ee759ce905e40e6d8975Erik Klinebinder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName, 28853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const std::string &addrString, int prefixLength) { 28953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 29053c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 29153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const int err = InterfaceController::addAddress( 29253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ifName.c_str(), addrString.c_str(), prefixLength); 29353c2088c4091e511c713ee759ce905e40e6d8975Erik Kline if (err != 0) { 29453c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::fromServiceSpecificError(-err, 29553c2088c4091e511c713ee759ce905e40e6d8975Erik Kline String8::format("InterfaceController error: %s", strerror(-err))); 29653c2088c4091e511c713ee759ce905e40e6d8975Erik Kline } 29753c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::ok(); 29853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline} 29953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 30053c2088c4091e511c713ee759ce905e40e6d8975Erik Klinebinder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName, 30153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const std::string &addrString, int prefixLength) { 30253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 30353c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 30453c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const int err = InterfaceController::delAddress( 30553c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ifName.c_str(), addrString.c_str(), prefixLength); 30653c2088c4091e511c713ee759ce905e40e6d8975Erik Kline if (err != 0) { 30753c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::fromServiceSpecificError(-err, 30853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline String8::format("InterfaceController error: %s", strerror(-err))); 30953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline } 31053c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::ok(); 31153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline} 31253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 31355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Klinebinder::Status NetdNativeService::setProcSysNet( 31455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter, 31555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const std::string &value) { 31655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 31755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 31855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *familyStr; 31955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline switch (family) { 32055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::IPV4: 32155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr = "ipv4"; 32255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 32355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::IPV6: 32455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr = "ipv6"; 32555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 32655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline default: 32755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family")); 32855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 32955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 33055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *whichStr; 33155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline switch (which) { 33255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::CONF: 33355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline whichStr = "conf"; 33455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 33555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::NEIGH: 33655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline whichStr = "neigh"; 33755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 33855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline default: 33955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category")); 34055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 34155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 34255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const int err = InterfaceController::setParameter( 34355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr, whichStr, ifname.c_str(), parameter.c_str(), 34455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline value.c_str()); 34555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline if (err != 0) { 34655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(-err, 34755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline String8::format("ResolverController error: %s", strerror(-err))); 34855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 34955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::ok(); 35055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline} 35155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 3522cf561722c2661cc0d4db502a44a3021609f307eRobin Leebinder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) { 3532cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // This function intentionally does not lock, since the only thing it does is one read from an 3542cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // atomic_int. 3552cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3562cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_DEBUGGABLE(); 3572cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 358d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel(); 3592cf561722c2661cc0d4db502a44a3021609f307eRobin Lee return binder::Status::ok(); 3602cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 3612cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 3622cf561722c2661cc0d4db502a44a3021609f307eRobin Leebinder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) { 3632cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // This function intentionally does not lock, since the only thing it does is one write to an 3642cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // atomic_int. 3652cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3662cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_DEBUGGABLE(); 3672cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 368d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0) 369d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski ? binder::Status::ok() 370d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT); 3712cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 3722cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 3731a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecAllocateSpi( 3741a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3751a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3761a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3771a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3781a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t inSpi, 3791a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t* outSpi) { 3801a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 3811a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3821a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecAllocateSpi()"); 3831a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi( 3841a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 3851a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 3861a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 3871a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 3881a37153768aa605e0787591c39d73b674acd92c3Nathan Harold inSpi, 3891a37153768aa605e0787591c39d73b674acd92c3Nathan Harold outSpi)); 3901a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 3911a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 3921a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecAddSecurityAssociation( 3931a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3941a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t mode, 3951a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3961a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3971a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3981a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int64_t underlyingNetworkHandle, 3991a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi, 4001a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits, 4011a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, 4021a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapType, 4031a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapLocalPort, 404ec83605aa1e6e49610b80393c944d1fe2ffabc44ludi int32_t encapRemotePort) { 4051a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4061a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4071a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecAddSecurityAssociation()"); 4081a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation( 4091a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, mode, direction, localAddress, remoteAddress, 4101a37153768aa605e0787591c39d73b674acd92c3Nathan Harold underlyingNetworkHandle, 4111a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi, 4121a37153768aa605e0787591c39d73b674acd92c3Nathan Harold authAlgo, authKey, authTruncBits, 4131a37153768aa605e0787591c39d73b674acd92c3Nathan Harold cryptAlgo, cryptKey, cryptTruncBits, 414ec83605aa1e6e49610b80393c944d1fe2ffabc44ludi encapType, encapLocalPort, encapRemotePort)); 4151a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4161a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 4171a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecDeleteSecurityAssociation( 4181a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 4191a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 4201a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 4211a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 4221a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi) { 4231a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4241a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4251a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecDeleteSecurityAssociation()"); 4261a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation( 4271a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 4281a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 4291a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 4301a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 4311a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi)); 4321a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4331a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 4341a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecApplyTransportModeTransform( 4351a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const android::base::unique_fd& socket, 4361a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 4371a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 4381a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 4391a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 4401a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi) { 4411a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4421a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4431a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecApplyTransportModeTransform()"); 4441a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform( 4451a37153768aa605e0787591c39d73b674acd92c3Nathan Harold socket, 4461a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 4471a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 4481a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 4491a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 4501a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi)); 4511a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4521a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 4531a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecRemoveTransportModeTransform( 4541a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const android::base::unique_fd& socket) { 4551a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4561a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4571a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecRemoveTransportModeTransform()"); 4581a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform( 4591a37153768aa605e0787591c39d73b674acd92c3Nathan Harold socket)); 4601a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4611a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 462de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelzbinder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName, 463de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz int32_t mode) { 464de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz ENFORCE_PERMISSION(NETWORK_STACK); 465de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode)); 466de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz} 467de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz 46808b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzbinder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName, 46908b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz const std::string& prefix, int32_t mark, 47008b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz int32_t mask) { 47108b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz ENFORCE_PERMISSION(NETWORK_STACK); 47208b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask)); 47308b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz} 47408b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz 47508b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzbinder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName, 47608b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz const std::string& prefix, int32_t mark, 47708b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz int32_t mask) { 47808b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz ENFORCE_PERMISSION(NETWORK_STACK); 47908b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask)); 48008b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz} 48108b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz 482e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace net 483e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace android 484