NetdNativeService.cpp revision 1a37153768aa605e0787591c39d73b674acd92c3
1e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/** 2e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Copyright (c) 2016, The Android Open Source Project 3e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 4e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License"); 5e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * you may not use this file except in compliance with the License. 6e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * You may obtain a copy of the License at 7e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 8e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * http://www.apache.org/licenses/LICENSE-2.0 9e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 10e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software 11e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS, 12e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * See the License for the specific language governing permissions and 14e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * limitations under the License. 15e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti */ 16e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 17e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define LOG_TAG "Netd" 18e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 1989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <vector> 2089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 21e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <android-base/stringprintf.h> 22e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <cutils/log.h> 232cf561722c2661cc0d4db502a44a3021609f307eRobin Lee#include <cutils/properties.h> 24e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <utils/Errors.h> 25beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai#include <utils/String16.h> 26e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 27e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IPCThreadState.h> 28e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IServiceManager.h> 29e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "android/net/BnNetd.h" 30e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 3189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "Controllers.h" 322d3a163433c435ff053402ae8965f8602c7ac6daErik Kline#include "DumpWriter.h" 33d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski#include "EventReporter.h" 3455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline#include "InterfaceController.h" 35e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdConstants.h" 36e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdNativeService.h" 37b8087363143050d214d48e5620a330776ca95a69Robin Lee#include "RouteController.h" 38563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti#include "SockDiag.h" 39b8087363143050d214d48e5620a330776ca95a69Robin Lee#include "UidRanges.h" 40e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 41e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittiusing android::base::StringPrintf; 42e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 43e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace android { 44e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace net { 45e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 46e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace { 47e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 48e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitticonst char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL"; 492d3a163433c435ff053402ae8965f8602c7ac6daErik Klineconst char DUMP[] = "android.permission.DUMP"; 50e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 51e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status checkPermission(const char *permission) { 52e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti pid_t pid; 53e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti uid_t uid; 54e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 55e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) { 56e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 57e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } else { 58e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission); 59e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str())); 60e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } 61e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 62e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 631a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status getXfrmStatus(int xfrmCode) { 641a37153768aa605e0787591c39d73b674acd92c3Nathan Harold switch(xfrmCode) { 651a37153768aa605e0787591c39d73b674acd92c3Nathan Harold case 0: 661a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::ok(); 671a37153768aa605e0787591c39d73b674acd92c3Nathan Harold case -ENOENT: 681a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::fromServiceSpecificError(xfrmCode); 691a37153768aa605e0787591c39d73b674acd92c3Nathan Harold } 701a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::fromExceptionCode(xfrmCode); 711a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 721a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 732cf561722c2661cc0d4db502a44a3021609f307eRobin Lee#define ENFORCE_DEBUGGABLE() { \ 742cf561722c2661cc0d4db502a44a3021609f307eRobin Lee char value[PROPERTY_VALUE_MAX + 1]; \ 752cf561722c2661cc0d4db502a44a3021609f307eRobin Lee if (property_get("ro.debuggable", value, NULL) != 1 \ 762cf561722c2661cc0d4db502a44a3021609f307eRobin Lee || value[0] != '1') { \ 772cf561722c2661cc0d4db502a44a3021609f307eRobin Lee return binder::Status::fromExceptionCode( \ 782cf561722c2661cc0d4db502a44a3021609f307eRobin Lee binder::Status::EX_SECURITY, \ 792cf561722c2661cc0d4db502a44a3021609f307eRobin Lee String8("Not available in production builds.") \ 802cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ); \ 812cf561722c2661cc0d4db502a44a3021609f307eRobin Lee } \ 822cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 832cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 84e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define ENFORCE_PERMISSION(permission) { \ 85e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti binder::Status status = checkPermission((permission)); \ 86e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (!status.isOk()) { \ 87e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return status; \ 88e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } \ 89e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 90e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 9189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_LOCKING_RPC(permission, lock) \ 9289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti ENFORCE_PERMISSION(permission); \ 9389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::RWLock::AutoWLock _lock(lock); 9489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 9589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock) 96e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace 97e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 98e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 99e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colittistatus_t NetdNativeService::start() { 100e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti IPCThreadState::self()->disableBackgroundScheduling(true); 101e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti status_t ret = BinderService<NetdNativeService>::publish(); 102e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti if (ret != android::OK) { 103e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return ret; 104e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti } 105e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti sp<ProcessState> ps(ProcessState::self()); 106e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->startThreadPool(); 107e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->giveThreadPoolName(); 108e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return android::OK; 109e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti} 110e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti 1112d3a163433c435ff053402ae8965f8602c7ac6daErik Klinestatus_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) { 1122d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const binder::Status dump_permission = checkPermission(DUMP); 1132d3a163433c435ff053402ae8965f8602c7ac6daErik Kline if (!dump_permission.isOk()) { 1142d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const String8 msg(dump_permission.toString8()); 1152d3a163433c435ff053402ae8965f8602c7ac6daErik Kline write(fd, msg.string(), msg.size()); 1162d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return PERMISSION_DENIED; 1172d3a163433c435ff053402ae8965f8602c7ac6daErik Kline } 1182d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 1192d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // This method does not grab any locks. If individual classes need locking 1202d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // their dump() methods MUST handle locking appropriately. 1212d3a163433c435ff053402ae8965f8602c7ac6daErik Kline DumpWriter dw(fd); 1222d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 1232d3a163433c435ff053402ae8965f8602c7ac6daErik Kline gCtls->netCtrl.dump(dw); 1242d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 1252d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 1262d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return NO_ERROR; 1272d3a163433c435ff053402ae8965f8602c7ac6daErik Kline} 1282d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 129e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status NetdNativeService::isAlive(bool *alive) { 13089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 131e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 132e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *alive = true; 133e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 134e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 135e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 13689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittibinder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName, 13789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) { 13889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock); 13989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 14089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::String8 name = android::String8(chainName); 14189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids); 14289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti *ret = (err == 0); 14389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti return binder::Status::ok(); 144dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 145dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 146dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colittibinder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) { 147dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock); 14889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 149dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti int err = gCtls->bandwidthCtrl.enableDataSaver(enable); 150dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti *ret = (err == 0); 151dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return binder::Status::ok(); 15289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 153dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 154b8087363143050d214d48e5620a330776ca95a69Robin Leebinder::Status NetdNativeService::networkRejectNonSecureVpn(bool add, 155b8087363143050d214d48e5620a330776ca95a69Robin Lee const std::vector<UidRange>& uidRangeArray) { 156b8087363143050d214d48e5620a330776ca95a69Robin Lee // TODO: elsewhere RouteController is only used from the tethering and network controllers, so 157b8087363143050d214d48e5620a330776ca95a69Robin Lee // it should be possible to use the same lock as NetworkController. However, every call through 158b8087363143050d214d48e5620a330776ca95a69Robin Lee // the CommandListener "network" command will need to hold this lock too, not just the ones that 159b8087363143050d214d48e5620a330776ca95a69Robin Lee // read/modify network internal state (that is sufficient for ::dump() because it doesn't 160b8087363143050d214d48e5620a330776ca95a69Robin Lee // look at routes, but it's not enough here). 161b8087363143050d214d48e5620a330776ca95a69Robin Lee NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 162b8087363143050d214d48e5620a330776ca95a69Robin Lee 163563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti UidRanges uidRanges(uidRangeArray); 164b8087363143050d214d48e5620a330776ca95a69Robin Lee 165b8087363143050d214d48e5620a330776ca95a69Robin Lee int err; 166b8087363143050d214d48e5620a330776ca95a69Robin Lee if (add) { 167b8087363143050d214d48e5620a330776ca95a69Robin Lee err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges); 168b8087363143050d214d48e5620a330776ca95a69Robin Lee } else { 169b8087363143050d214d48e5620a330776ca95a69Robin Lee err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges); 170b8087363143050d214d48e5620a330776ca95a69Robin Lee } 171b8087363143050d214d48e5620a330776ca95a69Robin Lee 172b8087363143050d214d48e5620a330776ca95a69Robin Lee if (err != 0) { 173b8087363143050d214d48e5620a330776ca95a69Robin Lee return binder::Status::fromServiceSpecificError(-err, 174b8087363143050d214d48e5620a330776ca95a69Robin Lee String8::format("RouteController error: %s", strerror(-err))); 175b8087363143050d214d48e5620a330776ca95a69Robin Lee } 176b8087363143050d214d48e5620a330776ca95a69Robin Lee return binder::Status::ok(); 177b8087363143050d214d48e5620a330776ca95a69Robin Lee} 178b8087363143050d214d48e5620a330776ca95a69Robin Lee 179563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colittibinder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids, 180563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti const std::vector<int32_t>& skipUids) { 181563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 182563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 183563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 184563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti SockDiag sd; 185563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti if (!sd.open()) { 186563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::fromServiceSpecificError(EIO, 187563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti String8("Could not open SOCK_DIAG socket")); 188563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti } 189563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 190563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti UidRanges uidRanges(uids); 191e5c3c9971a5d1525380c18fff65c2816eb79923eLorenzo Colitti int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()), 192e5c3c9971a5d1525380c18fff65c2816eb79923eLorenzo Colitti true /* excludeLoopback */); 193563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 194563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti if (err) { 195563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::fromServiceSpecificError(-err, 196563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti String8::format("destroySockets: %s", strerror(-err))); 197563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti } 198beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::ok(); 199beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai} 200beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 201beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imaibinder::Status NetdNativeService::setResolverConfiguration(int32_t netId, 202beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const std::vector<std::string>& servers, const std::vector<std::string>& domains, 203beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const std::vector<int32_t>& params) { 204beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // This function intentionally does not lock within Netd, as Bionic is thread-safe. 205beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 206563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 207beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params); 208beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai if (err != 0) { 209beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::fromServiceSpecificError(-err, 210beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai String8::format("ResolverController error: %s", strerror(-err))); 211beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai } 212beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::ok(); 213beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai} 214beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 215beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imaibinder::Status NetdNativeService::getResolverInfo(int32_t netId, 216beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai std::vector<std::string>* servers, std::vector<std::string>* domains, 217beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai std::vector<int32_t>* params, std::vector<int32_t>* stats) { 218beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // This function intentionally does not lock within Netd, as Bionic is thread-safe. 219beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 220beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 221beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats); 222beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai if (err != 0) { 223beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::fromServiceSpecificError(-err, 224beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai String8::format("ResolverController error: %s", strerror(-err))); 225beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai } 226563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::ok(); 227563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti} 228563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 229f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Klinebinder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) { 230f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 231f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline 232f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline *ret = gCtls->tetherCtrl.applyDnsInterfaces(); 233f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline return binder::Status::ok(); 234f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline} 235f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline 23653c2088c4091e511c713ee759ce905e40e6d8975Erik Klinebinder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName, 23753c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const std::string &addrString, int prefixLength) { 23853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 23953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 24053c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const int err = InterfaceController::addAddress( 24153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ifName.c_str(), addrString.c_str(), prefixLength); 24253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline if (err != 0) { 24353c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::fromServiceSpecificError(-err, 24453c2088c4091e511c713ee759ce905e40e6d8975Erik Kline String8::format("InterfaceController error: %s", strerror(-err))); 24553c2088c4091e511c713ee759ce905e40e6d8975Erik Kline } 24653c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::ok(); 24753c2088c4091e511c713ee759ce905e40e6d8975Erik Kline} 24853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 24953c2088c4091e511c713ee759ce905e40e6d8975Erik Klinebinder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName, 25053c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const std::string &addrString, int prefixLength) { 25153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 25253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 25353c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const int err = InterfaceController::delAddress( 25453c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ifName.c_str(), addrString.c_str(), prefixLength); 25553c2088c4091e511c713ee759ce905e40e6d8975Erik Kline if (err != 0) { 25653c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::fromServiceSpecificError(-err, 25753c2088c4091e511c713ee759ce905e40e6d8975Erik Kline String8::format("InterfaceController error: %s", strerror(-err))); 25853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline } 25953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::ok(); 26053c2088c4091e511c713ee759ce905e40e6d8975Erik Kline} 26153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 26255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Klinebinder::Status NetdNativeService::setProcSysNet( 26355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter, 26455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const std::string &value) { 26555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 26655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 26755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *familyStr; 26855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline switch (family) { 26955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::IPV4: 27055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr = "ipv4"; 27155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 27255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::IPV6: 27355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr = "ipv6"; 27455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 27555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline default: 27655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family")); 27755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 27855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 27955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *whichStr; 28055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline switch (which) { 28155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::CONF: 28255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline whichStr = "conf"; 28355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 28455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::NEIGH: 28555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline whichStr = "neigh"; 28655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 28755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline default: 28855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category")); 28955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 29055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 29155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const int err = InterfaceController::setParameter( 29255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr, whichStr, ifname.c_str(), parameter.c_str(), 29355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline value.c_str()); 29455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline if (err != 0) { 29555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(-err, 29655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline String8::format("ResolverController error: %s", strerror(-err))); 29755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 29855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::ok(); 29955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline} 30055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 3012cf561722c2661cc0d4db502a44a3021609f307eRobin Leebinder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) { 3022cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // This function intentionally does not lock, since the only thing it does is one read from an 3032cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // atomic_int. 3042cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3052cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_DEBUGGABLE(); 3062cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 307d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel(); 3082cf561722c2661cc0d4db502a44a3021609f307eRobin Lee return binder::Status::ok(); 3092cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 3102cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 3112cf561722c2661cc0d4db502a44a3021609f307eRobin Leebinder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) { 3122cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // This function intentionally does not lock, since the only thing it does is one write to an 3132cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // atomic_int. 3142cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3152cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_DEBUGGABLE(); 3162cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 317d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0) 318d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski ? binder::Status::ok() 319d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT); 3202cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 3212cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 3221a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecAllocateSpi( 3231a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3241a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3251a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3261a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3271a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t inSpi, 3281a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t* outSpi) { 3291a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 3301a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3311a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecAllocateSpi()"); 3321a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi( 3331a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 3341a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 3351a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 3361a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 3371a37153768aa605e0787591c39d73b674acd92c3Nathan Harold inSpi, 3381a37153768aa605e0787591c39d73b674acd92c3Nathan Harold outSpi)); 3391a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 3401a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 3411a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecAddSecurityAssociation( 3421a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3431a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t mode, 3441a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3451a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3461a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3471a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int64_t underlyingNetworkHandle, 3481a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi, 3491a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits, 3501a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, 3511a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapType, 3521a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapLocalPort, 3531a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapRemotePort, 3541a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t* allocatedSpi) { 3551a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 3561a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3571a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecAddSecurityAssociation()"); 3581a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation( 3591a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, mode, direction, localAddress, remoteAddress, 3601a37153768aa605e0787591c39d73b674acd92c3Nathan Harold underlyingNetworkHandle, 3611a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi, 3621a37153768aa605e0787591c39d73b674acd92c3Nathan Harold authAlgo, authKey, authTruncBits, 3631a37153768aa605e0787591c39d73b674acd92c3Nathan Harold cryptAlgo, cryptKey, cryptTruncBits, 3641a37153768aa605e0787591c39d73b674acd92c3Nathan Harold encapType, encapLocalPort, encapRemotePort, 3651a37153768aa605e0787591c39d73b674acd92c3Nathan Harold allocatedSpi)); 3661a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 3671a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 3681a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecDeleteSecurityAssociation( 3691a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3701a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3711a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3721a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3731a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi) { 3741a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 3751a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3761a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecDeleteSecurityAssociation()"); 3771a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation( 3781a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 3791a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 3801a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 3811a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 3821a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi)); 3831a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 3841a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 3851a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecApplyTransportModeTransform( 3861a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const android::base::unique_fd& socket, 3871a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3881a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3891a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3901a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3911a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi) { 3921a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 3931a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3941a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecApplyTransportModeTransform()"); 3951a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform( 3961a37153768aa605e0787591c39d73b674acd92c3Nathan Harold socket, 3971a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 3981a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 3991a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 4001a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 4011a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi)); 4021a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4031a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 4041a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecRemoveTransportModeTransform( 4051a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const android::base::unique_fd& socket) { 4061a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4071a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4081a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecRemoveTransportModeTransform()"); 4091a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform( 4101a37153768aa605e0787591c39d73b674acd92c3Nathan Harold socket)); 4111a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4121a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 413e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace net 414e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace android 415