NetdNativeService.cpp revision 2d3a163433c435ff053402ae8965f8602c7ac6da
1e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/** 2e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Copyright (c) 2016, The Android Open Source Project 3e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 4e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License"); 5e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * you may not use this file except in compliance with the License. 6e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * You may obtain a copy of the License at 7e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 8e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * http://www.apache.org/licenses/LICENSE-2.0 9e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 10e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software 11e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS, 12e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * See the License for the specific language governing permissions and 14e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * limitations under the License. 15e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti */ 16e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 17e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define LOG_TAG "Netd" 18e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 1989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <vector> 2089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 21e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <android-base/stringprintf.h> 22e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <cutils/log.h> 23e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <utils/Errors.h> 24e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 25e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IPCThreadState.h> 26e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IServiceManager.h> 27e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "android/net/BnNetd.h" 28e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 2989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "Controllers.h" 302d3a163433c435ff053402ae8965f8602c7ac6daErik Kline#include "DumpWriter.h" 31e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdConstants.h" 32e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdNativeService.h" 33e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 34e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittiusing android::base::StringPrintf; 35e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 36e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace android { 37e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace net { 38e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 39e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace { 40e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 41e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitticonst char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL"; 422d3a163433c435ff053402ae8965f8602c7ac6daErik Klineconst char DUMP[] = "android.permission.DUMP"; 43e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 44e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status checkPermission(const char *permission) { 45e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti pid_t pid; 46e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti uid_t uid; 47e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 48e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) { 49e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 50e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } else { 51e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission); 52e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str())); 53e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } 54e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 55e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 56e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define ENFORCE_PERMISSION(permission) { \ 57e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti binder::Status status = checkPermission((permission)); \ 58e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (!status.isOk()) { \ 59e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return status; \ 60e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } \ 61e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 62e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 6389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_LOCKING_RPC(permission, lock) \ 6489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti ENFORCE_PERMISSION(permission); \ 6589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::RWLock::AutoWLock _lock(lock); 6689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 6789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock) 68e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 69e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace 70e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 71e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 72e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colittistatus_t NetdNativeService::start() { 73e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti IPCThreadState::self()->disableBackgroundScheduling(true); 74e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti status_t ret = BinderService<NetdNativeService>::publish(); 75e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti if (ret != android::OK) { 76e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return ret; 77e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti } 78e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti sp<ProcessState> ps(ProcessState::self()); 79e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->startThreadPool(); 80e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->giveThreadPoolName(); 81e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return android::OK; 82e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti} 83e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti 842d3a163433c435ff053402ae8965f8602c7ac6daErik Klinestatus_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) { 852d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const binder::Status dump_permission = checkPermission(DUMP); 862d3a163433c435ff053402ae8965f8602c7ac6daErik Kline if (!dump_permission.isOk()) { 872d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const String8 msg(dump_permission.toString8()); 882d3a163433c435ff053402ae8965f8602c7ac6daErik Kline write(fd, msg.string(), msg.size()); 892d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return PERMISSION_DENIED; 902d3a163433c435ff053402ae8965f8602c7ac6daErik Kline } 912d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 922d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // This method does not grab any locks. If individual classes need locking 932d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // their dump() methods MUST handle locking appropriately. 942d3a163433c435ff053402ae8965f8602c7ac6daErik Kline DumpWriter dw(fd); 952d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 962d3a163433c435ff053402ae8965f8602c7ac6daErik Kline gCtls->netCtrl.dump(dw); 972d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 982d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 992d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return NO_ERROR; 1002d3a163433c435ff053402ae8965f8602c7ac6daErik Kline} 1012d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 102e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status NetdNativeService::isAlive(bool *alive) { 10389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 104e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 105e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *alive = true; 106e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 107e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 108e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 10989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittibinder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName, 11089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) { 11189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock); 11289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 11389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::String8 name = android::String8(chainName); 11489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids); 11589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti *ret = (err == 0); 11689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti return binder::Status::ok(); 11789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 11889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 119e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace net 120e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace android 121