NetdNativeService.cpp revision e4851dede1dd24bbd80ffd30c4e89c7753fed121
1e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/** 2e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Copyright (c) 2016, The Android Open Source Project 3e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 4e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License"); 5e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * you may not use this file except in compliance with the License. 6e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * You may obtain a copy of the License at 7e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 8e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * http://www.apache.org/licenses/LICENSE-2.0 9e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 10e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software 11e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS, 12e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * See the License for the specific language governing permissions and 14e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * limitations under the License. 15e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti */ 16e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 17e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define LOG_TAG "Netd" 18e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 1989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <vector> 2089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 21e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <android-base/stringprintf.h> 22e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <cutils/log.h> 23e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <utils/Errors.h> 24e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 25e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IPCThreadState.h> 26e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IServiceManager.h> 27e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "android/net/BnNetd.h" 28e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 2989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "Controllers.h" 30e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdConstants.h" 31e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdNativeService.h" 32e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 33e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittiusing android::base::StringPrintf; 34e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 35e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace android { 36e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace net { 37e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 38e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace { 39e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 40e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitticonst char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL"; 41e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 42e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status checkPermission(const char *permission) { 43e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti pid_t pid; 44e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti uid_t uid; 45e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 46e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) { 47e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 48e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } else { 49e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission); 50e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str())); 51e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } 52e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 53e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 54e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define ENFORCE_PERMISSION(permission) { \ 55e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti binder::Status status = checkPermission((permission)); \ 56e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (!status.isOk()) { \ 57e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return status; \ 58e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } \ 59e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 60e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 6189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_LOCKING_RPC(permission, lock) \ 6289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti ENFORCE_PERMISSION(permission); \ 6389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::RWLock::AutoWLock _lock(lock); 6489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 6589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock) 66e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 67e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace 68e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 69e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 70e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colittistatus_t NetdNativeService::start() { 71e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti IPCThreadState::self()->disableBackgroundScheduling(true); 72e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti status_t ret = BinderService<NetdNativeService>::publish(); 73e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti if (ret != android::OK) { 74e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return ret; 75e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti } 76e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti sp<ProcessState> ps(ProcessState::self()); 77e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->startThreadPool(); 78e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->giveThreadPoolName(); 79e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return android::OK; 80e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti} 81e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti 82e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status NetdNativeService::isAlive(bool *alive) { 8389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 84e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 85e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *alive = true; 86e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 87e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 88e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 8989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittibinder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName, 9089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) { 9189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock); 9289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 9389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::String8 name = android::String8(chainName); 9489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids); 9589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti *ret = (err == 0); 9689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti return binder::Status::ok(); 9789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 9889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 99e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace net 100e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace android 101