NetdNativeService.cpp revision e4851dede1dd24bbd80ffd30c4e89c7753fed121 
1e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/**
2e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Copyright (c) 2016, The Android Open Source Project
3e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *
4e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License");
5e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * you may not use this file except in compliance with the License.
6e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * You may obtain a copy of the License at
7e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *
8e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *     http://www.apache.org/licenses/LICENSE-2.0
9e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *
10e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software
11e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS,
12e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * See the License for the specific language governing permissions and
14e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * limitations under the License.
15e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti */
16e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
17e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define LOG_TAG "Netd"
18e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
1989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <vector>
2089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti
21e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <android-base/stringprintf.h>
22e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <cutils/log.h>
23e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <utils/Errors.h>
24e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
25e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IPCThreadState.h>
26e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IServiceManager.h>
27e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "android/net/BnNetd.h"
28e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
2989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "Controllers.h"
30e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdConstants.h"
31e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdNativeService.h"
32e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
33e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittiusing android::base::StringPrintf;
34e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
35e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace android {
36e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace net {
37e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
38e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace {
39e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
40e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitticonst char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
41e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
42e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status checkPermission(const char *permission) {
43e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    pid_t pid;
44e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    uid_t uid;
45e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
46e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
47e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti        return binder::Status::ok();
48e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    } else {
49e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti        auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
50e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti        return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
51e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    }
52e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti}
53e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
54e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define ENFORCE_PERMISSION(permission) {                    \
55e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    binder::Status status = checkPermission((permission));  \
56e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    if (!status.isOk()) {                                   \
57e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti        return status;                                      \
58e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    }                                                       \
59e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti}
60e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
6189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_LOCKING_RPC(permission, lock)                  \
6289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    ENFORCE_PERMISSION(permission);                         \
6389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    android::RWLock::AutoWLock _lock(lock);
6489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti
6589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
66e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
67e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti}  // namespace
68e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
69e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
70e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colittistatus_t NetdNativeService::start() {
71e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    IPCThreadState::self()->disableBackgroundScheduling(true);
72e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    status_t ret = BinderService<NetdNativeService>::publish();
73e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    if (ret != android::OK) {
74e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti        return ret;
75e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    }
76e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    sp<ProcessState> ps(ProcessState::self());
77e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    ps->startThreadPool();
78e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    ps->giveThreadPoolName();
79e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti    return android::OK;
80e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti}
81e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti
82e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status NetdNativeService::isAlive(bool *alive) {
8389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
84e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
85e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    *alive = true;
86e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti    return binder::Status::ok();
87e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti}
88e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti
8989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittibinder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
9089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti        bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
9189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
9289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti
9389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    android::String8 name = android::String8(chainName);
9489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
9589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    *ret = (err == 0);
9689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti    return binder::Status::ok();
9789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti
9889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti}
99e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti}  // namespace net
100e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti}  // namespace android
101