NetdNativeService.cpp revision e760181ff41a5f4526e4f543f3838eb05690e2aa
1e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti/** 2e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Copyright (c) 2016, The Android Open Source Project 3e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 4e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License"); 5e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * you may not use this file except in compliance with the License. 6e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * You may obtain a copy of the License at 7e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 8e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * http://www.apache.org/licenses/LICENSE-2.0 9e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * 10e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software 11e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS, 12e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * See the License for the specific language governing permissions and 14e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti * limitations under the License. 15e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti */ 16e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 17e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define LOG_TAG "Netd" 18e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 1989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <vector> 2089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 21e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <android-base/stringprintf.h> 22e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <cutils/log.h> 232cf561722c2661cc0d4db502a44a3021609f307eRobin Lee#include <cutils/properties.h> 24e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <utils/Errors.h> 25beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai#include <utils/String16.h> 26e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 27e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IPCThreadState.h> 28e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include <binder/IServiceManager.h> 29e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "android/net/BnNetd.h" 30e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 31e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz#include <openssl/base64.h> 32e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz 3389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "Controllers.h" 342d3a163433c435ff053402ae8965f8602c7ac6daErik Kline#include "DumpWriter.h" 35d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski#include "EventReporter.h" 3655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline#include "InterfaceController.h" 37e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdConstants.h" 38e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#include "NetdNativeService.h" 39b8087363143050d214d48e5620a330776ca95a69Robin Lee#include "RouteController.h" 40563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti#include "SockDiag.h" 41b8087363143050d214d48e5620a330776ca95a69Robin Lee#include "UidRanges.h" 42e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 43e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittiusing android::base::StringPrintf; 44e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 45e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace android { 46e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace net { 47e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 48e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittinamespace { 49e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 50e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitticonst char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL"; 5108b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzconst char NETWORK_STACK[] = "android.permission.NETWORK_STACK"; 522d3a163433c435ff053402ae8965f8602c7ac6daErik Klineconst char DUMP[] = "android.permission.DUMP"; 53e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 5408b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzbinder::Status toBinderStatus(const netdutils::Status s) { 5508b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz if (isOk(s)) { 5608b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz return binder::Status::ok(); 5708b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz } 58de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str()); 5908b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz} 6008b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz 61e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status checkPermission(const char *permission) { 62e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti pid_t pid; 63e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti uid_t uid; 64e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 65e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) { 66e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 67e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } else { 68e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission); 69e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str())); 70e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } 71e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 72e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 731a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status getXfrmStatus(int xfrmCode) { 741a37153768aa605e0787591c39d73b674acd92c3Nathan Harold switch(xfrmCode) { 751a37153768aa605e0787591c39d73b674acd92c3Nathan Harold case 0: 761a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::ok(); 771a37153768aa605e0787591c39d73b674acd92c3Nathan Harold case -ENOENT: 781a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::fromServiceSpecificError(xfrmCode); 791a37153768aa605e0787591c39d73b674acd92c3Nathan Harold } 801a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return binder::Status::fromExceptionCode(xfrmCode); 811a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 821a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 832cf561722c2661cc0d4db502a44a3021609f307eRobin Lee#define ENFORCE_DEBUGGABLE() { \ 842cf561722c2661cc0d4db502a44a3021609f307eRobin Lee char value[PROPERTY_VALUE_MAX + 1]; \ 852cf561722c2661cc0d4db502a44a3021609f307eRobin Lee if (property_get("ro.debuggable", value, NULL) != 1 \ 862cf561722c2661cc0d4db502a44a3021609f307eRobin Lee || value[0] != '1') { \ 872cf561722c2661cc0d4db502a44a3021609f307eRobin Lee return binder::Status::fromExceptionCode( \ 882cf561722c2661cc0d4db502a44a3021609f307eRobin Lee binder::Status::EX_SECURITY, \ 892cf561722c2661cc0d4db502a44a3021609f307eRobin Lee String8("Not available in production builds.") \ 902cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ); \ 912cf561722c2661cc0d4db502a44a3021609f307eRobin Lee } \ 922cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 932cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 94e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti#define ENFORCE_PERMISSION(permission) { \ 95e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti binder::Status status = checkPermission((permission)); \ 96e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti if (!status.isOk()) { \ 97e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return status; \ 98e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti } \ 99e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 100e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 10189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_LOCKING_RPC(permission, lock) \ 10289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti ENFORCE_PERMISSION(permission); \ 10389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::RWLock::AutoWLock _lock(lock); 10489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 10589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock) 106e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace 107e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 108e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 109e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colittistatus_t NetdNativeService::start() { 110e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti IPCThreadState::self()->disableBackgroundScheduling(true); 111e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti status_t ret = BinderService<NetdNativeService>::publish(); 112e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti if (ret != android::OK) { 113e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return ret; 114e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti } 115e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti sp<ProcessState> ps(ProcessState::self()); 116e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->startThreadPool(); 117e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti ps->giveThreadPoolName(); 118e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti return android::OK; 119e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti} 120e4851dede1dd24bbd80ffd30c4e89c7753fed121Lorenzo Colitti 1212d3a163433c435ff053402ae8965f8602c7ac6daErik Klinestatus_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) { 1222d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const binder::Status dump_permission = checkPermission(DUMP); 1232d3a163433c435ff053402ae8965f8602c7ac6daErik Kline if (!dump_permission.isOk()) { 1242d3a163433c435ff053402ae8965f8602c7ac6daErik Kline const String8 msg(dump_permission.toString8()); 1252d3a163433c435ff053402ae8965f8602c7ac6daErik Kline write(fd, msg.string(), msg.size()); 1262d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return PERMISSION_DENIED; 1272d3a163433c435ff053402ae8965f8602c7ac6daErik Kline } 1282d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 1292d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // This method does not grab any locks. If individual classes need locking 1302d3a163433c435ff053402ae8965f8602c7ac6daErik Kline // their dump() methods MUST handle locking appropriately. 1312d3a163433c435ff053402ae8965f8602c7ac6daErik Kline DumpWriter dw(fd); 1322d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 1332d3a163433c435ff053402ae8965f8602c7ac6daErik Kline gCtls->netCtrl.dump(dw); 1342d3a163433c435ff053402ae8965f8602c7ac6daErik Kline dw.blankline(); 1352d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 1362d3a163433c435ff053402ae8965f8602c7ac6daErik Kline return NO_ERROR; 1372d3a163433c435ff053402ae8965f8602c7ac6daErik Kline} 1382d3a163433c435ff053402ae8965f8602c7ac6daErik Kline 139e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colittibinder::Status NetdNativeService::isAlive(bool *alive) { 14089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 141e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 142e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti *alive = true; 143e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti return binder::Status::ok(); 144e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} 145e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti 14689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittibinder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName, 14789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) { 14889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock); 14989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 15089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti android::String8 name = android::String8(chainName); 15189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids); 15289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti *ret = (err == 0); 15389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti return binder::Status::ok(); 154dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 155dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 156dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colittibinder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) { 157dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock); 15889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 159dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti int err = gCtls->bandwidthCtrl.enableDataSaver(enable); 160dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti *ret = (err == 0); 161dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return binder::Status::ok(); 16289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 163dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 164b8087363143050d214d48e5620a330776ca95a69Robin Leebinder::Status NetdNativeService::networkRejectNonSecureVpn(bool add, 165b8087363143050d214d48e5620a330776ca95a69Robin Lee const std::vector<UidRange>& uidRangeArray) { 166b8087363143050d214d48e5620a330776ca95a69Robin Lee // TODO: elsewhere RouteController is only used from the tethering and network controllers, so 167b8087363143050d214d48e5620a330776ca95a69Robin Lee // it should be possible to use the same lock as NetworkController. However, every call through 168b8087363143050d214d48e5620a330776ca95a69Robin Lee // the CommandListener "network" command will need to hold this lock too, not just the ones that 169b8087363143050d214d48e5620a330776ca95a69Robin Lee // read/modify network internal state (that is sufficient for ::dump() because it doesn't 170b8087363143050d214d48e5620a330776ca95a69Robin Lee // look at routes, but it's not enough here). 171b8087363143050d214d48e5620a330776ca95a69Robin Lee NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 172b8087363143050d214d48e5620a330776ca95a69Robin Lee 173563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti UidRanges uidRanges(uidRangeArray); 174b8087363143050d214d48e5620a330776ca95a69Robin Lee 175b8087363143050d214d48e5620a330776ca95a69Robin Lee int err; 176b8087363143050d214d48e5620a330776ca95a69Robin Lee if (add) { 177b8087363143050d214d48e5620a330776ca95a69Robin Lee err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges); 178b8087363143050d214d48e5620a330776ca95a69Robin Lee } else { 179b8087363143050d214d48e5620a330776ca95a69Robin Lee err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges); 180b8087363143050d214d48e5620a330776ca95a69Robin Lee } 181b8087363143050d214d48e5620a330776ca95a69Robin Lee 182b8087363143050d214d48e5620a330776ca95a69Robin Lee if (err != 0) { 183b8087363143050d214d48e5620a330776ca95a69Robin Lee return binder::Status::fromServiceSpecificError(-err, 184b8087363143050d214d48e5620a330776ca95a69Robin Lee String8::format("RouteController error: %s", strerror(-err))); 185b8087363143050d214d48e5620a330776ca95a69Robin Lee } 186b8087363143050d214d48e5620a330776ca95a69Robin Lee return binder::Status::ok(); 187b8087363143050d214d48e5620a330776ca95a69Robin Lee} 188b8087363143050d214d48e5620a330776ca95a69Robin Lee 189563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colittibinder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids, 190563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti const std::vector<int32_t>& skipUids) { 191563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 192563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 193563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 194563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti SockDiag sd; 195563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti if (!sd.open()) { 196563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::fromServiceSpecificError(EIO, 197563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti String8("Could not open SOCK_DIAG socket")); 198563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti } 199563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 200563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti UidRanges uidRanges(uids); 201e5c3c9971a5d1525380c18fff65c2816eb79923eLorenzo Colitti int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()), 202e5c3c9971a5d1525380c18fff65c2816eb79923eLorenzo Colitti true /* excludeLoopback */); 203563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 204563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti if (err) { 205563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::fromServiceSpecificError(-err, 206563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti String8::format("destroySockets: %s", strerror(-err))); 207563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti } 208beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::ok(); 209beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai} 210beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 211beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imaibinder::Status NetdNativeService::setResolverConfiguration(int32_t netId, 212beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const std::vector<std::string>& servers, const std::vector<std::string>& domains, 213beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai const std::vector<int32_t>& params) { 214beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // This function intentionally does not lock within Netd, as Bionic is thread-safe. 215beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 216563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 217beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params); 218beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai if (err != 0) { 219beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::fromServiceSpecificError(-err, 220beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai String8::format("ResolverController error: %s", strerror(-err))); 221beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai } 222beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::ok(); 223beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai} 224beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 225beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imaibinder::Status NetdNativeService::getResolverInfo(int32_t netId, 226beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai std::vector<std::string>* servers, std::vector<std::string>* domains, 227beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai std::vector<int32_t>* params, std::vector<int32_t>* stats) { 228beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai // This function intentionally does not lock within Netd, as Bionic is thread-safe. 229beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 230beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai 231beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats); 232beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai if (err != 0) { 233beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai return binder::Status::fromServiceSpecificError(-err, 234beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai String8::format("ResolverController error: %s", strerror(-err))); 235beedec3bc42d6f40a2c83a65522e85b5ff046f79Pierre Imai } 236563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti return binder::Status::ok(); 237563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti} 238563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 239e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartzbinder::Status NetdNativeService::addPrivateDnsServer(const std::string& server, int32_t port, 240e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz const std::string& fingerprintAlgorithm, const std::vector<std::string>& fingerprints) { 241e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 242e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz std::set<std::vector<uint8_t>> decoded_fingerprints; 243e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz for (const std::string& input : fingerprints) { 244e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz size_t out_len; 245e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (EVP_DecodedLength(&out_len, input.size()) != 1) { 246e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT, 247e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz "ResolverController error: bad fingerprint length"); 248e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 249e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz // out_len is now an upper bound on the output length. 250e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz std::vector<uint8_t> decoded(out_len); 251e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(), 252e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) { 253e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz // Possibly shrink the vector if the actual output was smaller than the bound. 254e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz decoded.resize(out_len); 255e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } else { 256e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT, 257e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz "ResolverController error: Base64 parsing failed"); 258e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 259e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz decoded_fingerprints.insert(decoded); 260e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 261e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz const int err = gCtls->resolverCtrl.addPrivateDnsServer(server, port, 262e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz fingerprintAlgorithm, decoded_fingerprints); 263e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (err != INetd::PRIVATE_DNS_SUCCESS) { 264e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(err, 265e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz String8::format("ResolverController error: %d", err)); 266e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 267e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::ok(); 268e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz} 269e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz 270e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartzbinder::Status NetdNativeService::removePrivateDnsServer(const std::string& server) { 271e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 272e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz const int err = gCtls->resolverCtrl.removePrivateDnsServer(server); 273e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz if (err != INetd::PRIVATE_DNS_SUCCESS) { 274e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::fromServiceSpecificError(err, 275e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz String8::format("ResolverController error: %d", err)); 276e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz } 277e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz return binder::Status::ok(); 278e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz} 279e760181ff41a5f4526e4f543f3838eb05690e2aaBen Schwartz 280f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Klinebinder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) { 281f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 282f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline 283f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline *ret = gCtls->tetherCtrl.applyDnsInterfaces(); 284f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline return binder::Status::ok(); 285f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline} 286f48e4dd80eb164394a8119abc59a5b9ecf36c4dbErik Kline 28753c2088c4091e511c713ee759ce905e40e6d8975Erik Klinebinder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName, 28853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const std::string &addrString, int prefixLength) { 28953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 29053c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 29153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const int err = InterfaceController::addAddress( 29253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ifName.c_str(), addrString.c_str(), prefixLength); 29353c2088c4091e511c713ee759ce905e40e6d8975Erik Kline if (err != 0) { 29453c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::fromServiceSpecificError(-err, 29553c2088c4091e511c713ee759ce905e40e6d8975Erik Kline String8::format("InterfaceController error: %s", strerror(-err))); 29653c2088c4091e511c713ee759ce905e40e6d8975Erik Kline } 29753c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::ok(); 29853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline} 29953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 30053c2088c4091e511c713ee759ce905e40e6d8975Erik Klinebinder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName, 30153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const std::string &addrString, int prefixLength) { 30253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 30353c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 30453c2088c4091e511c713ee759ce905e40e6d8975Erik Kline const int err = InterfaceController::delAddress( 30553c2088c4091e511c713ee759ce905e40e6d8975Erik Kline ifName.c_str(), addrString.c_str(), prefixLength); 30653c2088c4091e511c713ee759ce905e40e6d8975Erik Kline if (err != 0) { 30753c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::fromServiceSpecificError(-err, 30853c2088c4091e511c713ee759ce905e40e6d8975Erik Kline String8::format("InterfaceController error: %s", strerror(-err))); 30953c2088c4091e511c713ee759ce905e40e6d8975Erik Kline } 31053c2088c4091e511c713ee759ce905e40e6d8975Erik Kline return binder::Status::ok(); 31153c2088c4091e511c713ee759ce905e40e6d8975Erik Kline} 31253c2088c4091e511c713ee759ce905e40e6d8975Erik Kline 31355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Klinebinder::Status NetdNativeService::setProcSysNet( 31455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter, 31555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const std::string &value) { 31655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 31755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 31855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *familyStr; 31955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline switch (family) { 32055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::IPV4: 32155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr = "ipv4"; 32255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 32355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::IPV6: 32455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr = "ipv6"; 32555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 32655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline default: 32755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family")); 32855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 32955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 33055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *whichStr; 33155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline switch (which) { 33255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::CONF: 33355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline whichStr = "conf"; 33455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 33555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline case INetd::NEIGH: 33655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline whichStr = "neigh"; 33755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline break; 33855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline default: 33955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category")); 34055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 34155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 34255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const int err = InterfaceController::setParameter( 34355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline familyStr, whichStr, ifname.c_str(), parameter.c_str(), 34455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline value.c_str()); 34555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline if (err != 0) { 34655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::fromServiceSpecificError(-err, 34755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline String8::format("ResolverController error: %s", strerror(-err))); 34855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 34955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline return binder::Status::ok(); 35055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline} 35155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 3522cf561722c2661cc0d4db502a44a3021609f307eRobin Leebinder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) { 3532cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // This function intentionally does not lock, since the only thing it does is one read from an 3542cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // atomic_int. 3552cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3562cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_DEBUGGABLE(); 3572cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 358d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel(); 3592cf561722c2661cc0d4db502a44a3021609f307eRobin Lee return binder::Status::ok(); 3602cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 3612cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 3622cf561722c2661cc0d4db502a44a3021609f307eRobin Leebinder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) { 3632cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // This function intentionally does not lock, since the only thing it does is one write to an 3642cf561722c2661cc0d4db502a44a3021609f307eRobin Lee // atomic_int. 3652cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3662cf561722c2661cc0d4db502a44a3021609f307eRobin Lee ENFORCE_DEBUGGABLE(); 3672cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 368d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0) 369d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski ? binder::Status::ok() 370d544011db2537092fe4f76d238dfe3a82ad15a36Michal Karpinski : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT); 3712cf561722c2661cc0d4db502a44a3021609f307eRobin Lee} 3722cf561722c2661cc0d4db502a44a3021609f307eRobin Lee 3731a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecAllocateSpi( 3741a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3751a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3761a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3771a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3781a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t inSpi, 3791a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t* outSpi) { 3801a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 3811a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 3821a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecAllocateSpi()"); 3831a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi( 3841a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 3851a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 3861a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 3871a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 3881a37153768aa605e0787591c39d73b674acd92c3Nathan Harold inSpi, 3891a37153768aa605e0787591c39d73b674acd92c3Nathan Harold outSpi)); 3901a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 3911a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 3921a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecAddSecurityAssociation( 3931a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 3941a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t mode, 3951a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 3961a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 3971a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 3981a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int64_t underlyingNetworkHandle, 3991a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi, 4001a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits, 4011a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, 4021a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapType, 4031a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapLocalPort, 4041a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t encapRemotePort, 4051a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t* allocatedSpi) { 4061a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4071a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4081a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecAddSecurityAssociation()"); 4091a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation( 4101a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, mode, direction, localAddress, remoteAddress, 4111a37153768aa605e0787591c39d73b674acd92c3Nathan Harold underlyingNetworkHandle, 4121a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi, 4131a37153768aa605e0787591c39d73b674acd92c3Nathan Harold authAlgo, authKey, authTruncBits, 4141a37153768aa605e0787591c39d73b674acd92c3Nathan Harold cryptAlgo, cryptKey, cryptTruncBits, 4151a37153768aa605e0787591c39d73b674acd92c3Nathan Harold encapType, encapLocalPort, encapRemotePort, 4161a37153768aa605e0787591c39d73b674acd92c3Nathan Harold allocatedSpi)); 4171a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4181a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 4191a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecDeleteSecurityAssociation( 4201a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 4211a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 4221a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 4231a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 4241a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi) { 4251a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4261a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4271a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecDeleteSecurityAssociation()"); 4281a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation( 4291a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 4301a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 4311a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 4321a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 4331a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi)); 4341a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4351a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 4361a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecApplyTransportModeTransform( 4371a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const android::base::unique_fd& socket, 4381a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t transformId, 4391a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t direction, 4401a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& localAddress, 4411a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const std::string& remoteAddress, 4421a37153768aa605e0787591c39d73b674acd92c3Nathan Harold int32_t spi) { 4431a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4441a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4451a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecApplyTransportModeTransform()"); 4461a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform( 4471a37153768aa605e0787591c39d73b674acd92c3Nathan Harold socket, 4481a37153768aa605e0787591c39d73b674acd92c3Nathan Harold transformId, 4491a37153768aa605e0787591c39d73b674acd92c3Nathan Harold direction, 4501a37153768aa605e0787591c39d73b674acd92c3Nathan Harold localAddress, 4511a37153768aa605e0787591c39d73b674acd92c3Nathan Harold remoteAddress, 4521a37153768aa605e0787591c39d73b674acd92c3Nathan Harold spi)); 4531a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4541a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 4551a37153768aa605e0787591c39d73b674acd92c3Nathan Haroldbinder::Status NetdNativeService::ipSecRemoveTransportModeTransform( 4561a37153768aa605e0787591c39d73b674acd92c3Nathan Harold const android::base::unique_fd& socket) { 4571a37153768aa605e0787591c39d73b674acd92c3Nathan Harold // Necessary locking done in IpSecService and kernel 4581a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 4591a37153768aa605e0787591c39d73b674acd92c3Nathan Harold ALOGD("ipSecRemoveTransportModeTransform()"); 4601a37153768aa605e0787591c39d73b674acd92c3Nathan Harold return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform( 4611a37153768aa605e0787591c39d73b674acd92c3Nathan Harold socket)); 4621a37153768aa605e0787591c39d73b674acd92c3Nathan Harold} 4631a37153768aa605e0787591c39d73b674acd92c3Nathan Harold 464de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelzbinder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName, 465de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz int32_t mode) { 466de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz ENFORCE_PERMISSION(NETWORK_STACK); 467de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode)); 468de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz} 469de9379641d5fc4b5912d6838075df9490518cca6Joel Scherpelz 47008b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzbinder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName, 47108b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz const std::string& prefix, int32_t mark, 47208b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz int32_t mask) { 47308b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz ENFORCE_PERMISSION(NETWORK_STACK); 47408b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask)); 47508b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz} 47608b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz 47708b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelzbinder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName, 47808b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz const std::string& prefix, int32_t mark, 47908b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz int32_t mask) { 48008b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz ENFORCE_PERMISSION(NETWORK_STACK); 48108b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask)); 48208b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz} 48308b84cd0d223ae3059ce7d4d55b389fdea187580Joel Scherpelz 484e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace net 485e4d626ea35b7a402388b524e2feafc81e6387697Lorenzo Colitti} // namespace android 486