oem_iptables_hook.cpp revision 8e188ed5c989ddcc07f0f5e9839493c22d17e7b6
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdio.h> 18#include <stdlib.h> 19#include <sys/types.h> 20#include <sys/wait.h> 21#include <errno.h> 22#include <string.h> 23#include <unistd.h> 24 25#define LOG_TAG "OemIptablesHook" 26#include <cutils/log.h> 27#include "NetdConstants.h" 28 29extern "C" int system_nosh(const char *command); 30 31 32static int runIptablesCmd(const char *cmd) { 33 char *buffer; 34 size_t len = strnlen(cmd, 255); 35 int res; 36 37 if (len == 255) { 38 ALOGE("command too long"); 39 return -1; 40 } 41 42 asprintf(&buffer, "%s %s", IPTABLES_PATH, cmd); 43 res = system_nosh(buffer); 44 free(buffer); 45 return res; 46} 47 48static bool oemCleanupHooks() { 49 runIptablesCmd("-F oem_out"); 50 runIptablesCmd("-F oem_fwd"); 51 runIptablesCmd("-t nat -F oem_nat_pre"); 52 return true; 53} 54 55static bool oemInitChains() { 56 int ret = system(OEM_SCRIPT_PATH); 57 if ((-1 == ret) || (0 != WEXITSTATUS(ret))) { 58 ALOGE("%s failed: %s", OEM_SCRIPT_PATH, strerror(errno)); 59 oemCleanupHooks(); 60 return false; 61 } 62 return true; 63} 64 65 66void setupOemIptablesHook() { 67 if (0 == access(OEM_SCRIPT_PATH, R_OK | X_OK)) { 68 // The call to oemCleanupHooks() is superfluous when done on bootup, 69 // but is needed for the case where netd has crashed/stopped and is 70 // restarted. 71 if (oemCleanupHooks() && oemInitChains()) { 72 ALOGI("OEM iptable hook installed."); 73 } 74 } 75} 76