1 /** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef _NETD_NATIVE_SERVICE_H_ 18 #define _NETD_NATIVE_SERVICE_H_ 19 20 #include <vector> 21 22 #include <binder/BinderService.h> 23 #include <netdutils/Log.h> 24 25 #include "android/net/BnNetd.h" 26 27 namespace android { 28 namespace net { 29 30 class NetdNativeService : public BinderService<NetdNativeService>, public BnNetd { 31 public: 32 NetdNativeService(); 33 static status_t start(); getServiceName()34 static char const* getServiceName() { return "netd"; } 35 virtual status_t dump(int fd, const Vector<String16> &args) override; 36 37 binder::Status isAlive(bool *alive) override; 38 39 // Firewall commands. 40 binder::Status firewallReplaceUidChain(const std::string& chainName, bool isAllowlist, 41 const std::vector<int32_t>& uids, bool* ret) override; 42 binder::Status firewallSetFirewallType(int32_t firewallType) override; 43 binder::Status firewallSetInterfaceRule(const std::string& ifName, 44 int32_t firewallRule) override; 45 binder::Status firewallSetUidRule(int32_t childChain, int32_t uid, 46 int32_t firewallRule) override; 47 binder::Status firewallEnableChildChain(int32_t childChain, bool enable) override; 48 binder::Status firewallAddUidInterfaceRules(const std::string& ifName, 49 const std::vector<int32_t>& uids) override; 50 binder::Status firewallRemoveUidInterfaceRules(const std::vector<int32_t>& uids) override; 51 52 // Bandwidth control commands. 53 binder::Status bandwidthEnableDataSaver(bool enable, bool *ret) override; 54 binder::Status bandwidthSetInterfaceQuota(const std::string& ifName, int64_t bytes) override; 55 binder::Status bandwidthRemoveInterfaceQuota(const std::string& ifName) override; 56 binder::Status bandwidthSetInterfaceAlert(const std::string& ifName, int64_t bytes) override; 57 binder::Status bandwidthRemoveInterfaceAlert(const std::string& ifName) override; 58 binder::Status bandwidthSetGlobalAlert(int64_t bytes) override; 59 binder::Status bandwidthAddNaughtyApp(int32_t uid) override; 60 binder::Status bandwidthRemoveNaughtyApp(int32_t uid) override; 61 binder::Status bandwidthAddNiceApp(int32_t uid) override; 62 binder::Status bandwidthRemoveNiceApp(int32_t uid) override; 63 64 // Network and routing commands. 65 binder::Status networkCreatePhysical(int32_t netId, int32_t permission) override; 66 binder::Status networkCreateVpn(int32_t netId, bool secure) override; 67 binder::Status networkDestroy(int32_t netId) override; 68 69 binder::Status networkAddInterface(int32_t netId, const std::string& iface) override; 70 binder::Status networkRemoveInterface(int32_t netId, const std::string& iface) override; 71 72 binder::Status networkAddUidRanges(int32_t netId, 73 const std::vector<UidRangeParcel>& uids) override; 74 binder::Status networkRemoveUidRanges(int32_t netId, 75 const std::vector<UidRangeParcel>& uids) override; 76 binder::Status networkRejectNonSecureVpn(bool enable, 77 const std::vector<UidRangeParcel>& uids) override; 78 binder::Status networkAddRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 79 binder::Status networkUpdateRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 80 binder::Status networkRemoveRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 81 binder::Status networkAddRoute(int32_t netId, const std::string& ifName, 82 const std::string& destination, 83 const std::string& nextHop) override; 84 binder::Status networkRemoveRoute(int32_t netId, const std::string& ifName, 85 const std::string& destination, 86 const std::string& nextHop) override; 87 binder::Status networkAddLegacyRoute(int32_t netId, const std::string& ifName, 88 const std::string& destination, const std::string& nextHop, 89 int32_t uid) override; 90 binder::Status networkRemoveLegacyRoute(int32_t netId, const std::string& ifName, 91 const std::string& destination, 92 const std::string& nextHop, int32_t uid) override; 93 binder::Status networkSetDefault(int32_t netId) override; 94 binder::Status networkClearDefault() override; 95 binder::Status networkSetPermissionForNetwork(int32_t netId, int32_t permission) override; 96 binder::Status networkSetPermissionForUser(int32_t permission, 97 const std::vector<int32_t>& uids) override; 98 binder::Status networkClearPermissionForUser(const std::vector<int32_t>& uids) override; 99 binder::Status networkSetProtectAllow(int32_t uid) override; 100 binder::Status networkSetProtectDeny(int32_t uid) override; 101 // For test (internal use only). 102 binder::Status networkGetDefault(int32_t* netId) override; 103 binder::Status networkCanProtect(int32_t uid, bool* ret) override; 104 105 binder::Status trafficSetNetPermForUids(int32_t permission, 106 const std::vector<int32_t>& uids) override; 107 108 // SOCK_DIAG commands. 109 binder::Status socketDestroy(const std::vector<UidRangeParcel>& uids, 110 const std::vector<int32_t>& skipUids) override; 111 112 binder::Status setIPv6AddrGenMode(const std::string& ifName, int32_t mode) override; 113 114 // NFLOG-related commands 115 binder::Status wakeupAddInterface(const std::string& ifName, const std::string& prefix, 116 int32_t mark, int32_t mask) override; 117 118 binder::Status wakeupDelInterface(const std::string& ifName, const std::string& prefix, 119 int32_t mark, int32_t mask) override; 120 121 // Tethering-related commands. 122 binder::Status tetherApplyDnsInterfaces(bool *ret) override; 123 binder::Status tetherGetStats( 124 std::vector<android::net::TetherStatsParcel>* tetherStatsVec) override; 125 binder::Status tetherOffloadGetStats( 126 std::vector<android::net::TetherStatsParcel>* tetherStatsVec) override; 127 binder::Status tetherStart(const std::vector<std::string>& dhcpRanges) override; 128 binder::Status tetherStartWithConfiguration(const TetherConfigParcel& config) override; 129 binder::Status tetherStop() override; 130 binder::Status tetherIsEnabled(bool* enabled) override; 131 binder::Status tetherInterfaceAdd(const std::string& ifName) override; 132 binder::Status tetherInterfaceRemove(const std::string& ifName) override; 133 binder::Status tetherInterfaceList(std::vector<std::string>* ifList) override; 134 binder::Status tetherDnsSet(int32_t netId, const std::vector<std::string>& dnsAddrs) override; 135 binder::Status tetherDnsList(std::vector<std::string>* dnsList) override; 136 binder::Status tetherAddForward(const std::string& intIface, 137 const std::string& extIface) override; 138 binder::Status tetherRemoveForward(const std::string& intIface, 139 const std::string& extIface) override; 140 binder::Status tetherOffloadRuleAdd(const android::net::TetherOffloadRuleParcel& rule) override; 141 binder::Status tetherOffloadRuleRemove( 142 const android::net::TetherOffloadRuleParcel& rule) override; 143 binder::Status tetherOffloadSetInterfaceQuota(int ifIndex, int64_t quotaBytes) override; 144 binder::Status tetherOffloadGetAndClearStats( 145 int ifIndex, android::net::TetherStatsParcel* tetherStats) override; 146 147 // Interface-related commands. 148 binder::Status interfaceAddAddress(const std::string &ifName, 149 const std::string &addrString, int prefixLength) override; 150 binder::Status interfaceDelAddress(const std::string &ifName, 151 const std::string &addrString, int prefixLength) override; 152 binder::Status interfaceGetList(std::vector<std::string>* interfaceListResult) override; 153 binder::Status interfaceGetCfg(const std::string& ifName, 154 InterfaceConfigurationParcel* interfaceGetCfgResult) override; 155 binder::Status interfaceSetCfg(const InterfaceConfigurationParcel& cfg) override; 156 binder::Status interfaceSetIPv6PrivacyExtensions(const std::string& ifName, 157 bool enable) override; 158 binder::Status interfaceClearAddrs(const std::string& ifName) override; 159 binder::Status interfaceSetEnableIPv6(const std::string& ifName, bool enable) override; 160 binder::Status interfaceSetMtu(const std::string& ifName, int32_t mtuValue) override; 161 162 binder::Status getProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, 163 const std::string& parameter, std::string* value) override; 164 binder::Status setProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, 165 const std::string& parameter, const std::string& value) override; 166 167 binder::Status ipSecSetEncapSocketOwner(const os::ParcelFileDescriptor& socket, int newUid); 168 169 binder::Status ipSecAllocateSpi( 170 int32_t transformId, 171 const std::string& localAddress, 172 const std::string& remoteAddress, 173 int32_t inSpi, 174 int32_t* outSpi); 175 176 binder::Status ipSecAddSecurityAssociation( 177 int32_t transformId, int32_t mode, const std::string& sourceAddress, 178 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi, 179 int32_t markValue, int32_t markMask, const std::string& authAlgo, 180 const std::vector<uint8_t>& authKey, int32_t authTruncBits, 181 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, 182 int32_t cryptTruncBits, const std::string& aeadAlgo, 183 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType, 184 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId); 185 186 binder::Status ipSecDeleteSecurityAssociation(int32_t transformId, 187 const std::string& sourceAddress, 188 const std::string& destinationAddress, 189 int32_t spi, int32_t markValue, int32_t markMask, 190 int32_t interfaceId); 191 192 binder::Status ipSecApplyTransportModeTransform(const os::ParcelFileDescriptor& socket, 193 int32_t transformId, int32_t direction, 194 const std::string& sourceAddress, 195 const std::string& destinationAddress, 196 int32_t spi); 197 198 binder::Status ipSecRemoveTransportModeTransform(const os::ParcelFileDescriptor& socket); 199 200 binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 201 int32_t direction, const std::string& tmplSrcAddress, 202 const std::string& tmplDstAddress, int32_t spi, 203 int32_t markValue, int32_t markMask, int32_t interfaceId); 204 205 binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 206 int32_t direction, const std::string& tmplSrcAddress, 207 const std::string& tmplDstAddress, int32_t spi, 208 int32_t markValue, int32_t markMask, 209 int32_t interfaceId); 210 211 binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 212 int32_t direction, int32_t markValue, int32_t markMask, 213 int32_t interfaceId); 214 215 binder::Status trafficSwapActiveStatsMap() override; 216 217 binder::Status ipSecAddTunnelInterface(const std::string& deviceName, 218 const std::string& localAddress, 219 const std::string& remoteAddress, int32_t iKey, 220 int32_t oKey, int32_t interfaceId); 221 222 binder::Status ipSecUpdateTunnelInterface(const std::string& deviceName, 223 const std::string& localAddress, 224 const std::string& remoteAddress, int32_t iKey, 225 int32_t oKey, int32_t interfaceId); 226 227 binder::Status ipSecRemoveTunnelInterface(const std::string& deviceName); 228 229 // Idletimer-related commands 230 binder::Status idletimerAddInterface(const std::string& ifName, int32_t timeout, 231 const std::string& classLabel) override; 232 binder::Status idletimerRemoveInterface(const std::string& ifName, int32_t timeout, 233 const std::string& classLabel) override; 234 235 // Strict-related commands 236 binder::Status strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) override; 237 238 // Clatd-related commands 239 binder::Status clatdStart(const std::string& ifName, const std::string& nat64Prefix, 240 std::string* v6Address) override; 241 binder::Status clatdStop(const std::string& ifName) override; 242 243 // Ipfw-related commands 244 binder::Status ipfwdEnabled(bool* status) override; 245 binder::Status ipfwdGetRequesterList(std::vector<std::string>* requesterList) override; 246 binder::Status ipfwdEnableForwarding(const std::string& requester) override; 247 binder::Status ipfwdDisableForwarding(const std::string& requester) override; 248 binder::Status ipfwdAddInterfaceForward(const std::string& fromIface, 249 const std::string& toIface) override; 250 binder::Status ipfwdRemoveInterfaceForward(const std::string& fromIface, 251 const std::string& toIface) override; 252 253 // tcp_mem-config command 254 binder::Status setTcpRWmemorySize(const std::string& rmemValues, 255 const std::string& wmemValues) override; 256 257 binder::Status registerUnsolicitedEventListener( 258 const android::sp<android::net::INetdUnsolicitedEventListener>& listener) override; 259 260 binder::Status getOemNetd(android::sp<android::IBinder>* listener) override; 261 binder::Status getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markmask); 262 263 private: 264 std::vector<uid_t> intsToUids(const std::vector<int32_t>& intUids); 265 Permission convertPermission(int32_t permission); 266 static FirewallRule parseRule(int32_t firewallRule); 267 static ChildChain parseChildChain(int32_t childChain); 268 }; 269 270 } // namespace net 271 } // namespace android 272 273 #endif // _NETD_NATIVE_SERVICE_H_ 274