/** * Copyright (c) 2016, The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef _NETD_NATIVE_SERVICE_H_ #define _NETD_NATIVE_SERVICE_H_ #include #include #include #include "android/net/BnNetd.h" namespace android { namespace net { class NetdNativeService : public BinderService, public BnNetd { public: NetdNativeService(); static status_t start(); static char const* getServiceName() { return "netd"; } virtual status_t dump(int fd, const Vector &args) override; binder::Status isAlive(bool *alive) override; // Firewall commands. binder::Status firewallReplaceUidChain(const std::string& chainName, bool isAllowlist, const std::vector& uids, bool* ret) override; binder::Status firewallSetFirewallType(int32_t firewallType) override; binder::Status firewallSetInterfaceRule(const std::string& ifName, int32_t firewallRule) override; binder::Status firewallSetUidRule(int32_t childChain, int32_t uid, int32_t firewallRule) override; binder::Status firewallEnableChildChain(int32_t childChain, bool enable) override; binder::Status firewallAddUidInterfaceRules(const std::string& ifName, const std::vector& uids) override; binder::Status firewallRemoveUidInterfaceRules(const std::vector& uids) override; // Bandwidth control commands. binder::Status bandwidthEnableDataSaver(bool enable, bool *ret) override; binder::Status bandwidthSetInterfaceQuota(const std::string& ifName, int64_t bytes) override; binder::Status bandwidthRemoveInterfaceQuota(const std::string& ifName) override; binder::Status bandwidthSetInterfaceAlert(const std::string& ifName, int64_t bytes) override; binder::Status bandwidthRemoveInterfaceAlert(const std::string& ifName) override; binder::Status bandwidthSetGlobalAlert(int64_t bytes) override; binder::Status bandwidthAddNaughtyApp(int32_t uid) override; binder::Status bandwidthRemoveNaughtyApp(int32_t uid) override; binder::Status bandwidthAddNiceApp(int32_t uid) override; binder::Status bandwidthRemoveNiceApp(int32_t uid) override; // Network and routing commands. binder::Status networkCreatePhysical(int32_t netId, int32_t permission) override; binder::Status networkCreateVpn(int32_t netId, bool secure) override; binder::Status networkCreate(const NativeNetworkConfig& config) override; binder::Status networkDestroy(int32_t netId) override; binder::Status networkAddInterface(int32_t netId, const std::string& iface) override; binder::Status networkRemoveInterface(int32_t netId, const std::string& iface) override; binder::Status networkAddUidRanges(int32_t netId, const std::vector& uids) override; binder::Status networkRemoveUidRanges(int32_t netId, const std::vector& uids) override; binder::Status networkAddUidRangesParcel( const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override; binder::Status networkRemoveUidRangesParcel( const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override; binder::Status networkRejectNonSecureVpn(bool enable, const std::vector& uids) override; binder::Status networkAddRouteParcel(int32_t netId, const RouteInfoParcel& route) override; binder::Status networkUpdateRouteParcel(int32_t netId, const RouteInfoParcel& route) override; binder::Status networkRemoveRouteParcel(int32_t netId, const RouteInfoParcel& route) override; binder::Status networkAddRoute(int32_t netId, const std::string& ifName, const std::string& destination, const std::string& nextHop) override; binder::Status networkRemoveRoute(int32_t netId, const std::string& ifName, const std::string& destination, const std::string& nextHop) override; binder::Status networkAddLegacyRoute(int32_t netId, const std::string& ifName, const std::string& destination, const std::string& nextHop, int32_t uid) override; binder::Status networkRemoveLegacyRoute(int32_t netId, const std::string& ifName, const std::string& destination, const std::string& nextHop, int32_t uid) override; binder::Status networkSetDefault(int32_t netId) override; binder::Status networkClearDefault() override; binder::Status networkSetPermissionForNetwork(int32_t netId, int32_t permission) override; binder::Status networkSetPermissionForUser(int32_t permission, const std::vector& uids) override; binder::Status networkClearPermissionForUser(const std::vector& uids) override; binder::Status networkSetProtectAllow(int32_t uid) override; binder::Status networkSetProtectDeny(int32_t uid) override; // For test (internal use only). binder::Status networkGetDefault(int32_t* netId) override; binder::Status networkCanProtect(int32_t uid, bool* ret) override; binder::Status trafficSetNetPermForUids(int32_t permission, const std::vector& uids) override; // SOCK_DIAG commands. binder::Status socketDestroy(const std::vector& uids, const std::vector& skipUids) override; binder::Status setIPv6AddrGenMode(const std::string& ifName, int32_t mode) override; // NFLOG-related commands binder::Status wakeupAddInterface(const std::string& ifName, const std::string& prefix, int32_t mark, int32_t mask) override; binder::Status wakeupDelInterface(const std::string& ifName, const std::string& prefix, int32_t mark, int32_t mask) override; // Tethering-related commands. binder::Status tetherApplyDnsInterfaces(bool *ret) override; binder::Status tetherGetStats( std::vector* tetherStatsVec) override; binder::Status tetherOffloadGetStats( std::vector* tetherStatsVec) override; binder::Status tetherStart(const std::vector& dhcpRanges) override; binder::Status tetherStartWithConfiguration(const TetherConfigParcel& config) override; binder::Status tetherStop() override; binder::Status tetherIsEnabled(bool* enabled) override; binder::Status tetherInterfaceAdd(const std::string& ifName) override; binder::Status tetherInterfaceRemove(const std::string& ifName) override; binder::Status tetherInterfaceList(std::vector* ifList) override; binder::Status tetherDnsSet(int32_t netId, const std::vector& dnsAddrs) override; binder::Status tetherDnsList(std::vector* dnsList) override; binder::Status tetherAddForward(const std::string& intIface, const std::string& extIface) override; binder::Status tetherRemoveForward(const std::string& intIface, const std::string& extIface) override; binder::Status tetherOffloadRuleAdd(const android::net::TetherOffloadRuleParcel& rule) override; binder::Status tetherOffloadRuleRemove( const android::net::TetherOffloadRuleParcel& rule) override; binder::Status tetherOffloadSetInterfaceQuota(int ifIndex, int64_t quotaBytes) override; binder::Status tetherOffloadGetAndClearStats( int ifIndex, android::net::TetherStatsParcel* tetherStats) override; // Interface-related commands. binder::Status interfaceAddAddress(const std::string &ifName, const std::string &addrString, int prefixLength) override; binder::Status interfaceDelAddress(const std::string &ifName, const std::string &addrString, int prefixLength) override; binder::Status interfaceGetList(std::vector* interfaceListResult) override; binder::Status interfaceGetCfg(const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) override; binder::Status interfaceSetCfg(const InterfaceConfigurationParcel& cfg) override; binder::Status interfaceSetIPv6PrivacyExtensions(const std::string& ifName, bool enable) override; binder::Status interfaceClearAddrs(const std::string& ifName) override; binder::Status interfaceSetEnableIPv6(const std::string& ifName, bool enable) override; binder::Status interfaceSetMtu(const std::string& ifName, int32_t mtuValue) override; binder::Status getProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, const std::string& parameter, std::string* value) override; binder::Status setProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, const std::string& parameter, const std::string& value) override; binder::Status ipSecSetEncapSocketOwner(const os::ParcelFileDescriptor& socket, int newUid); binder::Status ipSecAllocateSpi( int32_t transformId, const std::string& localAddress, const std::string& remoteAddress, int32_t inSpi, int32_t* outSpi); binder::Status ipSecAddSecurityAssociation( int32_t transformId, int32_t mode, const std::string& sourceAddress, const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi, int32_t markValue, int32_t markMask, const std::string& authAlgo, const std::vector& authKey, int32_t authTruncBits, const std::string& cryptAlgo, const std::vector& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo, const std::vector& aeadKey, int32_t aeadIcvBits, int32_t encapType, int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId); binder::Status ipSecDeleteSecurityAssociation(int32_t transformId, const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask, int32_t interfaceId); binder::Status ipSecApplyTransportModeTransform(const os::ParcelFileDescriptor& socket, int32_t transformId, int32_t direction, const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi); binder::Status ipSecRemoveTransportModeTransform(const os::ParcelFileDescriptor& socket); binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily, int32_t direction, const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi, int32_t markValue, int32_t markMask, int32_t interfaceId); binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t selAddrFamily, int32_t direction, const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi, int32_t markValue, int32_t markMask, int32_t interfaceId); binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t selAddrFamily, int32_t direction, int32_t markValue, int32_t markMask, int32_t interfaceId); binder::Status trafficSwapActiveStatsMap() override; binder::Status ipSecAddTunnelInterface(const std::string& deviceName, const std::string& localAddress, const std::string& remoteAddress, int32_t iKey, int32_t oKey, int32_t interfaceId); binder::Status ipSecUpdateTunnelInterface(const std::string& deviceName, const std::string& localAddress, const std::string& remoteAddress, int32_t iKey, int32_t oKey, int32_t interfaceId); binder::Status ipSecRemoveTunnelInterface(const std::string& deviceName); // Idletimer-related commands binder::Status idletimerAddInterface(const std::string& ifName, int32_t timeout, const std::string& classLabel) override; binder::Status idletimerRemoveInterface(const std::string& ifName, int32_t timeout, const std::string& classLabel) override; // Strict-related commands binder::Status strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) override; // Clatd-related commands binder::Status clatdStart(const std::string& ifName, const std::string& nat64Prefix, std::string* v6Address) override; binder::Status clatdStop(const std::string& ifName) override; // Ipfw-related commands binder::Status ipfwdEnabled(bool* status) override; binder::Status ipfwdGetRequesterList(std::vector* requesterList) override; binder::Status ipfwdEnableForwarding(const std::string& requester) override; binder::Status ipfwdDisableForwarding(const std::string& requester) override; binder::Status ipfwdAddInterfaceForward(const std::string& fromIface, const std::string& toIface) override; binder::Status ipfwdRemoveInterfaceForward(const std::string& fromIface, const std::string& toIface) override; // tcp_mem-config command binder::Status setTcpRWmemorySize(const std::string& rmemValues, const std::string& wmemValues) override; binder::Status registerUnsolicitedEventListener( const android::sp& listener) override; binder::Status getOemNetd(android::sp* listener) override; binder::Status getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markmask); private: std::vector intsToUids(const std::vector& intUids); Permission convertPermission(int32_t permission); static FirewallRule parseRule(int32_t firewallRule); static ChildChain parseChildChain(int32_t childChain); }; } // namespace net } // namespace android #endif // _NETD_NATIVE_SERVICE_H_