• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * Copyright (c) 2016, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define LOG_TAG "Netd"
18 
19 #include <cinttypes>
20 #include <numeric>
21 #include <set>
22 #include <string>
23 #include <tuple>
24 #include <vector>
25 
26 #include <android-base/file.h>
27 #include <android-base/stringprintf.h>
28 #include <android-base/strings.h>
29 #include <binder/IPCThreadState.h>
30 #include <binder/IServiceManager.h>
31 #include <binder/Status.h>
32 #include <cutils/properties.h>
33 #include <log/log.h>
34 #include <netdutils/DumpWriter.h>
35 #include <utils/Errors.h>
36 #include <utils/String16.h>
37 
38 #include "Controllers.h"
39 #include "Fwmark.h"
40 #include "InterfaceController.h"
41 #include "NetdNativeService.h"
42 #include "OemNetdListener.h"
43 #include "Permission.h"
44 #include "Process.h"
45 #include "RouteController.h"
46 #include "SockDiag.h"
47 #include "UidRanges.h"
48 #include "android/net/BnNetd.h"
49 #include "binder_utils/BinderUtil.h"
50 #include "binder_utils/NetdPermissions.h"
51 #include "netid_client.h"  // NETID_UNSET
52 
53 using android::base::StringPrintf;
54 using android::base::WriteStringToFile;
55 using android::net::NativeNetworkType;
56 using android::net::TetherOffloadRuleParcel;
57 using android::net::TetherStatsParcel;
58 using android::net::UidRangeParcel;
59 using android::net::netd::aidl::NativeUidRangeConfig;
60 using android::netdutils::DumpWriter;
61 using android::netdutils::ScopedIndent;
62 using android::os::ParcelFileDescriptor;
63 
64 namespace android {
65 namespace net {
66 
67 namespace {
68 const char OPT_SHORT[] = "--short";
69 
70 // The input permissions should be equivalent that this function would return ok if any of them is
71 // granted.
checkAnyPermission(const std::vector<const char * > & permissions)72 binder::Status checkAnyPermission(const std::vector<const char*>& permissions) {
73     pid_t pid = IPCThreadState::self()->getCallingPid();
74     uid_t uid = IPCThreadState::self()->getCallingUid();
75 
76     // TODO: Do the pure permission check in this function. Have another method
77     // (e.g. checkNetworkStackPermission) to wrap AID_SYSTEM and
78     // AID_NETWORK_STACK uid check.
79     // If the caller is the system UID, don't check permissions.
80     // Otherwise, if the system server's binder thread pool is full, and all the threads are
81     // blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
82     //
83     // From a security perspective, there is currently no difference, because:
84     // 1. The system server has the NETWORK_STACK permission, which grants access to all the
85     //    IPCs in this file.
86     // 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
87     if (uid == AID_SYSTEM) {
88         return binder::Status::ok();
89     }
90     // AID_NETWORK_STACK own MAINLINE_NETWORK_STACK permission, don't IPC to system server to check
91     // MAINLINE_NETWORK_STACK permission. Cross-process(netd, networkstack and system server)
92     // deadlock: http://b/149766727
93     if (uid == AID_NETWORK_STACK) {
94         for (const char* permission : permissions) {
95             if (std::strcmp(permission, PERM_MAINLINE_NETWORK_STACK) == 0) {
96                 return binder::Status::ok();
97             }
98         }
99     }
100 
101     for (const char* permission : permissions) {
102         if (checkPermission(String16(permission), pid, uid)) {
103             return binder::Status::ok();
104         }
105     }
106 
107     auto err = StringPrintf("UID %d / PID %d does not have any of the following permissions: %s",
108                             uid, pid, android::base::Join(permissions, ',').c_str());
109     return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, err.c_str());
110 }
111 
112 #define ENFORCE_ANY_PERMISSION(...)                                \
113     do {                                                           \
114         binder::Status status = checkAnyPermission({__VA_ARGS__}); \
115         if (!status.isOk()) {                                      \
116             return status;                                         \
117         }                                                          \
118     } while (0)
119 
120 #define NETD_LOCKING_RPC(lock, ... /* permissions */) \
121     ENFORCE_ANY_PERMISSION(__VA_ARGS__);              \
122     std::lock_guard _lock(lock);
123 
124 #define NETD_BIG_LOCK_RPC(... /* permissions */) NETD_LOCKING_RPC(gBigNetdLock, __VA_ARGS__)
125 
126 #define RETURN_BINDER_STATUS_IF_NOT_OK(logEntry, res) \
127     do {                                              \
128         if (!isOk((res))) {                           \
129             logErrorStatus((logEntry), (res));        \
130             return asBinderStatus((res));             \
131         }                                             \
132     } while (0)
133 
134 #define ENFORCE_NETWORK_STACK_PERMISSIONS() \
135     ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK)
136 
logErrorStatus(netdutils::LogEntry & logEntry,const netdutils::Status & status)137 void logErrorStatus(netdutils::LogEntry& logEntry, const netdutils::Status& status) {
138     gLog.log(logEntry.returns(status.code()).withAutomaticDuration());
139 }
140 
asBinderStatus(const netdutils::Status & status)141 binder::Status asBinderStatus(const netdutils::Status& status) {
142     if (isOk(status)) {
143         return binder::Status::ok();
144     }
145     return binder::Status::fromServiceSpecificError(status.code(), status.msg().c_str());
146 }
147 
148 template <typename T>
asBinderStatus(const base::Result<T> result)149 binder::Status asBinderStatus(const base::Result<T> result) {
150     if (result.ok()) return binder::Status::ok();
151 
152     return binder::Status::fromServiceSpecificError(result.error().code(),
153                                                     result.error().message().c_str());
154 }
155 
statusFromErrcode(int ret)156 inline binder::Status statusFromErrcode(int ret) {
157     if (ret) {
158         return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
159     }
160     return binder::Status::ok();
161 }
162 
contains(const Vector<String16> & words,const String16 & word)163 bool contains(const Vector<String16>& words, const String16& word) {
164     for (const auto& w : words) {
165         if (w == word) return true;
166     }
167 
168     return false;
169 }
170 
171 }  // namespace
172 
NetdNativeService()173 NetdNativeService::NetdNativeService() {
174     // register log callback to BnNetd::logFunc
175     BnNetd::logFunc = [](const auto& log) {
176         binderCallLogFn(log, [](const std::string& msg) { gLog.info("%s", msg.c_str()); });
177     };
178 }
179 
start()180 status_t NetdNativeService::start() {
181     IPCThreadState::self()->disableBackgroundScheduling(true);
182     const status_t ret = BinderService<NetdNativeService>::publish();
183     if (ret != android::OK) {
184         return ret;
185     }
186     sp<ProcessState> ps(ProcessState::self());
187     ps->startThreadPool();
188     ps->giveThreadPoolName();
189 
190     return android::OK;
191 }
192 
dump(int fd,const Vector<String16> & args)193 status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
194     const binder::Status dump_permission = checkAnyPermission({PERM_DUMP});
195     if (!dump_permission.isOk()) {
196         const String8 msg(dump_permission.toString8());
197         write(fd, msg.string(), msg.size());
198         return PERMISSION_DENIED;
199     }
200 
201     // This method does not grab any locks. If individual classes need locking
202     // their dump() methods MUST handle locking appropriately.
203 
204     DumpWriter dw(fd);
205 
206     if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
207       dw.blankline();
208       gCtls->tcpSocketMonitor.dump(dw);
209       dw.blankline();
210       return NO_ERROR;
211     }
212 
213     if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
214         dw.blankline();
215         gCtls->trafficCtrl.dump(dw, true);
216         dw.blankline();
217         return NO_ERROR;
218     }
219 
220     process::dump(dw);
221     dw.blankline();
222     gCtls->netCtrl.dump(dw);
223     dw.blankline();
224 
225     gCtls->trafficCtrl.dump(dw, false);
226     dw.blankline();
227 
228     gCtls->xfrmCtrl.dump(dw);
229     dw.blankline();
230 
231     gCtls->clatdCtrl.dump(dw);
232     dw.blankline();
233 
234     gCtls->tetherCtrl.dump(dw);
235     dw.blankline();
236 
237     {
238         ScopedIndent indentLog(dw);
239         if (contains(args, String16(OPT_SHORT))) {
240             dw.println("Log: <omitted>");
241         } else {
242             dw.println("Log:");
243             ScopedIndent indentLogEntries(dw);
244             gLog.forEachEntry([&dw](const std::string& entry) mutable { dw.println(entry); });
245         }
246         dw.blankline();
247     }
248 
249     {
250         ScopedIndent indentLog(dw);
251         if (contains(args, String16(OPT_SHORT))) {
252             dw.println("UnsolicitedLog: <omitted>");
253         } else {
254             dw.println("UnsolicitedLog:");
255             ScopedIndent indentLogEntries(dw);
256             gUnsolicitedLog.forEachEntry(
257                     [&dw](const std::string& entry) mutable { dw.println(entry); });
258         }
259         dw.blankline();
260     }
261 
262     return NO_ERROR;
263 }
264 
isAlive(bool * alive)265 binder::Status NetdNativeService::isAlive(bool *alive) {
266     NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
267 
268     *alive = true;
269 
270     return binder::Status::ok();
271 }
272 
firewallReplaceUidChain(const std::string & chainName,bool isAllowlist,const std::vector<int32_t> & uids,bool * ret)273 binder::Status NetdNativeService::firewallReplaceUidChain(const std::string& chainName,
274                                                           bool isAllowlist,
275                                                           const std::vector<int32_t>& uids,
276                                                           bool* ret) {
277     NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
278     int err = gCtls->firewallCtrl.replaceUidChain(chainName, isAllowlist, uids);
279     *ret = (err == 0);
280     return binder::Status::ok();
281 }
282 
bandwidthEnableDataSaver(bool enable,bool * ret)283 binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
284     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
285     int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
286     *ret = (err == 0);
287     return binder::Status::ok();
288 }
289 
bandwidthSetInterfaceQuota(const std::string & ifName,int64_t bytes)290 binder::Status NetdNativeService::bandwidthSetInterfaceQuota(const std::string& ifName,
291                                                              int64_t bytes) {
292     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
293     int res = gCtls->bandwidthCtrl.setInterfaceQuota(ifName, bytes);
294     return statusFromErrcode(res);
295 }
296 
bandwidthRemoveInterfaceQuota(const std::string & ifName)297 binder::Status NetdNativeService::bandwidthRemoveInterfaceQuota(const std::string& ifName) {
298     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
299     int res = gCtls->bandwidthCtrl.removeInterfaceQuota(ifName);
300     return statusFromErrcode(res);
301 }
302 
bandwidthSetInterfaceAlert(const std::string & ifName,int64_t bytes)303 binder::Status NetdNativeService::bandwidthSetInterfaceAlert(const std::string& ifName,
304                                                              int64_t bytes) {
305     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
306     int res = gCtls->bandwidthCtrl.setInterfaceAlert(ifName, bytes);
307     return statusFromErrcode(res);
308 }
309 
bandwidthRemoveInterfaceAlert(const std::string & ifName)310 binder::Status NetdNativeService::bandwidthRemoveInterfaceAlert(const std::string& ifName) {
311     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
312     int res = gCtls->bandwidthCtrl.removeInterfaceAlert(ifName);
313     return statusFromErrcode(res);
314 }
315 
bandwidthSetGlobalAlert(int64_t bytes)316 binder::Status NetdNativeService::bandwidthSetGlobalAlert(int64_t bytes) {
317     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
318     int res = gCtls->bandwidthCtrl.setGlobalAlert(bytes);
319     return statusFromErrcode(res);
320 }
321 
bandwidthAddNaughtyApp(int32_t uid)322 binder::Status NetdNativeService::bandwidthAddNaughtyApp(int32_t uid) {
323     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
324     std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};
325     int res = gCtls->bandwidthCtrl.addNaughtyApps(appUids);
326     return statusFromErrcode(res);
327 }
328 
bandwidthRemoveNaughtyApp(int32_t uid)329 binder::Status NetdNativeService::bandwidthRemoveNaughtyApp(int32_t uid) {
330     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
331     std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};
332     int res = gCtls->bandwidthCtrl.removeNaughtyApps(appUids);
333     return statusFromErrcode(res);
334 }
335 
bandwidthAddNiceApp(int32_t uid)336 binder::Status NetdNativeService::bandwidthAddNiceApp(int32_t uid) {
337     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
338     std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};
339     int res = gCtls->bandwidthCtrl.addNiceApps(appUids);
340     return statusFromErrcode(res);
341 }
342 
bandwidthRemoveNiceApp(int32_t uid)343 binder::Status NetdNativeService::bandwidthRemoveNiceApp(int32_t uid) {
344     NETD_LOCKING_RPC(gCtls->bandwidthCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
345     std::vector<uint32_t> appUids = {static_cast<uint32_t>(abs(uid))};
346     int res = gCtls->bandwidthCtrl.removeNiceApps(appUids);
347     return statusFromErrcode(res);
348 }
349 
350 // TODO: Remove this function when there are no users. Currently, it is still used by DNS resolver
351 // tests.
networkCreatePhysical(int32_t netId,int32_t permission)352 binder::Status NetdNativeService::networkCreatePhysical(int32_t netId, int32_t permission) {
353     ENFORCE_NETWORK_STACK_PERMISSIONS();
354     int ret = gCtls->netCtrl.createPhysicalNetwork(netId, convertPermission(permission));
355     return statusFromErrcode(ret);
356 }
357 
358 // TODO: Remove this function when there are no users. Currently, it is still used by DNS resolver
359 // tests.
networkCreateVpn(int32_t netId,bool secure)360 binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool secure) {
361     ENFORCE_NETWORK_STACK_PERMISSIONS();
362     // The value of vpnType does not matter here, because it is not used in AOSP and is only
363     // implemented by OEMs. Also, the RPC is going to deprecate. Just pick a value defined in INetd
364     // as default.
365     int ret = gCtls->netCtrl.createVirtualNetwork(netId, secure, NativeVpnType::LEGACY);
366     return statusFromErrcode(ret);
367 }
368 
networkCreate(const NativeNetworkConfig & config)369 binder::Status NetdNativeService::networkCreate(const NativeNetworkConfig& config) {
370     ENFORCE_NETWORK_STACK_PERMISSIONS();
371     int ret = -EINVAL;
372     if (config.networkType == NativeNetworkType::PHYSICAL) {
373         ret = gCtls->netCtrl.createPhysicalNetwork(config.netId,
374                                                    convertPermission(config.permission));
375     } else if (config.networkType == NativeNetworkType::VIRTUAL) {
376         ret = gCtls->netCtrl.createVirtualNetwork(config.netId, config.secure, config.vpnType);
377     }
378     return statusFromErrcode(ret);
379 }
380 
networkDestroy(int32_t netId)381 binder::Status NetdNativeService::networkDestroy(int32_t netId) {
382     ENFORCE_NETWORK_STACK_PERMISSIONS();
383     // NetworkController::destroyNetwork is thread-safe.
384     const int ret = gCtls->netCtrl.destroyNetwork(netId);
385     return statusFromErrcode(ret);
386 }
387 
networkAddInterface(int32_t netId,const std::string & iface)388 binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
389     ENFORCE_NETWORK_STACK_PERMISSIONS();
390     int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
391     return statusFromErrcode(ret);
392 }
393 
networkRemoveInterface(int32_t netId,const std::string & iface)394 binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
395     ENFORCE_NETWORK_STACK_PERMISSIONS();
396     int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
397     return statusFromErrcode(ret);
398 }
399 
networkAddUidRanges(int32_t netId,const std::vector<UidRangeParcel> & uidRangeArray)400 binder::Status NetdNativeService::networkAddUidRanges(
401         int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
402     // NetworkController::addUsersToNetwork is thread-safe.
403     ENFORCE_NETWORK_STACK_PERMISSIONS();
404     int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray),
405                                                UidRanges::DEFAULT_SUB_PRIORITY);
406     return statusFromErrcode(ret);
407 }
408 
networkRemoveUidRanges(int32_t netId,const std::vector<UidRangeParcel> & uidRangeArray)409 binder::Status NetdNativeService::networkRemoveUidRanges(
410         int32_t netId, const std::vector<UidRangeParcel>& uidRangeArray) {
411     // NetworkController::removeUsersFromNetwork is thread-safe.
412     ENFORCE_NETWORK_STACK_PERMISSIONS();
413     int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray),
414                                                     UidRanges::DEFAULT_SUB_PRIORITY);
415     return statusFromErrcode(ret);
416 }
417 
networkAddUidRangesParcel(const NativeUidRangeConfig & config)418 binder::Status NetdNativeService::networkAddUidRangesParcel(const NativeUidRangeConfig& config) {
419     ENFORCE_NETWORK_STACK_PERMISSIONS();
420     int ret = gCtls->netCtrl.addUsersToNetwork(config.netId, UidRanges(config.uidRanges),
421                                                config.subPriority);
422     return statusFromErrcode(ret);
423 }
424 
networkRemoveUidRangesParcel(const NativeUidRangeConfig & config)425 binder::Status NetdNativeService::networkRemoveUidRangesParcel(const NativeUidRangeConfig& config) {
426     ENFORCE_NETWORK_STACK_PERMISSIONS();
427     int ret = gCtls->netCtrl.removeUsersFromNetwork(config.netId, UidRanges(config.uidRanges),
428                                                     config.subPriority);
429     return statusFromErrcode(ret);
430 }
431 
networkRejectNonSecureVpn(bool add,const std::vector<UidRangeParcel> & uidRangeArray)432 binder::Status NetdNativeService::networkRejectNonSecureVpn(
433         bool add, const std::vector<UidRangeParcel>& uidRangeArray) {
434     // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
435     // it should be possible to use the same lock as NetworkController. However, every call through
436     // the CommandListener "network" command will need to hold this lock too, not just the ones that
437     // read/modify network internal state (that is sufficient for ::dump() because it doesn't
438     // look at routes, but it's not enough here).
439     NETD_BIG_LOCK_RPC(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
440     UidRanges uidRanges(uidRangeArray);
441 
442     int err;
443     if (add) {
444         err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
445     } else {
446         err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
447     }
448     return statusFromErrcode(err);
449 }
450 
socketDestroy(const std::vector<UidRangeParcel> & uids,const std::vector<int32_t> & skipUids)451 binder::Status NetdNativeService::socketDestroy(const std::vector<UidRangeParcel>& uids,
452                                                 const std::vector<int32_t>& skipUids) {
453     ENFORCE_NETWORK_STACK_PERMISSIONS();
454 
455     SockDiag sd;
456     if (!sd.open()) {
457         return binder::Status::fromServiceSpecificError(EIO,
458                 String8("Could not open SOCK_DIAG socket"));
459     }
460 
461     UidRanges uidRanges(uids);
462     int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
463                                 true /* excludeLoopback */);
464     if (err) {
465         return binder::Status::fromServiceSpecificError(-err,
466                 String8::format("destroySockets: %s", strerror(-err)));
467     }
468     return binder::Status::ok();
469 }
470 
tetherApplyDnsInterfaces(bool * ret)471 binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
472     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
473     *ret = gCtls->tetherCtrl.applyDnsInterfaces();
474     return binder::Status::ok();
475 }
476 
477 namespace {
478 
479 constexpr const int UNUSED_IFINDEX = 0;
480 
tetherAddStatsByInterface(TetherController::TetherStats * tetherStatsParcel,const TetherController::TetherStats & tetherStats)481 void tetherAddStatsByInterface(TetherController::TetherStats* tetherStatsParcel,
482                                const TetherController::TetherStats& tetherStats) {
483     if (tetherStatsParcel->extIface == tetherStats.extIface) {
484         tetherStatsParcel->rxBytes += tetherStats.rxBytes;
485         tetherStatsParcel->rxPackets += tetherStats.rxPackets;
486         tetherStatsParcel->txBytes += tetherStats.txBytes;
487         tetherStatsParcel->txPackets += tetherStats.txPackets;
488     }
489 }
490 
toTetherStatsParcel(const TetherController::TetherStats & stats)491 TetherStatsParcel toTetherStatsParcel(const TetherController::TetherStats& stats) {
492     TetherStatsParcel result;
493     result.iface = stats.extIface;
494     result.rxBytes = stats.rxBytes;
495     result.rxPackets = stats.rxPackets;
496     result.txBytes = stats.txBytes;
497     result.txPackets = stats.txPackets;
498     result.ifIndex = UNUSED_IFINDEX;
499     return result;
500 }
501 
setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel> * tetherStatsVec,const TetherController::TetherStatsList & statsList)502 void setTetherStatsParcelVecByInterface(std::vector<TetherStatsParcel>* tetherStatsVec,
503                                         const TetherController::TetherStatsList& statsList) {
504     std::map<std::string, TetherController::TetherStats> statsMap;
505     for (const auto& stats : statsList) {
506         auto iter = statsMap.find(stats.extIface);
507         if (iter != statsMap.end()) {
508             tetherAddStatsByInterface(&(iter->second), stats);
509         } else {
510             statsMap.insert(
511                     std::pair<std::string, TetherController::TetherStats>(stats.extIface, stats));
512         }
513     }
514     for (auto iter = statsMap.begin(); iter != statsMap.end(); iter++) {
515         tetherStatsVec->push_back(toTetherStatsParcel(iter->second));
516     }
517 }
518 
tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel> * tVec)519 std::vector<std::string> tetherStatsParcelVecToStringVec(std::vector<TetherStatsParcel>* tVec) {
520     std::vector<std::string> result;
521     for (const auto& t : *tVec) {
522         result.push_back(StringPrintf("%s:%" PRId64 ",%" PRId64 ",%" PRId64 ",%" PRId64,
523                                       t.iface.c_str(), t.rxBytes, t.rxPackets, t.txBytes,
524                                       t.txPackets));
525     }
526     return result;
527 }
528 
529 }  // namespace
530 
tetherGetStats(std::vector<TetherStatsParcel> * tetherStatsParcelVec)531 binder::Status NetdNativeService::tetherGetStats(
532         std::vector<TetherStatsParcel>* tetherStatsParcelVec) {
533     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
534     const auto& statsList = gCtls->tetherCtrl.getTetherStats();
535     if (!isOk(statsList)) {
536         return asBinderStatus(statsList);
537     }
538     setTetherStatsParcelVecByInterface(tetherStatsParcelVec, statsList.value());
539     auto statsResults = tetherStatsParcelVecToStringVec(tetherStatsParcelVec);
540     return binder::Status::ok();
541 }
542 
interfaceAddAddress(const std::string & ifName,const std::string & addrString,int prefixLength)543 binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
544         const std::string &addrString, int prefixLength) {
545     ENFORCE_NETWORK_STACK_PERMISSIONS();
546     const int err = InterfaceController::addAddress(
547             ifName.c_str(), addrString.c_str(), prefixLength);
548     if (err != 0) {
549         return binder::Status::fromServiceSpecificError(-err,
550                 String8::format("InterfaceController error: %s", strerror(-err)));
551     }
552     return binder::Status::ok();
553 }
554 
interfaceDelAddress(const std::string & ifName,const std::string & addrString,int prefixLength)555 binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
556         const std::string &addrString, int prefixLength) {
557     ENFORCE_NETWORK_STACK_PERMISSIONS();
558     const int err = InterfaceController::delAddress(
559             ifName.c_str(), addrString.c_str(), prefixLength);
560     if (err != 0) {
561         return binder::Status::fromServiceSpecificError(-err,
562                 String8::format("InterfaceController error: %s", strerror(-err)));
563     }
564     return binder::Status::ok();
565 }
566 
567 namespace {
568 
getPathComponents(int32_t ipversion,int32_t category)569 std::tuple<binder::Status, const char*, const char*> getPathComponents(int32_t ipversion,
570                                                                        int32_t category) {
571     const char* ipversionStr = nullptr;
572     switch (ipversion) {
573         case INetd::IPV4:
574             ipversionStr = "ipv4";
575             break;
576         case INetd::IPV6:
577             ipversionStr = "ipv6";
578             break;
579         default:
580             return {binder::Status::fromServiceSpecificError(EAFNOSUPPORT, "Bad IP version"),
581                     nullptr, nullptr};
582     }
583 
584     const char* whichStr = nullptr;
585     switch (category) {
586         case INetd::CONF:
587             whichStr = "conf";
588             break;
589         case INetd::NEIGH:
590             whichStr = "neigh";
591             break;
592         default:
593             return {binder::Status::fromServiceSpecificError(EINVAL, "Bad category"), nullptr,
594                     nullptr};
595     }
596 
597     return {binder::Status::ok(), ipversionStr, whichStr};
598 }
599 
600 }  // namespace
601 
getProcSysNet(int32_t ipversion,int32_t which,const std::string & ifname,const std::string & parameter,std::string * value)602 binder::Status NetdNativeService::getProcSysNet(int32_t ipversion, int32_t which,
603                                                 const std::string& ifname,
604                                                 const std::string& parameter, std::string* value) {
605     ENFORCE_NETWORK_STACK_PERMISSIONS();
606     const auto pathParts = getPathComponents(ipversion, which);
607     const auto& pathStatus = std::get<0>(pathParts);
608     if (!pathStatus.isOk()) {
609         return pathStatus;
610     }
611 
612     const int err = InterfaceController::getParameter(std::get<1>(pathParts),
613                                                       std::get<2>(pathParts), ifname.c_str(),
614                                                       parameter.c_str(), value);
615     return statusFromErrcode(err);
616 }
617 
setProcSysNet(int32_t ipversion,int32_t which,const std::string & ifname,const std::string & parameter,const std::string & value)618 binder::Status NetdNativeService::setProcSysNet(int32_t ipversion, int32_t which,
619                                                 const std::string& ifname,
620                                                 const std::string& parameter,
621                                                 const std::string& value) {
622     ENFORCE_NETWORK_STACK_PERMISSIONS();
623     const auto pathParts = getPathComponents(ipversion, which);
624     const auto& pathStatus = std::get<0>(pathParts);
625     if (!pathStatus.isOk()) {
626         return pathStatus;
627     }
628 
629     const int err = InterfaceController::setParameter(std::get<1>(pathParts),
630                                                       std::get<2>(pathParts), ifname.c_str(),
631                                                       parameter.c_str(), value.c_str());
632     return statusFromErrcode(err);
633 }
634 
ipSecSetEncapSocketOwner(const ParcelFileDescriptor & socket,int newUid)635 binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const ParcelFileDescriptor& socket,
636                                                            int newUid) {
637     ENFORCE_NETWORK_STACK_PERMISSIONS();
638 
639     uid_t callerUid = IPCThreadState::self()->getCallingUid();
640     return asBinderStatus(
641             gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket.get(), newUid, callerUid));
642 }
643 
ipSecAllocateSpi(int32_t transformId,const std::string & sourceAddress,const std::string & destinationAddress,int32_t inSpi,int32_t * outSpi)644 binder::Status NetdNativeService::ipSecAllocateSpi(
645         int32_t transformId,
646         const std::string& sourceAddress,
647         const std::string& destinationAddress,
648         int32_t inSpi,
649         int32_t* outSpi) {
650     // Necessary locking done in IpSecService and kernel
651     ENFORCE_NETWORK_STACK_PERMISSIONS();
652     return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
653                     transformId,
654                     sourceAddress,
655                     destinationAddress,
656                     inSpi,
657                     outSpi));
658 }
659 
ipSecAddSecurityAssociation(int32_t transformId,int32_t mode,const std::string & sourceAddress,const std::string & destinationAddress,int32_t underlyingNetId,int32_t spi,int32_t markValue,int32_t markMask,const std::string & authAlgo,const std::vector<uint8_t> & authKey,int32_t authTruncBits,const std::string & cryptAlgo,const std::vector<uint8_t> & cryptKey,int32_t cryptTruncBits,const std::string & aeadAlgo,const std::vector<uint8_t> & aeadKey,int32_t aeadIcvBits,int32_t encapType,int32_t encapLocalPort,int32_t encapRemotePort,int32_t interfaceId)660 binder::Status NetdNativeService::ipSecAddSecurityAssociation(
661         int32_t transformId, int32_t mode, const std::string& sourceAddress,
662         const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi,
663         int32_t markValue, int32_t markMask, const std::string& authAlgo,
664         const std::vector<uint8_t>& authKey, int32_t authTruncBits, const std::string& cryptAlgo,
665         const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, const std::string& aeadAlgo,
666         const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType,
667         int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId) {
668     // Necessary locking done in IpSecService and kernel
669     ENFORCE_NETWORK_STACK_PERMISSIONS();
670     return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
671             transformId, mode, sourceAddress, destinationAddress, underlyingNetId, spi, markValue,
672             markMask, authAlgo, authKey, authTruncBits, cryptAlgo, cryptKey, cryptTruncBits,
673             aeadAlgo, aeadKey, aeadIcvBits, encapType, encapLocalPort, encapRemotePort,
674             interfaceId));
675 }
676 
ipSecDeleteSecurityAssociation(int32_t transformId,const std::string & sourceAddress,const std::string & destinationAddress,int32_t spi,int32_t markValue,int32_t markMask,int32_t interfaceId)677 binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
678         int32_t transformId, const std::string& sourceAddress,
679         const std::string& destinationAddress, int32_t spi, int32_t markValue, int32_t markMask,
680         int32_t interfaceId) {
681     // Necessary locking done in IpSecService and kernel
682     ENFORCE_NETWORK_STACK_PERMISSIONS();
683     return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
684             transformId, sourceAddress, destinationAddress, spi, markValue, markMask, interfaceId));
685 }
686 
ipSecApplyTransportModeTransform(const ParcelFileDescriptor & socket,int32_t transformId,int32_t direction,const std::string & sourceAddress,const std::string & destinationAddress,int32_t spi)687 binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
688         const ParcelFileDescriptor& socket, int32_t transformId, int32_t direction,
689         const std::string& sourceAddress, const std::string& destinationAddress, int32_t spi) {
690     // Necessary locking done in IpSecService and kernel
691     ENFORCE_NETWORK_STACK_PERMISSIONS();
692     return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
693             socket.get(), transformId, direction, sourceAddress, destinationAddress, spi));
694 }
695 
ipSecRemoveTransportModeTransform(const ParcelFileDescriptor & socket)696 binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
697         const ParcelFileDescriptor& socket) {
698     // Necessary locking done in IpSecService and kernel
699     ENFORCE_NETWORK_STACK_PERMISSIONS();
700     return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(socket.get()));
701 }
702 
ipSecAddSecurityPolicy(int32_t transformId,int32_t selAddrFamily,int32_t direction,const std::string & tmplSrcAddress,const std::string & tmplDstAddress,int32_t spi,int32_t markValue,int32_t markMask,int32_t interfaceId)703 binder::Status NetdNativeService::ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
704                                                          int32_t direction,
705                                                          const std::string& tmplSrcAddress,
706                                                          const std::string& tmplDstAddress,
707                                                          int32_t spi, int32_t markValue,
708                                                          int32_t markMask, int32_t interfaceId) {
709     // Necessary locking done in IpSecService and kernel
710     ENFORCE_NETWORK_STACK_PERMISSIONS();
711     return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
712             transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
713             markMask, interfaceId));
714 }
715 
ipSecUpdateSecurityPolicy(int32_t transformId,int32_t selAddrFamily,int32_t direction,const std::string & tmplSrcAddress,const std::string & tmplDstAddress,int32_t spi,int32_t markValue,int32_t markMask,int32_t interfaceId)716 binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
717         int32_t transformId, int32_t selAddrFamily, int32_t direction,
718         const std::string& tmplSrcAddress, const std::string& tmplDstAddress, int32_t spi,
719         int32_t markValue, int32_t markMask, int32_t interfaceId) {
720     // Necessary locking done in IpSecService and kernel
721     ENFORCE_NETWORK_STACK_PERMISSIONS();
722     return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
723             transformId, selAddrFamily, direction, tmplSrcAddress, tmplDstAddress, spi, markValue,
724             markMask, interfaceId));
725 }
726 
ipSecDeleteSecurityPolicy(int32_t transformId,int32_t selAddrFamily,int32_t direction,int32_t markValue,int32_t markMask,int32_t interfaceId)727 binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(int32_t transformId,
728                                                             int32_t selAddrFamily,
729                                                             int32_t direction, int32_t markValue,
730                                                             int32_t markMask, int32_t interfaceId) {
731     // Necessary locking done in IpSecService and kernel
732     ENFORCE_NETWORK_STACK_PERMISSIONS();
733     return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
734             transformId, selAddrFamily, direction, markValue, markMask, interfaceId));
735 }
736 
ipSecAddTunnelInterface(const std::string & deviceName,const std::string & localAddress,const std::string & remoteAddress,int32_t iKey,int32_t oKey,int32_t interfaceId)737 binder::Status NetdNativeService::ipSecAddTunnelInterface(const std::string& deviceName,
738                                                           const std::string& localAddress,
739                                                           const std::string& remoteAddress,
740                                                           int32_t iKey, int32_t oKey,
741                                                           int32_t interfaceId) {
742     // Necessary locking done in IpSecService and kernel
743     ENFORCE_NETWORK_STACK_PERMISSIONS();
744     netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
745             deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, false);
746     return binder::Status::ok();
747 }
748 
ipSecUpdateTunnelInterface(const std::string & deviceName,const std::string & localAddress,const std::string & remoteAddress,int32_t iKey,int32_t oKey,int32_t interfaceId)749 binder::Status NetdNativeService::ipSecUpdateTunnelInterface(const std::string& deviceName,
750                                                              const std::string& localAddress,
751                                                              const std::string& remoteAddress,
752                                                              int32_t iKey, int32_t oKey,
753                                                              int32_t interfaceId) {
754     // Necessary locking done in IpSecService and kernel
755     ENFORCE_NETWORK_STACK_PERMISSIONS();
756     netdutils::Status result = gCtls->xfrmCtrl.ipSecAddTunnelInterface(
757             deviceName, localAddress, remoteAddress, iKey, oKey, interfaceId, true);
758     return binder::Status::ok();
759 }
760 
ipSecRemoveTunnelInterface(const std::string & deviceName)761 binder::Status NetdNativeService::ipSecRemoveTunnelInterface(const std::string& deviceName) {
762     // Necessary locking done in IpSecService and kernel
763     ENFORCE_NETWORK_STACK_PERMISSIONS();
764     netdutils::Status result = gCtls->xfrmCtrl.ipSecRemoveTunnelInterface(deviceName);
765     return binder::Status::ok();
766 }
767 
setIPv6AddrGenMode(const std::string & ifName,int32_t mode)768 binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
769                                                      int32_t mode) {
770     ENFORCE_NETWORK_STACK_PERMISSIONS();
771     return asBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
772 }
773 
wakeupAddInterface(const std::string & ifName,const std::string & prefix,int32_t mark,int32_t mask)774 binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
775                                                      const std::string& prefix, int32_t mark,
776                                                      int32_t mask) {
777     ENFORCE_NETWORK_STACK_PERMISSIONS();
778     return asBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
779 }
780 
wakeupDelInterface(const std::string & ifName,const std::string & prefix,int32_t mark,int32_t mask)781 binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
782                                                      const std::string& prefix, int32_t mark,
783                                                      int32_t mask) {
784     ENFORCE_NETWORK_STACK_PERMISSIONS();
785     return asBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
786 }
787 
trafficSwapActiveStatsMap()788 binder::Status NetdNativeService::trafficSwapActiveStatsMap() {
789     ENFORCE_NETWORK_STACK_PERMISSIONS();
790     return asBinderStatus(gCtls->trafficCtrl.swapActiveStatsMap());
791 }
792 
idletimerAddInterface(const std::string & ifName,int32_t timeout,const std::string & classLabel)793 binder::Status NetdNativeService::idletimerAddInterface(const std::string& ifName, int32_t timeout,
794                                                         const std::string& classLabel) {
795     NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
796     int res =
797             gCtls->idletimerCtrl.addInterfaceIdletimer(ifName.c_str(), timeout, classLabel.c_str());
798     return statusFromErrcode(res);
799 }
800 
idletimerRemoveInterface(const std::string & ifName,int32_t timeout,const std::string & classLabel)801 binder::Status NetdNativeService::idletimerRemoveInterface(const std::string& ifName,
802                                                            int32_t timeout,
803                                                            const std::string& classLabel) {
804     NETD_LOCKING_RPC(gCtls->idletimerCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
805     int res = gCtls->idletimerCtrl.removeInterfaceIdletimer(ifName.c_str(), timeout,
806                                                             classLabel.c_str());
807     return statusFromErrcode(res);
808 }
809 
strictUidCleartextPenalty(int32_t uid,int32_t policyPenalty)810 binder::Status NetdNativeService::strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) {
811     NETD_LOCKING_RPC(gCtls->strictCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
812     StrictPenalty penalty;
813     switch (policyPenalty) {
814         case INetd::PENALTY_POLICY_REJECT:
815             penalty = REJECT;
816             break;
817         case INetd::PENALTY_POLICY_LOG:
818             penalty = LOG;
819             break;
820         case INetd::PENALTY_POLICY_ACCEPT:
821             penalty = ACCEPT;
822             break;
823         default:
824             return statusFromErrcode(-EINVAL);
825             break;
826     }
827     int res = gCtls->strictCtrl.setUidCleartextPenalty((uid_t) uid, penalty);
828     return statusFromErrcode(res);
829 }
830 
clatdStart(const std::string & ifName,const std::string & nat64Prefix,std::string * v6Addr)831 binder::Status NetdNativeService::clatdStart(const std::string& ifName,
832                                              const std::string& nat64Prefix, std::string* v6Addr) {
833     ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
834     int res = gCtls->clatdCtrl.startClatd(ifName.c_str(), nat64Prefix, v6Addr);
835     return statusFromErrcode(res);
836 }
837 
clatdStop(const std::string & ifName)838 binder::Status NetdNativeService::clatdStop(const std::string& ifName) {
839     ENFORCE_ANY_PERMISSION(PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
840     int res = gCtls->clatdCtrl.stopClatd(ifName.c_str());
841     return statusFromErrcode(res);
842 }
843 
ipfwdEnabled(bool * status)844 binder::Status NetdNativeService::ipfwdEnabled(bool* status) {
845     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
846     *status = (gCtls->tetherCtrl.getIpfwdRequesterList().size() > 0) ? true : false;
847     return binder::Status::ok();
848 }
849 
ipfwdGetRequesterList(std::vector<std::string> * requesterList)850 binder::Status NetdNativeService::ipfwdGetRequesterList(std::vector<std::string>* requesterList) {
851     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
852     for (const auto& requester : gCtls->tetherCtrl.getIpfwdRequesterList()) {
853         requesterList->push_back(requester);
854     }
855     return binder::Status::ok();
856 }
857 
ipfwdEnableForwarding(const std::string & requester)858 binder::Status NetdNativeService::ipfwdEnableForwarding(const std::string& requester) {
859     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
860     int res = (gCtls->tetherCtrl.enableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
861     return statusFromErrcode(res);
862 }
863 
ipfwdDisableForwarding(const std::string & requester)864 binder::Status NetdNativeService::ipfwdDisableForwarding(const std::string& requester) {
865     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
866     int res = (gCtls->tetherCtrl.disableForwarding(requester.c_str())) ? 0 : -EREMOTEIO;
867     return statusFromErrcode(res);
868 }
869 
ipfwdAddInterfaceForward(const std::string & fromIface,const std::string & toIface)870 binder::Status NetdNativeService::ipfwdAddInterfaceForward(const std::string& fromIface,
871                                                            const std::string& toIface) {
872     ENFORCE_NETWORK_STACK_PERMISSIONS();
873     int res = RouteController::enableTethering(fromIface.c_str(), toIface.c_str());
874     return statusFromErrcode(res);
875 }
876 
ipfwdRemoveInterfaceForward(const std::string & fromIface,const std::string & toIface)877 binder::Status NetdNativeService::ipfwdRemoveInterfaceForward(const std::string& fromIface,
878                                                               const std::string& toIface) {
879     ENFORCE_NETWORK_STACK_PERMISSIONS();
880     int res = RouteController::disableTethering(fromIface.c_str(), toIface.c_str());
881     return statusFromErrcode(res);
882 }
883 
884 namespace {
885 
addCurlyBrackets(const std::string & s)886 std::string addCurlyBrackets(const std::string& s) {
887     return "{" + s + "}";
888 }
889 
890 }  // namespace
891 
interfaceGetList(std::vector<std::string> * interfaceListResult)892 binder::Status NetdNativeService::interfaceGetList(std::vector<std::string>* interfaceListResult) {
893     NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
894     const auto& ifaceList = InterfaceController::getIfaceNames();
895 
896     interfaceListResult->clear();
897     interfaceListResult->reserve(ifaceList.value().size());
898     interfaceListResult->insert(end(*interfaceListResult), begin(ifaceList.value()),
899                                 end(ifaceList.value()));
900 
901     return binder::Status::ok();
902 }
903 
interfaceConfigurationParcelToString(const InterfaceConfigurationParcel & cfg)904 std::string interfaceConfigurationParcelToString(const InterfaceConfigurationParcel& cfg) {
905     std::vector<std::string> result{cfg.ifName, cfg.hwAddr, cfg.ipv4Addr,
906                                     std::to_string(cfg.prefixLength)};
907     result.insert(end(result), begin(cfg.flags), end(cfg.flags));
908     return addCurlyBrackets(base::Join(result, ", "));
909 }
910 
interfaceGetCfg(const std::string & ifName,InterfaceConfigurationParcel * interfaceGetCfgResult)911 binder::Status NetdNativeService::interfaceGetCfg(
912         const std::string& ifName, InterfaceConfigurationParcel* interfaceGetCfgResult) {
913     NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
914     auto entry = gLog.newEntry().prettyFunction(__PRETTY_FUNCTION__).arg(ifName);
915 
916     const auto& cfgRes = InterfaceController::getCfg(ifName);
917     RETURN_BINDER_STATUS_IF_NOT_OK(entry, cfgRes);
918 
919     *interfaceGetCfgResult = cfgRes.value();
920     gLog.log(entry.returns(interfaceConfigurationParcelToString(*interfaceGetCfgResult))
921                      .withAutomaticDuration());
922     return binder::Status::ok();
923 }
924 
interfaceSetCfg(const InterfaceConfigurationParcel & cfg)925 binder::Status NetdNativeService::interfaceSetCfg(const InterfaceConfigurationParcel& cfg) {
926     NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
927     auto entry = gLog.newEntry()
928                          .prettyFunction(__PRETTY_FUNCTION__)
929                          .arg(interfaceConfigurationParcelToString(cfg));
930 
931     const auto& res = InterfaceController::setCfg(cfg);
932     RETURN_BINDER_STATUS_IF_NOT_OK(entry, res);
933 
934     gLog.log(entry.withAutomaticDuration());
935     return binder::Status::ok();
936 }
937 
interfaceSetIPv6PrivacyExtensions(const std::string & ifName,bool enable)938 binder::Status NetdNativeService::interfaceSetIPv6PrivacyExtensions(const std::string& ifName,
939                                                                     bool enable) {
940     NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
941     int res = InterfaceController::setIPv6PrivacyExtensions(ifName.c_str(), enable);
942     return statusFromErrcode(res);
943 }
944 
interfaceClearAddrs(const std::string & ifName)945 binder::Status NetdNativeService::interfaceClearAddrs(const std::string& ifName) {
946     NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
947     int res = InterfaceController::clearAddrs(ifName.c_str());
948     return statusFromErrcode(res);
949 }
950 
interfaceSetEnableIPv6(const std::string & ifName,bool enable)951 binder::Status NetdNativeService::interfaceSetEnableIPv6(const std::string& ifName, bool enable) {
952     NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
953     int res = InterfaceController::setEnableIPv6(ifName.c_str(), enable);
954     return statusFromErrcode(res);
955 }
956 
interfaceSetMtu(const std::string & ifName,int32_t mtuValue)957 binder::Status NetdNativeService::interfaceSetMtu(const std::string& ifName, int32_t mtuValue) {
958     NETD_LOCKING_RPC(InterfaceController::mutex, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
959     std::string mtu = std::to_string(mtuValue);
960     int res = InterfaceController::setMtu(ifName.c_str(), mtu.c_str());
961     return statusFromErrcode(res);
962 }
963 
tetherStart(const std::vector<std::string> & dhcpRanges)964 binder::Status NetdNativeService::tetherStart(const std::vector<std::string>& dhcpRanges) {
965     TetherConfigParcel config;
966     config.usingLegacyDnsProxy = true;
967     config.dhcpRanges = dhcpRanges;
968     return tetherStartWithConfiguration(config);
969 }
970 
tetherStartWithConfiguration(const TetherConfigParcel & config)971 binder::Status NetdNativeService::tetherStartWithConfiguration(const TetherConfigParcel& config) {
972     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
973     if (config.dhcpRanges.size() % 2 == 1) {
974         return statusFromErrcode(-EINVAL);
975     }
976     // TODO: Pass TetherConfigParcel directly.
977     int res = gCtls->tetherCtrl.startTethering(config.usingLegacyDnsProxy, config.dhcpRanges);
978     return statusFromErrcode(res);
979 }
980 
tetherStop()981 binder::Status NetdNativeService::tetherStop() {
982     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
983     int res = gCtls->tetherCtrl.stopTethering();
984     return statusFromErrcode(res);
985 }
986 
tetherIsEnabled(bool * enabled)987 binder::Status NetdNativeService::tetherIsEnabled(bool* enabled) {
988     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
989     *enabled = gCtls->tetherCtrl.isTetheringStarted();
990     return binder::Status::ok();
991 }
992 
tetherInterfaceAdd(const std::string & ifName)993 binder::Status NetdNativeService::tetherInterfaceAdd(const std::string& ifName) {
994     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
995     int res = gCtls->tetherCtrl.tetherInterface(ifName.c_str());
996     return statusFromErrcode(res);
997 }
998 
tetherInterfaceRemove(const std::string & ifName)999 binder::Status NetdNativeService::tetherInterfaceRemove(const std::string& ifName) {
1000     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1001     int res = gCtls->tetherCtrl.untetherInterface(ifName.c_str());
1002     return statusFromErrcode(res);
1003 }
1004 
tetherInterfaceList(std::vector<std::string> * ifList)1005 binder::Status NetdNativeService::tetherInterfaceList(std::vector<std::string>* ifList) {
1006     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1007     for (const auto& ifname : gCtls->tetherCtrl.getTetheredInterfaceList()) {
1008         ifList->push_back(ifname);
1009     }
1010     return binder::Status::ok();
1011 }
1012 
tetherDnsSet(int32_t netId,const std::vector<std::string> & dnsAddrs)1013 binder::Status NetdNativeService::tetherDnsSet(int32_t netId,
1014                                                const std::vector<std::string>& dnsAddrs) {
1015     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1016     int res = gCtls->tetherCtrl.setDnsForwarders(netId, dnsAddrs);
1017     return statusFromErrcode(res);
1018 }
1019 
tetherDnsList(std::vector<std::string> * dnsList)1020 binder::Status NetdNativeService::tetherDnsList(std::vector<std::string>* dnsList) {
1021     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1022     for (const auto& fwdr : gCtls->tetherCtrl.getDnsForwarders()) {
1023         dnsList->push_back(fwdr);
1024     }
1025     return binder::Status::ok();
1026 }
1027 
networkAddRouteParcel(int32_t netId,const RouteInfoParcel & route)1028 binder::Status NetdNativeService::networkAddRouteParcel(int32_t netId,
1029                                                         const RouteInfoParcel& route) {
1030     // Public methods of NetworkController are thread-safe.
1031     ENFORCE_NETWORK_STACK_PERMISSIONS();
1032     bool legacy = false;
1033     uid_t uid = 0;  // UID is only meaningful for legacy routes.
1034 
1035     // convert Parcel to parameters
1036     int res = gCtls->netCtrl.addRoute(netId, route.ifName.c_str(), route.destination.c_str(),
1037                                       route.nextHop.empty() ? nullptr : route.nextHop.c_str(),
1038                                       legacy, uid, route.mtu);
1039     return statusFromErrcode(res);
1040 }
1041 
networkUpdateRouteParcel(int32_t netId,const RouteInfoParcel & route)1042 binder::Status NetdNativeService::networkUpdateRouteParcel(int32_t netId,
1043                                                            const RouteInfoParcel& route) {
1044     // Public methods of NetworkController are thread-safe.
1045     ENFORCE_NETWORK_STACK_PERMISSIONS();
1046     bool legacy = false;
1047     uid_t uid = 0;  // UID is only meaningful for legacy routes.
1048 
1049     // convert Parcel to parameters
1050     int res = gCtls->netCtrl.updateRoute(netId, route.ifName.c_str(), route.destination.c_str(),
1051                                          route.nextHop.empty() ? nullptr : route.nextHop.c_str(),
1052                                          legacy, uid, route.mtu);
1053     return statusFromErrcode(res);
1054 }
1055 
networkRemoveRouteParcel(int32_t netId,const RouteInfoParcel & route)1056 binder::Status NetdNativeService::networkRemoveRouteParcel(int32_t netId,
1057                                                            const RouteInfoParcel& route) {
1058     return networkRemoveRoute(netId, route.ifName, route.destination, route.nextHop);
1059 }
1060 
networkAddRoute(int32_t netId,const std::string & ifName,const std::string & destination,const std::string & nextHop)1061 binder::Status NetdNativeService::networkAddRoute(int32_t netId, const std::string& ifName,
1062                                                   const std::string& destination,
1063                                                   const std::string& nextHop) {
1064     // Public methods of NetworkController are thread-safe.
1065     ENFORCE_NETWORK_STACK_PERMISSIONS();
1066     bool legacy = false;
1067     uid_t uid = 0;  // UID is only meaningful for legacy routes.
1068     int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1069                                       nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid, 0);
1070     return statusFromErrcode(res);
1071 }
1072 
networkRemoveRoute(int32_t netId,const std::string & ifName,const std::string & destination,const std::string & nextHop)1073 binder::Status NetdNativeService::networkRemoveRoute(int32_t netId, const std::string& ifName,
1074                                                      const std::string& destination,
1075                                                      const std::string& nextHop) {
1076     ENFORCE_NETWORK_STACK_PERMISSIONS();
1077     bool legacy = false;
1078     uid_t uid = 0;  // UID is only meaningful for legacy routes.
1079     int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1080                                          nextHop.empty() ? nullptr : nextHop.c_str(), legacy, uid);
1081     return statusFromErrcode(res);
1082 }
1083 
networkAddLegacyRoute(int32_t netId,const std::string & ifName,const std::string & destination,const std::string & nextHop,int32_t uid)1084 binder::Status NetdNativeService::networkAddLegacyRoute(int32_t netId, const std::string& ifName,
1085                                                         const std::string& destination,
1086                                                         const std::string& nextHop, int32_t uid) {
1087     ENFORCE_NETWORK_STACK_PERMISSIONS();
1088     bool legacy = true;
1089     int res = gCtls->netCtrl.addRoute(netId, ifName.c_str(), destination.c_str(),
1090                                       nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1091                                       (uid_t)uid, 0);
1092     return statusFromErrcode(res);
1093 }
1094 
networkRemoveLegacyRoute(int32_t netId,const std::string & ifName,const std::string & destination,const std::string & nextHop,int32_t uid)1095 binder::Status NetdNativeService::networkRemoveLegacyRoute(int32_t netId, const std::string& ifName,
1096                                                            const std::string& destination,
1097                                                            const std::string& nextHop,
1098                                                            int32_t uid) {
1099     ENFORCE_NETWORK_STACK_PERMISSIONS();
1100     bool legacy = true;
1101     int res = gCtls->netCtrl.removeRoute(netId, ifName.c_str(), destination.c_str(),
1102                                          nextHop.empty() ? nullptr : nextHop.c_str(), legacy,
1103                                          (uid_t) uid);
1104     return statusFromErrcode(res);
1105 }
1106 
networkGetDefault(int32_t * netId)1107 binder::Status NetdNativeService::networkGetDefault(int32_t* netId) {
1108     ENFORCE_NETWORK_STACK_PERMISSIONS();
1109     *netId = gCtls->netCtrl.getDefaultNetwork();
1110     return binder::Status::ok();
1111 }
1112 
networkSetDefault(int32_t netId)1113 binder::Status NetdNativeService::networkSetDefault(int32_t netId) {
1114     ENFORCE_NETWORK_STACK_PERMISSIONS();
1115     int res = gCtls->netCtrl.setDefaultNetwork(netId);
1116     return statusFromErrcode(res);
1117 }
1118 
networkClearDefault()1119 binder::Status NetdNativeService::networkClearDefault() {
1120     ENFORCE_NETWORK_STACK_PERMISSIONS();
1121     unsigned netId = NETID_UNSET;
1122     int res = gCtls->netCtrl.setDefaultNetwork(netId);
1123     return statusFromErrcode(res);
1124 }
1125 
intsToUids(const std::vector<int32_t> & intUids)1126 std::vector<uid_t> NetdNativeService::intsToUids(const std::vector<int32_t>& intUids) {
1127     return {begin(intUids), end(intUids)};
1128 }
1129 
convertPermission(int32_t permission)1130 Permission NetdNativeService::convertPermission(int32_t permission) {
1131     switch (permission) {
1132         case INetd::PERMISSION_NETWORK:
1133             return Permission::PERMISSION_NETWORK;
1134         case INetd::PERMISSION_SYSTEM:
1135             return Permission::PERMISSION_SYSTEM;
1136         default:
1137             return Permission::PERMISSION_NONE;
1138     }
1139 }
1140 
networkSetPermissionForNetwork(int32_t netId,int32_t permission)1141 binder::Status NetdNativeService::networkSetPermissionForNetwork(int32_t netId,
1142                                                                  int32_t permission) {
1143     ENFORCE_NETWORK_STACK_PERMISSIONS();
1144     std::vector<unsigned> netIds = {(unsigned) netId};
1145     int res = gCtls->netCtrl.setPermissionForNetworks(convertPermission(permission), netIds);
1146     return statusFromErrcode(res);
1147 }
1148 
networkSetPermissionForUser(int32_t permission,const std::vector<int32_t> & uids)1149 binder::Status NetdNativeService::networkSetPermissionForUser(int32_t permission,
1150                                                               const std::vector<int32_t>& uids) {
1151     ENFORCE_NETWORK_STACK_PERMISSIONS();
1152     gCtls->netCtrl.setPermissionForUsers(convertPermission(permission), intsToUids(uids));
1153     return binder::Status::ok();
1154 }
1155 
networkClearPermissionForUser(const std::vector<int32_t> & uids)1156 binder::Status NetdNativeService::networkClearPermissionForUser(const std::vector<int32_t>& uids) {
1157     ENFORCE_NETWORK_STACK_PERMISSIONS();
1158     Permission permission = Permission::PERMISSION_NONE;
1159     gCtls->netCtrl.setPermissionForUsers(permission, intsToUids(uids));
1160     return binder::Status::ok();
1161 }
1162 
networkSetProtectAllow(int32_t uid)1163 binder::Status NetdNativeService::networkSetProtectAllow(int32_t uid) {
1164     ENFORCE_NETWORK_STACK_PERMISSIONS();
1165     std::vector<uid_t> uids = {(uid_t) uid};
1166     gCtls->netCtrl.allowProtect(uids);
1167     return binder::Status::ok();
1168 }
1169 
networkSetProtectDeny(int32_t uid)1170 binder::Status NetdNativeService::networkSetProtectDeny(int32_t uid) {
1171     ENFORCE_NETWORK_STACK_PERMISSIONS();
1172     std::vector<uid_t> uids = {(uid_t) uid};
1173     gCtls->netCtrl.denyProtect(uids);
1174     return binder::Status::ok();
1175 }
1176 
networkCanProtect(int32_t uid,bool * ret)1177 binder::Status NetdNativeService::networkCanProtect(int32_t uid, bool* ret) {
1178     ENFORCE_NETWORK_STACK_PERMISSIONS();
1179     *ret = gCtls->netCtrl.canProtect((uid_t) uid);
1180     return binder::Status::ok();
1181 }
1182 
trafficSetNetPermForUids(int32_t permission,const std::vector<int32_t> & uids)1183 binder::Status NetdNativeService::trafficSetNetPermForUids(int32_t permission,
1184                                                            const std::vector<int32_t>& uids) {
1185     ENFORCE_NETWORK_STACK_PERMISSIONS();
1186     gCtls->trafficCtrl.setPermissionForUids(permission, intsToUids(uids));
1187     return binder::Status::ok();
1188 }
1189 
firewallSetFirewallType(int32_t firewallType)1190 binder::Status NetdNativeService::firewallSetFirewallType(int32_t firewallType) {
1191     NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1192     auto type = static_cast<FirewallType>(firewallType);
1193 
1194     int res = gCtls->firewallCtrl.setFirewallType(type);
1195     return statusFromErrcode(res);
1196 }
1197 
firewallSetInterfaceRule(const std::string & ifName,int32_t firewallRule)1198 binder::Status NetdNativeService::firewallSetInterfaceRule(const std::string& ifName,
1199                                                            int32_t firewallRule) {
1200     NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1201     auto rule = static_cast<FirewallRule>(firewallRule);
1202 
1203     int res = gCtls->firewallCtrl.setInterfaceRule(ifName.c_str(), rule);
1204     return statusFromErrcode(res);
1205 }
1206 
firewallSetUidRule(int32_t childChain,int32_t uid,int32_t firewallRule)1207 binder::Status NetdNativeService::firewallSetUidRule(int32_t childChain, int32_t uid,
1208                                                      int32_t firewallRule) {
1209     NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1210     auto chain = static_cast<ChildChain>(childChain);
1211     auto rule = static_cast<FirewallRule>(firewallRule);
1212 
1213     int res = gCtls->firewallCtrl.setUidRule(chain, uid, rule);
1214     return statusFromErrcode(res);
1215 }
1216 
firewallEnableChildChain(int32_t childChain,bool enable)1217 binder::Status NetdNativeService::firewallEnableChildChain(int32_t childChain, bool enable) {
1218     NETD_LOCKING_RPC(gCtls->firewallCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1219     auto chain = static_cast<ChildChain>(childChain);
1220 
1221     int res = gCtls->firewallCtrl.enableChildChains(chain, enable);
1222     return statusFromErrcode(res);
1223 }
1224 
firewallAddUidInterfaceRules(const std::string & ifName,const std::vector<int32_t> & uids)1225 binder::Status NetdNativeService::firewallAddUidInterfaceRules(const std::string& ifName,
1226                                                                const std::vector<int32_t>& uids) {
1227     ENFORCE_NETWORK_STACK_PERMISSIONS();
1228 
1229     return asBinderStatus(gCtls->trafficCtrl.addUidInterfaceRules(
1230             RouteController::getIfIndex(ifName.c_str()), uids));
1231 }
1232 
firewallRemoveUidInterfaceRules(const std::vector<int32_t> & uids)1233 binder::Status NetdNativeService::firewallRemoveUidInterfaceRules(
1234         const std::vector<int32_t>& uids) {
1235     ENFORCE_NETWORK_STACK_PERMISSIONS();
1236 
1237     return asBinderStatus(gCtls->trafficCtrl.removeUidInterfaceRules(uids));
1238 }
1239 
tetherAddForward(const std::string & intIface,const std::string & extIface)1240 binder::Status NetdNativeService::tetherAddForward(const std::string& intIface,
1241                                                    const std::string& extIface) {
1242     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1243 
1244     int res = gCtls->tetherCtrl.enableNat(intIface.c_str(), extIface.c_str());
1245     return statusFromErrcode(res);
1246 }
1247 
tetherRemoveForward(const std::string & intIface,const std::string & extIface)1248 binder::Status NetdNativeService::tetherRemoveForward(const std::string& intIface,
1249                                                       const std::string& extIface) {
1250     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1251     int res = gCtls->tetherCtrl.disableNat(intIface.c_str(), extIface.c_str());
1252     return statusFromErrcode(res);
1253 }
1254 
setTcpRWmemorySize(const std::string & rmemValues,const std::string & wmemValues)1255 binder::Status NetdNativeService::setTcpRWmemorySize(const std::string& rmemValues,
1256                                                      const std::string& wmemValues) {
1257     ENFORCE_NETWORK_STACK_PERMISSIONS();
1258     if (!WriteStringToFile(rmemValues, TCP_RMEM_PROC_FILE)) {
1259         int ret = -errno;
1260         return statusFromErrcode(ret);
1261     }
1262 
1263     if (!WriteStringToFile(wmemValues, TCP_WMEM_PROC_FILE)) {
1264         int ret = -errno;
1265         return statusFromErrcode(ret);
1266     }
1267     return binder::Status::ok();
1268 }
1269 
registerUnsolicitedEventListener(const android::sp<android::net::INetdUnsolicitedEventListener> & listener)1270 binder::Status NetdNativeService::registerUnsolicitedEventListener(
1271         const android::sp<android::net::INetdUnsolicitedEventListener>& listener) {
1272     ENFORCE_NETWORK_STACK_PERMISSIONS();
1273     gCtls->eventReporter.registerUnsolEventListener(listener);
1274     return binder::Status::ok();
1275 }
1276 
getOemNetd(android::sp<android::IBinder> * listener)1277 binder::Status NetdNativeService::getOemNetd(android::sp<android::IBinder>* listener) {
1278     ENFORCE_NETWORK_STACK_PERMISSIONS();
1279     *listener = com::android::internal::net::OemNetdListener::getListener();
1280 
1281     return binder::Status::ok();
1282 }
1283 
getFwmarkForNetwork(int32_t netId,MarkMaskParcel * markMask)1284 binder::Status NetdNativeService::getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markMask) {
1285     ENFORCE_NETWORK_STACK_PERMISSIONS();
1286 
1287     Fwmark fwmark;
1288     fwmark.netId = netId;
1289     markMask->mask = FWMARK_NET_ID_MASK;
1290     markMask->mark = fwmark.intValue;
1291     return binder::Status::ok();
1292 }
1293 
1294 // TODO: remark @deprecated in INetd.aidl.
tetherOffloadRuleAdd(const TetherOffloadRuleParcel &)1295 binder::Status NetdNativeService::tetherOffloadRuleAdd(const TetherOffloadRuleParcel& /* rule */) {
1296     // deprecated
1297     ENFORCE_NETWORK_STACK_PERMISSIONS();
1298     return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);
1299 }
1300 
1301 // TODO: remark @deprecated in INetd.aidl.
tetherOffloadRuleRemove(const TetherOffloadRuleParcel &)1302 binder::Status NetdNativeService::tetherOffloadRuleRemove(
1303         const TetherOffloadRuleParcel& /* rule */) {
1304     // deprecated
1305     ENFORCE_NETWORK_STACK_PERMISSIONS();
1306     return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);
1307 }
1308 
1309 // TODO: remark @deprecated in INetd.aidl.
tetherOffloadGetStats(std::vector<TetherStatsParcel> *)1310 binder::Status NetdNativeService::tetherOffloadGetStats(
1311         std::vector<TetherStatsParcel>* /* tetherStatsParcelVec */) {
1312     // deprecated
1313     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1314     return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);
1315 }
1316 
1317 // TODO: remark @deprecated in INetd.aidl.
tetherOffloadSetInterfaceQuota(int,int64_t)1318 binder::Status NetdNativeService::tetherOffloadSetInterfaceQuota(int /* ifIndex */,
1319                                                                  int64_t /* quotaBytes */) {
1320     // deprecated
1321     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1322     return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);
1323 }
1324 
1325 // TODO: remark @deprecated in INetd.aidl.
tetherOffloadGetAndClearStats(int,android::net::TetherStatsParcel *)1326 binder::Status NetdNativeService::tetherOffloadGetAndClearStats(
1327         int /* ifIndex */, android::net::TetherStatsParcel* /* tetherStats */) {
1328     // deprecated
1329     NETD_LOCKING_RPC(gCtls->tetherCtrl.lock, PERM_NETWORK_STACK, PERM_MAINLINE_NETWORK_STACK);
1330     return binder::Status::fromExceptionCode(binder::Status::EX_UNSUPPORTED_OPERATION);
1331 }
1332 
1333 }  // namespace net
1334 }  // namespace android
1335