1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include "NetdConstants.h" 20 #include "Permission.h" 21 #include "UidRanges.h" 22 23 #include <set> 24 #include <string> 25 26 namespace android::net { 27 28 typedef std::map<int32_t, UidRanges> UidRangeMap; 29 30 // A Network represents a collection of interfaces participating as a single administrative unit. 31 class Network { 32 public: 33 // You MUST ensure that no interfaces are still assigned to this network, say by calling 34 // clearInterfaces(), before deleting it. This is because interface removal may fail. If we 35 // automatically removed interfaces in the destructor, you wouldn't know if it failed. 36 virtual ~Network(); 37 38 virtual std::string getTypeString() const = 0; 39 unsigned getNetId() const; 40 41 bool hasInterface(const std::string& interface) const; 42 const std::set<std::string>& getInterfaces() const; 43 44 // These return 0 on success or negative errno on failure. addInterface(const std::string &)45 [[nodiscard]] virtual int addInterface(const std::string&) { return -EINVAL; } removeInterface(const std::string &)46 [[nodiscard]] virtual int removeInterface(const std::string&) { return -EINVAL; } 47 [[nodiscard]] int clearInterfaces(); 48 49 std::string toString() const; 50 std::string uidRangesToString() const; 51 std::string allowedUidsToString() const; 52 bool appliesToUser(uid_t uid, int32_t* subPriority) const; 53 virtual Permission getPermission() const = 0; addUsers(const UidRanges &,int32_t)54 [[nodiscard]] virtual int addUsers(const UidRanges&, int32_t /*subPriority*/) { 55 return -EINVAL; 56 }; removeUsers(const UidRanges &,int32_t)57 [[nodiscard]] virtual int removeUsers(const UidRanges&, int32_t /*subPriority*/) { 58 return -EINVAL; 59 }; 60 bool isSecure() const; isPhysical()61 virtual bool isPhysical() { return false; } isUnreachable()62 virtual bool isUnreachable() { return false; } isVirtual()63 virtual bool isVirtual() { return false; } canAddUsers()64 virtual bool canAddUsers() { return false; } isValidSubPriority(int32_t)65 virtual bool isValidSubPriority(int32_t /*priority*/) { return false; } 66 virtual void addToUidRangeMap(const UidRanges& uidRanges, int32_t subPriority); 67 virtual void removeFromUidRangeMap(const UidRanges& uidRanges, int32_t subPriority); 68 void clearAllowedUids(); 69 void setAllowedUids(const UidRanges& uidRanges); 70 bool isUidAllowed(uid_t uid); 71 72 protected: 73 explicit Network(unsigned netId, bool secure = false); 74 bool canAddUidRanges(const UidRanges& uidRanges) const; 75 76 const unsigned mNetId; 77 std::set<std::string> mInterfaces; 78 // Each subsidiary priority maps to a set of UID ranges of a feature. 79 std::map<int32_t, UidRanges> mUidRangeMap; 80 const bool mSecure; 81 // UIDs that can explicitly select this network. It means no restriction for all UIDs if the 82 // optional variable has no value. 83 std::optional<UidRanges> mAllowedUids; 84 85 private: 86 enum Action { 87 REMOVE, 88 ADD, 89 }; 90 }; 91 92 } // namespace android::net 93