1 /** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef _NETD_NATIVE_SERVICE_H_ 18 #define _NETD_NATIVE_SERVICE_H_ 19 20 #include <vector> 21 22 #include <binder/BinderService.h> 23 #include <netdutils/Log.h> 24 25 #include "android/net/BnNetd.h" 26 27 namespace android { 28 namespace net { 29 30 class NetdNativeService : public BinderService<NetdNativeService>, public BnNetd { 31 public: 32 NetdNativeService(); 33 static status_t start(); getServiceName()34 static char const* getServiceName() { return "netd"; } 35 virtual status_t dump(int fd, const Vector<String16> &args) override; 36 37 binder::Status isAlive(bool *alive) override; 38 39 // Firewall commands. 40 binder::Status firewallReplaceUidChain(const std::string& chainName, bool isAllowlist, 41 const std::vector<int32_t>& uids, bool* ret) override; 42 binder::Status firewallSetFirewallType(int32_t firewallType) override; 43 binder::Status firewallSetInterfaceRule(const std::string& ifName, 44 int32_t firewallRule) override; 45 binder::Status firewallSetUidRule(int32_t childChain, int32_t uid, 46 int32_t firewallRule) override; 47 binder::Status firewallEnableChildChain(int32_t childChain, bool enable) override; 48 binder::Status firewallAddUidInterfaceRules(const std::string& ifName, 49 const std::vector<int32_t>& uids) override; 50 binder::Status firewallRemoveUidInterfaceRules(const std::vector<int32_t>& uids) override; 51 52 // Bandwidth control commands. 53 binder::Status bandwidthEnableDataSaver(bool enable, bool *ret) override; 54 binder::Status bandwidthSetInterfaceQuota(const std::string& ifName, int64_t bytes) override; 55 binder::Status bandwidthRemoveInterfaceQuota(const std::string& ifName) override; 56 binder::Status bandwidthSetInterfaceAlert(const std::string& ifName, int64_t bytes) override; 57 binder::Status bandwidthRemoveInterfaceAlert(const std::string& ifName) override; 58 binder::Status bandwidthSetGlobalAlert(int64_t bytes) override; 59 binder::Status bandwidthAddNaughtyApp(int32_t uid) override; 60 binder::Status bandwidthRemoveNaughtyApp(int32_t uid) override; 61 binder::Status bandwidthAddNiceApp(int32_t uid) override; 62 binder::Status bandwidthRemoveNiceApp(int32_t uid) override; 63 64 // Network and routing commands. 65 binder::Status networkCreatePhysical(int32_t netId, int32_t permission) override; 66 binder::Status networkCreateVpn(int32_t netId, bool secure) override; 67 binder::Status networkCreate(const NativeNetworkConfig& config) override; 68 binder::Status networkDestroy(int32_t netId) override; 69 70 binder::Status networkAddInterface(int32_t netId, const std::string& iface) override; 71 binder::Status networkRemoveInterface(int32_t netId, const std::string& iface) override; 72 73 binder::Status networkAddUidRanges(int32_t netId, 74 const std::vector<UidRangeParcel>& uids) override; 75 binder::Status networkRemoveUidRanges(int32_t netId, 76 const std::vector<UidRangeParcel>& uids) override; 77 binder::Status networkAddUidRangesParcel( 78 const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override; 79 binder::Status networkRemoveUidRangesParcel( 80 const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override; 81 binder::Status networkRejectNonSecureVpn(bool enable, 82 const std::vector<UidRangeParcel>& uids) override; 83 binder::Status networkAddRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 84 binder::Status networkUpdateRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 85 binder::Status networkRemoveRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 86 binder::Status networkAddRoute(int32_t netId, const std::string& ifName, 87 const std::string& destination, 88 const std::string& nextHop) override; 89 binder::Status networkRemoveRoute(int32_t netId, const std::string& ifName, 90 const std::string& destination, 91 const std::string& nextHop) override; 92 binder::Status networkAddLegacyRoute(int32_t netId, const std::string& ifName, 93 const std::string& destination, const std::string& nextHop, 94 int32_t uid) override; 95 binder::Status networkRemoveLegacyRoute(int32_t netId, const std::string& ifName, 96 const std::string& destination, 97 const std::string& nextHop, int32_t uid) override; 98 binder::Status networkSetDefault(int32_t netId) override; 99 binder::Status networkClearDefault() override; 100 binder::Status networkSetPermissionForNetwork(int32_t netId, int32_t permission) override; 101 binder::Status networkSetPermissionForUser(int32_t permission, 102 const std::vector<int32_t>& uids) override; 103 binder::Status networkClearPermissionForUser(const std::vector<int32_t>& uids) override; 104 binder::Status networkSetProtectAllow(int32_t uid) override; 105 binder::Status networkSetProtectDeny(int32_t uid) override; 106 // For test (internal use only). 107 binder::Status networkGetDefault(int32_t* netId) override; 108 binder::Status networkCanProtect(int32_t uid, bool* ret) override; 109 110 binder::Status trafficSetNetPermForUids(int32_t permission, 111 const std::vector<int32_t>& uids) override; 112 113 // SOCK_DIAG commands. 114 binder::Status socketDestroy(const std::vector<UidRangeParcel>& uids, 115 const std::vector<int32_t>& skipUids) override; 116 117 binder::Status setIPv6AddrGenMode(const std::string& ifName, int32_t mode) override; 118 119 // NFLOG-related commands 120 binder::Status wakeupAddInterface(const std::string& ifName, const std::string& prefix, 121 int32_t mark, int32_t mask) override; 122 123 binder::Status wakeupDelInterface(const std::string& ifName, const std::string& prefix, 124 int32_t mark, int32_t mask) override; 125 126 // Tethering-related commands. 127 binder::Status tetherApplyDnsInterfaces(bool *ret) override; 128 binder::Status tetherGetStats( 129 std::vector<android::net::TetherStatsParcel>* tetherStatsVec) override; 130 binder::Status tetherOffloadGetStats( 131 std::vector<android::net::TetherStatsParcel>* tetherStatsVec) override; 132 binder::Status tetherStart(const std::vector<std::string>& dhcpRanges) override; 133 binder::Status tetherStartWithConfiguration(const TetherConfigParcel& config) override; 134 binder::Status tetherStop() override; 135 binder::Status tetherIsEnabled(bool* enabled) override; 136 binder::Status tetherInterfaceAdd(const std::string& ifName) override; 137 binder::Status tetherInterfaceRemove(const std::string& ifName) override; 138 binder::Status tetherInterfaceList(std::vector<std::string>* ifList) override; 139 binder::Status tetherDnsSet(int32_t netId, const std::vector<std::string>& dnsAddrs) override; 140 binder::Status tetherDnsList(std::vector<std::string>* dnsList) override; 141 binder::Status tetherAddForward(const std::string& intIface, 142 const std::string& extIface) override; 143 binder::Status tetherRemoveForward(const std::string& intIface, 144 const std::string& extIface) override; 145 binder::Status tetherOffloadRuleAdd(const android::net::TetherOffloadRuleParcel& rule) override; 146 binder::Status tetherOffloadRuleRemove( 147 const android::net::TetherOffloadRuleParcel& rule) override; 148 binder::Status tetherOffloadSetInterfaceQuota(int ifIndex, int64_t quotaBytes) override; 149 binder::Status tetherOffloadGetAndClearStats( 150 int ifIndex, android::net::TetherStatsParcel* tetherStats) override; 151 152 // Interface-related commands. 153 binder::Status interfaceAddAddress(const std::string &ifName, 154 const std::string &addrString, int prefixLength) override; 155 binder::Status interfaceDelAddress(const std::string &ifName, 156 const std::string &addrString, int prefixLength) override; 157 binder::Status interfaceGetList(std::vector<std::string>* interfaceListResult) override; 158 binder::Status interfaceGetCfg(const std::string& ifName, 159 InterfaceConfigurationParcel* interfaceGetCfgResult) override; 160 binder::Status interfaceSetCfg(const InterfaceConfigurationParcel& cfg) override; 161 binder::Status interfaceSetIPv6PrivacyExtensions(const std::string& ifName, 162 bool enable) override; 163 binder::Status interfaceClearAddrs(const std::string& ifName) override; 164 binder::Status interfaceSetEnableIPv6(const std::string& ifName, bool enable) override; 165 binder::Status interfaceSetMtu(const std::string& ifName, int32_t mtuValue) override; 166 167 binder::Status getProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, 168 const std::string& parameter, std::string* value) override; 169 binder::Status setProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, 170 const std::string& parameter, const std::string& value) override; 171 172 binder::Status ipSecSetEncapSocketOwner(const os::ParcelFileDescriptor& socket, int newUid); 173 174 binder::Status ipSecAllocateSpi( 175 int32_t transformId, 176 const std::string& localAddress, 177 const std::string& remoteAddress, 178 int32_t inSpi, 179 int32_t* outSpi); 180 181 binder::Status ipSecAddSecurityAssociation( 182 int32_t transformId, int32_t mode, const std::string& sourceAddress, 183 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi, 184 int32_t markValue, int32_t markMask, const std::string& authAlgo, 185 const std::vector<uint8_t>& authKey, int32_t authTruncBits, 186 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, 187 int32_t cryptTruncBits, const std::string& aeadAlgo, 188 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType, 189 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId); 190 191 binder::Status ipSecDeleteSecurityAssociation(int32_t transformId, 192 const std::string& sourceAddress, 193 const std::string& destinationAddress, 194 int32_t spi, int32_t markValue, int32_t markMask, 195 int32_t interfaceId); 196 197 binder::Status ipSecApplyTransportModeTransform(const os::ParcelFileDescriptor& socket, 198 int32_t transformId, int32_t direction, 199 const std::string& sourceAddress, 200 const std::string& destinationAddress, 201 int32_t spi); 202 203 binder::Status ipSecRemoveTransportModeTransform(const os::ParcelFileDescriptor& socket); 204 205 binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 206 int32_t direction, const std::string& tmplSrcAddress, 207 const std::string& tmplDstAddress, int32_t spi, 208 int32_t markValue, int32_t markMask, int32_t interfaceId); 209 210 binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 211 int32_t direction, const std::string& tmplSrcAddress, 212 const std::string& tmplDstAddress, int32_t spi, 213 int32_t markValue, int32_t markMask, 214 int32_t interfaceId); 215 216 binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 217 int32_t direction, int32_t markValue, int32_t markMask, 218 int32_t interfaceId); 219 220 binder::Status trafficSwapActiveStatsMap() override; 221 222 binder::Status ipSecAddTunnelInterface(const std::string& deviceName, 223 const std::string& localAddress, 224 const std::string& remoteAddress, int32_t iKey, 225 int32_t oKey, int32_t interfaceId); 226 227 binder::Status ipSecUpdateTunnelInterface(const std::string& deviceName, 228 const std::string& localAddress, 229 const std::string& remoteAddress, int32_t iKey, 230 int32_t oKey, int32_t interfaceId); 231 232 binder::Status ipSecRemoveTunnelInterface(const std::string& deviceName); 233 234 binder::Status ipSecMigrate(const IpSecMigrateInfoParcel& migrateInfo); 235 236 // Idletimer-related commands 237 binder::Status idletimerAddInterface(const std::string& ifName, int32_t timeout, 238 const std::string& classLabel) override; 239 binder::Status idletimerRemoveInterface(const std::string& ifName, int32_t timeout, 240 const std::string& classLabel) override; 241 242 // Strict-related commands 243 binder::Status strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) override; 244 245 // Clatd-related commands 246 binder::Status clatdStart(const std::string& ifName, const std::string& nat64Prefix, 247 std::string* v6Address) override; 248 binder::Status clatdStop(const std::string& ifName) override; 249 250 // Ipfw-related commands 251 binder::Status ipfwdEnabled(bool* status) override; 252 binder::Status ipfwdGetRequesterList(std::vector<std::string>* requesterList) override; 253 binder::Status ipfwdEnableForwarding(const std::string& requester) override; 254 binder::Status ipfwdDisableForwarding(const std::string& requester) override; 255 binder::Status ipfwdAddInterfaceForward(const std::string& fromIface, 256 const std::string& toIface) override; 257 binder::Status ipfwdRemoveInterfaceForward(const std::string& fromIface, 258 const std::string& toIface) override; 259 260 // tcp_mem-config command 261 binder::Status setTcpRWmemorySize(const std::string& rmemValues, 262 const std::string& wmemValues) override; 263 264 binder::Status registerUnsolicitedEventListener( 265 const android::sp<android::net::INetdUnsolicitedEventListener>& listener) override; 266 267 binder::Status getOemNetd(android::sp<android::IBinder>* listener) override; 268 binder::Status getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markmask); 269 binder::Status setNetworkAllowlist( 270 const std::vector<netd::aidl::NativeUidRangeConfig>& rangeConfigs) override; 271 272 private: 273 std::vector<uid_t> intsToUids(const std::vector<int32_t>& intUids); 274 Permission convertPermission(int32_t permission); 275 static FirewallRule parseRule(int32_t firewallRule); 276 static ChildChain parseChildChain(int32_t childChain); 277 }; 278 279 } // namespace net 280 } // namespace android 281 282 #endif // _NETD_NATIVE_SERVICE_H_ 283