1 /*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "NetdHwAidlService.h"
18 #include <android/binder_manager.h>
19 #include <android/binder_process.h>
20 #include "Controllers.h"
21 #include "Fwmark.h"
22 #include "RouteController.h"
23 #include "TetherController.h"
24
25 // Tells TetherController::enableForwarding who is requesting forwarding, so that TetherController
26 // can manage/refcount requests to enable forwarding by multiple parties such as the framework, this
27 // binder interface, and the legacy "ndc ipfwd enable <requester>" commands.
28 namespace {
29 constexpr const char* FORWARDING_REQUESTER = "NetdHwAidlService";
30 }
31
32 namespace android {
33 namespace net {
34 namespace aidl {
35
toHalStatus(int ret)36 static int toHalStatus(int ret) {
37 switch (ret) {
38 case 0:
39 return 0;
40 case -EINVAL:
41 return NetdHwAidlService::STATUS_INVALID_ARGUMENTS;
42 case -EEXIST:
43 return NetdHwAidlService::STATUS_ALREADY_EXISTS;
44 case -ENONET:
45 return NetdHwAidlService::STATUS_NO_NETWORK;
46 case -EPERM:
47 return NetdHwAidlService::STATUS_PERMISSION_DENIED;
48 default:
49 ALOGE("HAL service error=%d", ret);
50 return NetdHwAidlService::STATUS_UNKNOWN_ERROR;
51 }
52 }
53
run()54 void NetdHwAidlService::run() {
55 std::shared_ptr<NetdHwAidlService> service = ndk::SharedRefBase::make<NetdHwAidlService>();
56
57 const std::string instance = std::string() + NetdHwAidlService::descriptor + "/default";
58 binder_status_t status =
59 AServiceManager_addService(service->asBinder().get(), instance.c_str());
60 if (status != STATUS_OK) {
61 ALOGE("Failed to register AIDL INetd service. Status: %d.", status);
62 return;
63 }
64
65 ABinderProcess_joinThreadPool();
66 }
67
createOemNetwork(OemNetwork * network)68 ScopedAStatus NetdHwAidlService::createOemNetwork(OemNetwork* network) {
69 unsigned netId;
70 Permission permission = PERMISSION_SYSTEM;
71
72 int ret = gCtls->netCtrl.createPhysicalOemNetwork(permission, &netId);
73
74 Fwmark fwmark;
75 fwmark.netId = netId;
76 fwmark.explicitlySelected = true;
77 fwmark.protectedFromVpn = true;
78 fwmark.permission = PERMISSION_SYSTEM;
79 network->networkHandle = netIdToNetHandle(netId);
80 network->packetMark = fwmark.intValue;
81 if (ret != 0) {
82 return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
83 } else {
84 return ScopedAStatus::ok();
85 }
86 }
87
88 // Vendor code can only modify OEM networks. All other networks are managed by ConnectivityService.
89 #define RETURN_IF_NOT_OEM_NETWORK(netId) \
90 if (((netId) < NetworkController::MIN_OEM_ID) || ((netId) > NetworkController::MAX_OEM_ID)) { \
91 return ScopedAStatus::fromServiceSpecificError(STATUS_INVALID_ARGUMENTS); \
92 }
93
destroyOemNetwork(int64_t netHandle)94 ScopedAStatus NetdHwAidlService::destroyOemNetwork(int64_t netHandle) {
95 unsigned netId = netHandleToNetId(netHandle);
96 RETURN_IF_NOT_OEM_NETWORK(netId);
97
98 auto ret = toHalStatus(gCtls->netCtrl.destroyNetwork(netId));
99 if (ret != 0) {
100 return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
101 } else {
102 return ScopedAStatus::ok();
103 }
104 }
105
maybeNullString(const std::string & nexthop)106 const char* maybeNullString(const std::string& nexthop) {
107 // std::strings can't be null, but RouteController wants null instead of an empty string.
108 const char* nh = nexthop.c_str();
109 if (nh && !*nh) {
110 nh = nullptr;
111 }
112 return nh;
113 }
114
addRouteToOemNetwork(int64_t networkHandle,const std::string & ifname,const std::string & destination,const std::string & nexthop)115 ScopedAStatus NetdHwAidlService::addRouteToOemNetwork(int64_t networkHandle,
116 const std::string& ifname,
117 const std::string& destination,
118 const std::string& nexthop) {
119 unsigned netId = netHandleToNetId(networkHandle);
120 RETURN_IF_NOT_OEM_NETWORK(netId);
121
122 auto ret = gCtls->netCtrl.addRoute(netId, ifname.c_str(), destination.c_str(),
123 maybeNullString(nexthop), false, INVALID_UID, 0 /* mtu */);
124 if (ret != 0) {
125 return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
126 } else {
127 return ScopedAStatus::ok();
128 }
129 }
130
removeRouteFromOemNetwork(int64_t networkHandle,const std::string & ifname,const std::string & destination,const std::string & nexthop)131 ScopedAStatus NetdHwAidlService::removeRouteFromOemNetwork(int64_t networkHandle,
132 const std::string& ifname,
133 const std::string& destination,
134 const std::string& nexthop) {
135 unsigned netId = netHandleToNetId(networkHandle);
136 RETURN_IF_NOT_OEM_NETWORK(netId);
137
138 auto ret = gCtls->netCtrl.removeRoute(netId, ifname.c_str(), destination.c_str(),
139 maybeNullString(nexthop), false, INVALID_UID);
140 if (ret != 0) {
141 return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
142 } else {
143 return ScopedAStatus::ok();
144 }
145 }
146
addInterfaceToOemNetwork(int64_t networkHandle,const std::string & ifname)147 ScopedAStatus NetdHwAidlService::addInterfaceToOemNetwork(int64_t networkHandle,
148 const std::string& ifname) {
149 unsigned netId = netHandleToNetId(networkHandle);
150 RETURN_IF_NOT_OEM_NETWORK(netId);
151
152 auto ret = gCtls->netCtrl.addInterfaceToNetwork(netId, ifname.c_str());
153 if (ret != 0) {
154 return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
155 } else {
156 return ScopedAStatus::ok();
157 }
158 }
159
removeInterfaceFromOemNetwork(int64_t networkHandle,const std::string & ifname)160 ScopedAStatus NetdHwAidlService::removeInterfaceFromOemNetwork(int64_t networkHandle,
161 const std::string& ifname) {
162 unsigned netId = netHandleToNetId(networkHandle);
163 RETURN_IF_NOT_OEM_NETWORK(netId);
164
165 auto ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, ifname.c_str());
166 if (ret != 0) {
167 return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
168 } else {
169 return ScopedAStatus::ok();
170 }
171 }
172
setIpForwardEnable(bool enable)173 ScopedAStatus NetdHwAidlService::setIpForwardEnable(bool enable) {
174 std::lock_guard _lock(gCtls->tetherCtrl.lock);
175
176 bool success = enable ? gCtls->tetherCtrl.enableForwarding(FORWARDING_REQUESTER)
177 : gCtls->tetherCtrl.disableForwarding(FORWARDING_REQUESTER);
178
179 if (!success) {
180 return ScopedAStatus::fromServiceSpecificError(STATUS_UNKNOWN_ERROR);
181 } else {
182 return ScopedAStatus::ok();
183 }
184 }
185
setForwardingBetweenInterfaces(const std::string & inputIfName,const std::string & outputIfName,bool enable)186 ScopedAStatus NetdHwAidlService::setForwardingBetweenInterfaces(const std::string& inputIfName,
187 const std::string& outputIfName,
188 bool enable) {
189 std::lock_guard _lock(gCtls->tetherCtrl.lock);
190
191 // TODO: check that one interface is an OEM interface and the other is another OEM interface, an
192 // IPsec interface or a dummy interface.
193 int ret = enable ? RouteController::enableTethering(inputIfName.c_str(), outputIfName.c_str())
194 : RouteController::disableTethering(inputIfName.c_str(), outputIfName.c_str());
195 if (ret != 0) {
196 return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
197 } else {
198 return ScopedAStatus::ok();
199 }
200 }
201
202 } // namespace aidl
203 } // namespace net
204 } // namespace android
205