• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "NetdHwAidlService.h"
18 #include <android/binder_manager.h>
19 #include <android/binder_process.h>
20 #include "Controllers.h"
21 #include "Fwmark.h"
22 #include "RouteController.h"
23 #include "TetherController.h"
24 
25 // Tells TetherController::enableForwarding who is requesting forwarding, so that TetherController
26 // can manage/refcount requests to enable forwarding by multiple parties such as the framework, this
27 // binder interface, and the legacy "ndc ipfwd enable <requester>" commands.
28 namespace {
29 constexpr const char* FORWARDING_REQUESTER = "NetdHwAidlService";
30 }
31 
32 namespace android {
33 namespace net {
34 namespace aidl {
35 
toHalStatus(int ret)36 static int toHalStatus(int ret) {
37     switch (ret) {
38         case 0:
39             return 0;
40         case -EINVAL:
41             return NetdHwAidlService::STATUS_INVALID_ARGUMENTS;
42         case -EEXIST:
43             return NetdHwAidlService::STATUS_ALREADY_EXISTS;
44         case -ENONET:
45             return NetdHwAidlService::STATUS_NO_NETWORK;
46         case -EPERM:
47             return NetdHwAidlService::STATUS_PERMISSION_DENIED;
48         default:
49             ALOGE("HAL service error=%d", ret);
50             return NetdHwAidlService::STATUS_UNKNOWN_ERROR;
51     }
52 }
53 
run()54 void NetdHwAidlService::run() {
55     std::shared_ptr<NetdHwAidlService> service = ndk::SharedRefBase::make<NetdHwAidlService>();
56 
57     const std::string instance = std::string() + NetdHwAidlService::descriptor + "/default";
58     binder_status_t status =
59             AServiceManager_addService(service->asBinder().get(), instance.c_str());
60     if (status != STATUS_OK) {
61         ALOGE("Failed to register AIDL INetd service. Status: %d.", status);
62         return;
63     }
64 
65     ABinderProcess_joinThreadPool();
66 }
67 
createOemNetwork(OemNetwork * network)68 ScopedAStatus NetdHwAidlService::createOemNetwork(OemNetwork* network) {
69     unsigned netId;
70     Permission permission = PERMISSION_SYSTEM;
71 
72     int ret = gCtls->netCtrl.createPhysicalOemNetwork(permission, &netId);
73 
74     Fwmark fwmark;
75     fwmark.netId = netId;
76     fwmark.explicitlySelected = true;
77     fwmark.protectedFromVpn = true;
78     fwmark.permission = PERMISSION_SYSTEM;
79     network->networkHandle = netIdToNetHandle(netId);
80     network->packetMark = fwmark.intValue;
81     if (ret != 0) {
82         return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
83     } else {
84         return ScopedAStatus::ok();
85     }
86 }
87 
88 // Vendor code can only modify OEM networks. All other networks are managed by ConnectivityService.
89 #define RETURN_IF_NOT_OEM_NETWORK(netId)                                                          \
90     if (((netId) < NetworkController::MIN_OEM_ID) || ((netId) > NetworkController::MAX_OEM_ID)) { \
91         return ScopedAStatus::fromServiceSpecificError(STATUS_INVALID_ARGUMENTS);                 \
92     }
93 
destroyOemNetwork(int64_t netHandle)94 ScopedAStatus NetdHwAidlService::destroyOemNetwork(int64_t netHandle) {
95     unsigned netId = netHandleToNetId(netHandle);
96     RETURN_IF_NOT_OEM_NETWORK(netId);
97 
98     auto ret = toHalStatus(gCtls->netCtrl.destroyNetwork(netId));
99     if (ret != 0) {
100         return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
101     } else {
102         return ScopedAStatus::ok();
103     }
104 }
105 
maybeNullString(const std::string & nexthop)106 const char* maybeNullString(const std::string& nexthop) {
107     // std::strings can't be null, but RouteController wants null instead of an empty string.
108     const char* nh = nexthop.c_str();
109     if (nh && !*nh) {
110         nh = nullptr;
111     }
112     return nh;
113 }
114 
addRouteToOemNetwork(int64_t networkHandle,const std::string & ifname,const std::string & destination,const std::string & nexthop)115 ScopedAStatus NetdHwAidlService::addRouteToOemNetwork(int64_t networkHandle,
116                                                       const std::string& ifname,
117                                                       const std::string& destination,
118                                                       const std::string& nexthop) {
119     unsigned netId = netHandleToNetId(networkHandle);
120     RETURN_IF_NOT_OEM_NETWORK(netId);
121 
122     auto ret = gCtls->netCtrl.addRoute(netId, ifname.c_str(), destination.c_str(),
123                                        maybeNullString(nexthop), false, INVALID_UID, 0 /* mtu */);
124     if (ret != 0) {
125         return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
126     } else {
127         return ScopedAStatus::ok();
128     }
129 }
130 
removeRouteFromOemNetwork(int64_t networkHandle,const std::string & ifname,const std::string & destination,const std::string & nexthop)131 ScopedAStatus NetdHwAidlService::removeRouteFromOemNetwork(int64_t networkHandle,
132                                                            const std::string& ifname,
133                                                            const std::string& destination,
134                                                            const std::string& nexthop) {
135     unsigned netId = netHandleToNetId(networkHandle);
136     RETURN_IF_NOT_OEM_NETWORK(netId);
137 
138     auto ret = gCtls->netCtrl.removeRoute(netId, ifname.c_str(), destination.c_str(),
139                                           maybeNullString(nexthop), false, INVALID_UID);
140     if (ret != 0) {
141         return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
142     } else {
143         return ScopedAStatus::ok();
144     }
145 }
146 
addInterfaceToOemNetwork(int64_t networkHandle,const std::string & ifname)147 ScopedAStatus NetdHwAidlService::addInterfaceToOemNetwork(int64_t networkHandle,
148                                                           const std::string& ifname) {
149     unsigned netId = netHandleToNetId(networkHandle);
150     RETURN_IF_NOT_OEM_NETWORK(netId);
151 
152     auto ret = gCtls->netCtrl.addInterfaceToNetwork(netId, ifname.c_str());
153     if (ret != 0) {
154         return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
155     } else {
156         return ScopedAStatus::ok();
157     }
158 }
159 
removeInterfaceFromOemNetwork(int64_t networkHandle,const std::string & ifname)160 ScopedAStatus NetdHwAidlService::removeInterfaceFromOemNetwork(int64_t networkHandle,
161                                                                const std::string& ifname) {
162     unsigned netId = netHandleToNetId(networkHandle);
163     RETURN_IF_NOT_OEM_NETWORK(netId);
164 
165     auto ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, ifname.c_str());
166     if (ret != 0) {
167         return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
168     } else {
169         return ScopedAStatus::ok();
170     }
171 }
172 
setIpForwardEnable(bool enable)173 ScopedAStatus NetdHwAidlService::setIpForwardEnable(bool enable) {
174     std::lock_guard _lock(gCtls->tetherCtrl.lock);
175 
176     bool success = enable ? gCtls->tetherCtrl.enableForwarding(FORWARDING_REQUESTER)
177                           : gCtls->tetherCtrl.disableForwarding(FORWARDING_REQUESTER);
178 
179     if (!success) {
180         return ScopedAStatus::fromServiceSpecificError(STATUS_UNKNOWN_ERROR);
181     } else {
182         return ScopedAStatus::ok();
183     }
184 }
185 
setForwardingBetweenInterfaces(const std::string & inputIfName,const std::string & outputIfName,bool enable)186 ScopedAStatus NetdHwAidlService::setForwardingBetweenInterfaces(const std::string& inputIfName,
187                                                                 const std::string& outputIfName,
188                                                                 bool enable) {
189     std::lock_guard _lock(gCtls->tetherCtrl.lock);
190 
191     // TODO: check that one interface is an OEM interface and the other is another OEM interface, an
192     // IPsec interface or a dummy interface.
193     int ret = enable ? RouteController::enableTethering(inputIfName.c_str(), outputIfName.c_str())
194                      : RouteController::disableTethering(inputIfName.c_str(), outputIfName.c_str());
195     if (ret != 0) {
196         return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret));
197     } else {
198         return ScopedAStatus::ok();
199     }
200 }
201 
202 }  // namespace aidl
203 }  // namespace net
204 }  // namespace android
205