1 /** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net; 18 19 import android.net.UidRange; 20 21 /** {@hide} */ 22 interface INetd { 23 /** 24 * Returns true if the service is responding. 25 */ isAlive()26 boolean isAlive(); 27 28 /** 29 * Replaces the contents of the specified UID-based firewall chain. 30 * 31 * The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP 32 * rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN 33 * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified 34 * UIDs, and a DROP rule at the end. The chain will be created if it does not exist. 35 * 36 * @param chainName The name of the chain to replace. 37 * @param isWhitelist Whether this is a whitelist or blacklist chain. 38 * @param uids The list of UIDs to allow/deny. 39 * @return true if the chain was successfully replaced, false otherwise. 40 */ firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids)41 boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids); 42 43 /** 44 * Enables or disables data saver mode on costly network interfaces. 45 * 46 * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly 47 * interfaces. Traffic to/from other apps or on other network interfaces is allowed. 48 * - When enabled, only apps that are in the happy box chain and not in the penalty box chain 49 * are allowed network connectivity on costly interfaces. All other packets on these 50 * interfaces are rejected. The happy box chain always contains all system UIDs; to disallow 51 * traffic from system UIDs, place them in the penalty box chain. 52 * 53 * By default, data saver mode is disabled. This command has no effect but might still return an 54 * error) if {@code enable} is the same as the current value. 55 * 56 * @param enable whether to enable or disable data saver mode. 57 * @return true if the if the operation was successful, false otherwise. 58 */ bandwidthEnableDataSaver(boolean enable)59 boolean bandwidthEnableDataSaver(boolean enable); 60 61 /** 62 * Adds or removes one rule for each supplied UID range to prohibit all network activity outside 63 * of secure VPN. 64 * 65 * When a UID is covered by one of these rules, traffic sent through any socket that is not 66 * protected or explicitly overriden by the system will be rejected. The kernel will respond 67 * with an ICMP prohibit message. 68 * 69 * Initially, there are no such rules. Any rules that are added will only last until the next 70 * restart of netd or the device. 71 * 72 * @param add {@code true} if the specified UID ranges should be denied access to any network 73 * which is not secure VPN by adding rules, {@code false} to remove existing rules. 74 * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or 75 * remove this restriction. 76 * <p> Added rules should not overlap with existing rules. Likewise, removed rules should 77 * each correspond to an existing rule. 78 * 79 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 80 * unix errno. 81 */ networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges)82 void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges); 83 84 /** 85 * Administratively closes sockets belonging to the specified UIDs. 86 */ socketDestroy(in UidRange[] uidRanges, in int[] exemptUids)87 void socketDestroy(in UidRange[] uidRanges, in int[] exemptUids); 88 89 // Array indices for resolver parameters. 90 const int RESOLVER_PARAMS_SAMPLE_VALIDITY = 0; 91 const int RESOLVER_PARAMS_SUCCESS_THRESHOLD = 1; 92 const int RESOLVER_PARAMS_MIN_SAMPLES = 2; 93 const int RESOLVER_PARAMS_MAX_SAMPLES = 3; 94 const int RESOLVER_PARAMS_COUNT = 4; 95 96 /** 97 * Sets the name servers, search domains and resolver params for the given network. Flushes the 98 * cache as needed (i.e. when the servers or the number of samples to store changes). 99 * 100 * @param netId the network ID of the network for which information should be configured. 101 * @param servers the DNS servers to configure for the network. 102 * @param domains the search domains to configure. 103 * @param params the params to set. This array contains RESOLVER_PARAMS_COUNT integers that 104 * encode the contents of Bionic's __res_params struct, i.e. sample_validity is stored at 105 * position RESOLVER_PARAMS_SAMPLE_VALIDITY, etc. 106 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 107 * unix errno. 108 */ setResolverConfiguration(int netId, in @utf8InCpp String[] servers, in @utf8InCpp String[] domains, in int[] params)109 void setResolverConfiguration(int netId, in @utf8InCpp String[] servers, 110 in @utf8InCpp String[] domains, in int[] params); 111 112 // Array indices for resolver stats. 113 const int RESOLVER_STATS_SUCCESSES = 0; 114 const int RESOLVER_STATS_ERRORS = 1; 115 const int RESOLVER_STATS_TIMEOUTS = 2; 116 const int RESOLVER_STATS_INTERNAL_ERRORS = 3; 117 const int RESOLVER_STATS_RTT_AVG = 4; 118 const int RESOLVER_STATS_LAST_SAMPLE_TIME = 5; 119 const int RESOLVER_STATS_USABLE = 6; 120 const int RESOLVER_STATS_COUNT = 7; 121 122 /** 123 * Retrieves the name servers, search domains and resolver stats associated with the given 124 * network ID. 125 * 126 * @param netId the network ID of the network for which information should be retrieved. 127 * @param servers the DNS servers that are currently configured for the network. 128 * @param domains the search domains currently configured. 129 * @param params the resolver parameters configured, i.e. the contents of __res_params in order. 130 * @param stats the stats for each server in the order specified by RESOLVER_STATS_XXX 131 * constants, serialized as an int array. The contents of this array are the number of 132 * <ul> 133 * <li> successes, 134 * <li> errors, 135 * <li> timeouts, 136 * <li> internal errors, 137 * <li> the RTT average, 138 * <li> the time of the last recorded sample, 139 * <li> and an integer indicating whether the server is usable (1) or broken (0). 140 * </ul> 141 * in this order. For example, the timeout counter for server N is stored at position 142 * RESOLVER_STATS_COUNT*N + RESOLVER_STATS_TIMEOUTS 143 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 144 * unix errno. 145 */ getResolverInfo(int netId, out @utf8InCpp String[] servers, out @utf8InCpp String[] domains, out int[] params, out int[] stats)146 void getResolverInfo(int netId, out @utf8InCpp String[] servers, 147 out @utf8InCpp String[] domains, out int[] params, out int[] stats); 148 149 /** 150 * Instruct the tethering DNS server to reevaluated serving interfaces. 151 * This is needed to for the DNS server to observe changes in the set 152 * of potential listening IP addresses. (Listening on wildcard addresses 153 * can turn the device into an open resolver; b/7530468) 154 * 155 * TODO: Return something richer than just a boolean. 156 */ tetherApplyDnsInterfaces()157 boolean tetherApplyDnsInterfaces(); 158 159 /** 160 * Add/Remove and IP address from an interface. 161 * 162 * @param ifName the interface name 163 * @param addrString the IP address to add/remove as a string literal 164 * @param prefixLength the prefix length associated with this IP address 165 * 166 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the 167 * unix errno. 168 */ interfaceAddAddress(in @tf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength)169 void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, 170 int prefixLength); interfaceDelAddress(in @tf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength)171 void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString, 172 int prefixLength); 173 174 /** 175 * Set and get /proc/sys/net interface configuration parameters. 176 * 177 * @param family One of IPV4/IPV6 integers, indicating the desired address family directory. 178 * @param which One of CONF/NEIGH integers, indicating the desired parameter category directory. 179 * @param ifname The interface name portion of the path; may also be "all" or "default". 180 * @param parameter The parameter name portion of the path. 181 * @param value The value string to be written into the assembled path. 182 */ 183 184 const int IPV4 = 4; 185 const int IPV6 = 6; 186 const int CONF = 1; 187 const int NEIGH = 2; setProcSysNet(int family, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value)188 void setProcSysNet(int family, int which, in @utf8InCpp String ifname, 189 in @utf8InCpp String parameter, in @utf8InCpp String value); 190 // TODO: add corresponding getProcSysNet(). 191 192 /** 193 * Get/Set metrics reporting level. 194 * 195 * Reporting level is one of: 196 * 0 (NONE) 197 * 1 (METRICS) 198 * 2 (FULL) 199 */ getMetricsReportingLevel()200 int getMetricsReportingLevel(); setMetricsReportingLevel(int level)201 void setMetricsReportingLevel(int level); 202 } 203