• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * Copyright (c) 2016, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net;
18 
19 import android.net.UidRange;
20 
21 /** {@hide} */
22 interface INetd {
23     /**
24      * Returns true if the service is responding.
25      */
isAlive()26     boolean isAlive();
27 
28     /**
29      * Replaces the contents of the specified UID-based firewall chain.
30      *
31      * The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP
32      * rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN
33      * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified
34      * UIDs, and a DROP rule at the end. The chain will be created if it does not exist.
35      *
36      * @param chainName The name of the chain to replace.
37      * @param isWhitelist Whether this is a whitelist or blacklist chain.
38      * @param uids The list of UIDs to allow/deny.
39      * @return true if the chain was successfully replaced, false otherwise.
40      */
firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids)41     boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids);
42 
43     /**
44      * Enables or disables data saver mode on costly network interfaces.
45      *
46      * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly
47      *   interfaces. Traffic to/from other apps or on other network interfaces is allowed.
48      * - When enabled, only apps that are in the happy box chain and not in the penalty box chain
49      *   are allowed network connectivity on costly interfaces. All other packets on these
50      *   interfaces are rejected. The happy box chain always contains all system UIDs; to disallow
51      *   traffic from system UIDs, place them in the penalty box chain.
52      *
53      * By default, data saver mode is disabled. This command has no effect but might still return an
54      * error) if {@code enable} is the same as the current value.
55      *
56      * @param enable whether to enable or disable data saver mode.
57      * @return true if the if the operation was successful, false otherwise.
58      */
bandwidthEnableDataSaver(boolean enable)59     boolean bandwidthEnableDataSaver(boolean enable);
60 
61     /**
62      * Adds or removes one rule for each supplied UID range to prohibit all network activity outside
63      * of secure VPN.
64      *
65      * When a UID is covered by one of these rules, traffic sent through any socket that is not
66      * protected or explicitly overriden by the system will be rejected. The kernel will respond
67      * with an ICMP prohibit message.
68      *
69      * Initially, there are no such rules. Any rules that are added will only last until the next
70      * restart of netd or the device.
71      *
72      * @param add {@code true} if the specified UID ranges should be denied access to any network
73      *        which is not secure VPN by adding rules, {@code false} to remove existing rules.
74      * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or
75      *        remove this restriction.
76      *        <p> Added rules should not overlap with existing rules. Likewise, removed rules should
77      *        each correspond to an existing rule.
78      *
79      * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
80      *         unix errno.
81      */
networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges)82     void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges);
83 
84     /**
85      * Administratively closes sockets belonging to the specified UIDs.
86      */
socketDestroy(in UidRange[] uidRanges, in int[] exemptUids)87     void socketDestroy(in UidRange[] uidRanges, in int[] exemptUids);
88 
89     // Array indices for resolver parameters.
90     const int RESOLVER_PARAMS_SAMPLE_VALIDITY = 0;
91     const int RESOLVER_PARAMS_SUCCESS_THRESHOLD = 1;
92     const int RESOLVER_PARAMS_MIN_SAMPLES = 2;
93     const int RESOLVER_PARAMS_MAX_SAMPLES = 3;
94     const int RESOLVER_PARAMS_COUNT = 4;
95 
96     /**
97      * Sets the name servers, search domains and resolver params for the given network. Flushes the
98      * cache as needed (i.e. when the servers or the number of samples to store changes).
99      *
100      * @param netId the network ID of the network for which information should be configured.
101      * @param servers the DNS servers to configure for the network.
102      * @param domains the search domains to configure.
103      * @param params the params to set. This array contains RESOLVER_PARAMS_COUNT integers that
104      *   encode the contents of Bionic's __res_params struct, i.e. sample_validity is stored at
105      *   position RESOLVER_PARAMS_SAMPLE_VALIDITY, etc.
106      * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
107      *         unix errno.
108      */
setResolverConfiguration(int netId, in @utf8InCpp String[] servers, in @utf8InCpp String[] domains, in int[] params)109     void setResolverConfiguration(int netId, in @utf8InCpp String[] servers,
110             in @utf8InCpp String[] domains, in int[] params);
111 
112     // Array indices for resolver stats.
113     const int RESOLVER_STATS_SUCCESSES = 0;
114     const int RESOLVER_STATS_ERRORS = 1;
115     const int RESOLVER_STATS_TIMEOUTS = 2;
116     const int RESOLVER_STATS_INTERNAL_ERRORS = 3;
117     const int RESOLVER_STATS_RTT_AVG = 4;
118     const int RESOLVER_STATS_LAST_SAMPLE_TIME = 5;
119     const int RESOLVER_STATS_USABLE = 6;
120     const int RESOLVER_STATS_COUNT = 7;
121 
122     /**
123      * Retrieves the name servers, search domains and resolver stats associated with the given
124      * network ID.
125      *
126      * @param netId the network ID of the network for which information should be retrieved.
127      * @param servers the DNS servers that are currently configured for the network.
128      * @param domains the search domains currently configured.
129      * @param params the resolver parameters configured, i.e. the contents of __res_params in order.
130      * @param stats the stats for each server in the order specified by RESOLVER_STATS_XXX
131      *         constants, serialized as an int array. The contents of this array are the number of
132      *         <ul>
133      *           <li> successes,
134      *           <li> errors,
135      *           <li> timeouts,
136      *           <li> internal errors,
137      *           <li> the RTT average,
138      *           <li> the time of the last recorded sample,
139      *           <li> and an integer indicating whether the server is usable (1) or broken (0).
140      *         </ul>
141      *         in this order. For example, the timeout counter for server N is stored at position
142      *         RESOLVER_STATS_COUNT*N + RESOLVER_STATS_TIMEOUTS
143      * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
144      *         unix errno.
145      */
getResolverInfo(int netId, out @utf8InCpp String[] servers, out @utf8InCpp String[] domains, out int[] params, out int[] stats)146     void getResolverInfo(int netId, out @utf8InCpp String[] servers,
147             out @utf8InCpp String[] domains, out int[] params, out int[] stats);
148 
149     /**
150      * Instruct the tethering DNS server to reevaluated serving interfaces.
151      * This is needed to for the DNS server to observe changes in the set
152      * of potential listening IP addresses. (Listening on wildcard addresses
153      * can turn the device into an open resolver; b/7530468)
154      *
155      * TODO: Return something richer than just a boolean.
156      */
tetherApplyDnsInterfaces()157     boolean tetherApplyDnsInterfaces();
158 
159     /**
160      * Add/Remove and IP address from an interface.
161      *
162      * @param ifName the interface name
163      * @param addrString the IP address to add/remove as a string literal
164      * @param prefixLength the prefix length associated with this IP address
165      *
166      * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
167      *         unix errno.
168      */
interfaceAddAddress(in @tf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength)169     void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
170             int prefixLength);
interfaceDelAddress(in @tf8InCpp String ifName, in @utf8InCpp String addrString, int prefixLength)171     void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
172             int prefixLength);
173 
174     /**
175      * Set and get /proc/sys/net interface configuration parameters.
176      *
177      * @param family One of IPV4/IPV6 integers, indicating the desired address family directory.
178      * @param which One of CONF/NEIGH integers, indicating the desired parameter category directory.
179      * @param ifname The interface name portion of the path; may also be "all" or "default".
180      * @param parameter The parameter name portion of the path.
181      * @param value The value string to be written into the assembled path.
182      */
183 
184     const int IPV4  = 4;
185     const int IPV6  = 6;
186     const int CONF  = 1;
187     const int NEIGH = 2;
setProcSysNet(int family, int which, in @utf8InCpp String ifname, in @utf8InCpp String parameter, in @utf8InCpp String value)188     void setProcSysNet(int family, int which, in @utf8InCpp String ifname,
189             in @utf8InCpp String parameter, in @utf8InCpp String value);
190     // TODO: add corresponding getProcSysNet().
191 
192     /**
193      * Get/Set metrics reporting level.
194      *
195      * Reporting level is one of:
196      *     0 (NONE)
197      *     1 (METRICS)
198      *     2 (FULL)
199      */
getMetricsReportingLevel()200     int getMetricsReportingLevel();
setMetricsReportingLevel(int level)201     void setMetricsReportingLevel(int level);
202 }
203