1 /**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "Netd"
18
19 #include <vector>
20
21 #include <android-base/stringprintf.h>
22 #include <cutils/log.h>
23 #include <cutils/properties.h>
24 #include <utils/Errors.h>
25 #include <utils/String16.h>
26
27 #include <binder/IPCThreadState.h>
28 #include <binder/IServiceManager.h>
29 #include "android/net/BnNetd.h"
30
31 #include <openssl/base64.h>
32
33 #include "Controllers.h"
34 #include "DumpWriter.h"
35 #include "EventReporter.h"
36 #include "InterfaceController.h"
37 #include "NetdConstants.h"
38 #include "NetdNativeService.h"
39 #include "RouteController.h"
40 #include "SockDiag.h"
41 #include "UidRanges.h"
42
43 using android::base::StringPrintf;
44
45 namespace android {
46 namespace net {
47
48 namespace {
49
50 const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
51 const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
52 const char DUMP[] = "android.permission.DUMP";
53
toBinderStatus(const netdutils::Status s)54 binder::Status toBinderStatus(const netdutils::Status s) {
55 if (isOk(s)) {
56 return binder::Status::ok();
57 }
58 return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str());
59 }
60
checkPermission(const char * permission)61 binder::Status checkPermission(const char *permission) {
62 pid_t pid;
63 uid_t uid;
64
65 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
66 return binder::Status::ok();
67 } else {
68 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
69 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
70 }
71 }
72
getXfrmStatus(int xfrmCode)73 binder::Status getXfrmStatus(int xfrmCode) {
74 switch(xfrmCode) {
75 case 0:
76 return binder::Status::ok();
77 case -ENOENT:
78 return binder::Status::fromServiceSpecificError(xfrmCode);
79 }
80 return binder::Status::fromExceptionCode(xfrmCode);
81 }
82
83 #define ENFORCE_DEBUGGABLE() { \
84 char value[PROPERTY_VALUE_MAX + 1]; \
85 if (property_get("ro.debuggable", value, NULL) != 1 \
86 || value[0] != '1') { \
87 return binder::Status::fromExceptionCode( \
88 binder::Status::EX_SECURITY, \
89 String8("Not available in production builds.") \
90 ); \
91 } \
92 }
93
94 #define ENFORCE_PERMISSION(permission) { \
95 binder::Status status = checkPermission((permission)); \
96 if (!status.isOk()) { \
97 return status; \
98 } \
99 }
100
101 #define NETD_LOCKING_RPC(permission, lock) \
102 ENFORCE_PERMISSION(permission); \
103 android::RWLock::AutoWLock _lock(lock);
104
105 #define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
106 } // namespace
107
108
start()109 status_t NetdNativeService::start() {
110 IPCThreadState::self()->disableBackgroundScheduling(true);
111 status_t ret = BinderService<NetdNativeService>::publish();
112 if (ret != android::OK) {
113 return ret;
114 }
115 sp<ProcessState> ps(ProcessState::self());
116 ps->startThreadPool();
117 ps->giveThreadPoolName();
118 return android::OK;
119 }
120
dump(int fd,const Vector<String16> &)121 status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
122 const binder::Status dump_permission = checkPermission(DUMP);
123 if (!dump_permission.isOk()) {
124 const String8 msg(dump_permission.toString8());
125 write(fd, msg.string(), msg.size());
126 return PERMISSION_DENIED;
127 }
128
129 // This method does not grab any locks. If individual classes need locking
130 // their dump() methods MUST handle locking appropriately.
131 DumpWriter dw(fd);
132 dw.blankline();
133 gCtls->netCtrl.dump(dw);
134 dw.blankline();
135
136 return NO_ERROR;
137 }
138
isAlive(bool * alive)139 binder::Status NetdNativeService::isAlive(bool *alive) {
140 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
141
142 *alive = true;
143 return binder::Status::ok();
144 }
145
firewallReplaceUidChain(const android::String16 & chainName,bool isWhitelist,const std::vector<int32_t> & uids,bool * ret)146 binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
147 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
148 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
149
150 android::String8 name = android::String8(chainName);
151 int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
152 *ret = (err == 0);
153 return binder::Status::ok();
154 }
155
bandwidthEnableDataSaver(bool enable,bool * ret)156 binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
157 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
158
159 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
160 *ret = (err == 0);
161 return binder::Status::ok();
162 }
163
networkRejectNonSecureVpn(bool add,const std::vector<UidRange> & uidRangeArray)164 binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
165 const std::vector<UidRange>& uidRangeArray) {
166 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
167 // it should be possible to use the same lock as NetworkController. However, every call through
168 // the CommandListener "network" command will need to hold this lock too, not just the ones that
169 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
170 // look at routes, but it's not enough here).
171 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
172
173 UidRanges uidRanges(uidRangeArray);
174
175 int err;
176 if (add) {
177 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
178 } else {
179 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
180 }
181
182 if (err != 0) {
183 return binder::Status::fromServiceSpecificError(-err,
184 String8::format("RouteController error: %s", strerror(-err)));
185 }
186 return binder::Status::ok();
187 }
188
socketDestroy(const std::vector<UidRange> & uids,const std::vector<int32_t> & skipUids)189 binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
190 const std::vector<int32_t>& skipUids) {
191
192 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
193
194 SockDiag sd;
195 if (!sd.open()) {
196 return binder::Status::fromServiceSpecificError(EIO,
197 String8("Could not open SOCK_DIAG socket"));
198 }
199
200 UidRanges uidRanges(uids);
201 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
202 true /* excludeLoopback */);
203
204 if (err) {
205 return binder::Status::fromServiceSpecificError(-err,
206 String8::format("destroySockets: %s", strerror(-err)));
207 }
208 return binder::Status::ok();
209 }
210
setResolverConfiguration(int32_t netId,const std::vector<std::string> & servers,const std::vector<std::string> & domains,const std::vector<int32_t> & params)211 binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
212 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
213 const std::vector<int32_t>& params) {
214 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
215 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
216
217 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params);
218 if (err != 0) {
219 return binder::Status::fromServiceSpecificError(-err,
220 String8::format("ResolverController error: %s", strerror(-err)));
221 }
222 return binder::Status::ok();
223 }
224
getResolverInfo(int32_t netId,std::vector<std::string> * servers,std::vector<std::string> * domains,std::vector<int32_t> * params,std::vector<int32_t> * stats)225 binder::Status NetdNativeService::getResolverInfo(int32_t netId,
226 std::vector<std::string>* servers, std::vector<std::string>* domains,
227 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
228 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
229 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
230
231 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
232 if (err != 0) {
233 return binder::Status::fromServiceSpecificError(-err,
234 String8::format("ResolverController error: %s", strerror(-err)));
235 }
236 return binder::Status::ok();
237 }
238
addPrivateDnsServer(const std::string & server,int32_t port,const std::string & fingerprintAlgorithm,const std::vector<std::string> & fingerprints)239 binder::Status NetdNativeService::addPrivateDnsServer(const std::string& server, int32_t port,
240 const std::string& fingerprintAlgorithm, const std::vector<std::string>& fingerprints) {
241 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
242 std::set<std::vector<uint8_t>> decoded_fingerprints;
243 for (const std::string& input : fingerprints) {
244 size_t out_len;
245 if (EVP_DecodedLength(&out_len, input.size()) != 1) {
246 return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT,
247 "ResolverController error: bad fingerprint length");
248 }
249 // out_len is now an upper bound on the output length.
250 std::vector<uint8_t> decoded(out_len);
251 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
252 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
253 // Possibly shrink the vector if the actual output was smaller than the bound.
254 decoded.resize(out_len);
255 } else {
256 return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT,
257 "ResolverController error: Base64 parsing failed");
258 }
259 decoded_fingerprints.insert(decoded);
260 }
261 const int err = gCtls->resolverCtrl.addPrivateDnsServer(server, port,
262 fingerprintAlgorithm, decoded_fingerprints);
263 if (err != INetd::PRIVATE_DNS_SUCCESS) {
264 return binder::Status::fromServiceSpecificError(err,
265 String8::format("ResolverController error: %d", err));
266 }
267 return binder::Status::ok();
268 }
269
removePrivateDnsServer(const std::string & server)270 binder::Status NetdNativeService::removePrivateDnsServer(const std::string& server) {
271 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
272 const int err = gCtls->resolverCtrl.removePrivateDnsServer(server);
273 if (err != INetd::PRIVATE_DNS_SUCCESS) {
274 return binder::Status::fromServiceSpecificError(err,
275 String8::format("ResolverController error: %d", err));
276 }
277 return binder::Status::ok();
278 }
279
tetherApplyDnsInterfaces(bool * ret)280 binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
281 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
282
283 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
284 return binder::Status::ok();
285 }
286
interfaceAddAddress(const std::string & ifName,const std::string & addrString,int prefixLength)287 binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
288 const std::string &addrString, int prefixLength) {
289 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
290
291 const int err = InterfaceController::addAddress(
292 ifName.c_str(), addrString.c_str(), prefixLength);
293 if (err != 0) {
294 return binder::Status::fromServiceSpecificError(-err,
295 String8::format("InterfaceController error: %s", strerror(-err)));
296 }
297 return binder::Status::ok();
298 }
299
interfaceDelAddress(const std::string & ifName,const std::string & addrString,int prefixLength)300 binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
301 const std::string &addrString, int prefixLength) {
302 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
303
304 const int err = InterfaceController::delAddress(
305 ifName.c_str(), addrString.c_str(), prefixLength);
306 if (err != 0) {
307 return binder::Status::fromServiceSpecificError(-err,
308 String8::format("InterfaceController error: %s", strerror(-err)));
309 }
310 return binder::Status::ok();
311 }
312
setProcSysNet(int32_t family,int32_t which,const std::string & ifname,const std::string & parameter,const std::string & value)313 binder::Status NetdNativeService::setProcSysNet(
314 int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter,
315 const std::string &value) {
316 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
317
318 const char *familyStr;
319 switch (family) {
320 case INetd::IPV4:
321 familyStr = "ipv4";
322 break;
323 case INetd::IPV6:
324 familyStr = "ipv6";
325 break;
326 default:
327 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
328 }
329
330 const char *whichStr;
331 switch (which) {
332 case INetd::CONF:
333 whichStr = "conf";
334 break;
335 case INetd::NEIGH:
336 whichStr = "neigh";
337 break;
338 default:
339 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
340 }
341
342 const int err = InterfaceController::setParameter(
343 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
344 value.c_str());
345 if (err != 0) {
346 return binder::Status::fromServiceSpecificError(-err,
347 String8::format("ResolverController error: %s", strerror(-err)));
348 }
349 return binder::Status::ok();
350 }
351
getMetricsReportingLevel(int * reportingLevel)352 binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
353 // This function intentionally does not lock, since the only thing it does is one read from an
354 // atomic_int.
355 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
356 ENFORCE_DEBUGGABLE();
357
358 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
359 return binder::Status::ok();
360 }
361
setMetricsReportingLevel(const int reportingLevel)362 binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
363 // This function intentionally does not lock, since the only thing it does is one write to an
364 // atomic_int.
365 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
366 ENFORCE_DEBUGGABLE();
367
368 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
369 ? binder::Status::ok()
370 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
371 }
372
ipSecAllocateSpi(int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t inSpi,int32_t * outSpi)373 binder::Status NetdNativeService::ipSecAllocateSpi(
374 int32_t transformId,
375 int32_t direction,
376 const std::string& localAddress,
377 const std::string& remoteAddress,
378 int32_t inSpi,
379 int32_t* outSpi) {
380 // Necessary locking done in IpSecService and kernel
381 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
382 ALOGD("ipSecAllocateSpi()");
383 return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
384 transformId,
385 direction,
386 localAddress,
387 remoteAddress,
388 inSpi,
389 outSpi));
390 }
391
ipSecAddSecurityAssociation(int32_t transformId,int32_t mode,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int64_t underlyingNetworkHandle,int32_t spi,const std::string & authAlgo,const std::vector<uint8_t> & authKey,int32_t authTruncBits,const std::string & cryptAlgo,const std::vector<uint8_t> & cryptKey,int32_t cryptTruncBits,int32_t encapType,int32_t encapLocalPort,int32_t encapRemotePort)392 binder::Status NetdNativeService::ipSecAddSecurityAssociation(
393 int32_t transformId,
394 int32_t mode,
395 int32_t direction,
396 const std::string& localAddress,
397 const std::string& remoteAddress,
398 int64_t underlyingNetworkHandle,
399 int32_t spi,
400 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
401 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
402 int32_t encapType,
403 int32_t encapLocalPort,
404 int32_t encapRemotePort) {
405 // Necessary locking done in IpSecService and kernel
406 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
407 ALOGD("ipSecAddSecurityAssociation()");
408 return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
409 transformId, mode, direction, localAddress, remoteAddress,
410 underlyingNetworkHandle,
411 spi,
412 authAlgo, authKey, authTruncBits,
413 cryptAlgo, cryptKey, cryptTruncBits,
414 encapType, encapLocalPort, encapRemotePort));
415 }
416
ipSecDeleteSecurityAssociation(int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t spi)417 binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
418 int32_t transformId,
419 int32_t direction,
420 const std::string& localAddress,
421 const std::string& remoteAddress,
422 int32_t spi) {
423 // Necessary locking done in IpSecService and kernel
424 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
425 ALOGD("ipSecDeleteSecurityAssociation()");
426 return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
427 transformId,
428 direction,
429 localAddress,
430 remoteAddress,
431 spi));
432 }
433
ipSecApplyTransportModeTransform(const android::base::unique_fd & socket,int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t spi)434 binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
435 const android::base::unique_fd& socket,
436 int32_t transformId,
437 int32_t direction,
438 const std::string& localAddress,
439 const std::string& remoteAddress,
440 int32_t spi) {
441 // Necessary locking done in IpSecService and kernel
442 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
443 ALOGD("ipSecApplyTransportModeTransform()");
444 return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
445 socket,
446 transformId,
447 direction,
448 localAddress,
449 remoteAddress,
450 spi));
451 }
452
ipSecRemoveTransportModeTransform(const android::base::unique_fd & socket)453 binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
454 const android::base::unique_fd& socket) {
455 // Necessary locking done in IpSecService and kernel
456 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
457 ALOGD("ipSecRemoveTransportModeTransform()");
458 return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
459 socket));
460 }
461
setIPv6AddrGenMode(const std::string & ifName,int32_t mode)462 binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
463 int32_t mode) {
464 ENFORCE_PERMISSION(NETWORK_STACK);
465 return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
466 }
467
wakeupAddInterface(const std::string & ifName,const std::string & prefix,int32_t mark,int32_t mask)468 binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
469 const std::string& prefix, int32_t mark,
470 int32_t mask) {
471 ENFORCE_PERMISSION(NETWORK_STACK);
472 return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
473 }
474
wakeupDelInterface(const std::string & ifName,const std::string & prefix,int32_t mark,int32_t mask)475 binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
476 const std::string& prefix, int32_t mark,
477 int32_t mask) {
478 ENFORCE_PERMISSION(NETWORK_STACK);
479 return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
480 }
481
482 } // namespace net
483 } // namespace android
484