1 /** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef _NETD_NATIVE_SERVICE_H_ 18 #define _NETD_NATIVE_SERVICE_H_ 19 20 #include <vector> 21 22 #include <binder/BinderService.h> 23 24 #include "android/net/BnNetd.h" 25 #include "android/net/UidRange.h" 26 27 namespace android { 28 namespace net { 29 30 class NetdNativeService : public BinderService<NetdNativeService>, public BnNetd { 31 public: 32 static status_t start(); getServiceName()33 static char const* getServiceName() { return "netd"; } 34 virtual status_t dump(int fd, const Vector<String16> &args) override; 35 36 binder::Status isAlive(bool *alive) override; 37 38 // Firewall commands. 39 binder::Status firewallReplaceUidChain( 40 const String16& chainName, bool isWhitelist, 41 const std::vector<int32_t>& uids, bool *ret) override; 42 43 // Bandwidth control commands. 44 binder::Status bandwidthEnableDataSaver(bool enable, bool *ret) override; 45 46 // Network and routing commands. 47 binder::Status networkCreatePhysical(int32_t netId, const std::string& permission) 48 override; 49 binder::Status networkCreateVpn(int32_t netId, bool hasDns, bool secure) override; 50 binder::Status networkDestroy(int32_t netId) override; 51 52 binder::Status networkAddInterface(int32_t netId, const std::string& iface) override; 53 binder::Status networkRemoveInterface(int32_t netId, const std::string& iface) override; 54 55 binder::Status networkAddUidRanges(int32_t netId, const std::vector<UidRange>& uids) 56 override; 57 binder::Status networkRemoveUidRanges(int32_t netId, const std::vector<UidRange>& uids) 58 override; 59 binder::Status networkRejectNonSecureVpn(bool enable, const std::vector<UidRange>& uids) 60 override; 61 62 // SOCK_DIAG commands. 63 binder::Status socketDestroy(const std::vector<UidRange>& uids, 64 const std::vector<int32_t>& skipUids) override; 65 66 // Resolver commands. 67 binder::Status setResolverConfiguration(int32_t netId, const std::vector<std::string>& servers, 68 const std::vector<std::string>& domains, const std::vector<int32_t>& params, 69 const std::string& tlsName, 70 const std::vector<std::string>& tlsServers, 71 const std::vector<std::string>& tlsFingerprints) override; 72 binder::Status getResolverInfo(int32_t netId, std::vector<std::string>* servers, 73 std::vector<std::string>* domains, std::vector<int32_t>* params, 74 std::vector<int32_t>* stats) override; 75 76 binder::Status setIPv6AddrGenMode(const std::string& ifName, int32_t mode) override; 77 78 // NFLOG-related commands 79 binder::Status wakeupAddInterface(const std::string& ifName, const std::string& prefix, 80 int32_t mark, int32_t mask) override; 81 82 binder::Status wakeupDelInterface(const std::string& ifName, const std::string& prefix, 83 int32_t mark, int32_t mask) override; 84 85 // Tethering-related commands. 86 binder::Status tetherApplyDnsInterfaces(bool *ret) override; 87 binder::Status tetherGetStats(android::os::PersistableBundle *ret) override; 88 89 // Interface-related commands. 90 binder::Status interfaceAddAddress(const std::string &ifName, 91 const std::string &addrString, int prefixLength) override; 92 binder::Status interfaceDelAddress(const std::string &ifName, 93 const std::string &addrString, int prefixLength) override; 94 95 binder::Status setProcSysNet( 96 int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter, 97 const std::string &value) override; 98 99 // Metrics reporting level set / get (internal use only). 100 binder::Status getMetricsReportingLevel(int *reportingLevel) override; 101 binder::Status setMetricsReportingLevel(const int reportingLevel) override; 102 103 binder::Status ipSecSetEncapSocketOwner(const android::base::unique_fd& socket, int newUid); 104 105 binder::Status ipSecAllocateSpi( 106 int32_t transformId, 107 const std::string& localAddress, 108 const std::string& remoteAddress, 109 int32_t inSpi, 110 int32_t* outSpi); 111 112 binder::Status ipSecAddSecurityAssociation( 113 int32_t transformId, 114 int32_t mode, 115 const std::string& sourceAddress, 116 const std::string& destinationAddress, 117 int32_t underlyingNetId, 118 int32_t spi, 119 int32_t markValue, 120 int32_t markMask, 121 const std::string& authAlgo, 122 const std::vector<uint8_t>& authKey, 123 int32_t authTruncBits, 124 const std::string& cryptAlgo, 125 const std::vector<uint8_t>& cryptKey, 126 int32_t cryptTruncBits, 127 const std::string& aeadAlgo, 128 const std::vector<uint8_t>& aeadKey, 129 int32_t aeadIcvBits, 130 int32_t encapType, 131 int32_t encapLocalPort, 132 int32_t encapRemotePort); 133 134 binder::Status ipSecDeleteSecurityAssociation( 135 int32_t transformId, 136 const std::string& sourceAddress, 137 const std::string& destinationAddress, 138 int32_t spi, 139 int32_t markValue, 140 int32_t markMask); 141 142 binder::Status ipSecApplyTransportModeTransform( 143 const android::base::unique_fd& socket, 144 int32_t transformId, 145 int32_t direction, 146 const std::string& sourceAddress, 147 const std::string& destinationAddress, 148 int32_t spi); 149 150 binder::Status ipSecRemoveTransportModeTransform( 151 const android::base::unique_fd& socket); 152 153 binder::Status ipSecAddSecurityPolicy( 154 int32_t transformId, 155 int32_t direction, 156 const std::string& sourceAddress, 157 const std::string& destinationAddress, 158 int32_t spi, 159 int32_t markValue, 160 int32_t markMask); 161 162 binder::Status ipSecUpdateSecurityPolicy( 163 int32_t transformId, 164 int32_t direction, 165 const std::string& sourceAddress, 166 const std::string& destinationAddress, 167 int32_t spi, 168 int32_t markValue, 169 int32_t markMask); 170 171 binder::Status ipSecDeleteSecurityPolicy( 172 int32_t transformId, 173 int32_t direction, 174 const std::string& sourceAddress, 175 const std::string& destinationAddress, 176 int32_t markValue, 177 int32_t markMask); 178 179 binder::Status trafficCheckBpfStatsEnable(bool* ret) override; 180 181 binder::Status addVirtualTunnelInterface( 182 const std::string& deviceName, 183 const std::string& localAddress, 184 const std::string& remoteAddress, 185 int32_t iKey, 186 int32_t oKey); 187 188 binder::Status updateVirtualTunnelInterface( 189 const std::string& deviceName, 190 const std::string& localAddress, 191 const std::string& remoteAddress, 192 int32_t iKey, 193 int32_t oKey); 194 195 binder::Status removeVirtualTunnelInterface(const std::string& deviceName); 196 }; 197 198 } // namespace net 199 } // namespace android 200 201 #endif // _NETD_NATIVE_SERVICE_H_ 202