1 /*
2  * Copyright (C) 2012 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <ifaddrs.h>
20 #include <netdb.h>
21 #include <stddef.h>
22 #include <stdint.h>
23 
24 #include <mutex>
25 #include <string>
26 
27 #include "android/net/INetd.h"
28 
29 #include <netdutils/UidConstants.h>
30 #include <private/android_filesystem_config.h>
31 
32 enum IptablesTarget { V4, V6, V4V6 };
33 
34 int execIptablesRestore(IptablesTarget target, const std::string& commands);
35 int execIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands,
36                                   std::string *output);
37 int execIptablesRestoreCommand(IptablesTarget target, const std::string& table,
38                                const std::string& command, std::string *output);
39 bool isIfaceName(const std::string& name);
40 int parsePrefix(const char *prefix, uint8_t *family, void *address, int size, uint8_t *prefixlen);
41 void blockSigpipe();
42 void setCloseOnExec(const char *sock);
43 
44 void stopProcess(int pid, const char* processName);
45 
46 // TODO: use std::size() instead.
47 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
48 
49 #define __INT_STRLEN(i) sizeof(#i)
50 #define _INT_STRLEN(i) __INT_STRLEN(i)
51 #define INT32_STRLEN _INT_STRLEN(INT32_MIN)
52 #define UINT32_STRLEN _INT_STRLEN(UINT32_MAX)
53 #define UINT32_HEX_STRLEN sizeof("0x12345678")
54 #define IPSEC_IFACE_PREFIX "ipsec"
55 
56 const uid_t INVALID_UID = static_cast<uid_t>(-1);
57 
58 constexpr char TCP_RMEM_PROC_FILE[] = "/proc/sys/net/ipv4/tcp_rmem";
59 constexpr char TCP_WMEM_PROC_FILE[] = "/proc/sys/net/ipv4/tcp_wmem";
60 
61 struct IfaddrsDeleter {
operatorIfaddrsDeleter62     void operator()(struct ifaddrs *p) const {
63         if (p != nullptr) {
64             freeifaddrs(p);
65         }
66     }
67 };
68 
69 typedef std::unique_ptr<struct ifaddrs, struct IfaddrsDeleter> ScopedIfaddrs;
70 
71 namespace android::net {
72 
73 /**
74  * This lock exists to make NetdNativeService RPCs (which come in on multiple Binder threads)
75  * coexist with the commands in CommandListener.cpp. These are presumed not thread-safe because
76  * CommandListener has only one user (NetworkManagementService), which is connected through a
77  * FrameworkListener that passes in commands one at a time.
78  */
79 extern std::mutex gBigNetdLock;
80 
81 enum FirewallRule { ALLOW = INetd::FIREWALL_RULE_ALLOW, DENY = INetd::FIREWALL_RULE_DENY };
82 
83 // ALLOWLIST means the firewall denies all by default, uids must be explicitly ALLOWed
84 // DENYLIST means the firewall allows all by default, uids must be explicitly DENYed
85 
86 enum FirewallType { ALLOWLIST = INetd::FIREWALL_ALLOWLIST, DENYLIST = INetd::FIREWALL_DENYLIST };
87 
88 enum ChildChain {
89     NONE = INetd::FIREWALL_CHAIN_NONE,
90     DOZABLE = INetd::FIREWALL_CHAIN_DOZABLE,
91     STANDBY = INetd::FIREWALL_CHAIN_STANDBY,
92     POWERSAVE = INetd::FIREWALL_CHAIN_POWERSAVE,
93     RESTRICTED = INetd::FIREWALL_CHAIN_RESTRICTED,
94     INVALID_CHAIN
95 };
96 
97 }  // namespace android::net
98