1 /** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef _NETD_NATIVE_SERVICE_H_ 18 #define _NETD_NATIVE_SERVICE_H_ 19 20 #include <vector> 21 22 #include <binder/BinderService.h> 23 #include <netdutils/Log.h> 24 25 #include "android/net/BnNetd.h" 26 27 namespace android { 28 namespace net { 29 30 class NetdNativeService : public BinderService<NetdNativeService>, public BnNetd { 31 public: 32 NetdNativeService(); 33 static status_t start(); getServiceName()34 static char const* getServiceName() { return "netd"; } 35 virtual status_t dump(int fd, const Vector<String16> &args) override; 36 37 binder::Status isAlive(bool *alive) override; 38 39 // Firewall commands. 40 binder::Status firewallReplaceUidChain(const std::string& chainName, bool isAllowlist, 41 const std::vector<int32_t>& uids, bool* ret) override; 42 binder::Status firewallSetFirewallType(int32_t firewallType) override; 43 binder::Status firewallSetInterfaceRule(const std::string& ifName, 44 int32_t firewallRule) override; 45 binder::Status firewallSetUidRule(int32_t childChain, int32_t uid, 46 int32_t firewallRule) override; 47 binder::Status firewallEnableChildChain(int32_t childChain, bool enable) override; 48 binder::Status firewallAddUidInterfaceRules(const std::string& ifName, 49 const std::vector<int32_t>& uids) override; 50 binder::Status firewallRemoveUidInterfaceRules(const std::vector<int32_t>& uids) override; 51 52 // Bandwidth control commands. 53 binder::Status bandwidthEnableDataSaver(bool enable, bool *ret) override; 54 binder::Status bandwidthSetInterfaceQuota(const std::string& ifName, int64_t bytes) override; 55 binder::Status bandwidthRemoveInterfaceQuota(const std::string& ifName) override; 56 binder::Status bandwidthSetInterfaceAlert(const std::string& ifName, int64_t bytes) override; 57 binder::Status bandwidthRemoveInterfaceAlert(const std::string& ifName) override; 58 binder::Status bandwidthSetGlobalAlert(int64_t bytes) override; 59 binder::Status bandwidthAddNaughtyApp(int32_t uid) override; 60 binder::Status bandwidthRemoveNaughtyApp(int32_t uid) override; 61 binder::Status bandwidthAddNiceApp(int32_t uid) override; 62 binder::Status bandwidthRemoveNiceApp(int32_t uid) override; 63 64 // Network and routing commands. 65 binder::Status networkCreatePhysical(int32_t netId, int32_t permission) override; 66 binder::Status networkCreateVpn(int32_t netId, bool secure) override; 67 binder::Status networkCreate(const NativeNetworkConfig& config) override; 68 binder::Status networkDestroy(int32_t netId) override; 69 70 binder::Status networkAddInterface(int32_t netId, const std::string& iface) override; 71 binder::Status networkRemoveInterface(int32_t netId, const std::string& iface) override; 72 73 binder::Status networkAddUidRanges(int32_t netId, 74 const std::vector<UidRangeParcel>& uids) override; 75 binder::Status networkRemoveUidRanges(int32_t netId, 76 const std::vector<UidRangeParcel>& uids) override; 77 binder::Status networkAddUidRangesParcel( 78 const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override; 79 binder::Status networkRemoveUidRangesParcel( 80 const netd::aidl::NativeUidRangeConfig& uidRangesConfig) override; 81 binder::Status networkRejectNonSecureVpn(bool enable, 82 const std::vector<UidRangeParcel>& uids) override; 83 binder::Status networkAddRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 84 binder::Status networkUpdateRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 85 binder::Status networkRemoveRouteParcel(int32_t netId, const RouteInfoParcel& route) override; 86 binder::Status networkAddRoute(int32_t netId, const std::string& ifName, 87 const std::string& destination, 88 const std::string& nextHop) override; 89 binder::Status networkRemoveRoute(int32_t netId, const std::string& ifName, 90 const std::string& destination, 91 const std::string& nextHop) override; 92 binder::Status networkAddLegacyRoute(int32_t netId, const std::string& ifName, 93 const std::string& destination, const std::string& nextHop, 94 int32_t uid) override; 95 binder::Status networkRemoveLegacyRoute(int32_t netId, const std::string& ifName, 96 const std::string& destination, 97 const std::string& nextHop, int32_t uid) override; 98 binder::Status networkSetDefault(int32_t netId) override; 99 binder::Status networkClearDefault() override; 100 binder::Status networkSetPermissionForNetwork(int32_t netId, int32_t permission) override; 101 binder::Status networkSetPermissionForUser(int32_t permission, 102 const std::vector<int32_t>& uids) override; 103 binder::Status networkClearPermissionForUser(const std::vector<int32_t>& uids) override; 104 binder::Status networkSetProtectAllow(int32_t uid) override; 105 binder::Status networkSetProtectDeny(int32_t uid) override; 106 binder::Status networkAllowBypassVpnOnNetwork(bool allow, int32_t uid, int32_t netId) override; 107 // For test (internal use only). 108 binder::Status networkGetDefault(int32_t* netId) override; 109 binder::Status networkCanProtect(int32_t uid, bool* ret) override; 110 111 binder::Status trafficSetNetPermForUids(int32_t permission, 112 const std::vector<int32_t>& uids) override; 113 114 // SOCK_DIAG commands. 115 binder::Status socketDestroy(const std::vector<UidRangeParcel>& uids, 116 const std::vector<int32_t>& skipUids) override; 117 118 binder::Status setIPv6AddrGenMode(const std::string& ifName, int32_t mode) override; 119 120 // NFLOG-related commands 121 binder::Status wakeupAddInterface(const std::string& ifName, const std::string& prefix, 122 int32_t mark, int32_t mask) override; 123 124 binder::Status wakeupDelInterface(const std::string& ifName, const std::string& prefix, 125 int32_t mark, int32_t mask) override; 126 127 // Tethering-related commands. 128 binder::Status tetherApplyDnsInterfaces(bool *ret) override; 129 binder::Status tetherGetStats( 130 std::vector<android::net::TetherStatsParcel>* tetherStatsVec) override; 131 binder::Status tetherOffloadGetStats( 132 std::vector<android::net::TetherStatsParcel>* tetherStatsVec) override; 133 binder::Status tetherStart(const std::vector<std::string>& dhcpRanges) override; 134 binder::Status tetherStartWithConfiguration(const TetherConfigParcel& config) override; 135 binder::Status tetherStop() override; 136 binder::Status tetherIsEnabled(bool* enabled) override; 137 binder::Status tetherInterfaceAdd(const std::string& ifName) override; 138 binder::Status tetherInterfaceRemove(const std::string& ifName) override; 139 binder::Status tetherInterfaceList(std::vector<std::string>* ifList) override; 140 binder::Status tetherDnsSet(int32_t netId, const std::vector<std::string>& dnsAddrs) override; 141 binder::Status tetherDnsList(std::vector<std::string>* dnsList) override; 142 binder::Status tetherAddForward(const std::string& intIface, 143 const std::string& extIface) override; 144 binder::Status tetherRemoveForward(const std::string& intIface, 145 const std::string& extIface) override; 146 binder::Status tetherOffloadRuleAdd(const android::net::TetherOffloadRuleParcel& rule) override; 147 binder::Status tetherOffloadRuleRemove( 148 const android::net::TetherOffloadRuleParcel& rule) override; 149 binder::Status tetherOffloadSetInterfaceQuota(int ifIndex, int64_t quotaBytes) override; 150 binder::Status tetherOffloadGetAndClearStats( 151 int ifIndex, android::net::TetherStatsParcel* tetherStats) override; 152 153 // Interface-related commands. 154 binder::Status interfaceAddAddress(const std::string &ifName, 155 const std::string &addrString, int prefixLength) override; 156 binder::Status interfaceDelAddress(const std::string &ifName, 157 const std::string &addrString, int prefixLength) override; 158 binder::Status interfaceGetList(std::vector<std::string>* interfaceListResult) override; 159 binder::Status interfaceGetCfg(const std::string& ifName, 160 InterfaceConfigurationParcel* interfaceGetCfgResult) override; 161 binder::Status interfaceSetCfg(const InterfaceConfigurationParcel& cfg) override; 162 binder::Status interfaceSetIPv6PrivacyExtensions(const std::string& ifName, 163 bool enable) override; 164 binder::Status interfaceClearAddrs(const std::string& ifName) override; 165 binder::Status interfaceSetEnableIPv6(const std::string& ifName, bool enable) override; 166 binder::Status interfaceSetMtu(const std::string& ifName, int32_t mtuValue) override; 167 168 binder::Status getProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, 169 const std::string& parameter, std::string* value) override; 170 binder::Status setProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname, 171 const std::string& parameter, const std::string& value) override; 172 173 binder::Status ipSecSetEncapSocketOwner(const os::ParcelFileDescriptor& socket, int newUid); 174 175 binder::Status ipSecAllocateSpi( 176 int32_t transformId, 177 const std::string& localAddress, 178 const std::string& remoteAddress, 179 int32_t inSpi, 180 int32_t* outSpi); 181 182 binder::Status ipSecAddSecurityAssociation( 183 int32_t transformId, int32_t mode, const std::string& sourceAddress, 184 const std::string& destinationAddress, int32_t underlyingNetId, int32_t spi, 185 int32_t markValue, int32_t markMask, const std::string& authAlgo, 186 const std::vector<uint8_t>& authKey, int32_t authTruncBits, 187 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, 188 int32_t cryptTruncBits, const std::string& aeadAlgo, 189 const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits, int32_t encapType, 190 int32_t encapLocalPort, int32_t encapRemotePort, int32_t interfaceId); 191 192 binder::Status ipSecDeleteSecurityAssociation(int32_t transformId, 193 const std::string& sourceAddress, 194 const std::string& destinationAddress, 195 int32_t spi, int32_t markValue, int32_t markMask, 196 int32_t interfaceId); 197 198 binder::Status ipSecApplyTransportModeTransform(const os::ParcelFileDescriptor& socket, 199 int32_t transformId, int32_t direction, 200 const std::string& sourceAddress, 201 const std::string& destinationAddress, 202 int32_t spi); 203 204 binder::Status ipSecRemoveTransportModeTransform(const os::ParcelFileDescriptor& socket); 205 206 binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 207 int32_t direction, const std::string& tmplSrcAddress, 208 const std::string& tmplDstAddress, int32_t spi, 209 int32_t markValue, int32_t markMask, int32_t interfaceId); 210 211 binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 212 int32_t direction, const std::string& tmplSrcAddress, 213 const std::string& tmplDstAddress, int32_t spi, 214 int32_t markValue, int32_t markMask, 215 int32_t interfaceId); 216 217 binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t selAddrFamily, 218 int32_t direction, int32_t markValue, int32_t markMask, 219 int32_t interfaceId); 220 221 binder::Status trafficSwapActiveStatsMap() override; 222 223 binder::Status ipSecAddTunnelInterface(const std::string& deviceName, 224 const std::string& localAddress, 225 const std::string& remoteAddress, int32_t iKey, 226 int32_t oKey, int32_t interfaceId); 227 228 binder::Status ipSecUpdateTunnelInterface(const std::string& deviceName, 229 const std::string& localAddress, 230 const std::string& remoteAddress, int32_t iKey, 231 int32_t oKey, int32_t interfaceId); 232 233 binder::Status ipSecRemoveTunnelInterface(const std::string& deviceName); 234 235 binder::Status ipSecMigrate(const IpSecMigrateInfoParcel& migrateInfo); 236 237 // Idletimer-related commands 238 binder::Status idletimerAddInterface(const std::string& ifName, int32_t timeout, 239 const std::string& classLabel) override; 240 binder::Status idletimerRemoveInterface(const std::string& ifName, int32_t timeout, 241 const std::string& classLabel) override; 242 243 // Strict-related commands 244 binder::Status strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) override; 245 246 // Clatd-related commands 247 binder::Status clatdStart(const std::string& ifName, const std::string& nat64Prefix, 248 std::string* v6Address) override; 249 binder::Status clatdStop(const std::string& ifName) override; 250 251 // Ipfw-related commands 252 binder::Status ipfwdEnabled(bool* status) override; 253 binder::Status ipfwdGetRequesterList(std::vector<std::string>* requesterList) override; 254 binder::Status ipfwdEnableForwarding(const std::string& requester) override; 255 binder::Status ipfwdDisableForwarding(const std::string& requester) override; 256 binder::Status ipfwdAddInterfaceForward(const std::string& fromIface, 257 const std::string& toIface) override; 258 binder::Status ipfwdRemoveInterfaceForward(const std::string& fromIface, 259 const std::string& toIface) override; 260 261 // tcp_mem-config command 262 binder::Status setTcpRWmemorySize(const std::string& rmemValues, 263 const std::string& wmemValues) override; 264 265 binder::Status registerUnsolicitedEventListener( 266 const android::sp<android::net::INetdUnsolicitedEventListener>& listener) override; 267 268 binder::Status getOemNetd(android::sp<android::IBinder>* listener) override; 269 binder::Status getFwmarkForNetwork(int32_t netId, MarkMaskParcel* markmask); 270 binder::Status setNetworkAllowlist( 271 const std::vector<netd::aidl::NativeUidRangeConfig>& rangeConfigs) override; 272 273 private: 274 std::vector<uid_t> intsToUids(const std::vector<int32_t>& intUids); 275 Permission convertPermission(int32_t permission); 276 static FirewallRule parseRule(int32_t firewallRule); 277 static ChildChain parseChildChain(int32_t childChain); 278 }; 279 280 } // namespace net 281 } // namespace android 282 283 #endif // _NETD_NATIVE_SERVICE_H_ 284