1 /**
2  * Copyright (c) 2016, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define LOG_TAG "Netd"
18 
19 #include <vector>
20 
21 #include <android-base/stringprintf.h>
22 #include <cutils/log.h>
23 #include <cutils/properties.h>
24 #include <utils/Errors.h>
25 #include <utils/String16.h>
26 
27 #include <binder/IPCThreadState.h>
28 #include <binder/IServiceManager.h>
29 #include "android/net/BnNetd.h"
30 
31 #include "Controllers.h"
32 #include "DumpWriter.h"
33 #include "EventReporter.h"
34 #include "InterfaceController.h"
35 #include "NetdConstants.h"
36 #include "NetdNativeService.h"
37 #include "RouteController.h"
38 #include "SockDiag.h"
39 #include "UidRanges.h"
40 
41 using android::base::StringPrintf;
42 
43 namespace android {
44 namespace net {
45 
46 namespace {
47 
48 const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
49 const char DUMP[] = "android.permission.DUMP";
50 
checkPermission(const char * permission)51 binder::Status checkPermission(const char *permission) {
52     pid_t pid;
53     uid_t uid;
54 
55     if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
56         return binder::Status::ok();
57     } else {
58         auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
59         return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
60     }
61 }
62 
getXfrmStatus(int xfrmCode)63 binder::Status getXfrmStatus(int xfrmCode) {
64     switch(xfrmCode) {
65         case 0:
66             return binder::Status::ok();
67         case -ENOENT:
68             return binder::Status::fromServiceSpecificError(xfrmCode);
69     }
70     return binder::Status::fromExceptionCode(xfrmCode);
71 }
72 
73 #define ENFORCE_DEBUGGABLE() {                              \
74     char value[PROPERTY_VALUE_MAX + 1];                     \
75     if (property_get("ro.debuggable", value, NULL) != 1     \
76             || value[0] != '1') {                           \
77         return binder::Status::fromExceptionCode(           \
78             binder::Status::EX_SECURITY,                    \
79             String8("Not available in production builds.")  \
80         );                                                  \
81     }                                                       \
82 }
83 
84 #define ENFORCE_PERMISSION(permission) {                    \
85     binder::Status status = checkPermission((permission));  \
86     if (!status.isOk()) {                                   \
87         return status;                                      \
88     }                                                       \
89 }
90 
91 #define NETD_LOCKING_RPC(permission, lock)                  \
92     ENFORCE_PERMISSION(permission);                         \
93     android::RWLock::AutoWLock _lock(lock);
94 
95 #define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
96 }  // namespace
97 
98 
start()99 status_t NetdNativeService::start() {
100     IPCThreadState::self()->disableBackgroundScheduling(true);
101     status_t ret = BinderService<NetdNativeService>::publish();
102     if (ret != android::OK) {
103         return ret;
104     }
105     sp<ProcessState> ps(ProcessState::self());
106     ps->startThreadPool();
107     ps->giveThreadPoolName();
108     return android::OK;
109 }
110 
dump(int fd,const Vector<String16> &)111 status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
112     const binder::Status dump_permission = checkPermission(DUMP);
113     if (!dump_permission.isOk()) {
114         const String8 msg(dump_permission.toString8());
115         write(fd, msg.string(), msg.size());
116         return PERMISSION_DENIED;
117     }
118 
119     // This method does not grab any locks. If individual classes need locking
120     // their dump() methods MUST handle locking appropriately.
121     DumpWriter dw(fd);
122     dw.blankline();
123     gCtls->netCtrl.dump(dw);
124     dw.blankline();
125 
126     return NO_ERROR;
127 }
128 
isAlive(bool * alive)129 binder::Status NetdNativeService::isAlive(bool *alive) {
130     NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
131 
132     *alive = true;
133     return binder::Status::ok();
134 }
135 
firewallReplaceUidChain(const android::String16 & chainName,bool isWhitelist,const std::vector<int32_t> & uids,bool * ret)136 binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
137         bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
138     NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
139 
140     android::String8 name = android::String8(chainName);
141     int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
142     *ret = (err == 0);
143     return binder::Status::ok();
144 }
145 
bandwidthEnableDataSaver(bool enable,bool * ret)146 binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
147     NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
148 
149     int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
150     *ret = (err == 0);
151     return binder::Status::ok();
152 }
153 
networkRejectNonSecureVpn(bool add,const std::vector<UidRange> & uidRangeArray)154 binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
155         const std::vector<UidRange>& uidRangeArray) {
156     // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
157     // it should be possible to use the same lock as NetworkController. However, every call through
158     // the CommandListener "network" command will need to hold this lock too, not just the ones that
159     // read/modify network internal state (that is sufficient for ::dump() because it doesn't
160     // look at routes, but it's not enough here).
161     NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
162 
163     UidRanges uidRanges(uidRangeArray);
164 
165     int err;
166     if (add) {
167         err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
168     } else {
169         err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
170     }
171 
172     if (err != 0) {
173         return binder::Status::fromServiceSpecificError(-err,
174                 String8::format("RouteController error: %s", strerror(-err)));
175     }
176     return binder::Status::ok();
177 }
178 
socketDestroy(const std::vector<UidRange> & uids,const std::vector<int32_t> & skipUids)179 binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
180         const std::vector<int32_t>& skipUids) {
181 
182     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
183 
184     SockDiag sd;
185     if (!sd.open()) {
186         return binder::Status::fromServiceSpecificError(EIO,
187                 String8("Could not open SOCK_DIAG socket"));
188     }
189 
190     UidRanges uidRanges(uids);
191     int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
192                                 true /* excludeLoopback */);
193 
194     if (err) {
195         return binder::Status::fromServiceSpecificError(-err,
196                 String8::format("destroySockets: %s", strerror(-err)));
197     }
198     return binder::Status::ok();
199 }
200 
setResolverConfiguration(int32_t netId,const std::vector<std::string> & servers,const std::vector<std::string> & domains,const std::vector<int32_t> & params)201 binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
202         const std::vector<std::string>& servers, const std::vector<std::string>& domains,
203         const std::vector<int32_t>& params) {
204     // This function intentionally does not lock within Netd, as Bionic is thread-safe.
205     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
206 
207     int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params);
208     if (err != 0) {
209         return binder::Status::fromServiceSpecificError(-err,
210                 String8::format("ResolverController error: %s", strerror(-err)));
211     }
212     return binder::Status::ok();
213 }
214 
getResolverInfo(int32_t netId,std::vector<std::string> * servers,std::vector<std::string> * domains,std::vector<int32_t> * params,std::vector<int32_t> * stats)215 binder::Status NetdNativeService::getResolverInfo(int32_t netId,
216         std::vector<std::string>* servers, std::vector<std::string>* domains,
217         std::vector<int32_t>* params, std::vector<int32_t>* stats) {
218     // This function intentionally does not lock within Netd, as Bionic is thread-safe.
219     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
220 
221     int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
222     if (err != 0) {
223         return binder::Status::fromServiceSpecificError(-err,
224                 String8::format("ResolverController error: %s", strerror(-err)));
225     }
226     return binder::Status::ok();
227 }
228 
tetherApplyDnsInterfaces(bool * ret)229 binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
230     NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
231 
232     *ret = gCtls->tetherCtrl.applyDnsInterfaces();
233     return binder::Status::ok();
234 }
235 
interfaceAddAddress(const std::string & ifName,const std::string & addrString,int prefixLength)236 binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
237         const std::string &addrString, int prefixLength) {
238     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
239 
240     const int err = InterfaceController::addAddress(
241             ifName.c_str(), addrString.c_str(), prefixLength);
242     if (err != 0) {
243         return binder::Status::fromServiceSpecificError(-err,
244                 String8::format("InterfaceController error: %s", strerror(-err)));
245     }
246     return binder::Status::ok();
247 }
248 
interfaceDelAddress(const std::string & ifName,const std::string & addrString,int prefixLength)249 binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
250         const std::string &addrString, int prefixLength) {
251     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
252 
253     const int err = InterfaceController::delAddress(
254             ifName.c_str(), addrString.c_str(), prefixLength);
255     if (err != 0) {
256         return binder::Status::fromServiceSpecificError(-err,
257                 String8::format("InterfaceController error: %s", strerror(-err)));
258     }
259     return binder::Status::ok();
260 }
261 
setProcSysNet(int32_t family,int32_t which,const std::string & ifname,const std::string & parameter,const std::string & value)262 binder::Status NetdNativeService::setProcSysNet(
263         int32_t family, int32_t which, const std::string &ifname, const std::string &parameter,
264         const std::string &value) {
265     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
266 
267     const char *familyStr;
268     switch (family) {
269         case INetd::IPV4:
270             familyStr = "ipv4";
271             break;
272         case INetd::IPV6:
273             familyStr = "ipv6";
274             break;
275         default:
276             return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
277     }
278 
279     const char *whichStr;
280     switch (which) {
281         case INetd::CONF:
282             whichStr = "conf";
283             break;
284         case INetd::NEIGH:
285             whichStr = "neigh";
286             break;
287         default:
288             return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
289     }
290 
291     const int err = InterfaceController::setParameter(
292             familyStr, whichStr, ifname.c_str(), parameter.c_str(),
293             value.c_str());
294     if (err != 0) {
295         return binder::Status::fromServiceSpecificError(-err,
296                 String8::format("ResolverController error: %s", strerror(-err)));
297     }
298     return binder::Status::ok();
299 }
300 
getMetricsReportingLevel(int * reportingLevel)301 binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
302     // This function intentionally does not lock, since the only thing it does is one read from an
303     // atomic_int.
304     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
305     ENFORCE_DEBUGGABLE();
306 
307     *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
308     return binder::Status::ok();
309 }
310 
setMetricsReportingLevel(const int reportingLevel)311 binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
312     // This function intentionally does not lock, since the only thing it does is one write to an
313     // atomic_int.
314     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
315     ENFORCE_DEBUGGABLE();
316 
317     return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
318             ? binder::Status::ok()
319             : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
320 }
321 
ipSecAllocateSpi(int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t inSpi,int32_t * outSpi)322 binder::Status NetdNativeService::ipSecAllocateSpi(
323         int32_t transformId,
324         int32_t direction,
325         const std::string& localAddress,
326         const std::string& remoteAddress,
327         int32_t inSpi,
328         int32_t* outSpi) {
329     // Necessary locking done in IpSecService and kernel
330     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
331     ALOGD("ipSecAllocateSpi()");
332     return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
333                     transformId,
334                     direction,
335                     localAddress,
336                     remoteAddress,
337                     inSpi,
338                     outSpi));
339 }
340 
ipSecAddSecurityAssociation(int32_t transformId,int32_t mode,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int64_t underlyingNetworkHandle,int32_t spi,const std::string & authAlgo,const std::vector<uint8_t> & authKey,int32_t authTruncBits,const std::string & cryptAlgo,const std::vector<uint8_t> & cryptKey,int32_t cryptTruncBits,int32_t encapType,int32_t encapLocalPort,int32_t encapRemotePort,int32_t * allocatedSpi)341 binder::Status NetdNativeService::ipSecAddSecurityAssociation(
342         int32_t transformId,
343         int32_t mode,
344         int32_t direction,
345         const std::string& localAddress,
346         const std::string& remoteAddress,
347         int64_t underlyingNetworkHandle,
348         int32_t spi,
349         const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
350         const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
351         int32_t encapType,
352         int32_t encapLocalPort,
353         int32_t encapRemotePort,
354         int32_t* allocatedSpi) {
355     // Necessary locking done in IpSecService and kernel
356     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
357     ALOGD("ipSecAddSecurityAssociation()");
358     return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
359               transformId, mode, direction, localAddress, remoteAddress,
360               underlyingNetworkHandle,
361               spi,
362               authAlgo, authKey, authTruncBits,
363               cryptAlgo, cryptKey, cryptTruncBits,
364               encapType, encapLocalPort, encapRemotePort,
365               allocatedSpi));
366 }
367 
ipSecDeleteSecurityAssociation(int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t spi)368 binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
369         int32_t transformId,
370         int32_t direction,
371         const std::string& localAddress,
372         const std::string& remoteAddress,
373         int32_t spi) {
374     // Necessary locking done in IpSecService and kernel
375     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
376     ALOGD("ipSecDeleteSecurityAssociation()");
377     return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
378                     transformId,
379                     direction,
380                     localAddress,
381                     remoteAddress,
382                     spi));
383 }
384 
ipSecApplyTransportModeTransform(const android::base::unique_fd & socket,int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t spi)385 binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
386         const android::base::unique_fd& socket,
387         int32_t transformId,
388         int32_t direction,
389         const std::string& localAddress,
390         const std::string& remoteAddress,
391         int32_t spi) {
392     // Necessary locking done in IpSecService and kernel
393     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
394     ALOGD("ipSecApplyTransportModeTransform()");
395     return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
396                     socket,
397                     transformId,
398                     direction,
399                     localAddress,
400                     remoteAddress,
401                     spi));
402 }
403 
ipSecRemoveTransportModeTransform(const android::base::unique_fd & socket)404 binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
405             const android::base::unique_fd& socket) {
406     // Necessary locking done in IpSecService and kernel
407     ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
408     ALOGD("ipSecRemoveTransportModeTransform()");
409     return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
410                     socket));
411 }
412 
413 }  // namespace net
414 }  // namespace android
415