1 /**
2 * Copyright (c) 2016, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "Netd"
18
19 #include <vector>
20
21 #include <android-base/stringprintf.h>
22 #include <cutils/log.h>
23 #include <cutils/properties.h>
24 #include <utils/Errors.h>
25 #include <utils/String16.h>
26
27 #include <binder/IPCThreadState.h>
28 #include <binder/IServiceManager.h>
29 #include "android/net/BnNetd.h"
30
31 #include "Controllers.h"
32 #include "DumpWriter.h"
33 #include "EventReporter.h"
34 #include "InterfaceController.h"
35 #include "NetdConstants.h"
36 #include "NetdNativeService.h"
37 #include "RouteController.h"
38 #include "SockDiag.h"
39 #include "UidRanges.h"
40
41 using android::base::StringPrintf;
42
43 namespace android {
44 namespace net {
45
46 namespace {
47
48 const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
49 const char DUMP[] = "android.permission.DUMP";
50
checkPermission(const char * permission)51 binder::Status checkPermission(const char *permission) {
52 pid_t pid;
53 uid_t uid;
54
55 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
56 return binder::Status::ok();
57 } else {
58 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
59 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
60 }
61 }
62
getXfrmStatus(int xfrmCode)63 binder::Status getXfrmStatus(int xfrmCode) {
64 switch(xfrmCode) {
65 case 0:
66 return binder::Status::ok();
67 case -ENOENT:
68 return binder::Status::fromServiceSpecificError(xfrmCode);
69 }
70 return binder::Status::fromExceptionCode(xfrmCode);
71 }
72
73 #define ENFORCE_DEBUGGABLE() { \
74 char value[PROPERTY_VALUE_MAX + 1]; \
75 if (property_get("ro.debuggable", value, NULL) != 1 \
76 || value[0] != '1') { \
77 return binder::Status::fromExceptionCode( \
78 binder::Status::EX_SECURITY, \
79 String8("Not available in production builds.") \
80 ); \
81 } \
82 }
83
84 #define ENFORCE_PERMISSION(permission) { \
85 binder::Status status = checkPermission((permission)); \
86 if (!status.isOk()) { \
87 return status; \
88 } \
89 }
90
91 #define NETD_LOCKING_RPC(permission, lock) \
92 ENFORCE_PERMISSION(permission); \
93 android::RWLock::AutoWLock _lock(lock);
94
95 #define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
96 } // namespace
97
98
start()99 status_t NetdNativeService::start() {
100 IPCThreadState::self()->disableBackgroundScheduling(true);
101 status_t ret = BinderService<NetdNativeService>::publish();
102 if (ret != android::OK) {
103 return ret;
104 }
105 sp<ProcessState> ps(ProcessState::self());
106 ps->startThreadPool();
107 ps->giveThreadPoolName();
108 return android::OK;
109 }
110
dump(int fd,const Vector<String16> &)111 status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
112 const binder::Status dump_permission = checkPermission(DUMP);
113 if (!dump_permission.isOk()) {
114 const String8 msg(dump_permission.toString8());
115 write(fd, msg.string(), msg.size());
116 return PERMISSION_DENIED;
117 }
118
119 // This method does not grab any locks. If individual classes need locking
120 // their dump() methods MUST handle locking appropriately.
121 DumpWriter dw(fd);
122 dw.blankline();
123 gCtls->netCtrl.dump(dw);
124 dw.blankline();
125
126 return NO_ERROR;
127 }
128
isAlive(bool * alive)129 binder::Status NetdNativeService::isAlive(bool *alive) {
130 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
131
132 *alive = true;
133 return binder::Status::ok();
134 }
135
firewallReplaceUidChain(const android::String16 & chainName,bool isWhitelist,const std::vector<int32_t> & uids,bool * ret)136 binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
137 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
138 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
139
140 android::String8 name = android::String8(chainName);
141 int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
142 *ret = (err == 0);
143 return binder::Status::ok();
144 }
145
bandwidthEnableDataSaver(bool enable,bool * ret)146 binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
147 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
148
149 int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
150 *ret = (err == 0);
151 return binder::Status::ok();
152 }
153
networkRejectNonSecureVpn(bool add,const std::vector<UidRange> & uidRangeArray)154 binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
155 const std::vector<UidRange>& uidRangeArray) {
156 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
157 // it should be possible to use the same lock as NetworkController. However, every call through
158 // the CommandListener "network" command will need to hold this lock too, not just the ones that
159 // read/modify network internal state (that is sufficient for ::dump() because it doesn't
160 // look at routes, but it's not enough here).
161 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
162
163 UidRanges uidRanges(uidRangeArray);
164
165 int err;
166 if (add) {
167 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
168 } else {
169 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
170 }
171
172 if (err != 0) {
173 return binder::Status::fromServiceSpecificError(-err,
174 String8::format("RouteController error: %s", strerror(-err)));
175 }
176 return binder::Status::ok();
177 }
178
socketDestroy(const std::vector<UidRange> & uids,const std::vector<int32_t> & skipUids)179 binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
180 const std::vector<int32_t>& skipUids) {
181
182 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
183
184 SockDiag sd;
185 if (!sd.open()) {
186 return binder::Status::fromServiceSpecificError(EIO,
187 String8("Could not open SOCK_DIAG socket"));
188 }
189
190 UidRanges uidRanges(uids);
191 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
192 true /* excludeLoopback */);
193
194 if (err) {
195 return binder::Status::fromServiceSpecificError(-err,
196 String8::format("destroySockets: %s", strerror(-err)));
197 }
198 return binder::Status::ok();
199 }
200
setResolverConfiguration(int32_t netId,const std::vector<std::string> & servers,const std::vector<std::string> & domains,const std::vector<int32_t> & params)201 binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
202 const std::vector<std::string>& servers, const std::vector<std::string>& domains,
203 const std::vector<int32_t>& params) {
204 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
205 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
206
207 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params);
208 if (err != 0) {
209 return binder::Status::fromServiceSpecificError(-err,
210 String8::format("ResolverController error: %s", strerror(-err)));
211 }
212 return binder::Status::ok();
213 }
214
getResolverInfo(int32_t netId,std::vector<std::string> * servers,std::vector<std::string> * domains,std::vector<int32_t> * params,std::vector<int32_t> * stats)215 binder::Status NetdNativeService::getResolverInfo(int32_t netId,
216 std::vector<std::string>* servers, std::vector<std::string>* domains,
217 std::vector<int32_t>* params, std::vector<int32_t>* stats) {
218 // This function intentionally does not lock within Netd, as Bionic is thread-safe.
219 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
220
221 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
222 if (err != 0) {
223 return binder::Status::fromServiceSpecificError(-err,
224 String8::format("ResolverController error: %s", strerror(-err)));
225 }
226 return binder::Status::ok();
227 }
228
tetherApplyDnsInterfaces(bool * ret)229 binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
230 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
231
232 *ret = gCtls->tetherCtrl.applyDnsInterfaces();
233 return binder::Status::ok();
234 }
235
interfaceAddAddress(const std::string & ifName,const std::string & addrString,int prefixLength)236 binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
237 const std::string &addrString, int prefixLength) {
238 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
239
240 const int err = InterfaceController::addAddress(
241 ifName.c_str(), addrString.c_str(), prefixLength);
242 if (err != 0) {
243 return binder::Status::fromServiceSpecificError(-err,
244 String8::format("InterfaceController error: %s", strerror(-err)));
245 }
246 return binder::Status::ok();
247 }
248
interfaceDelAddress(const std::string & ifName,const std::string & addrString,int prefixLength)249 binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
250 const std::string &addrString, int prefixLength) {
251 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
252
253 const int err = InterfaceController::delAddress(
254 ifName.c_str(), addrString.c_str(), prefixLength);
255 if (err != 0) {
256 return binder::Status::fromServiceSpecificError(-err,
257 String8::format("InterfaceController error: %s", strerror(-err)));
258 }
259 return binder::Status::ok();
260 }
261
setProcSysNet(int32_t family,int32_t which,const std::string & ifname,const std::string & parameter,const std::string & value)262 binder::Status NetdNativeService::setProcSysNet(
263 int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter,
264 const std::string &value) {
265 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
266
267 const char *familyStr;
268 switch (family) {
269 case INetd::IPV4:
270 familyStr = "ipv4";
271 break;
272 case INetd::IPV6:
273 familyStr = "ipv6";
274 break;
275 default:
276 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
277 }
278
279 const char *whichStr;
280 switch (which) {
281 case INetd::CONF:
282 whichStr = "conf";
283 break;
284 case INetd::NEIGH:
285 whichStr = "neigh";
286 break;
287 default:
288 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
289 }
290
291 const int err = InterfaceController::setParameter(
292 familyStr, whichStr, ifname.c_str(), parameter.c_str(),
293 value.c_str());
294 if (err != 0) {
295 return binder::Status::fromServiceSpecificError(-err,
296 String8::format("ResolverController error: %s", strerror(-err)));
297 }
298 return binder::Status::ok();
299 }
300
getMetricsReportingLevel(int * reportingLevel)301 binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
302 // This function intentionally does not lock, since the only thing it does is one read from an
303 // atomic_int.
304 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
305 ENFORCE_DEBUGGABLE();
306
307 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
308 return binder::Status::ok();
309 }
310
setMetricsReportingLevel(const int reportingLevel)311 binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
312 // This function intentionally does not lock, since the only thing it does is one write to an
313 // atomic_int.
314 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
315 ENFORCE_DEBUGGABLE();
316
317 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
318 ? binder::Status::ok()
319 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
320 }
321
ipSecAllocateSpi(int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t inSpi,int32_t * outSpi)322 binder::Status NetdNativeService::ipSecAllocateSpi(
323 int32_t transformId,
324 int32_t direction,
325 const std::string& localAddress,
326 const std::string& remoteAddress,
327 int32_t inSpi,
328 int32_t* outSpi) {
329 // Necessary locking done in IpSecService and kernel
330 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
331 ALOGD("ipSecAllocateSpi()");
332 return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
333 transformId,
334 direction,
335 localAddress,
336 remoteAddress,
337 inSpi,
338 outSpi));
339 }
340
ipSecAddSecurityAssociation(int32_t transformId,int32_t mode,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int64_t underlyingNetworkHandle,int32_t spi,const std::string & authAlgo,const std::vector<uint8_t> & authKey,int32_t authTruncBits,const std::string & cryptAlgo,const std::vector<uint8_t> & cryptKey,int32_t cryptTruncBits,int32_t encapType,int32_t encapLocalPort,int32_t encapRemotePort,int32_t * allocatedSpi)341 binder::Status NetdNativeService::ipSecAddSecurityAssociation(
342 int32_t transformId,
343 int32_t mode,
344 int32_t direction,
345 const std::string& localAddress,
346 const std::string& remoteAddress,
347 int64_t underlyingNetworkHandle,
348 int32_t spi,
349 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
350 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
351 int32_t encapType,
352 int32_t encapLocalPort,
353 int32_t encapRemotePort,
354 int32_t* allocatedSpi) {
355 // Necessary locking done in IpSecService and kernel
356 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
357 ALOGD("ipSecAddSecurityAssociation()");
358 return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
359 transformId, mode, direction, localAddress, remoteAddress,
360 underlyingNetworkHandle,
361 spi,
362 authAlgo, authKey, authTruncBits,
363 cryptAlgo, cryptKey, cryptTruncBits,
364 encapType, encapLocalPort, encapRemotePort,
365 allocatedSpi));
366 }
367
ipSecDeleteSecurityAssociation(int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t spi)368 binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
369 int32_t transformId,
370 int32_t direction,
371 const std::string& localAddress,
372 const std::string& remoteAddress,
373 int32_t spi) {
374 // Necessary locking done in IpSecService and kernel
375 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
376 ALOGD("ipSecDeleteSecurityAssociation()");
377 return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
378 transformId,
379 direction,
380 localAddress,
381 remoteAddress,
382 spi));
383 }
384
ipSecApplyTransportModeTransform(const android::base::unique_fd & socket,int32_t transformId,int32_t direction,const std::string & localAddress,const std::string & remoteAddress,int32_t spi)385 binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
386 const android::base::unique_fd& socket,
387 int32_t transformId,
388 int32_t direction,
389 const std::string& localAddress,
390 const std::string& remoteAddress,
391 int32_t spi) {
392 // Necessary locking done in IpSecService and kernel
393 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
394 ALOGD("ipSecApplyTransportModeTransform()");
395 return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
396 socket,
397 transformId,
398 direction,
399 localAddress,
400 remoteAddress,
401 spi));
402 }
403
ipSecRemoveTransportModeTransform(const android::base::unique_fd & socket)404 binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
405 const android::base::unique_fd& socket) {
406 // Necessary locking done in IpSecService and kernel
407 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
408 ALOGD("ipSecRemoveTransportModeTransform()");
409 return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
410 socket));
411 }
412
413 } // namespace net
414 } // namespace android
415