| /* |
| * Copyright (C) 2022 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "NetdHwAidlService.h" |
| #include <android/binder_manager.h> |
| #include <android/binder_process.h> |
| #include "Controllers.h" |
| #include "Fwmark.h" |
| #include "RouteController.h" |
| #include "TetherController.h" |
| |
| // Tells TetherController::enableForwarding who is requesting forwarding, so that TetherController |
| // can manage/refcount requests to enable forwarding by multiple parties such as the framework, this |
| // binder interface, and the legacy "ndc ipfwd enable <requester>" commands. |
| namespace { |
| constexpr const char* FORWARDING_REQUESTER = "NetdHwAidlService"; |
| } |
| |
| namespace android { |
| namespace net { |
| namespace aidl { |
| |
| static int toHalStatus(int ret) { |
| switch (ret) { |
| case 0: |
| return 0; |
| case -EINVAL: |
| return NetdHwAidlService::STATUS_INVALID_ARGUMENTS; |
| case -EEXIST: |
| return NetdHwAidlService::STATUS_ALREADY_EXISTS; |
| case -ENONET: |
| return NetdHwAidlService::STATUS_NO_NETWORK; |
| case -EPERM: |
| return NetdHwAidlService::STATUS_PERMISSION_DENIED; |
| default: |
| ALOGE("HAL service error=%d", ret); |
| return NetdHwAidlService::STATUS_UNKNOWN_ERROR; |
| } |
| } |
| |
| void NetdHwAidlService::run() { |
| std::shared_ptr<NetdHwAidlService> service = ndk::SharedRefBase::make<NetdHwAidlService>(); |
| |
| const std::string instance = std::string() + NetdHwAidlService::descriptor + "/default"; |
| binder_status_t status = |
| AServiceManager_addService(service->asBinder().get(), instance.c_str()); |
| if (status != STATUS_OK) { |
| ALOGE("Failed to register AIDL INetd service. Status: %d.", status); |
| return; |
| } |
| |
| ABinderProcess_joinThreadPool(); |
| } |
| |
| ScopedAStatus NetdHwAidlService::createOemNetwork(OemNetwork* network) { |
| unsigned netId; |
| Permission permission = PERMISSION_SYSTEM; |
| |
| int ret = gCtls->netCtrl.createPhysicalOemNetwork(permission, &netId); |
| |
| Fwmark fwmark; |
| fwmark.netId = netId; |
| fwmark.explicitlySelected = true; |
| fwmark.protectedFromVpn = true; |
| fwmark.permission = PERMISSION_SYSTEM; |
| network->networkHandle = netIdToNetHandle(netId); |
| network->packetMark = fwmark.intValue; |
| if (ret != 0) { |
| return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret)); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| // Vendor code can only modify OEM networks. All other networks are managed by ConnectivityService. |
| #define RETURN_IF_NOT_OEM_NETWORK(netId) \ |
| if (((netId) < NetworkController::MIN_OEM_ID) || ((netId) > NetworkController::MAX_OEM_ID)) { \ |
| return ScopedAStatus::fromServiceSpecificError(STATUS_INVALID_ARGUMENTS); \ |
| } |
| |
| ScopedAStatus NetdHwAidlService::destroyOemNetwork(int64_t netHandle) { |
| unsigned netId = netHandleToNetId(netHandle); |
| RETURN_IF_NOT_OEM_NETWORK(netId); |
| |
| auto ret = toHalStatus(gCtls->netCtrl.destroyNetwork(netId)); |
| if (ret != 0) { |
| return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret)); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| const char* maybeNullString(const std::string& nexthop) { |
| // std::strings can't be null, but RouteController wants null instead of an empty string. |
| const char* nh = nexthop.c_str(); |
| if (nh && !*nh) { |
| nh = nullptr; |
| } |
| return nh; |
| } |
| |
| ScopedAStatus NetdHwAidlService::addRouteToOemNetwork(int64_t networkHandle, |
| const std::string& ifname, |
| const std::string& destination, |
| const std::string& nexthop) { |
| unsigned netId = netHandleToNetId(networkHandle); |
| RETURN_IF_NOT_OEM_NETWORK(netId); |
| |
| auto ret = gCtls->netCtrl.addRoute(netId, ifname.c_str(), destination.c_str(), |
| maybeNullString(nexthop), false, INVALID_UID, 0 /* mtu */); |
| if (ret != 0) { |
| return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret)); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| ScopedAStatus NetdHwAidlService::removeRouteFromOemNetwork(int64_t networkHandle, |
| const std::string& ifname, |
| const std::string& destination, |
| const std::string& nexthop) { |
| unsigned netId = netHandleToNetId(networkHandle); |
| RETURN_IF_NOT_OEM_NETWORK(netId); |
| |
| auto ret = gCtls->netCtrl.removeRoute(netId, ifname.c_str(), destination.c_str(), |
| maybeNullString(nexthop), false, INVALID_UID); |
| if (ret != 0) { |
| return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret)); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| ScopedAStatus NetdHwAidlService::addInterfaceToOemNetwork(int64_t networkHandle, |
| const std::string& ifname) { |
| unsigned netId = netHandleToNetId(networkHandle); |
| RETURN_IF_NOT_OEM_NETWORK(netId); |
| |
| auto ret = gCtls->netCtrl.addInterfaceToNetwork(netId, ifname.c_str()); |
| if (ret != 0) { |
| return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret)); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| ScopedAStatus NetdHwAidlService::removeInterfaceFromOemNetwork(int64_t networkHandle, |
| const std::string& ifname) { |
| unsigned netId = netHandleToNetId(networkHandle); |
| RETURN_IF_NOT_OEM_NETWORK(netId); |
| |
| auto ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, ifname.c_str()); |
| if (ret != 0) { |
| return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret)); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| ScopedAStatus NetdHwAidlService::setIpForwardEnable(bool enable) { |
| std::lock_guard _lock(gCtls->tetherCtrl.lock); |
| |
| bool success = enable ? gCtls->tetherCtrl.enableForwarding(FORWARDING_REQUESTER) |
| : gCtls->tetherCtrl.disableForwarding(FORWARDING_REQUESTER); |
| |
| if (!success) { |
| return ScopedAStatus::fromServiceSpecificError(STATUS_UNKNOWN_ERROR); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| ScopedAStatus NetdHwAidlService::setForwardingBetweenInterfaces(const std::string& inputIfName, |
| const std::string& outputIfName, |
| bool enable) { |
| std::lock_guard _lock(gCtls->tetherCtrl.lock); |
| |
| // TODO: check that one interface is an OEM interface and the other is another OEM interface, an |
| // IPsec interface or a dummy interface. |
| int ret = enable ? RouteController::enableTethering(inputIfName.c_str(), outputIfName.c_str()) |
| : RouteController::disableTethering(inputIfName.c_str(), outputIfName.c_str()); |
| if (ret != 0) { |
| return ScopedAStatus::fromServiceSpecificError(toHalStatus(ret)); |
| } else { |
| return ScopedAStatus::ok(); |
| } |
| } |
| |
| } // namespace aidl |
| } // namespace net |
| } // namespace android |