Google Git
Sign in
android / platform / system / netd / 0c579214a2e4bfb387e53f2ac68ef02c0fabe3fb / . / server / binder / android / net / INetd.aidl
blob: 906dcf3df47b32bdec92fd1279802c12e89b7e19 [file] [log] [blame]
/**
* Copyright (c) 2016, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net;
import android.net.UidRangeParcel;
import android.net.TetherStatsParcel;
import android.net.InterfaceConfigurationParcel;
/** {@hide} */
interface INetd {
/**
* Returns true if the service is responding.
*/
boolean isAlive();
/**
* Replaces the contents of the specified UID-based firewall chain.
*
* The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP
* rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN
* rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified
* UIDs, and a DROP rule at the end. The chain will be created if it does not exist.
*
* @param chainName The name of the chain to replace.
* @param isWhitelist Whether this is a whitelist or blacklist chain.
* @param uids The list of UIDs to allow/deny.
* @return true if the chain was successfully replaced, false otherwise.
*/
boolean firewallReplaceUidChain(in @utf8InCpp String chainName,
boolean isWhitelist,
in int[] uids);
/**
* Enables or disables data saver mode on costly network interfaces.
*
* - When disabled, all packets to/from apps in the penalty box chain are rejected on costly
* interfaces. Traffic to/from other apps or on other network interfaces is allowed.
* - When enabled, only apps that are in the happy box chain and not in the penalty box chain
* are allowed network connectivity on costly interfaces. All other packets on these
* interfaces are rejected. The happy box chain always contains all system UIDs; to disallow
* traffic from system UIDs, place them in the penalty box chain.
*
* By default, data saver mode is disabled. This command has no effect but might still return an
* error) if {@code enable} is the same as the current value.
*
* @param enable whether to enable or disable data saver mode.
* @return true if the if the operation was successful, false otherwise.
*/
boolean bandwidthEnableDataSaver(boolean enable);
/**
* Creates a physical network (i.e., one containing physical interfaces.
*
* @param netId the networkId to create.
* @param permission the permission necessary to use the network. Must be one of
* PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkCreatePhysical(int netId, int permission);
/**
* Creates a VPN network.
*
* @param netId the network to create.
* @param secure whether unprivileged apps are allowed to bypass the VPN.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkCreateVpn(int netId, boolean secure);
/**
* Destroys a network. Any interfaces added to the network are removed, and the network ceases
* to be the default network.
*
* @param netId the network to destroy.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkDestroy(int netId);
/**
* Adds an interface to a network. The interface must not be assigned to any network, including
* the specified network.
*
* @param netId the network to add the interface to.
* @param interface the name of the interface to add.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkAddInterface(int netId, in @utf8InCpp String iface);
/**
* Adds an interface to a network. The interface must be assigned to the specified network.
*
* @param netId the network to remove the interface from.
* @param interface the name of the interface to remove.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkRemoveInterface(int netId, in @utf8InCpp String iface);
/**
* Adds the specified UID ranges to the specified network. The network must be a VPN. Traffic
* from the UID ranges will be routed through the VPN.
*
* @param netId the network ID of the network to add the ranges to.
* @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to add. The ranges
* must not overlap with existing ranges routed to this network.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkAddUidRanges(int netId, in UidRangeParcel[] uidRanges);
/**
* Adds the specified UID ranges to the specified network. The network must be a VPN. Traffic
* from the UID ranges will no longer be routed through the VPN.
*
* @param netId the network ID of the network to remove the ranges from.
* @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to add. The ranges
* must already be routed to this network.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkRemoveUidRanges(int netId, in UidRangeParcel[] uidRanges);
/**
* Adds or removes one rule for each supplied UID range to prohibit all network activity outside
* of secure VPN.
*
* When a UID is covered by one of these rules, traffic sent through any socket that is not
* protected or explicitly overriden by the system will be rejected. The kernel will respond
* with an ICMP prohibit message.
*
* Initially, there are no such rules. Any rules that are added will only last until the next
* restart of netd or the device.
*
* @param add {@code true} if the specified UID ranges should be denied access to any network
* which is not secure VPN by adding rules, {@code false} to remove existing rules.
* @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or
* remove this restriction.
* <p> Added rules should not overlap with existing rules. Likewise, removed rules should
* each correspond to an existing rule.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkRejectNonSecureVpn(boolean add, in UidRangeParcel[] uidRanges);
/**
* Administratively closes sockets belonging to the specified UIDs.
*/
void socketDestroy(in UidRangeParcel[] uidRanges, in int[] exemptUids);
// Array indices for resolver parameters.
const int RESOLVER_PARAMS_SAMPLE_VALIDITY = 0;
const int RESOLVER_PARAMS_SUCCESS_THRESHOLD = 1;
const int RESOLVER_PARAMS_MIN_SAMPLES = 2;
const int RESOLVER_PARAMS_MAX_SAMPLES = 3;
const int RESOLVER_PARAMS_BASE_TIMEOUT_MSEC = 4;
const int RESOLVER_PARAMS_COUNT = 5;
/**
* Sets the name servers, search domains and resolver params for the given network. Flushes the
* cache as needed (i.e. when the servers or the number of samples to store changes).
*
* @param netId the network ID of the network for which information should be configured.
* @param servers the DNS servers to configure for the network.
* @param domains the search domains to configure.
* @param params the params to set. This array contains RESOLVER_PARAMS_COUNT integers that
* encode the contents of Bionic's __res_params struct, i.e. sample_validity is stored at
* position RESOLVER_PARAMS_SAMPLE_VALIDITY, etc.
* @param tlsName The TLS subject name to require for all servers, or empty if there is none.
* @param tlsServers the DNS servers to configure for strict mode Private DNS.
* @param tlsFingerprints An array containing TLS public key fingerprints (pins) of which each
* server must match at least one, or empty if there are no pinned keys.
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void setResolverConfiguration(int netId, in @utf8InCpp String[] servers,
in @utf8InCpp String[] domains, in int[] params,
in @utf8InCpp String tlsName, in @utf8InCpp String[] tlsServers,
in @utf8InCpp String[] tlsFingerprints);
// Array indices for resolver stats.
const int RESOLVER_STATS_SUCCESSES = 0;
const int RESOLVER_STATS_ERRORS = 1;
const int RESOLVER_STATS_TIMEOUTS = 2;
const int RESOLVER_STATS_INTERNAL_ERRORS = 3;
const int RESOLVER_STATS_RTT_AVG = 4;
const int RESOLVER_STATS_LAST_SAMPLE_TIME = 5;
const int RESOLVER_STATS_USABLE = 6;
const int RESOLVER_STATS_COUNT = 7;
/**
* Retrieves the name servers, search domains and resolver stats associated with the given
* network ID.
*
* @param netId the network ID of the network for which information should be retrieved.
* @param servers the DNS servers that are currently configured for the network.
* @param domains the search domains currently configured.
* @param tlsServers the DNS-over-TLS servers that are currently configured for the network.
* @param params the resolver parameters configured, i.e. the contents of __res_params in order.
* @param stats the stats for each server in the order specified by RESOLVER_STATS_XXX
* constants, serialized as an int array. The contents of this array are the number of
* <ul>
* <li> successes,
* <li> errors,
* <li> timeouts,
* <li> internal errors,
* <li> the RTT average,
* <li> the time of the last recorded sample,
* <li> and an integer indicating whether the server is usable (1) or broken (0).
* </ul>
* in this order. For example, the timeout counter for server N is stored at position
* RESOLVER_STATS_COUNT*N + RESOLVER_STATS_TIMEOUTS
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*
* TODO: Consider replacing stats and params with parcelables.
*/
void getResolverInfo(int netId, out @utf8InCpp String[] servers,
out @utf8InCpp String[] domains, out @utf8InCpp String[] tlsServers, out int[] params,
out int[] stats);
/**
* Instruct the tethering DNS server to reevaluated serving interfaces.
* This is needed to for the DNS server to observe changes in the set
* of potential listening IP addresses. (Listening on wildcard addresses
* can turn the device into an open resolver; b/7530468)
*
* TODO: Return something richer than just a boolean.
*/
boolean tetherApplyDnsInterfaces();
/**
* Return tethering statistics.
*
* @return an array of TetherStatsParcel, where each entry contains the upstream interface
* name and its tethering statistics.
* There will only ever be one entry for a given interface.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
TetherStatsParcel[] tetherGetStats();
/**
* Add/Remove and IP address from an interface.
*
* @param ifName the interface name
* @param addrString the IP address to add/remove as a string literal
* @param prefixLength the prefix length associated with this IP address
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
int prefixLength);
void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
int prefixLength);
/**
* Set and get /proc/sys/net interface configuration parameters.
*
* @param ipversion One of IPV4/IPV6 integers, indicating the desired IP version directory.
* @param which One of CONF/NEIGH integers, indicating the desired parameter category directory.
* @param ifname The interface name portion of the path; may also be "all" or "default".
* @param parameter The parameter name portion of the path.
* @param value The value string to be written into the assembled path.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
const int IPV4 = 4;
const int IPV6 = 6;
const int CONF = 1;
const int NEIGH = 2;
@utf8InCpp String getProcSysNet(int ipversion, int which, in @utf8InCpp String ifname,
in @utf8InCpp String parameter);
void setProcSysNet(int ipversion, int which, in @utf8InCpp String ifname,
in @utf8InCpp String parameter, in @utf8InCpp String value);
/**
* Get/Set metrics reporting level.
*
* Reporting level is one of:
* 0 (NONE)
* 1 (METRICS)
* 2 (FULL)
*/
int getMetricsReportingLevel();
void setMetricsReportingLevel(int level);
/**
* Sets owner of socket ParcelFileDescriptor to the new UID, checking to ensure that the caller's
* uid is that of the old owner's, and that this is a UDP-encap socket
*
* @param ParcelFileDescriptor socket Socket file descriptor
* @param int newUid UID of the new socket fd owner
*/
void ipSecSetEncapSocketOwner(in ParcelFileDescriptor socket, int newUid);
/**
* Reserve an SPI from the kernel
*
* @param transformId a unique identifier for allocated resources
* @param sourceAddress InetAddress as string for the sending endpoint
* @param destinationAddress InetAddress as string for the receiving endpoint
* @param spi a requested 32-bit unique ID or 0 to request random allocation
* @return the SPI that was allocated or 0 if failed
*/
int ipSecAllocateSpi(
int transformId,
in @utf8InCpp String sourceAddress,
in @utf8InCpp String destinationAddress,
int spi);
/**
* Create an IpSec Security Association describing how ip(v6) traffic will be encrypted
* or decrypted.
*
* @param transformId a unique identifier for allocated resources
* @param mode either Transport or Tunnel mode
* @param sourceAddress InetAddress as string for the sending endpoint
* @param destinationAddress InetAddress as string for the receiving endpoint
* @param underlyingNetId the netId of the network to which the SA is applied. Only accepted for
* tunnel mode SAs.
* @param spi a 32-bit unique ID allocated to the user
* @param markValue a 32-bit unique ID chosen by the user
* @param markMask a 32-bit mask chosen by the user
* @param authAlgo a string identifying the authentication algorithm to be used
* @param authKey a byte array containing the authentication key
* @param authTruncBits the truncation length of the MAC produced by the authentication algorithm
* @param cryptAlgo a string identifying the encryption algorithm to be used
* @param cryptKey a byte arrray containing the encryption key
* @param cryptTruncBits unused parameter
* @param aeadAlgo a string identifying the authenticated encryption algorithm to be used
* @param aeadKey a byte arrray containing the key to be used in authenticated encryption
* @param aeadIcvBits the truncation length of the ICV produced by the authentication algorithm
* (similar to authTruncBits in function)
* @param encapType encapsulation type used (if any) for the udp encap socket
* @param encapLocalPort the port number on the host to be used in encap packets
* @param encapRemotePort the port number of the remote to be used for encap packets
* @param interfaceId the identifier for the IPsec tunnel interface.
* Only accepted for tunnel mode SAs.
*/
void ipSecAddSecurityAssociation(
int transformId,
int mode,
in @utf8InCpp String sourceAddress,
in @utf8InCpp String destinationAddress,
int underlyingNetId,
int spi,
int markValue,
int markMask,
in @utf8InCpp String authAlgo, in byte[] authKey, in int authTruncBits,
in @utf8InCpp String cryptAlgo, in byte[] cryptKey, in int cryptTruncBits,
in @utf8InCpp String aeadAlgo, in byte[] aeadKey, in int aeadIcvBits,
int encapType,
int encapLocalPort,
int encapRemotePort,
int interfaceId);
/**
* Delete a previously created security association identified by the provided parameters
*
* @param transformId a unique identifier for allocated resources
* @param sourceAddress InetAddress as string for the sending endpoint
* @param destinationAddress InetAddress as string for the receiving endpoint
* @param spi a requested 32-bit unique ID allocated to the user
* @param markValue a 32-bit unique ID chosen by the user
* @param markMask a 32-bit mask chosen by the user
* @param interfaceId the identifier for the IPsec tunnel interface.
*/
void ipSecDeleteSecurityAssociation(
int transformId,
in @utf8InCpp String sourceAddress,
in @utf8InCpp String destinationAddress,
int spi,
int markValue,
int markMask,
int interfaceId);
/**
* Apply a previously created SA to a specified socket, starting IPsec on that socket
*
* @param socket a user-provided socket that will have IPsec applied
* @param transformId a unique identifier for allocated resources
* @param direction DIRECTION_IN or DIRECTION_OUT
* @param sourceAddress InetAddress as string for the sending endpoint
* @param destinationAddress InetAddress as string for the receiving endpoint
* @param spi a 32-bit unique ID allocated to the user (socket owner)
*/
void ipSecApplyTransportModeTransform(
in ParcelFileDescriptor socket,
int transformId,
int direction,
in @utf8InCpp String sourceAddress,
in @utf8InCpp String destinationAddress,
int spi);
/**
* Remove an IPsec SA from a given socket. This will allow unencrypted traffic to flow
* on that socket if a transform had been previously applied.
*
* @param socket a user-provided socket from which to remove any IPsec configuration
*/
void ipSecRemoveTransportModeTransform(
in ParcelFileDescriptor socket);
/**
* Adds an IPsec global policy.
*
* @param transformId a unique identifier for allocated resources
* @param selAddrFamily the address family identifier for the selector
* @param direction DIRECTION_IN or DIRECTION_OUT
* @param tmplSrcAddress InetAddress as string for the sending endpoint
* @param tmplDstAddress InetAddress as string for the receiving endpoint
* @param spi a 32-bit unique ID allocated to the user
* @param markValue a 32-bit unique ID chosen by the user
* @param markMask a 32-bit mask chosen by the user
* @param interfaceId the identifier for the IPsec tunnel interface.
*/
void ipSecAddSecurityPolicy(
int transformId,
int selAddrFamily,
int direction,
in @utf8InCpp String tmplSrcAddress,
in @utf8InCpp String tmplDstAddress,
int spi,
int markValue,
int markMask,
int interfaceId);
/**
* Updates an IPsec global policy.
*
* @param transformId a unique identifier for allocated resources
* @param selAddrFamily the address family identifier for the selector
* @param direction DIRECTION_IN or DIRECTION_OUT
* @param tmplSrcAddress InetAddress as string for the sending endpoint
* @param tmplDstAddress InetAddress as string for the receiving endpoint
* @param spi a 32-bit unique ID allocated to the user
* @param markValue a 32-bit unique ID chosen by the user
* @param markMask a 32-bit mask chosen by the user
* @param interfaceId the identifier for the IPsec tunnel interface.
*/
void ipSecUpdateSecurityPolicy(
int transformId,
int selAddrFamily,
int direction,
in @utf8InCpp String tmplSrcAddress,
in @utf8InCpp String tmplDstAddress,
int spi,
int markValue,
int markMask,
int interfaceId);
/**
* Deletes an IPsec global policy.
*
* Deletion of global policies does not do any matching based on the templates, thus
* template source/destination addresses are not needed (as opposed to add/update).
*
* @param transformId a unique identifier for allocated resources
* @param selAddrFamily the address family identifier for the selector
* @param direction DIRECTION_IN or DIRECTION_OUT
* @param markValue a 32-bit unique ID chosen by the user
* @param markMask a 32-bit mask chosen by the user
* @param interfaceId the identifier for the IPsec tunnel interface.
*/
void ipSecDeleteSecurityPolicy(
int transformId,
int selAddrFamily,
int direction,
int markValue,
int markMask,
int interfaceId);
// This could not be declared as @uft8InCpp; thus, when used in native code it must be
// converted from a UTF-16 string to an ASCII string.
const String IPSEC_INTERFACE_PREFIX = "ipsec";
/**
* Add a IPsec Tunnel Interface.
*
* @param devName a unique identifier that represents the name of the device
* @param localAddress InetAddress as string for the local endpoint
* @param remoteAddress InetAddress as string for the remote endpoint
* @param iKey, to match Policies and SAs for input packets.
* @param oKey, to match Policies and SAs for output packets.
* @param interfaceId the identifier for the IPsec tunnel interface.
*/
void ipSecAddTunnelInterface(
in @utf8InCpp String deviceName,
in @utf8InCpp String localAddress,
in @utf8InCpp String remoteAddress,
int iKey,
int oKey,
int interfaceId);
/**
* Update a IPsec Tunnel Interface.
*
* @param devName a unique identifier that represents the name of the device
* @param localAddress InetAddress as string for the local endpoint
* @param remoteAddress InetAddress as string for the remote endpoint
* @param iKey, to match Policies and SAs for input packets.
* @param oKey, to match Policies and SAs for output packets.
* @param interfaceId the identifier for the IPsec tunnel interface.
*/
void ipSecUpdateTunnelInterface(
in @utf8InCpp String deviceName,
in @utf8InCpp String localAddress,
in @utf8InCpp String remoteAddress,
int iKey,
int oKey,
int interfaceId);
/**
* Removes a IPsec Tunnel Interface.
*
* @param devName a unique identifier that represents the name of the device
*/
void ipSecRemoveTunnelInterface(in @utf8InCpp String deviceName);
/**
* Request notification of wakeup packets arriving on an interface. Notifications will be
* delivered to INetdEventListener.onWakeupEvent().
*
* @param ifName the interface
* @param prefix arbitrary string used to identify wakeup sources in onWakeupEvent
*/
void wakeupAddInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
/**
* Stop notification of wakeup packets arriving on an interface.
*
* @param ifName the interface
* @param prefix arbitrary string used to identify wakeup sources in onWakeupEvent
*/
void wakeupDelInterface(in @utf8InCpp String ifName, in @utf8InCpp String prefix, int mark, int mask);
const int IPV6_ADDR_GEN_MODE_EUI64 = 0;
const int IPV6_ADDR_GEN_MODE_NONE = 1;
const int IPV6_ADDR_GEN_MODE_STABLE_PRIVACY = 2;
const int IPV6_ADDR_GEN_MODE_RANDOM = 3;
const int IPV6_ADDR_GEN_MODE_DEFAULT = 0;
/**
* Set IPv6 address generation mode. IPv6 should be disabled before changing mode.
*
* @param mode SLAAC address generation mechanism to use
*/
void setIPv6AddrGenMode(in @utf8InCpp String ifName, int mode);
/**
* Query the netd service to know if the eBPF traffic stats accounting service is currently
* running on the device.
*/
boolean trafficCheckBpfStatsEnable();
/**
* Add idletimer for specific interface
*
* @param ifName Name of target interface
* @param timeout The time in seconds that will trigger idletimer
* @param classLabel The unique identifier for this idletimer
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void idletimerAddInterface(
in @utf8InCpp String ifName,
int timeout,
in @utf8InCpp String classLabel);
/**
* Remove idletimer for specific interface
*
* @param ifName Name of target interface
* @param timeout The time in seconds that will trigger idletimer
* @param classLabel The unique identifier for this idletimer
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void idletimerRemoveInterface(
in @utf8InCpp String ifName,
int timeout,
in @utf8InCpp String classLabel);
const int PENALTY_POLICY_ACCEPT = 1;
const int PENALTY_POLICY_LOG = 2;
const int PENALTY_POLICY_REJECT = 3;
/**
* Offers to detect sockets sending data not wrapped inside a layer of SSL/TLS encryption.
*
* @param uid Uid of the app
* @param policyPenalty The penalty policy of the app
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void strictUidCleartextPenalty(int uid, int policyPenalty);
/**
* Start clatd
*
* @param ifName interface name to start clatd
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void clatdStart(in @utf8InCpp String ifName);
/**
* Stop clatd
*
* @param ifName interface name to stop clatd
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void clatdStop(in @utf8InCpp String ifName);
/**
* Get status of IP forwarding
*
* @return true if IP forwarding is enabled, false otherwise.
*/
boolean ipfwdEnabled();
/**
* Enable IP forwarding for specific requester
*
* @param requester requester name to enable IP forwarding. It is a unique name which will be
* stored in Netd to make sure if any requester needs IP forwarding.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void ipfwdEnableForwarding(in @utf8InCpp String requester);
/**
* Disable IP forwarding for specific requester
*
* @param requester requester name to disable IP forwarding. This name should match the
* names which are set by ipfwdEnableForwarding.
* IP forwarding would be disabled if it is the last requester.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void ipfwdDisableForwarding(in @utf8InCpp String requester);
/**
* Add forwarding ip rule
*
* @param fromIface interface name to add forwarding ip rule
* @param toIface interface name to add forwarding ip rule
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void ipfwdAddInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
/**
* Remove forwarding ip rule
*
* @param fromIface interface name to remove forwarding ip rule
* @param toIface interface name to remove forwarding ip rule
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void ipfwdRemoveInterfaceForward(in @utf8InCpp String fromIface, in @utf8InCpp String toIface);
/**
* Set quota for interface
*
* @param ifName Name of target interface
* @param bytes Quota value in bytes
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthSetInterfaceQuota(in @utf8InCpp String ifName, long bytes);
/**
* Remove quota for interface
*
* @param ifName Name of target interface
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthRemoveInterfaceQuota(in @utf8InCpp String ifName);
/**
* Set alert for interface
*
* @param ifName Name of target interface
* @param bytes Alert value in bytes
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthSetInterfaceAlert(in @utf8InCpp String ifName, long bytes);
/**
* Remove alert for interface
*
* @param ifName Name of target interface
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthRemoveInterfaceAlert(in @utf8InCpp String ifName);
/**
* Set global alert
*
* @param bytes Alert value in bytes
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthSetGlobalAlert(long bytes);
/**
* Add naughty app bandwidth rule for specific app
*
* @param uid uid of target app
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthAddNaughtyApp(int uid);
/**
* Remove naughty app bandwidth rule for specific app
*
* @param uid uid of target app
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthRemoveNaughtyApp(int uid);
/**
* Add nice app bandwidth rule for specific app
*
* @param uid uid of target app
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthAddNiceApp(int uid);
/**
* Remove nice app bandwidth rule for specific app
*
* @param uid uid of target app
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void bandwidthRemoveNiceApp(int uid);
/**
* Start tethering
*
* @param dhcpRanges dhcp ranges to set.
* dhcpRanges might contain many addresss {addr1, addr2, aadr3, addr4...}
* Netd splits them into ranges: addr1-addr2, addr3-addr4, etc.
* An odd number of addrs will fail.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void tetherStart(in @utf8InCpp String[] dhcpRanges);
/**
* Stop tethering
*
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void tetherStop();
/**
* Get status of tethering
*
* @return true if tethering is enabled, false otherwise.
*/
boolean tetherIsEnabled();
/**
* Setup interface for tethering
*
* @param ifName interface name to add
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void tetherInterfaceAdd(in @utf8InCpp String ifName);
/**
* Reset interface for tethering
*
* @param ifName interface name to remove
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void tetherInterfaceRemove(in @utf8InCpp String ifName);
/**
* Get the interface list which is stored in netd
* The list contains the interfaces managed by tetherInterfaceAdd/tetherInterfaceRemove
*
* @return An array of strings containing interface list result
*/
@utf8InCpp String[] tetherInterfaceList();
/**
* Set DNS forwarder server
*
* @param netId the upstream network to forward DNS queries to
* @param dnsAddrs DNS server address to set
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void tetherDnsSet(int netId, in @utf8InCpp String[] dnsAddrs);
/**
* Return the DNS list set by tetherDnsSet
*
* @return An array of strings containing the list of DNS servers
*/
@utf8InCpp String[] tetherDnsList();
const int LOCAL_NET_ID = 99;
// Route does not specify a next hop
const String NEXTHOP_NONE = "";
// Route next hop is unreachable
const String NEXTHOP_UNREACHABLE = "unreachable";
// Route next hop is throw
const String NEXTHOP_THROW = "throw";
/**
* Add a route for specific network
*
* @param netId the network to add the route to
* @param ifName the name of interface of the route.
* This interface should be assigned to the netID.
* @param destination the destination of the route
* @param nextHop The route's next hop address,
* or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void networkAddRoute(
int netId,
in @utf8InCpp String ifName,
in @utf8InCpp String destination,
in @utf8InCpp String nextHop);
/**
* Remove a route for specific network
*
* @param netId the network to remove the route from
* @param ifName the name of interface of the route.
* This interface should be assigned to the netID.
* @param destination the destination of the route
* @param nextHop The route's next hop address,
* or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void networkRemoveRoute(
int netId,
in @utf8InCpp String ifName,
in @utf8InCpp String destination,
in @utf8InCpp String nextHop);
/**
* Add a route to legacy routing table for specific network
*
* @param netId the network to add the route to
* @param ifName the name of interface of the route.
* This interface should be assigned to the netID.
* @param destination the destination of the route
* @param nextHop The route's next hop address,
* or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
* @param uid uid of the user
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void networkAddLegacyRoute(
int netId,
in @utf8InCpp String ifName,
in @utf8InCpp String destination,
in @utf8InCpp String nextHop,
int uid);
/**
* Remove a route from legacy routing table for specific network
*
* @param netId the network to remove the route from
* @param ifName the name of interface of the route.
* This interface should be assigned to the netID.
* @param destination the destination of the route
* @param nextHop The route's next hop address,
* or it could be either NEXTHOP_NONE, NEXTHOP_UNREACHABLE, NEXTHOP_THROW.
* @param uid uid of the user
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void networkRemoveLegacyRoute(
int netId,
in @utf8InCpp String ifName,
in @utf8InCpp String destination,
in @utf8InCpp String nextHop,
int uid);
/**
* Get default network
*
* @return netId of default network
*/
int networkGetDefault();
/**
* Set network as default network
*
* @param netId the network to set as the default
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void networkSetDefault(int netId);
/**
* Clear default network
*
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void networkClearDefault();
/**
* PERMISSION_NONE is used for regular networks and apps
*/
const int PERMISSION_NONE = 0;
/**
* PERMISSION_NETWORK indicates that the network is only accessible
* to apps that have the CHANGE_NETWORK_STATE permission.
*/
const int PERMISSION_NETWORK = 1;
/**
* PERMISSION_SYSTEM is used for system UIDs and apps
* that have the CONNECTIVITY_USE_RESTRICTED_NETWORK permission
*/
const int PERMISSION_SYSTEM = 2;
/**
* Sets the permission required to access a specific network.
*
* @param netId the network to set
* @param permission network permission to use
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void networkSetPermissionForNetwork(int netId, int permission);
/**
* Assigns network access permissions to the specified users.
*
* @param permission network permission to use
* @param uids uid of users to set permission
*/
void networkSetPermissionForUser(int permission, in int[] uids);
/**
* Clears network access permissions for the specified users.
*
* @param uids uid of users to clear permission
*/
void networkClearPermissionForUser(in int[] uids);
/**
* Gives the specified user permission to protect sockets from VPNs.
* Typically used by VPN apps themselves, to ensure that the sockets
* they use to communicate with the VPN server aren't routed through
* the VPN network.
*
* @param uid uid of user to set
*/
void networkSetProtectAllow(int uid);
/**
* Removes the permission to protect sockets from VPN.
*
* @param uid uid of user to set
*/
void networkSetProtectDeny(int uid);
/**
* Get the status of network protect for user
*
* @param uids uid of user
* @return true if the user can protect sockets from VPN, false otherwise.
*/
boolean networkCanProtect(int uid);
// Whitelist only allows packets from specific UID/Interface
const int FIREWALL_WHITELIST = 0;
// Blacklist blocks packets from specific UID/Interface
const int FIREWALL_BLACKLIST = 1;
/**
* Set type of firewall
* Type whitelist only allows packets from specific UID/Interface
* Type blacklist blocks packets from specific UID/Interface
*
* @param firewalltype type of firewall, either FIREWALL_WHITELIST or FIREWALL_BLACKLIST
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void firewallSetFirewallType(int firewalltype);
// Specify allow Rule which allows packets
const int FIREWALL_RULE_ALLOW = 1;
// Specify deny Rule which drops packets
const int FIREWALL_RULE_DENY = 2;
// No specific chain is chosen, use general firewall chain(fw_input, fw_output)
const int FIREWALL_CHAIN_NONE = 0;
// Specify DOZABLE chain(fw_dozable) which is used in dozable mode
const int FIREWALL_CHAIN_DOZABLE = 1;
// Specify STANDBY chain(fw_standby) which is used in standby mode
const int FIREWALL_CHAIN_STANDBY = 2;
// Specify POWERSAVE chain(fw_powersave) which is used in power save mode
const int FIREWALL_CHAIN_POWERSAVE = 3;
/**
* Set firewall rule for interface
*
* @param ifName the interface to allow/deny
* @param firewallRule either FIREWALL_RULE_ALLOW or FIREWALL_RULE_DENY
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void firewallSetInterfaceRule(in @utf8InCpp String ifName, int firewallRule);
/**
* Set firewall rule for uid
*
* @param childChain target chain
* @param uid uid to allow/deny
* @param firewallRule either FIREWALL_RULE_ALLOW or FIREWALL_RULE_DENY
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void firewallSetUidRule(int childChain, int uid, int firewallRule);
/**
* Enable/Disable target firewall child chain
*
* @param childChain target chain to enable
* @param enable whether to enable or disable child chain.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void firewallEnableChildChain(int childChain, boolean enable);
/**
* Get interface list
*
* @return An array of strings containing all the interfaces on the system.
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
@utf8InCpp String[] interfaceGetList();
const String IF_STATE_UP = "up";
const String IF_STATE_DOWN = "down";
const String IF_FLAG_BROADCAST = "broadcast";
const String IF_FLAG_LOOPBACK = "loopback";
const String IF_FLAG_POINTOPOINT = "point-to-point";
const String IF_FLAG_RUNNING = "running";
const String IF_FLAG_MULTICAST = "multicast";
/**
* Get interface configuration
*
* @param ifName interface name
* @return An InterfaceConfigurationParcel for the specified interface.
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
InterfaceConfigurationParcel interfaceGetCfg(in @utf8InCpp String ifName);
/**
* Set interface configuration
*
* @param cfg Interface configuration to set
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void interfaceSetCfg(in InterfaceConfigurationParcel cfg);
/**
* Set interface IPv6 privacy extensions
*
* @param ifName interface name
* @param enable whether to enable or disable this setting.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void interfaceSetIPv6PrivacyExtensions(in @utf8InCpp String ifName, boolean enable);
/**
* Clear all IP addresses on the given interface
*
* @param ifName interface name
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* POSIX errno.
*/
void interfaceClearAddrs(in @utf8InCpp String ifName);
/**
* Enable or disable IPv6 on the given interface
*
* @param ifName interface name
* @param enable whether to enable or disable this setting.
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void interfaceSetEnableIPv6(in @utf8InCpp String ifName, boolean enable);
/**
* Set interface MTU
*
* @param ifName interface name
* @param mtu MTU value
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void interfaceSetMtu(in @utf8InCpp String ifName, int mtu);
/**
* Add forwarding rule/stats on given interface.
*
* @param intIface downstream interface
* @param extIface upstream interface
*/
void tetherAddForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
/**
* Remove forwarding rule/stats on given interface.
*
* @param intIface downstream interface
* @param extIface upstream interface
*/
void tetherRemoveForward(in @utf8InCpp String intIface, in @utf8InCpp String extIface);
/**
* Set the values of tcp_{rmem,wmem}.
*
* @param rmemValues the target values of tcp_rmem, each value is separated by spaces
* @param wmemValues the target values of tcp_wmem, each value is separated by spaces
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*/
void setTcpRWmemorySize(in @utf8InCpp String rmemValues, in @utf8InCpp String wmemValues);
/**
* Get NAT64 prefix in format Pref64::/n which is described in RFC6147 section 2. This
* interface is used for internal test only. Don't use it for other purposes because doing so
* would cause race conditions with the NAT64 prefix notifications.
*
* @param netId the network ID of the network to get the prefix
* @return the NAT64 prefix if the query operation was successful
* @throws ServiceSpecificException in case of failure, with an error code indicating the
* cause of the the failure.
*
* TODO: Remove this once the tests have been updated to listen for onNat64PrefixEvent.
*/
@utf8InCpp String getPrefix64(int netId);
}