1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
/**
* Copyright (c) 2016, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _NETD_NATIVE_SERVICE_H_
#define _NETD_NATIVE_SERVICE_H_
#include <vector>
#include <binder/BinderService.h>
#include <netdutils/Log.h>
#include "android/net/BnNetd.h"
#include "android/net/UidRange.h"
namespace android {
namespace net {
class NetdNativeService : public BinderService<NetdNativeService>, public BnNetd {
public:
static status_t start();
static char const* getServiceName() { return "netd"; }
virtual status_t dump(int fd, const Vector<String16> &args) override;
binder::Status isAlive(bool *alive) override;
// Firewall commands.
binder::Status firewallReplaceUidChain(
const std::string& chainName, bool isWhitelist,
const std::vector<int32_t>& uids, bool *ret) override;
// Bandwidth control commands.
binder::Status bandwidthEnableDataSaver(bool enable, bool *ret) override;
binder::Status bandwidthSetInterfaceQuota(const std::string& ifName, int64_t bytes) override;
binder::Status bandwidthRemoveInterfaceQuota(const std::string& ifName) override;
binder::Status bandwidthSetInterfaceAlert(const std::string& ifName, int64_t bytes) override;
binder::Status bandwidthRemoveInterfaceAlert(const std::string& ifName) override;
binder::Status bandwidthSetGlobalAlert(int64_t bytes) override;
binder::Status bandwidthAddNaughtyApp(int32_t uid) override;
binder::Status bandwidthRemoveNaughtyApp(int32_t uid) override;
binder::Status bandwidthAddNiceApp(int32_t uid) override;
binder::Status bandwidthRemoveNiceApp(int32_t uid) override;
// Network and routing commands.
binder::Status networkCreatePhysical(int32_t netId, const std::string& permission)
override;
binder::Status networkCreateVpn(int32_t netId, bool hasDns, bool secure) override;
binder::Status networkDestroy(int32_t netId) override;
binder::Status networkAddInterface(int32_t netId, const std::string& iface) override;
binder::Status networkRemoveInterface(int32_t netId, const std::string& iface) override;
binder::Status networkAddUidRanges(int32_t netId, const std::vector<UidRange>& uids)
override;
binder::Status networkRemoveUidRanges(int32_t netId, const std::vector<UidRange>& uids)
override;
binder::Status networkRejectNonSecureVpn(bool enable, const std::vector<UidRange>& uids)
override;
// SOCK_DIAG commands.
binder::Status socketDestroy(const std::vector<UidRange>& uids,
const std::vector<int32_t>& skipUids) override;
// Resolver commands.
binder::Status setResolverConfiguration(int32_t netId, const std::vector<std::string>& servers,
const std::vector<std::string>& domains, const std::vector<int32_t>& params,
const std::string& tlsName,
const std::vector<std::string>& tlsServers,
const std::vector<std::string>& tlsFingerprints) override;
binder::Status getResolverInfo(int32_t netId, std::vector<std::string>* servers,
std::vector<std::string>* domains, std::vector<int32_t>* params,
std::vector<int32_t>* stats) override;
binder::Status setIPv6AddrGenMode(const std::string& ifName, int32_t mode) override;
// NFLOG-related commands
binder::Status wakeupAddInterface(const std::string& ifName, const std::string& prefix,
int32_t mark, int32_t mask) override;
binder::Status wakeupDelInterface(const std::string& ifName, const std::string& prefix,
int32_t mark, int32_t mask) override;
// Tethering-related commands.
binder::Status tetherApplyDnsInterfaces(bool *ret) override;
binder::Status tetherGetStats(android::os::PersistableBundle *ret) override;
// Interface-related commands.
binder::Status interfaceAddAddress(const std::string &ifName,
const std::string &addrString, int prefixLength) override;
binder::Status interfaceDelAddress(const std::string &ifName,
const std::string &addrString, int prefixLength) override;
binder::Status getProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname,
const std::string& parameter, std::string* value) override;
binder::Status setProcSysNet(int32_t ipversion, int32_t which, const std::string& ifname,
const std::string& parameter, const std::string& value) override;
// Metrics reporting level set / get (internal use only).
binder::Status getMetricsReportingLevel(int *reportingLevel) override;
binder::Status setMetricsReportingLevel(const int reportingLevel) override;
binder::Status ipSecSetEncapSocketOwner(const android::base::unique_fd& socket, int newUid);
binder::Status ipSecAllocateSpi(
int32_t transformId,
const std::string& localAddress,
const std::string& remoteAddress,
int32_t inSpi,
int32_t* outSpi);
binder::Status ipSecAddSecurityAssociation(
int32_t transformId,
int32_t mode,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t underlyingNetId,
int32_t spi,
int32_t markValue,
int32_t markMask,
const std::string& authAlgo,
const std::vector<uint8_t>& authKey,
int32_t authTruncBits,
const std::string& cryptAlgo,
const std::vector<uint8_t>& cryptKey,
int32_t cryptTruncBits,
const std::string& aeadAlgo,
const std::vector<uint8_t>& aeadKey,
int32_t aeadIcvBits,
int32_t encapType,
int32_t encapLocalPort,
int32_t encapRemotePort);
binder::Status ipSecDeleteSecurityAssociation(
int32_t transformId,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t spi,
int32_t markValue,
int32_t markMask);
binder::Status ipSecApplyTransportModeTransform(
const android::base::unique_fd& socket,
int32_t transformId,
int32_t direction,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t spi);
binder::Status ipSecRemoveTransportModeTransform(
const android::base::unique_fd& socket);
binder::Status ipSecAddSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
int32_t direction, const std::string& tmplSrcAddress,
const std::string& tmplDstAddress, int32_t spi,
int32_t markValue, int32_t markMask);
binder::Status ipSecUpdateSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
int32_t direction, const std::string& tmplSrcAddress,
const std::string& tmplDstAddress, int32_t spi,
int32_t markValue, int32_t markMask);
binder::Status ipSecDeleteSecurityPolicy(int32_t transformId, int32_t selAddrFamily,
int32_t direction, int32_t markValue,
int32_t markMask);
binder::Status trafficCheckBpfStatsEnable(bool* ret) override;
binder::Status addVirtualTunnelInterface(
const std::string& deviceName,
const std::string& localAddress,
const std::string& remoteAddress,
int32_t iKey,
int32_t oKey);
binder::Status updateVirtualTunnelInterface(
const std::string& deviceName,
const std::string& localAddress,
const std::string& remoteAddress,
int32_t iKey,
int32_t oKey);
binder::Status removeVirtualTunnelInterface(const std::string& deviceName);
// Idletimer-related commands
binder::Status idletimerAddInterface(const std::string& ifName, int32_t timeout,
const std::string& classLabel) override;
binder::Status idletimerRemoveInterface(const std::string& ifName, int32_t timeout,
const std::string& classLabel) override;
// Strict-related commands
binder::Status strictUidCleartextPenalty(int32_t uid, int32_t policyPenalty) override;
// Clatd-related commands
binder::Status clatdStart(const std::string& ifName) override;
binder::Status clatdStop(const std::string& ifName) override;
// Ipfw-related commands
binder::Status ipfwdEnabled(bool* status) override;
binder::Status ipfwdEnableForwarding(const std::string& requester) override;
binder::Status ipfwdDisableForwarding(const std::string& requester) override;
binder::Status ipfwdAddInterfaceForward(const std::string& fromIface,
const std::string& toIface) override;
binder::Status ipfwdRemoveInterfaceForward(const std::string& fromIface,
const std::string& toIface) override;
};
} // namespace net
} // namespace android
#endif // _NETD_NATIVE_SERVICE_H_
|
