2 * Copyright (c) 2016, The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 import android.net.UidRange;
24 * Returns true if the service is responding.
29 * Replaces the contents of the specified UID-based firewall chain.
31 * The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP
32 * rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN
33 * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified
34 * UIDs, and a DROP rule at the end. The chain will be created if it does not exist.
36 * @param chainName The name of the chain to replace.
37 * @param isWhitelist Whether this is a whitelist or blacklist chain.
38 * @param uids The list of UIDs to allow/deny.
39 * @return true if the chain was successfully replaced, false otherwise.
41 boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids);
44 * Enables or disables data saver mode on costly network interfaces.
46 * - When disabled, all packets to/from apps in the penalty box chain are rejected on costly
47 * interfaces. Traffic to/from other apps or on other network interfaces is allowed.
48 * - When enabled, only apps that are in the happy box chain and not in the penalty box chain
49 * are allowed network connectivity on costly interfaces. All other packets on these
50 * interfaces are rejected. The happy box chain always contains all system UIDs; to disallow
51 * traffic from system UIDs, place them in the penalty box chain.
53 * By default, data saver mode is disabled. This command has no effect but might still return an
54 * error) if {@code enable} is the same as the current value.
56 * @param enable whether to enable or disable data saver mode.
57 * @return true if the if the operation was successful, false otherwise.
59 boolean bandwidthEnableDataSaver(boolean enable);
62 * Adds or removes one rule for each supplied UID range to prohibit all network activity outside
65 * When a UID is covered by one of these rules, traffic sent through any socket that is not
66 * protected or explicitly overriden by the system will be rejected. The kernel will respond
67 * with an ICMP prohibit message.
69 * Initially, there are no such rules. Any rules that are added will only last until the next
70 * restart of netd or the device.
72 * @param add {@code true} if the specified UID ranges should be denied access to any network
73 * which is not secure VPN by adding rules, {@code false} to remove existing rules.
74 * @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or
75 * remove this restriction.
76 * <p> Added rules should not overlap with existing rules. Likewise, removed rules should
77 * each correspond to an existing rule.
79 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
82 void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges);
85 * Administratively closes sockets belonging to the specified UIDs.
87 void socketDestroy(in UidRange[] uidRanges, in int[] exemptUids);
89 // Array indices for resolver parameters.
90 const int RESOLVER_PARAMS_SAMPLE_VALIDITY = 0;
91 const int RESOLVER_PARAMS_SUCCESS_THRESHOLD = 1;
92 const int RESOLVER_PARAMS_MIN_SAMPLES = 2;
93 const int RESOLVER_PARAMS_MAX_SAMPLES = 3;
94 const int RESOLVER_PARAMS_COUNT = 4;
97 * Sets the name servers, search domains and resolver params for the given network. Flushes the
98 * cache as needed (i.e. when the servers or the number of samples to store changes).
100 * @param netId the network ID of the network for which information should be configured.
101 * @param servers the DNS servers to configure for the network.
102 * @param domains the search domains to configure.
103 * @param params the params to set. This array contains RESOLVER_PARAMS_COUNT integers that
104 * encode the contents of Bionic's __res_params struct, i.e. sample_validity is stored at
105 * position RESOLVER_PARAMS_SAMPLE_VALIDITY, etc.
106 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
109 void setResolverConfiguration(int netId, in @utf8InCpp String[] servers,
110 in @utf8InCpp String[] domains, in int[] params);
112 // Array indices for resolver stats.
113 const int RESOLVER_STATS_SUCCESSES = 0;
114 const int RESOLVER_STATS_ERRORS = 1;
115 const int RESOLVER_STATS_TIMEOUTS = 2;
116 const int RESOLVER_STATS_INTERNAL_ERRORS = 3;
117 const int RESOLVER_STATS_RTT_AVG = 4;
118 const int RESOLVER_STATS_LAST_SAMPLE_TIME = 5;
119 const int RESOLVER_STATS_USABLE = 6;
120 const int RESOLVER_STATS_COUNT = 7;
123 * Retrieves the name servers, search domains and resolver stats associated with the given
126 * @param netId the network ID of the network for which information should be retrieved.
127 * @param servers the DNS servers that are currently configured for the network.
128 * @param domains the search domains currently configured.
129 * @param params the resolver parameters configured, i.e. the contents of __res_params in order.
130 * @param stats the stats for each server in the order specified by RESOLVER_STATS_XXX
131 * constants, serialized as an int array. The contents of this array are the number of
136 * <li> internal errors,
137 * <li> the RTT average,
138 * <li> the time of the last recorded sample,
139 * <li> and an integer indicating whether the server is usable (1) or broken (0).
141 * in this order. For example, the timeout counter for server N is stored at position
142 * RESOLVER_STATS_COUNT*N + RESOLVER_STATS_TIMEOUTS
143 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
146 void getResolverInfo(int netId, out @utf8InCpp String[] servers,
147 out @utf8InCpp String[] domains, out int[] params, out int[] stats);
150 * Instruct the tethering DNS server to reevaluated serving interfaces.
151 * This is needed to for the DNS server to observe changes in the set
152 * of potential listening IP addresses. (Listening on wildcard addresses
153 * can turn the device into an open resolver; b/7530468)
155 * TODO: Return something richer than just a boolean.
157 boolean tetherApplyDnsInterfaces();
160 * Add/Remove and IP address from an interface.
162 * @param ifName the interface name
163 * @param addrString the IP address to add/remove as a string literal
164 * @param prefixLength the prefix length associated with this IP address
166 * @throws ServiceSpecificException in case of failure, with an error code corresponding to the
169 void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
171 void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
175 * Set and get /proc/sys/net interface configuration parameters.
177 * @param family One of IPV4/IPV6 integers, indicating the desired address family directory.
178 * @param which One of CONF/NEIGH integers, indicating the desired parameter category directory.
179 * @param ifname The interface name portion of the path; may also be "all" or "default".
180 * @param parameter The parameter name portion of the path.
181 * @param value The value string to be written into the assembled path.
188 void setProcSysNet(int family, int which, in @utf8InCpp String ifname,
189 in @utf8InCpp String parameter, in @utf8InCpp String value);
190 // TODO: add corresponding getProcSysNet().
193 * Get/Set metrics reporting level.
195 * Reporting level is one of:
199 int getMetricsReportingLevel();
200 void setMetricsReportingLevel(int level);