#include "android/net/BnNetd.h"
#include "Controllers.h"
+#include "DumpWriter.h"
#include "NetdConstants.h"
#include "NetdNativeService.h"
+#include "RouteController.h"
+#include "SockDiag.h"
+#include "UidRanges.h"
using android::base::StringPrintf;
namespace {
const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
+const char DUMP[] = "android.permission.DUMP";
binder::Status checkPermission(const char *permission) {
pid_t pid;
android::RWLock::AutoWLock _lock(lock);
#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
-
} // namespace
return android::OK;
}
+status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) {
+ const binder::Status dump_permission = checkPermission(DUMP);
+ if (!dump_permission.isOk()) {
+ const String8 msg(dump_permission.toString8());
+ write(fd, msg.string(), msg.size());
+ return PERMISSION_DENIED;
+ }
+
+ // This method does not grab any locks. If individual classes need locking
+ // their dump() methods MUST handle locking appropriately.
+ DumpWriter dw(fd);
+ dw.blankline();
+ gCtls->netCtrl.dump(dw);
+ dw.blankline();
+
+ return NO_ERROR;
+}
+
binder::Status NetdNativeService::isAlive(bool *alive) {
NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
*ret = (err == 0);
return binder::Status::ok();
+}
+
+binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
+ NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
+ int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
+ *ret = (err == 0);
+ return binder::Status::ok();
}
+
+binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
+ const std::vector<UidRange>& uidRangeArray) {
+ // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
+ // it should be possible to use the same lock as NetworkController. However, every call through
+ // the CommandListener "network" command will need to hold this lock too, not just the ones that
+ // read/modify network internal state (that is sufficient for ::dump() because it doesn't
+ // look at routes, but it's not enough here).
+ NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
+
+ UidRanges uidRanges(uidRangeArray);
+
+ int err;
+ if (add) {
+ err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
+ } else {
+ err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
+ }
+
+ if (err != 0) {
+ return binder::Status::fromServiceSpecificError(-err,
+ String8::format("RouteController error: %s", strerror(-err)));
+ }
+ return binder::Status::ok();
+}
+
+binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
+ const std::vector<int32_t>& skipUids) {
+
+ ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
+
+ SockDiag sd;
+ if (!sd.open()) {
+ return binder::Status::fromServiceSpecificError(EIO,
+ String8("Could not open SOCK_DIAG socket"));
+ }
+
+ UidRanges uidRanges(uids);
+ int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()));
+
+ if (err) {
+ return binder::Status::fromServiceSpecificError(-err,
+ String8::format("destroySockets: %s", strerror(-err)));
+ }
+
+ return binder::Status::ok();
+}
+
} // namespace net
} // namespace android
OSDN Git Service
