Add a binder IPC to close socket connections.

[android-x86/system-netd.git] / server / NetdNativeService.cpp

diff --git a/server/NetdNativeService.cpp b/server/NetdNativeService.cpp
index d39bdfa..a8f5c3b 100644 (file)
--- a/server/NetdNativeService.cpp
+++ b/server/NetdNativeService.cpp
@@ -30,6 +30,9 @@
 #include "DumpWriter.h"
 #include "NetdConstants.h"
 #include "NetdNativeService.h"
+#include "RouteController.h"
+#include "SockDiag.h"
+#include "UidRanges.h"
 
 using android::base::StringPrintf;
 
@@ -65,7 +68,6 @@ binder::Status checkPermission(const char *permission) {
     android::RWLock::AutoWLock _lock(lock);
 
 #define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
-
 }  // namespace
 
 
@@ -114,7 +116,62 @@ binder::Status NetdNativeService::firewallReplaceUidChain(const android::String1
     int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
     *ret = (err == 0);
     return binder::Status::ok();
+}
+
+binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
+    NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
+
+    int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
+    *ret = (err == 0);
+    return binder::Status::ok();
+}
+
+binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
+        const std::vector<UidRange>& uidRangeArray) {
+    // TODO: elsewhere RouteController is only used from the tethering and network controllers, so
+    // it should be possible to use the same lock as NetworkController. However, every call through
+    // the CommandListener "network" command will need to hold this lock too, not just the ones that
+    // read/modify network internal state (that is sufficient for ::dump() because it doesn't
+    // look at routes, but it's not enough here).
+    NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
+
+    UidRanges uidRanges(uidRangeArray);
+
+    int err;
+    if (add) {
+        err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
+    } else {
+        err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
+    }
+
+    if (err != 0) {
+        return binder::Status::fromServiceSpecificError(-err,
+                String8::format("RouteController error: %s", strerror(-err)));
+    }
+    return binder::Status::ok();
+}
 
+binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
+        const std::vector<int32_t>& skipUids) {
+
+    ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
+
+    SockDiag sd;
+    if (!sd.open()) {
+        return binder::Status::fromServiceSpecificError(EIO,
+                String8("Could not open SOCK_DIAG socket"));
+    }
+
+    UidRanges uidRanges(uids);
+    int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()));
+
+    if (err) {
+        return binder::Status::fromServiceSpecificError(-err,
+                String8::format("destroySockets: %s", strerror(-err)));
+    }
+
+    return binder::Status::ok();
 }
+
 }  // namespace net
 }  // namespace android