From: Paul Jensen Date: Thu, 10 Apr 2014 18:57:54 +0000 (-0400) Subject: netd: Accept NetId instead of interface name in DNS resolver commands. X-Git-Tag: android-x86-7.1-r1~283 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=35c77e32b27694a138e9a7877b9a5b474441c58b;p=android-x86%2Fsystem-netd.git netd: Accept NetId instead of interface name in DNS resolver commands. Conflicts: DnsProxyListener.cpp NetworkController.cpp NetworkController.h Change-Id: Ic82b73de6f50d39d56c5e1a32f5b1f3ebb80bb7d --- diff --git a/CommandListener.cpp b/CommandListener.cpp index 800a9f4..f6e507a 100644 --- a/CommandListener.cpp +++ b/CommandListener.cpp @@ -307,7 +307,7 @@ int CommandListener::InterfaceCmd::runCommand(SocketClient *cli, // interface route add/remove iface default/secondary dest prefix gateway // interface fwmark rule add/remove iface // interface fwmark route add/remove iface dest prefix - // interface fwmark uid add/remove iface uid_start uid_end + // interface fwmark uid add/remove iface uid_start uid_end forward_dns // interface fwmark exempt add/remove dest // interface fwmark get protect // interface fwmark get mark uid @@ -367,12 +367,13 @@ int CommandListener::InterfaceCmd::runCommand(SocketClient *cli, return 0; } else if (!strcmp(argv[2], "uid")) { - if (argc < 7) { + if (argc < 8) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing argument", false); return 0; } if (!strcmp(argv[3], "add")) { - if (!sSecondaryTableCtrl->addUidRule(argv[4], atoi(argv[5]), atoi(argv[6]))) { + if (!sSecondaryTableCtrl->addUidRule(argv[4], atoi(argv[5]), atoi(argv[6]), + atoi(argv[7]))) { cli->sendMsg(ResponseCode::CommandOkay, "uid rule successfully added", false); } else { @@ -986,86 +987,23 @@ int CommandListener::ResolverCmd::runCommand(SocketClient *cli, int argc, char * return 0; } - if (!strcmp(argv[1], "setdefaultif")) { // "resolver setdefaultif " - if (argc == 3) { - unsigned netId = sNetCtrl->getNetworkId(argv[2]); - sNetCtrl->setDefaultNetwork(netId); - } else { - cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver setdefaultif", false); - return 0; - } - } else if (!strcmp(argv[1], "setifdns")) { - // "resolver setifdns ..." + if (!strcmp(argv[1], "setnetdns")) { + // "resolver setnetdns ..." if (argc >= 5) { - unsigned netId = sNetCtrl->getNetworkId(argv[2]); - rc = sResolverCtrl->setDnsServers(netId, argv[3], &argv[4], argc - 4); - } else { - cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver setifdns", false); - return 0; - } - } else if (!strcmp(argv[1], "flushdefaultif")) { // "resolver flushdefaultif" - if (argc == 2) { - rc = sResolverCtrl->flushDnsCache(sNetCtrl->getDefaultNetwork()); - } else { - cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver flushdefaultif", false); - return 0; - } - } else if (!strcmp(argv[1], "flushif")) { // "resolver flushif " - if (argc == 3) { - unsigned netId = sNetCtrl->getNetworkId(argv[2]); - rc = sResolverCtrl->flushDnsCache(netId); + rc = sResolverCtrl->setDnsServers(strtoul(argv[2], NULL, 0), argv[3], &argv[4], argc - 4); } else { cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver setdefaultif", false); + "Wrong number of arguments to resolver setnetdns", false); return 0; } - } else if (!strcmp(argv[1], "setifaceforpid")) { // resolver setifaceforpid - if (argc == 4) { - unsigned netId = sNetCtrl->getNetworkId(argv[2]); - sNetCtrl->setNetworkForPid(atoi(argv[3]), netId); - } else { - cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver setifaceforpid", false); - return 0; - } - } else if (!strcmp(argv[1], "clearifaceforpid")) { // resolver clearifaceforpid + } else if (!strcmp(argv[1], "flushnet")) { // "resolver flushnet " if (argc == 3) { - sNetCtrl->setNetworkForPid(atoi(argv[2]), 0); - } else { - cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver clearifaceforpid", false); - return 0; - } - } else if (!strcmp(argv[1], "setifaceforuidrange")) { // resolver setifaceforuid - // TODO: Merge this command with "interface fwmark uid add/remove iface uid_start uid_end - if (argc == 5) { - unsigned netId = sNetCtrl->getNetworkId(argv[2]); - rc = !sNetCtrl->setNetworkForUidRange(atoi(argv[3]), atoi(argv[4]), netId, true); + rc = sResolverCtrl->flushDnsCache(strtoul(argv[2], NULL, 0)); } else { cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver setifaceforuid", false); + "Wrong number of arguments to resolver flushnet", false); return 0; } - } else if (!strcmp(argv[1], "clearifaceforuidrange")) { - // resolver clearifaceforuid - if (argc == 5) { - unsigned netId = sNetCtrl->getNetworkId(argv[2]); - rc = !sNetCtrl->clearNetworkForUidRange(atoi(argv[3]), atoi(argv[4]), netId); - } else { - cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arguments to resolver clearifaceforuid", false); - return 0; - } - } else if (!strcmp(argv[1], "clearifacemapping")) { - if (argc == 2) { - sNetCtrl->clearNetworkPreference(); - } else { - cli->sendMsg(ResponseCode::CommandSyntaxError, - "Wrong number of arugments to resolver clearifacemapping", false); - } } else { cli->sendMsg(ResponseCode::CommandSyntaxError,"Resolver unknown command", false); return 0; @@ -1685,7 +1623,10 @@ int CommandListener::NetworkCommand::runCommand(SocketClient* client, int argc, if (!sNetCtrl->destroyNetwork(netId)) { return operationError(client, "destroyNetwork() failed"); } +// TODO: Uncomment once this API has been added to bionic. +#if 0 _resolv_delete_cache_for_net(netId); +#endif return success(client); } diff --git a/DnsProxyListener.cpp b/DnsProxyListener.cpp index b76586b..9f97d29 100644 --- a/DnsProxyListener.cpp +++ b/DnsProxyListener.cpp @@ -189,10 +189,9 @@ int DnsProxyListener::GetAddrInfoCmd::runCommand(SocketClient *cli, int ai_socktype = atoi(argv[5]); int ai_protocol = atoi(argv[6]); unsigned netId = strtoul(argv[7], NULL, 10); - pid_t pid = cli->getPid(); uid_t uid = cli->getUid(); - netId = mNetCtrl->getNetwork(uid, netId, pid, true); + netId = mNetCtrl->getNetwork(uid, netId, true); if (ai_flags != -1 || ai_family != -1 || ai_socktype != -1 || ai_protocol != -1) { @@ -210,10 +209,10 @@ int DnsProxyListener::GetAddrInfoCmd::runCommand(SocketClient *cli, } if (DBG) { - ALOGD("GetAddrInfoHandler for %s / %s / %u / %d / %d", + ALOGD("GetAddrInfoHandler for %s / %s / %u / %d", name ? name : "[nullhost]", service ? service : "[nullservice]", - netId, pid, uid); + netId, uid); } cli->incRef(); @@ -248,7 +247,6 @@ int DnsProxyListener::GetHostByNameCmd::runCommand(SocketClient *cli, return -1; } - pid_t pid = cli->getPid(); uid_t uid = cli->getUid(); unsigned netId = strtoul(argv[1], NULL, 10); char* name = argv[2]; @@ -260,7 +258,7 @@ int DnsProxyListener::GetHostByNameCmd::runCommand(SocketClient *cli, name = strdup(name); } - netId = mNetCtrl->getNetwork(uid, netId, pid, true); + netId = mNetCtrl->getNetwork(uid, netId, true); cli->incRef(); DnsProxyListener::GetHostByNameHandler* handler = @@ -357,7 +355,6 @@ int DnsProxyListener::GetHostByAddrCmd::runCommand(SocketClient *cli, char* addrStr = argv[1]; int addrLen = atoi(argv[2]); int addrFamily = atoi(argv[3]); - pid_t pid = cli->getPid(); uid_t uid = cli->getUid(); unsigned netId = strtoul(argv[4], NULL, 10); @@ -374,7 +371,7 @@ int DnsProxyListener::GetHostByAddrCmd::runCommand(SocketClient *cli, return -1; } - netId = mNetCtrl->getNetwork(uid, netId, pid, true); + netId = mNetCtrl->getNetwork(uid, netId, true); cli->incRef(); DnsProxyListener::GetHostByAddrHandler* handler = diff --git a/NetworkController.cpp b/NetworkController.cpp index efa23f1..395798d 100644 --- a/NetworkController.cpp +++ b/NetworkController.cpp @@ -38,16 +38,13 @@ bool NetworkController::isNetIdValid(unsigned netId) { NetworkController::NetworkController(PermissionsController* permissionsController, RouteController* routeController) - : mDefaultNetId(NETID_UNSET), - mNextFreeNetId(MIN_NET_ID), - mPermissionsController(permissionsController), + : mPermissionsController(permissionsController), mRouteController(routeController) { } void NetworkController::clearNetworkPreference() { android::RWLock::AutoWLock lock(mRWLock); mUidMap.clear(); - mPidMap.clear(); } unsigned NetworkController::getDefaultNetwork() const { @@ -94,15 +91,6 @@ bool NetworkController::setDefaultNetwork(unsigned newNetId) { return status; } -void NetworkController::setNetworkForPid(int pid, unsigned netId) { - android::RWLock::AutoWLock lock(mRWLock); - if (netId == 0) { - mPidMap.erase(pid); - } else { - mPidMap[pid] = netId; - } -} - bool NetworkController::setNetworkForUidRange(int uid_start, int uid_end, unsigned netId, bool forward_dns) { android::RWLock::AutoWLock lock(mRWLock); @@ -134,8 +122,7 @@ bool NetworkController::clearNetworkForUidRange(int uid_start, int uid_end, unsi return false; } -unsigned NetworkController::getNetwork(int uid, unsigned requested_netId, int pid, - bool for_dns) const { +unsigned NetworkController::getNetwork(int uid, unsigned requested_netId, bool for_dns) const { android::RWLock::AutoRLock lock(mRWLock); for (std::list::const_iterator it = mUidMap.begin(); it != mUidMap.end(); ++it) { if (uid < it->uid_start || it->uid_end < uid) @@ -146,11 +133,6 @@ unsigned NetworkController::getNetwork(int uid, unsigned requested_netId, int pi } if (isNetIdValid(requested_netId)) return requested_netId; - if (pid != PID_UNSPECIFIED) { - std::map::const_iterator it = mPidMap.find(pid); - if (it != mPidMap.end()) - return it->second; - } return mDefaultNetId; } @@ -158,10 +140,7 @@ unsigned NetworkController::getNetworkId(const char* interface) { std::map::const_iterator it = mIfaceNetidMap.find(interface); if (it != mIfaceNetidMap.end()) return it->second; - - unsigned netId = mNextFreeNetId++; - mIfaceNetidMap[interface] = netId; - return netId; + return NETID_UNSET; } bool NetworkController::createNetwork(unsigned netId, const char* interface, @@ -183,6 +162,7 @@ bool NetworkController::createNetwork(unsigned netId, const char* interface, mPermissionsController->setPermissionForNetwork(permission, netId); mNetIdToInterfaces.insert(std::pair(netId, interface)); + mIfaceNetidMap[interface] = netId; return true; } diff --git a/NetworkController.h b/NetworkController.h index d877fcc..f1c8fda 100644 --- a/NetworkController.h +++ b/NetworkController.h @@ -39,11 +39,6 @@ class RouteController; */ class NetworkController { public: - enum { - // For use with getNetwork(). - PID_UNSPECIFIED = 0, - }; - static bool isNetIdValid(unsigned netId); NetworkController(PermissionsController* permissionsController, @@ -52,16 +47,14 @@ public: void clearNetworkPreference(); unsigned getDefaultNetwork() const; bool setDefaultNetwork(unsigned netId); - void setNetworkForPid(int pid, unsigned netId); bool setNetworkForUidRange(int uid_start, int uid_end, unsigned netId, bool forward_dns); bool clearNetworkForUidRange(int uid_start, int uid_end, unsigned netId); // Order of preference: UID-specific, requested_netId, PID-specific, default. // Specify NETID_UNSET for requested_netId if the default network is preferred. - // Specify PID_UNSPECIFIED for pid to ignore PID-specific overrides. // for_dns indicates if we're querrying the netId for a DNS request. This avoids sending DNS // requests to VPNs without DNS servers. - unsigned getNetwork(int uid, unsigned requested_netId, int pid, bool for_dns) const; + unsigned getNetwork(int uid, unsigned requested_netId, bool for_dns) const; unsigned getNetworkId(const char* interface); @@ -101,11 +94,9 @@ private: mutable android::RWLock mRWLock; std::list mUidMap; - std::map mPidMap; unsigned mDefaultNetId; std::map mIfaceNetidMap; - unsigned mNextFreeNetId; PermissionsController* const mPermissionsController; RouteController* const mRouteController; diff --git a/SecondaryTableController.cpp b/SecondaryTableController.cpp index dba2880..849a7ae 100644 --- a/SecondaryTableController.cpp +++ b/SecondaryTableController.cpp @@ -409,19 +409,28 @@ int SecondaryTableController::setFwmarkRoute(const char* iface, const char *dest return runCmd(ARRAY_SIZE(rule_cmd), rule_cmd); } -int SecondaryTableController::addUidRule(const char *iface, int uid_start, int uid_end) { - return setUidRule(iface, uid_start, uid_end, true); +int SecondaryTableController::addUidRule(const char *iface, int uid_start, int uid_end, + bool forward_dns) { + return setUidRule(iface, uid_start, uid_end, true, forward_dns); } int SecondaryTableController::removeUidRule(const char *iface, int uid_start, int uid_end) { - return setUidRule(iface, uid_start, uid_end, false); + return setUidRule(iface, uid_start, uid_end, false, false); } -int SecondaryTableController::setUidRule(const char *iface, int uid_start, int uid_end, bool add) { +int SecondaryTableController::setUidRule(const char *iface, int uid_start, int uid_end, bool add, + bool forward_dns) { unsigned netId = mNetCtrl->getNetworkId(iface); - if (!mNetCtrl->setNetworkForUidRange(uid_start, uid_end, add ? netId : 0, false)) { - errno = EINVAL; - return -1; + if (add) { + if (!mNetCtrl->setNetworkForUidRange(uid_start, uid_end, netId, forward_dns)) { + errno = EINVAL; + return -1; + } + } else { + if (!mNetCtrl->clearNetworkForUidRange(uid_start, uid_end, netId)) { + errno = EINVAL; + return -1; + } } char uid_str[24] = {0}; @@ -469,8 +478,7 @@ int SecondaryTableController::setHostExemption(const char *host, bool add) { } void SecondaryTableController::getUidMark(SocketClient *cli, int uid) { - unsigned netId = mNetCtrl->getNetwork(uid, NETID_UNSET, NetworkController::PID_UNSPECIFIED, - false); + unsigned netId = mNetCtrl->getNetwork(uid, NETID_UNSET, false); char mark_str[11]; snprintf(mark_str, sizeof(mark_str), "%u", netId + BASE_TABLE_NUMBER); cli->sendMsg(ResponseCode::GetMarkResult, mark_str, false); diff --git a/SecondaryTableController.h b/SecondaryTableController.h index f3f06e0..9278bb3 100644 --- a/SecondaryTableController.h +++ b/SecondaryTableController.h @@ -50,7 +50,7 @@ public: // Add/remove rules to force packets in a particular range of UIDs over a particular interface. // This is accomplished with a rule specifying these UIDs use the interface's routing chain. - int addUidRule(const char *iface, int uid_start, int uid_end); + int addUidRule(const char *iface, int uid_start, int uid_end, bool forward_dns); int removeUidRule(const char *iface, int uid_start, int uid_end); // Add/remove rules and chains so packets intended for a particular interface use that @@ -85,7 +85,7 @@ public: private: NetworkController *mNetCtrl; - int setUidRule(const char* iface, int uid_start, int uid_end, bool add); + int setUidRule(const char* iface, int uid_start, int uid_end, bool add, bool foward_dns); int setFwmarkRule(const char *iface, bool add); int setFwmarkRoute(const char* iface, const char *dest, int prefix, bool add); int setHostExemption(const char *host, bool add);