Home | History | Annotate | Download | only in server 
      1 /*
      2  * Copyright (C) 2012 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #include <stdio.h>
     18 #include <stdlib.h>
     19 #include <sys/types.h>
     20 #include <sys/wait.h>
     21 #include <errno.h>
     22 #include <string.h>
     23 #include <unistd.h>
     24 
     25 #define LOG_TAG "OemIptablesHook"
     26 #include <cutils/log.h>
     27 #include <logwrap/logwrap.h>
     28 #include "NetdConstants.h"
     29 
     30 static int runIptablesCmd(int argc, const char **argv) {
     31     int res;
     32 
     33     res = android_fork_execvp(argc, (char **)argv, NULL, false, false);
     34     return res;
     35 }
     36 
     37 static bool oemCleanupHooks() {
     38     const char *cmd1[] = {
     39             IPTABLES_PATH,
     40             "-F",
     41             "oem_out"
     42     };
     43     runIptablesCmd(ARRAY_SIZE(cmd1), cmd1);
     44 
     45     const char *cmd2[] = {
     46             IPTABLES_PATH,
     47             "-F",
     48             "oem_fwd"
     49     };
     50     runIptablesCmd(ARRAY_SIZE(cmd2), cmd2);
     51 
     52     const char *cmd3[] = {
     53             IPTABLES_PATH,
     54             "-t",
     55             "nat",
     56             "-F",
     57             "oem_nat_pre"
     58     };
     59     runIptablesCmd(ARRAY_SIZE(cmd3), cmd3);
     60     return true;
     61 }
     62 
     63 static bool oemInitChains() {
     64     int ret = system(OEM_SCRIPT_PATH);
     65     if ((-1 == ret) || (0 != WEXITSTATUS(ret))) {
     66         ALOGE("%s failed: %s", OEM_SCRIPT_PATH, strerror(errno));
     67         oemCleanupHooks();
     68         return false;
     69     }
     70     return true;
     71 }
     72 
     73 
     74 void setupOemIptablesHook() {
     75     if (0 == access(OEM_SCRIPT_PATH, R_OK | X_OK)) {
     76         // The call to oemCleanupHooks() is superfluous when done on bootup,
     77         // but is needed for the case where netd has crashed/stopped and is
     78         // restarted.
     79         if (oemCleanupHooks() && oemInitChains()) {
     80             ALOGI("OEM iptable hook installed.");
     81         }
     82     }
     83 }
     84