1 /** 2 * Copyright (c) 2016, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define LOG_TAG "Netd" 18 19 #include <vector> 20 21 #include <android-base/stringprintf.h> 22 #include <cutils/log.h> 23 #include <cutils/properties.h> 24 #include <utils/Errors.h> 25 #include <utils/String16.h> 26 27 #include <binder/IPCThreadState.h> 28 #include <binder/IServiceManager.h> 29 #include "android/net/BnNetd.h" 30 31 #include <openssl/base64.h> 32 33 #include "Controllers.h" 34 #include "DumpWriter.h" 35 #include "EventReporter.h" 36 #include "InterfaceController.h" 37 #include "NetdConstants.h" 38 #include "NetdNativeService.h" 39 #include "RouteController.h" 40 #include "SockDiag.h" 41 #include "UidRanges.h" 42 43 using android::base::StringPrintf; 44 45 namespace android { 46 namespace net { 47 48 namespace { 49 50 const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL"; 51 const char NETWORK_STACK[] = "android.permission.NETWORK_STACK"; 52 const char DUMP[] = "android.permission.DUMP"; 53 54 binder::Status toBinderStatus(const netdutils::Status s) { 55 if (isOk(s)) { 56 return binder::Status::ok(); 57 } 58 return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str()); 59 } 60 61 binder::Status checkPermission(const char *permission) { 62 pid_t pid; 63 uid_t uid; 64 65 if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) { 66 return binder::Status::ok(); 67 } else { 68 auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission); 69 return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str())); 70 } 71 } 72 73 binder::Status getXfrmStatus(int xfrmCode) { 74 switch(xfrmCode) { 75 case 0: 76 return binder::Status::ok(); 77 case -ENOENT: 78 return binder::Status::fromServiceSpecificError(xfrmCode); 79 } 80 return binder::Status::fromExceptionCode(xfrmCode); 81 } 82 83 #define ENFORCE_DEBUGGABLE() { \ 84 char value[PROPERTY_VALUE_MAX + 1]; \ 85 if (property_get("ro.debuggable", value, NULL) != 1 \ 86 || value[0] != '1') { \ 87 return binder::Status::fromExceptionCode( \ 88 binder::Status::EX_SECURITY, \ 89 String8("Not available in production builds.") \ 90 ); \ 91 } \ 92 } 93 94 #define ENFORCE_PERMISSION(permission) { \ 95 binder::Status status = checkPermission((permission)); \ 96 if (!status.isOk()) { \ 97 return status; \ 98 } \ 99 } 100 101 #define NETD_LOCKING_RPC(permission, lock) \ 102 ENFORCE_PERMISSION(permission); \ 103 android::RWLock::AutoWLock _lock(lock); 104 105 #define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock) 106 } // namespace 107 108 109 status_t NetdNativeService::start() { 110 IPCThreadState::self()->disableBackgroundScheduling(true); 111 status_t ret = BinderService<NetdNativeService>::publish(); 112 if (ret != android::OK) { 113 return ret; 114 } 115 sp<ProcessState> ps(ProcessState::self()); 116 ps->startThreadPool(); 117 ps->giveThreadPoolName(); 118 return android::OK; 119 } 120 121 status_t NetdNativeService::dump(int fd, const Vector<String16> & /* args */) { 122 const binder::Status dump_permission = checkPermission(DUMP); 123 if (!dump_permission.isOk()) { 124 const String8 msg(dump_permission.toString8()); 125 write(fd, msg.string(), msg.size()); 126 return PERMISSION_DENIED; 127 } 128 129 // This method does not grab any locks. If individual classes need locking 130 // their dump() methods MUST handle locking appropriately. 131 DumpWriter dw(fd); 132 dw.blankline(); 133 gCtls->netCtrl.dump(dw); 134 dw.blankline(); 135 136 return NO_ERROR; 137 } 138 139 binder::Status NetdNativeService::isAlive(bool *alive) { 140 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 141 142 *alive = true; 143 return binder::Status::ok(); 144 } 145 146 binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName, 147 bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) { 148 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock); 149 150 android::String8 name = android::String8(chainName); 151 int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids); 152 *ret = (err == 0); 153 return binder::Status::ok(); 154 } 155 156 binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) { 157 NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock); 158 159 int err = gCtls->bandwidthCtrl.enableDataSaver(enable); 160 *ret = (err == 0); 161 return binder::Status::ok(); 162 } 163 164 binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add, 165 const std::vector<UidRange>& uidRangeArray) { 166 // TODO: elsewhere RouteController is only used from the tethering and network controllers, so 167 // it should be possible to use the same lock as NetworkController. However, every call through 168 // the CommandListener "network" command will need to hold this lock too, not just the ones that 169 // read/modify network internal state (that is sufficient for ::dump() because it doesn't 170 // look at routes, but it's not enough here). 171 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 172 173 UidRanges uidRanges(uidRangeArray); 174 175 int err; 176 if (add) { 177 err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges); 178 } else { 179 err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges); 180 } 181 182 if (err != 0) { 183 return binder::Status::fromServiceSpecificError(-err, 184 String8::format("RouteController error: %s", strerror(-err))); 185 } 186 return binder::Status::ok(); 187 } 188 189 binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids, 190 const std::vector<int32_t>& skipUids) { 191 192 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 193 194 SockDiag sd; 195 if (!sd.open()) { 196 return binder::Status::fromServiceSpecificError(EIO, 197 String8("Could not open SOCK_DIAG socket")); 198 } 199 200 UidRanges uidRanges(uids); 201 int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()), 202 true /* excludeLoopback */); 203 204 if (err) { 205 return binder::Status::fromServiceSpecificError(-err, 206 String8::format("destroySockets: %s", strerror(-err))); 207 } 208 return binder::Status::ok(); 209 } 210 211 binder::Status NetdNativeService::setResolverConfiguration(int32_t netId, 212 const std::vector<std::string>& servers, const std::vector<std::string>& domains, 213 const std::vector<int32_t>& params) { 214 // This function intentionally does not lock within Netd, as Bionic is thread-safe. 215 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 216 217 int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params); 218 if (err != 0) { 219 return binder::Status::fromServiceSpecificError(-err, 220 String8::format("ResolverController error: %s", strerror(-err))); 221 } 222 return binder::Status::ok(); 223 } 224 225 binder::Status NetdNativeService::getResolverInfo(int32_t netId, 226 std::vector<std::string>* servers, std::vector<std::string>* domains, 227 std::vector<int32_t>* params, std::vector<int32_t>* stats) { 228 // This function intentionally does not lock within Netd, as Bionic is thread-safe. 229 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 230 231 int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats); 232 if (err != 0) { 233 return binder::Status::fromServiceSpecificError(-err, 234 String8::format("ResolverController error: %s", strerror(-err))); 235 } 236 return binder::Status::ok(); 237 } 238 239 binder::Status NetdNativeService::addPrivateDnsServer(const std::string& server, int32_t port, 240 const std::string& fingerprintAlgorithm, const std::vector<std::string>& fingerprints) { 241 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 242 std::set<std::vector<uint8_t>> decoded_fingerprints; 243 for (const std::string& input : fingerprints) { 244 size_t out_len; 245 if (EVP_DecodedLength(&out_len, input.size()) != 1) { 246 return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT, 247 "ResolverController error: bad fingerprint length"); 248 } 249 // out_len is now an upper bound on the output length. 250 std::vector<uint8_t> decoded(out_len); 251 if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(), 252 reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) { 253 // Possibly shrink the vector if the actual output was smaller than the bound. 254 decoded.resize(out_len); 255 } else { 256 return binder::Status::fromServiceSpecificError(INetd::PRIVATE_DNS_BAD_FINGERPRINT, 257 "ResolverController error: Base64 parsing failed"); 258 } 259 decoded_fingerprints.insert(decoded); 260 } 261 const int err = gCtls->resolverCtrl.addPrivateDnsServer(server, port, 262 fingerprintAlgorithm, decoded_fingerprints); 263 if (err != INetd::PRIVATE_DNS_SUCCESS) { 264 return binder::Status::fromServiceSpecificError(err, 265 String8::format("ResolverController error: %d", err)); 266 } 267 return binder::Status::ok(); 268 } 269 270 binder::Status NetdNativeService::removePrivateDnsServer(const std::string& server) { 271 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 272 const int err = gCtls->resolverCtrl.removePrivateDnsServer(server); 273 if (err != INetd::PRIVATE_DNS_SUCCESS) { 274 return binder::Status::fromServiceSpecificError(err, 275 String8::format("ResolverController error: %d", err)); 276 } 277 return binder::Status::ok(); 278 } 279 280 binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) { 281 NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL); 282 283 *ret = gCtls->tetherCtrl.applyDnsInterfaces(); 284 return binder::Status::ok(); 285 } 286 287 binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName, 288 const std::string &addrString, int prefixLength) { 289 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 290 291 const int err = InterfaceController::addAddress( 292 ifName.c_str(), addrString.c_str(), prefixLength); 293 if (err != 0) { 294 return binder::Status::fromServiceSpecificError(-err, 295 String8::format("InterfaceController error: %s", strerror(-err))); 296 } 297 return binder::Status::ok(); 298 } 299 300 binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName, 301 const std::string &addrString, int prefixLength) { 302 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 303 304 const int err = InterfaceController::delAddress( 305 ifName.c_str(), addrString.c_str(), prefixLength); 306 if (err != 0) { 307 return binder::Status::fromServiceSpecificError(-err, 308 String8::format("InterfaceController error: %s", strerror(-err))); 309 } 310 return binder::Status::ok(); 311 } 312 313 binder::Status NetdNativeService::setProcSysNet( 314 int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter, 315 const std::string &value) { 316 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 317 318 const char *familyStr; 319 switch (family) { 320 case INetd::IPV4: 321 familyStr = "ipv4"; 322 break; 323 case INetd::IPV6: 324 familyStr = "ipv6"; 325 break; 326 default: 327 return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family")); 328 } 329 330 const char *whichStr; 331 switch (which) { 332 case INetd::CONF: 333 whichStr = "conf"; 334 break; 335 case INetd::NEIGH: 336 whichStr = "neigh"; 337 break; 338 default: 339 return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category")); 340 } 341 342 const int err = InterfaceController::setParameter( 343 familyStr, whichStr, ifname.c_str(), parameter.c_str(), 344 value.c_str()); 345 if (err != 0) { 346 return binder::Status::fromServiceSpecificError(-err, 347 String8::format("ResolverController error: %s", strerror(-err))); 348 } 349 return binder::Status::ok(); 350 } 351 352 binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) { 353 // This function intentionally does not lock, since the only thing it does is one read from an 354 // atomic_int. 355 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 356 ENFORCE_DEBUGGABLE(); 357 358 *reportingLevel = gCtls->eventReporter.getMetricsReportingLevel(); 359 return binder::Status::ok(); 360 } 361 362 binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) { 363 // This function intentionally does not lock, since the only thing it does is one write to an 364 // atomic_int. 365 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 366 ENFORCE_DEBUGGABLE(); 367 368 return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0) 369 ? binder::Status::ok() 370 : binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT); 371 } 372 373 binder::Status NetdNativeService::ipSecAllocateSpi( 374 int32_t transformId, 375 int32_t direction, 376 const std::string& localAddress, 377 const std::string& remoteAddress, 378 int32_t inSpi, 379 int32_t* outSpi) { 380 // Necessary locking done in IpSecService and kernel 381 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 382 ALOGD("ipSecAllocateSpi()"); 383 return getXfrmStatus(gCtls->xfrmCtrl.ipSecAllocateSpi( 384 transformId, 385 direction, 386 localAddress, 387 remoteAddress, 388 inSpi, 389 outSpi)); 390 } 391 392 binder::Status NetdNativeService::ipSecAddSecurityAssociation( 393 int32_t transformId, 394 int32_t mode, 395 int32_t direction, 396 const std::string& localAddress, 397 const std::string& remoteAddress, 398 int64_t underlyingNetworkHandle, 399 int32_t spi, 400 const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits, 401 const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits, 402 int32_t encapType, 403 int32_t encapLocalPort, 404 int32_t encapRemotePort) { 405 // Necessary locking done in IpSecService and kernel 406 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 407 ALOGD("ipSecAddSecurityAssociation()"); 408 return getXfrmStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation( 409 transformId, mode, direction, localAddress, remoteAddress, 410 underlyingNetworkHandle, 411 spi, 412 authAlgo, authKey, authTruncBits, 413 cryptAlgo, cryptKey, cryptTruncBits, 414 encapType, encapLocalPort, encapRemotePort)); 415 } 416 417 binder::Status NetdNativeService::ipSecDeleteSecurityAssociation( 418 int32_t transformId, 419 int32_t direction, 420 const std::string& localAddress, 421 const std::string& remoteAddress, 422 int32_t spi) { 423 // Necessary locking done in IpSecService and kernel 424 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 425 ALOGD("ipSecDeleteSecurityAssociation()"); 426 return getXfrmStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation( 427 transformId, 428 direction, 429 localAddress, 430 remoteAddress, 431 spi)); 432 } 433 434 binder::Status NetdNativeService::ipSecApplyTransportModeTransform( 435 const android::base::unique_fd& socket, 436 int32_t transformId, 437 int32_t direction, 438 const std::string& localAddress, 439 const std::string& remoteAddress, 440 int32_t spi) { 441 // Necessary locking done in IpSecService and kernel 442 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 443 ALOGD("ipSecApplyTransportModeTransform()"); 444 return getXfrmStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform( 445 socket, 446 transformId, 447 direction, 448 localAddress, 449 remoteAddress, 450 spi)); 451 } 452 453 binder::Status NetdNativeService::ipSecRemoveTransportModeTransform( 454 const android::base::unique_fd& socket) { 455 // Necessary locking done in IpSecService and kernel 456 ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL); 457 ALOGD("ipSecRemoveTransportModeTransform()"); 458 return getXfrmStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform( 459 socket)); 460 } 461 462 binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName, 463 int32_t mode) { 464 ENFORCE_PERMISSION(NETWORK_STACK); 465 return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode)); 466 } 467 468 binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName, 469 const std::string& prefix, int32_t mark, 470 int32_t mask) { 471 ENFORCE_PERMISSION(NETWORK_STACK); 472 return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask)); 473 } 474 475 binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName, 476 const std::string& prefix, int32_t mark, 477 int32_t mask) { 478 ENFORCE_PERMISSION(NETWORK_STACK); 479 return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask)); 480 } 481 482 } // namespace net 483 } // namespace android 484