1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <sys/types.h> 20 #include <sys/wait.h> 21 #include <errno.h> 22 #include <string.h> 23 #include <unistd.h> 24 25 #define LOG_TAG "OemIptablesHook" 26 #include <cutils/log.h> 27 #include <logwrap/logwrap.h> 28 #include "NetdConstants.h" 29 30 static bool oemCleanupHooks() { 31 std::string cmd = 32 "*filter\n" 33 ":oem_out -\n" 34 ":oem_fwd -\n" 35 "COMMIT\n" 36 "*nat\n" 37 ":oem_nat_pre -\n" 38 "COMMIT\n"; 39 40 return (execIptablesRestore(V4V6, cmd) == 0); 41 } 42 43 static bool oemInitChains() { 44 int ret = system(OEM_SCRIPT_PATH); 45 if ((-1 == ret) || (0 != WEXITSTATUS(ret))) { 46 ALOGE("%s failed: %s", OEM_SCRIPT_PATH, strerror(errno)); 47 oemCleanupHooks(); 48 return false; 49 } 50 return true; 51 } 52 53 54 void setupOemIptablesHook() { 55 if (0 == access(OEM_SCRIPT_PATH, R_OK | X_OK)) { 56 // The call to oemCleanupHooks() is superfluous when done on bootup, 57 // but is needed for the case where netd has crashed/stopped and is 58 // restarted. 59 if (oemCleanupHooks() && oemInitChains()) { 60 ALOGI("OEM iptable hook installed."); 61 } 62 } 63 } 64
