1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <binder/IPCThreadState.h>
18 #include <hidl/HidlTransportSupport.h>
19 #include "Controllers.h"
20 #include "Fwmark.h"
21 #include "NetdHwService.h"
22 #include "RouteController.h"
23 #include "TetherController.h"
24 
25 using android::hardware::configureRpcThreadpool;
26 using android::hardware::Void;
27 
28 // Tells TetherController::enableForwarding who is requesting forwarding, so that TetherController
29 // can manage/refcount requests to enable forwarding by multiple parties such as the framework, this
30 // hwbinder interface, and the legacy "ndc ipfwd enable <requester>" commands.
31 namespace {
32 constexpr const char* FORWARDING_REQUESTER = "NetdHwService";
33 }
34 
35 namespace android {
36 namespace net {
37 
toHalStatus(int ret)38 static StatusCode toHalStatus(int ret) {
39     switch(ret) {
40         case 0:
41             return StatusCode::OK;
42         case -EINVAL:
43             return StatusCode::INVALID_ARGUMENTS;
44         case -EEXIST:
45             return StatusCode::ALREADY_EXISTS;
46         case -ENONET:
47             return StatusCode::NO_NETWORK;
48         case -EPERM:
49             return StatusCode::PERMISSION_DENIED;
50         default:
51             ALOGE("HAL service error=%d", ret);
52             return StatusCode::UNKNOWN_ERROR;
53     }
54 }
55 
56 // Minimal service start.
start()57 status_t NetdHwService::start() {
58     IPCThreadState::self()->disableBackgroundScheduling(true);
59     // Usage of this HAL is anticipated to be thin; one thread should suffice.
60     configureRpcThreadpool(1, false /* callerWillNotJoin */);
61     // Register hardware service with ServiceManager.
62     return INetd::registerAsService();
63 }
64 
createOemNetwork(createOemNetwork_cb _hidl_cb)65 Return<void> NetdHwService::createOemNetwork(createOemNetwork_cb _hidl_cb) {
66     unsigned netId;
67     Permission permission = PERMISSION_SYSTEM;
68 
69     int ret = gCtls->netCtrl.createPhysicalOemNetwork(permission, &netId);
70 
71     Fwmark fwmark;
72     fwmark.netId = netId;
73     fwmark.explicitlySelected = true;
74     fwmark.protectedFromVpn = true;
75     fwmark.permission = PERMISSION_SYSTEM;
76     _hidl_cb(netIdToNetHandle(netId), fwmark.intValue, toHalStatus(ret));
77 
78     return Void();
79 }
80 
81 // Vendor code can only modify OEM networks. All other networks are managed by ConnectivityService.
82 #define RETURN_IF_NOT_OEM_NETWORK(netId)              \
83     if (((netId) < NetworkController::MIN_OEM_ID) ||  \
84         ((netId) > NetworkController::MAX_OEM_ID)) {  \
85         return StatusCode::INVALID_ARGUMENTS;  \
86     }
87 
destroyOemNetwork(uint64_t netHandle)88 Return<StatusCode> NetdHwService::destroyOemNetwork(uint64_t netHandle) {
89     unsigned netId = netHandleToNetId(netHandle);
90     RETURN_IF_NOT_OEM_NETWORK(netId);
91 
92     return toHalStatus(gCtls->netCtrl.destroyNetwork(netId));
93 }
94 
maybeNullString(const hidl_string & nexthop)95 const char* maybeNullString(const hidl_string& nexthop) {
96     // HIDL strings can't be null, but RouteController wants null instead of an empty string.
97     const char* nh = nexthop.c_str();
98     if (nh && !*nh) {
99         nh = nullptr;
100     }
101     return nh;
102 }
103 
addRouteToOemNetwork(uint64_t networkHandle,const hidl_string & ifname,const hidl_string & destination,const hidl_string & nexthop)104 Return <StatusCode> NetdHwService::addRouteToOemNetwork(
105         uint64_t networkHandle, const hidl_string& ifname, const hidl_string& destination,
106         const hidl_string& nexthop) {
107     unsigned netId = netHandleToNetId(networkHandle);
108     RETURN_IF_NOT_OEM_NETWORK(netId);
109 
110     return toHalStatus(gCtls->netCtrl.addRoute(netId, ifname.c_str(), destination.c_str(),
111                                                maybeNullString(nexthop), false, INVALID_UID,
112                                                0 /* mtu */));
113 }
114 
removeRouteFromOemNetwork(uint64_t networkHandle,const hidl_string & ifname,const hidl_string & destination,const hidl_string & nexthop)115 Return <StatusCode> NetdHwService::removeRouteFromOemNetwork(
116         uint64_t networkHandle, const hidl_string& ifname, const hidl_string& destination,
117         const hidl_string& nexthop) {
118     unsigned netId = netHandleToNetId(networkHandle);
119     RETURN_IF_NOT_OEM_NETWORK(netId);
120 
121     return toHalStatus(gCtls->netCtrl.removeRoute(netId, ifname.c_str(), destination.c_str(),
122                                                   maybeNullString(nexthop), false, INVALID_UID));
123 }
124 
addInterfaceToOemNetwork(uint64_t networkHandle,const hidl_string & ifname)125 Return <StatusCode> NetdHwService::addInterfaceToOemNetwork(uint64_t networkHandle,
126                                                             const hidl_string& ifname) {
127     unsigned netId = netHandleToNetId(networkHandle);
128     RETURN_IF_NOT_OEM_NETWORK(netId);
129 
130     return toHalStatus(gCtls->netCtrl.addInterfaceToNetwork(netId, ifname.c_str()));
131 }
132 
removeInterfaceFromOemNetwork(uint64_t networkHandle,const hidl_string & ifname)133 Return <StatusCode> NetdHwService::removeInterfaceFromOemNetwork(uint64_t networkHandle,
134                                                                  const hidl_string& ifname) {
135     unsigned netId = netHandleToNetId(networkHandle);
136     RETURN_IF_NOT_OEM_NETWORK(netId);
137 
138     return toHalStatus(gCtls->netCtrl.removeInterfaceFromNetwork(netId, ifname.c_str()));
139 }
140 
setIpForwardEnable(bool enable)141 Return <StatusCode> NetdHwService::setIpForwardEnable(bool enable) {
142     std::lock_guard _lock(gCtls->tetherCtrl.lock);
143 
144     bool success = enable ? gCtls->tetherCtrl.enableForwarding(FORWARDING_REQUESTER) :
145                             gCtls->tetherCtrl.disableForwarding(FORWARDING_REQUESTER);
146 
147     return success ? StatusCode::OK : StatusCode::UNKNOWN_ERROR;
148 }
149 
setForwardingBetweenInterfaces(const hidl_string & inputIfName,const hidl_string & outputIfName,bool enable)150 Return <StatusCode> NetdHwService::setForwardingBetweenInterfaces(
151         const hidl_string& inputIfName, const hidl_string& outputIfName, bool enable) {
152     std::lock_guard _lock(gCtls->tetherCtrl.lock);
153 
154     // TODO: check that one interface is an OEM interface and the other is another OEM interface, an
155     // IPsec interface or a dummy interface.
156     int ret = enable ? RouteController::enableTethering(inputIfName.c_str(), outputIfName.c_str()) :
157                        RouteController::disableTethering(inputIfName.c_str(), outputIfName.c_str());
158     return toHalStatus(ret);
159 }
160 
161 }  // namespace net
162 }  // namespace android
163