1*8542734aSAndroid Build Coastguard Worker /* 2*8542734aSAndroid Build Coastguard Worker * Copyright (C) 2012 The Android Open Source Project 3*8542734aSAndroid Build Coastguard Worker * 4*8542734aSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*8542734aSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*8542734aSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*8542734aSAndroid Build Coastguard Worker * 8*8542734aSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*8542734aSAndroid Build Coastguard Worker * 10*8542734aSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*8542734aSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*8542734aSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*8542734aSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*8542734aSAndroid Build Coastguard Worker * limitations under the License. 15*8542734aSAndroid Build Coastguard Worker */ 16*8542734aSAndroid Build Coastguard Worker 17*8542734aSAndroid Build Coastguard Worker #pragma once 18*8542734aSAndroid Build Coastguard Worker 19*8542734aSAndroid Build Coastguard Worker #include <ifaddrs.h> 20*8542734aSAndroid Build Coastguard Worker #include <netdb.h> 21*8542734aSAndroid Build Coastguard Worker #include <stddef.h> 22*8542734aSAndroid Build Coastguard Worker #include <stdint.h> 23*8542734aSAndroid Build Coastguard Worker 24*8542734aSAndroid Build Coastguard Worker #include <mutex> 25*8542734aSAndroid Build Coastguard Worker #include <string> 26*8542734aSAndroid Build Coastguard Worker 27*8542734aSAndroid Build Coastguard Worker #include "android/net/INetd.h" 28*8542734aSAndroid Build Coastguard Worker 29*8542734aSAndroid Build Coastguard Worker #include <netdutils/UidConstants.h> 30*8542734aSAndroid Build Coastguard Worker #include <private/android_filesystem_config.h> 31*8542734aSAndroid Build Coastguard Worker 32*8542734aSAndroid Build Coastguard Worker enum IptablesTarget { V4, V6, V4V6 }; 33*8542734aSAndroid Build Coastguard Worker 34*8542734aSAndroid Build Coastguard Worker int execIptablesRestore(IptablesTarget target, const std::string& commands); 35*8542734aSAndroid Build Coastguard Worker int execIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands, 36*8542734aSAndroid Build Coastguard Worker std::string *output); 37*8542734aSAndroid Build Coastguard Worker int execIptablesRestoreCommand(IptablesTarget target, const std::string& table, 38*8542734aSAndroid Build Coastguard Worker const std::string& command, std::string *output); 39*8542734aSAndroid Build Coastguard Worker bool isIfaceName(const std::string& name); 40*8542734aSAndroid Build Coastguard Worker int parsePrefix(const char *prefix, uint8_t *family, void *address, int size, uint8_t *prefixlen); 41*8542734aSAndroid Build Coastguard Worker void blockSigpipe(); 42*8542734aSAndroid Build Coastguard Worker void setCloseOnExec(const char *sock); 43*8542734aSAndroid Build Coastguard Worker 44*8542734aSAndroid Build Coastguard Worker void stopProcess(int pid, const char* processName); 45*8542734aSAndroid Build Coastguard Worker 46*8542734aSAndroid Build Coastguard Worker // TODO: use std::size() instead. 47*8542734aSAndroid Build Coastguard Worker #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) 48*8542734aSAndroid Build Coastguard Worker 49*8542734aSAndroid Build Coastguard Worker #define __INT_STRLEN(i) sizeof(#i) 50*8542734aSAndroid Build Coastguard Worker #define _INT_STRLEN(i) __INT_STRLEN(i) 51*8542734aSAndroid Build Coastguard Worker #define INT32_STRLEN _INT_STRLEN(INT32_MIN) 52*8542734aSAndroid Build Coastguard Worker #define UINT32_STRLEN _INT_STRLEN(UINT32_MAX) 53*8542734aSAndroid Build Coastguard Worker #define UINT32_HEX_STRLEN sizeof("0x12345678") 54*8542734aSAndroid Build Coastguard Worker #define IPSEC_IFACE_PREFIX "ipsec" 55*8542734aSAndroid Build Coastguard Worker 56*8542734aSAndroid Build Coastguard Worker const uid_t INVALID_UID = static_cast<uid_t>(-1); 57*8542734aSAndroid Build Coastguard Worker 58*8542734aSAndroid Build Coastguard Worker constexpr char TCP_RMEM_PROC_FILE[] = "/proc/sys/net/ipv4/tcp_rmem"; 59*8542734aSAndroid Build Coastguard Worker constexpr char TCP_WMEM_PROC_FILE[] = "/proc/sys/net/ipv4/tcp_wmem"; 60*8542734aSAndroid Build Coastguard Worker 61*8542734aSAndroid Build Coastguard Worker struct IfaddrsDeleter { operatorIfaddrsDeleter62*8542734aSAndroid Build Coastguard Worker void operator()(struct ifaddrs *p) const { 63*8542734aSAndroid Build Coastguard Worker if (p != nullptr) { 64*8542734aSAndroid Build Coastguard Worker freeifaddrs(p); 65*8542734aSAndroid Build Coastguard Worker } 66*8542734aSAndroid Build Coastguard Worker } 67*8542734aSAndroid Build Coastguard Worker }; 68*8542734aSAndroid Build Coastguard Worker 69*8542734aSAndroid Build Coastguard Worker typedef std::unique_ptr<struct ifaddrs, struct IfaddrsDeleter> ScopedIfaddrs; 70*8542734aSAndroid Build Coastguard Worker 71*8542734aSAndroid Build Coastguard Worker namespace android::net { 72*8542734aSAndroid Build Coastguard Worker 73*8542734aSAndroid Build Coastguard Worker /** 74*8542734aSAndroid Build Coastguard Worker * This lock exists to make NetdNativeService RPCs (which come in on multiple Binder threads) 75*8542734aSAndroid Build Coastguard Worker * coexist with the commands in CommandListener.cpp. These are presumed not thread-safe because 76*8542734aSAndroid Build Coastguard Worker * CommandListener has only one user (NetworkManagementService), which is connected through a 77*8542734aSAndroid Build Coastguard Worker * FrameworkListener that passes in commands one at a time. 78*8542734aSAndroid Build Coastguard Worker */ 79*8542734aSAndroid Build Coastguard Worker extern std::mutex gBigNetdLock; 80*8542734aSAndroid Build Coastguard Worker 81*8542734aSAndroid Build Coastguard Worker enum FirewallRule { ALLOW = INetd::FIREWALL_RULE_ALLOW, DENY = INetd::FIREWALL_RULE_DENY }; 82*8542734aSAndroid Build Coastguard Worker 83*8542734aSAndroid Build Coastguard Worker // ALLOWLIST means the firewall denies all by default, uids must be explicitly ALLOWed 84*8542734aSAndroid Build Coastguard Worker // DENYLIST means the firewall allows all by default, uids must be explicitly DENYed 85*8542734aSAndroid Build Coastguard Worker 86*8542734aSAndroid Build Coastguard Worker enum FirewallType { ALLOWLIST = INetd::FIREWALL_ALLOWLIST, DENYLIST = INetd::FIREWALL_DENYLIST }; 87*8542734aSAndroid Build Coastguard Worker 88*8542734aSAndroid Build Coastguard Worker enum ChildChain { 89*8542734aSAndroid Build Coastguard Worker NONE = INetd::FIREWALL_CHAIN_NONE, 90*8542734aSAndroid Build Coastguard Worker DOZABLE = INetd::FIREWALL_CHAIN_DOZABLE, 91*8542734aSAndroid Build Coastguard Worker STANDBY = INetd::FIREWALL_CHAIN_STANDBY, 92*8542734aSAndroid Build Coastguard Worker POWERSAVE = INetd::FIREWALL_CHAIN_POWERSAVE, 93*8542734aSAndroid Build Coastguard Worker RESTRICTED = INetd::FIREWALL_CHAIN_RESTRICTED, 94*8542734aSAndroid Build Coastguard Worker INVALID_CHAIN 95*8542734aSAndroid Build Coastguard Worker }; 96*8542734aSAndroid Build Coastguard Worker 97*8542734aSAndroid Build Coastguard Worker } // namespace android::net 98