1*8542734aSAndroid Build Coastguard Worker /* 2*8542734aSAndroid Build Coastguard Worker * Copyright (C) 2014 The Android Open Source Project 3*8542734aSAndroid Build Coastguard Worker * 4*8542734aSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*8542734aSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*8542734aSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*8542734aSAndroid Build Coastguard Worker * 8*8542734aSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*8542734aSAndroid Build Coastguard Worker * 10*8542734aSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*8542734aSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*8542734aSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*8542734aSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*8542734aSAndroid Build Coastguard Worker * limitations under the License. 15*8542734aSAndroid Build Coastguard Worker */ 16*8542734aSAndroid Build Coastguard Worker 17*8542734aSAndroid Build Coastguard Worker #ifndef _STRICT_CONTROLLER_H 18*8542734aSAndroid Build Coastguard Worker #define _STRICT_CONTROLLER_H 19*8542734aSAndroid Build Coastguard Worker 20*8542734aSAndroid Build Coastguard Worker #include <string> 21*8542734aSAndroid Build Coastguard Worker 22*8542734aSAndroid Build Coastguard Worker #include "NetdConstants.h" 23*8542734aSAndroid Build Coastguard Worker 24*8542734aSAndroid Build Coastguard Worker enum StrictPenalty { INVALID, ACCEPT, LOG, REJECT }; 25*8542734aSAndroid Build Coastguard Worker 26*8542734aSAndroid Build Coastguard Worker /* 27*8542734aSAndroid Build Coastguard Worker * Help apps catch unwanted low-level networking behavior, like 28*8542734aSAndroid Build Coastguard Worker * connections not wrapped in TLS. 29*8542734aSAndroid Build Coastguard Worker */ 30*8542734aSAndroid Build Coastguard Worker class StrictController { 31*8542734aSAndroid Build Coastguard Worker public: 32*8542734aSAndroid Build Coastguard Worker StrictController(); 33*8542734aSAndroid Build Coastguard Worker 34*8542734aSAndroid Build Coastguard Worker int setupIptablesHooks(void); 35*8542734aSAndroid Build Coastguard Worker int resetChains(void); 36*8542734aSAndroid Build Coastguard Worker 37*8542734aSAndroid Build Coastguard Worker int setUidCleartextPenalty(uid_t, StrictPenalty); 38*8542734aSAndroid Build Coastguard Worker 39*8542734aSAndroid Build Coastguard Worker static const char* LOCAL_OUTPUT; 40*8542734aSAndroid Build Coastguard Worker static const char* LOCAL_CLEAR_DETECT; 41*8542734aSAndroid Build Coastguard Worker static const char* LOCAL_CLEAR_CAUGHT; 42*8542734aSAndroid Build Coastguard Worker static const char* LOCAL_PENALTY_LOG; 43*8542734aSAndroid Build Coastguard Worker static const char* LOCAL_PENALTY_REJECT; 44*8542734aSAndroid Build Coastguard Worker std::mutex lock; 45*8542734aSAndroid Build Coastguard Worker 46*8542734aSAndroid Build Coastguard Worker protected: 47*8542734aSAndroid Build Coastguard Worker // For testing. 48*8542734aSAndroid Build Coastguard Worker friend class StrictControllerTest; 49*8542734aSAndroid Build Coastguard Worker static int (*execIptablesRestore)(IptablesTarget target, const std::string& commands); 50*8542734aSAndroid Build Coastguard Worker }; 51*8542734aSAndroid Build Coastguard Worker 52*8542734aSAndroid Build Coastguard Worker #endif 53