/**
* Copyright (c) 2016, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net;
import android.net.UidRange;
/** {@hide} */
interface INetd {
/**
* Returns true if the service is responding.
*/
boolean isAlive();
/**
* Replaces the contents of the specified UID-based firewall chain.
*
* The chain may be a whitelist chain or a blacklist chain. A blacklist chain contains DROP
* rules for the specified UIDs and a RETURN rule at the end. A whitelist chain contains RETURN
* rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for for the specified
* UIDs, and a DROP rule at the end. The chain will be created if it does not exist.
*
* @param chainName The name of the chain to replace.
* @param isWhitelist Whether this is a whitelist or blacklist chain.
* @param uids The list of UIDs to allow/deny.
* @return true if the chain was successfully replaced, false otherwise.
*/
boolean firewallReplaceUidChain(String chainName, boolean isWhitelist, in int[] uids);
/**
* Enables or disables data saver mode on costly network interfaces.
*
* - When disabled, all packets to/from apps in the penalty box chain are rejected on costly
* interfaces. Traffic to/from other apps or on other network interfaces is allowed.
* - When enabled, only apps that are in the happy box chain and not in the penalty box chain
* are allowed network connectivity on costly interfaces. All other packets on these
* interfaces are rejected. The happy box chain always contains all system UIDs; to disallow
* traffic from system UIDs, place them in the penalty box chain.
*
* By default, data saver mode is disabled. This command has no effect but might still return an
* error) if {@code enable} is the same as the current value.
*
* @param enable whether to enable or disable data saver mode.
* @return true if the if the operation was successful, false otherwise.
*/
boolean bandwidthEnableDataSaver(boolean enable);
/**
* Adds or removes one rule for each supplied UID range to prohibit all network activity outside
* of secure VPN.
*
* When a UID is covered by one of these rules, traffic sent through any socket that is not
* protected or explicitly overriden by the system will be rejected. The kernel will respond
* with an ICMP prohibit message.
*
* Initially, there are no such rules. Any rules that are added will only last until the next
* restart of netd or the device.
*
* @param add {@code true} if the specified UID ranges should be denied access to any network
* which is not secure VPN by adding rules, {@code false} to remove existing rules.
* @param uidRanges a set of non-overlapping, contiguous ranges of UIDs to which to apply or
* remove this restriction.
* Added rules should not overlap with existing rules. Likewise, removed rules should
* each correspond to an existing rule.
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void networkRejectNonSecureVpn(boolean add, in UidRange[] uidRanges);
/**
* Administratively closes sockets belonging to the specified UIDs.
*/
void socketDestroy(in UidRange[] uidRanges, in int[] exemptUids);
// Array indices for resolver parameters.
const int RESOLVER_PARAMS_SAMPLE_VALIDITY = 0;
const int RESOLVER_PARAMS_SUCCESS_THRESHOLD = 1;
const int RESOLVER_PARAMS_MIN_SAMPLES = 2;
const int RESOLVER_PARAMS_MAX_SAMPLES = 3;
const int RESOLVER_PARAMS_COUNT = 4;
/**
* Sets the name servers, search domains and resolver params for the given network. Flushes the
* cache as needed (i.e. when the servers or the number of samples to store changes).
*
* @param netId the network ID of the network for which information should be configured.
* @param servers the DNS servers to configure for the network.
* @param domains the search domains to configure.
* @param params the params to set. This array contains RESOLVER_PARAMS_COUNT integers that
* encode the contents of Bionic's __res_params struct, i.e. sample_validity is stored at
* position RESOLVER_PARAMS_SAMPLE_VALIDITY, etc.
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void setResolverConfiguration(int netId, in @utf8InCpp String[] servers,
in @utf8InCpp String[] domains, in int[] params);
// Array indices for resolver stats.
const int RESOLVER_STATS_SUCCESSES = 0;
const int RESOLVER_STATS_ERRORS = 1;
const int RESOLVER_STATS_TIMEOUTS = 2;
const int RESOLVER_STATS_INTERNAL_ERRORS = 3;
const int RESOLVER_STATS_RTT_AVG = 4;
const int RESOLVER_STATS_LAST_SAMPLE_TIME = 5;
const int RESOLVER_STATS_USABLE = 6;
const int RESOLVER_STATS_COUNT = 7;
/**
* Retrieves the name servers, search domains and resolver stats associated with the given
* network ID.
*
* @param netId the network ID of the network for which information should be retrieved.
* @param servers the DNS servers that are currently configured for the network.
* @param domains the search domains currently configured.
* @param params the resolver parameters configured, i.e. the contents of __res_params in order.
* @param stats the stats for each server in the order specified by RESOLVER_STATS_XXX
* constants, serialized as an int array. The contents of this array are the number of
*
* - successes,
*
- errors,
*
- timeouts,
*
- internal errors,
*
- the RTT average,
*
- the time of the last recorded sample,
*
- and an integer indicating whether the server is usable (1) or broken (0).
*
* in this order. For example, the timeout counter for server N is stored at position
* RESOLVER_STATS_COUNT*N + RESOLVER_STATS_TIMEOUTS
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void getResolverInfo(int netId, out @utf8InCpp String[] servers,
out @utf8InCpp String[] domains, out int[] params, out int[] stats);
/**
* Instruct the tethering DNS server to reevaluated serving interfaces.
* This is needed to for the DNS server to observe changes in the set
* of potential listening IP addresses. (Listening on wildcard addresses
* can turn the device into an open resolver; b/7530468)
*
* TODO: Return something richer than just a boolean.
*/
boolean tetherApplyDnsInterfaces();
/**
* Add/Remove and IP address from an interface.
*
* @param ifName the interface name
* @param addrString the IP address to add/remove as a string literal
* @param prefixLength the prefix length associated with this IP address
*
* @throws ServiceSpecificException in case of failure, with an error code corresponding to the
* unix errno.
*/
void interfaceAddAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
int prefixLength);
void interfaceDelAddress(in @utf8InCpp String ifName, in @utf8InCpp String addrString,
int prefixLength);
/**
* Set and get /proc/sys/net interface configuration parameters.
*
* @param family One of IPV4/IPV6 integers, indicating the desired address family directory.
* @param which One of CONF/NEIGH integers, indicating the desired parameter category directory.
* @param ifname The interface name portion of the path; may also be "all" or "default".
* @param parameter The parameter name portion of the path.
* @param value The value string to be written into the assembled path.
*/
const int IPV4 = 4;
const int IPV6 = 6;
const int CONF = 1;
const int NEIGH = 2;
void setProcSysNet(int family, int which, in @utf8InCpp String ifname,
in @utf8InCpp String parameter, in @utf8InCpp String value);
// TODO: add corresponding getProcSysNet().
/**
* Get/Set metrics reporting level.
*
* Reporting level is one of:
* 0 (NONE)
* 1 (METRICS)
* 2 (FULL)
*/
int getMetricsReportingLevel();
void setMetricsReportingLevel(int level);
}