/**
* Copyright (c) 2016, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define LOG_TAG "Netd"
#include <set>
#include <vector>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <cutils/log.h>
#include <cutils/properties.h>
#include <utils/Errors.h>
#include <utils/String16.h>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
#include "android/net/BnNetd.h"
#include <openssl/base64.h>
#include "Controllers.h"
#include "DumpWriter.h"
#include "EventReporter.h"
#include "InterfaceController.h"
#include "NetdConstants.h"
#include "NetdNativeService.h"
#include "RouteController.h"
#include "SockDiag.h"
#include "UidRanges.h"
using android::base::StringPrintf;
using android::os::PersistableBundle;
namespace android {
namespace net {
namespace {
const char CONNECTIVITY_INTERNAL[] = "android.permission.CONNECTIVITY_INTERNAL";
const char NETWORK_STACK[] = "android.permission.NETWORK_STACK";
const char DUMP[] = "android.permission.DUMP";
binder::Status toBinderStatus(const netdutils::Status s) {
if (isOk(s)) {
return binder::Status::ok();
}
return binder::Status::fromServiceSpecificError(s.code(), s.msg().c_str());
}
binder::Status checkPermission(const char *permission) {
pid_t pid;
uid_t uid;
if (checkCallingPermission(String16(permission), (int32_t *) &pid, (int32_t *) &uid)) {
return binder::Status::ok();
} else {
auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
}
}
#define ENFORCE_DEBUGGABLE() { \
char value[PROPERTY_VALUE_MAX + 1]; \
if (property_get("ro.debuggable", value, NULL) != 1 \
|| value[0] != '1') { \
return binder::Status::fromExceptionCode( \
binder::Status::EX_SECURITY, \
String8("Not available in production builds.") \
); \
} \
}
#define ENFORCE_PERMISSION(permission) { \
binder::Status status = checkPermission((permission)); \
if (!status.isOk()) { \
return status; \
} \
}
#define NETD_LOCKING_RPC(permission, lock) \
ENFORCE_PERMISSION(permission); \
android::RWLock::AutoWLock _lock(lock);
#define NETD_BIG_LOCK_RPC(permission) NETD_LOCKING_RPC((permission), gBigNetdLock)
inline binder::Status statusFromErrcode(int ret) {
if (ret) {
return binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
}
return binder::Status::ok();
}
} // namespace
status_t NetdNativeService::start() {
IPCThreadState::self()->disableBackgroundScheduling(true);
status_t ret = BinderService<NetdNativeService>::publish();
if (ret != android::OK) {
return ret;
}
sp<ProcessState> ps(ProcessState::self());
ps->startThreadPool();
ps->giveThreadPoolName();
return android::OK;
}
status_t NetdNativeService::dump(int fd, const Vector<String16> &args) {
const binder::Status dump_permission = checkPermission(DUMP);
if (!dump_permission.isOk()) {
const String8 msg(dump_permission.toString8());
write(fd, msg.string(), msg.size());
return PERMISSION_DENIED;
}
// This method does not grab any locks. If individual classes need locking
// their dump() methods MUST handle locking appropriately.
DumpWriter dw(fd);
if (!args.isEmpty() && args[0] == TcpSocketMonitor::DUMP_KEYWORD) {
dw.blankline();
gCtls->tcpSocketMonitor.dump(dw);
dw.blankline();
return NO_ERROR;
}
if (!args.isEmpty() && args[0] == TrafficController::DUMP_KEYWORD) {
dw.blankline();
gCtls->trafficCtrl.dump(dw, true);
dw.blankline();
return NO_ERROR;
}
dw.blankline();
gCtls->netCtrl.dump(dw);
dw.blankline();
gCtls->trafficCtrl.dump(dw, false);
dw.blankline();
return NO_ERROR;
}
binder::Status NetdNativeService::isAlive(bool *alive) {
NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
*alive = true;
return binder::Status::ok();
}
binder::Status NetdNativeService::firewallReplaceUidChain(const android::String16& chainName,
bool isWhitelist, const std::vector<int32_t>& uids, bool *ret) {
NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->firewallCtrl.lock);
android::String8 name = android::String8(chainName);
int err = gCtls->firewallCtrl.replaceUidChain(name.string(), isWhitelist, uids);
*ret = (err == 0);
return binder::Status::ok();
}
binder::Status NetdNativeService::bandwidthEnableDataSaver(bool enable, bool *ret) {
NETD_LOCKING_RPC(CONNECTIVITY_INTERNAL, gCtls->bandwidthCtrl.lock);
int err = gCtls->bandwidthCtrl.enableDataSaver(enable);
*ret = (err == 0);
return binder::Status::ok();
}
binder::Status NetdNativeService::networkCreatePhysical(int32_t netId,
const std::string& permission) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
int ret = gCtls->netCtrl.createPhysicalNetwork(netId, stringToPermission(permission.c_str()));
return statusFromErrcode(ret);
}
binder::Status NetdNativeService::networkCreateVpn(int32_t netId, bool hasDns, bool secure) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
int ret = gCtls->netCtrl.createVirtualNetwork(netId, hasDns, secure);
return statusFromErrcode(ret);
}
binder::Status NetdNativeService::networkDestroy(int32_t netId) {
ENFORCE_PERMISSION(NETWORK_STACK);
// Both of these functions manage their own locking internally.
const int ret = gCtls->netCtrl.destroyNetwork(netId);
gCtls->resolverCtrl.clearDnsServers(netId);
return statusFromErrcode(ret);
}
binder::Status NetdNativeService::networkAddInterface(int32_t netId, const std::string& iface) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
int ret = gCtls->netCtrl.addInterfaceToNetwork(netId, iface.c_str());
return statusFromErrcode(ret);
}
binder::Status NetdNativeService::networkRemoveInterface(int32_t netId, const std::string& iface) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
int ret = gCtls->netCtrl.removeInterfaceFromNetwork(netId, iface.c_str());
return statusFromErrcode(ret);
}
binder::Status NetdNativeService::networkAddUidRanges(int32_t netId,
const std::vector<UidRange>& uidRangeArray) {
// NetworkController::addUsersToNetwork is thread-safe.
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
int ret = gCtls->netCtrl.addUsersToNetwork(netId, UidRanges(uidRangeArray));
return statusFromErrcode(ret);
}
binder::Status NetdNativeService::networkRemoveUidRanges(int32_t netId,
const std::vector<UidRange>& uidRangeArray) {
// NetworkController::removeUsersFromNetwork is thread-safe.
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
int ret = gCtls->netCtrl.removeUsersFromNetwork(netId, UidRanges(uidRangeArray));
return statusFromErrcode(ret);
}
binder::Status NetdNativeService::networkRejectNonSecureVpn(bool add,
const std::vector<UidRange>& uidRangeArray) {
// TODO: elsewhere RouteController is only used from the tethering and network controllers, so
// it should be possible to use the same lock as NetworkController. However, every call through
// the CommandListener "network" command will need to hold this lock too, not just the ones that
// read/modify network internal state (that is sufficient for ::dump() because it doesn't
// look at routes, but it's not enough here).
NETD_BIG_LOCK_RPC(CONNECTIVITY_INTERNAL);
UidRanges uidRanges(uidRangeArray);
int err;
if (add) {
err = RouteController::addUsersToRejectNonSecureNetworkRule(uidRanges);
} else {
err = RouteController::removeUsersFromRejectNonSecureNetworkRule(uidRanges);
}
return statusFromErrcode(err);
}
binder::Status NetdNativeService::socketDestroy(const std::vector<UidRange>& uids,
const std::vector<int32_t>& skipUids) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
SockDiag sd;
if (!sd.open()) {
return binder::Status::fromServiceSpecificError(EIO,
String8("Could not open SOCK_DIAG socket"));
}
UidRanges uidRanges(uids);
int err = sd.destroySockets(uidRanges, std::set<uid_t>(skipUids.begin(), skipUids.end()),
true /* excludeLoopback */);
if (err) {
return binder::Status::fromServiceSpecificError(-err,
String8::format("destroySockets: %s", strerror(-err)));
}
return binder::Status::ok();
}
// Parse a base64 encoded string into a vector of bytes.
// On failure, return an empty vector.
static std::vector<uint8_t> parseBase64(const std::string& input) {
std::vector<uint8_t> decoded;
size_t out_len;
if (EVP_DecodedLength(&out_len, input.size()) != 1) {
return decoded;
}
// out_len is now an upper bound on the output length.
decoded.resize(out_len);
if (EVP_DecodeBase64(decoded.data(), &out_len, decoded.size(),
reinterpret_cast<const uint8_t*>(input.data()), input.size()) == 1) {
// Possibly shrink the vector if the actual output was smaller than the bound.
decoded.resize(out_len);
} else {
decoded.clear();
}
if (out_len != SHA256_SIZE) {
decoded.clear();
}
return decoded;
}
binder::Status NetdNativeService::setResolverConfiguration(int32_t netId,
const std::vector<std::string>& servers, const std::vector<std::string>& domains,
const std::vector<int32_t>& params, const std::string& tlsName,
const std::vector<std::string>& tlsServers,
const std::vector<std::string>& tlsFingerprints) {
// This function intentionally does not lock within Netd, as Bionic is thread-safe.
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
std::set<std::vector<uint8_t>> decoded_fingerprints;
for (const std::string& fingerprint : tlsFingerprints) {
std::vector<uint8_t> decoded = parseBase64(fingerprint);
if (decoded.empty()) {
return binder::Status::fromServiceSpecificError(EINVAL,
String8::format("ResolverController error: bad fingerprint"));
}
decoded_fingerprints.emplace(decoded);
}
int err = gCtls->resolverCtrl.setResolverConfiguration(netId, servers, domains, params,
tlsName, tlsServers, decoded_fingerprints);
if (err != 0) {
return binder::Status::fromServiceSpecificError(-err,
String8::format("ResolverController error: %s", strerror(-err)));
}
return binder::Status::ok();
}
binder::Status NetdNativeService::getResolverInfo(int32_t netId,
std::vector<std::string>* servers, std::vector<std::string>* domains,
std::vector<int32_t>* params, std::vector<int32_t>* stats) {
// This function intentionally does not lock within Netd, as Bionic is thread-safe.
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
int err = gCtls->resolverCtrl.getResolverInfo(netId, servers, domains, params, stats);
if (err != 0) {
return binder::Status::fromServiceSpecificError(-err,
String8::format("ResolverController error: %s", strerror(-err)));
}
return binder::Status::ok();
}
binder::Status NetdNativeService::tetherApplyDnsInterfaces(bool *ret) {
NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
*ret = gCtls->tetherCtrl.applyDnsInterfaces();
return binder::Status::ok();
}
namespace {
void tetherAddStats(PersistableBundle *bundle, const TetherController::TetherStats& stats) {
String16 iface = String16(stats.extIface.c_str());
std::vector<int64_t> statsVector(INetd::TETHER_STATS_ARRAY_SIZE);
bundle->getLongVector(iface, &statsVector);
if (statsVector.size() == 0) {
for (int i = 0; i < INetd::TETHER_STATS_ARRAY_SIZE; i++) statsVector.push_back(0);
}
statsVector[INetd::TETHER_STATS_RX_BYTES] += stats.rxBytes;
statsVector[INetd::TETHER_STATS_RX_PACKETS] += stats.rxPackets;
statsVector[INetd::TETHER_STATS_TX_BYTES] += stats.txBytes;
statsVector[INetd::TETHER_STATS_TX_PACKETS] += stats.txPackets;
bundle->putLongVector(iface, statsVector);
}
} // namespace
binder::Status NetdNativeService::tetherGetStats(PersistableBundle *bundle) {
NETD_LOCKING_RPC(NETWORK_STACK, gCtls->tetherCtrl.lock)
const auto& statsList = gCtls->tetherCtrl.getTetherStats();
if (!isOk(statsList)) {
return toBinderStatus(statsList);
}
for (const auto& stats : statsList.value()) {
tetherAddStats(bundle, stats);
}
return binder::Status::ok();
}
binder::Status NetdNativeService::interfaceAddAddress(const std::string &ifName,
const std::string &addrString, int prefixLength) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
const int err = InterfaceController::addAddress(
ifName.c_str(), addrString.c_str(), prefixLength);
if (err != 0) {
return binder::Status::fromServiceSpecificError(-err,
String8::format("InterfaceController error: %s", strerror(-err)));
}
return binder::Status::ok();
}
binder::Status NetdNativeService::interfaceDelAddress(const std::string &ifName,
const std::string &addrString, int prefixLength) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
const int err = InterfaceController::delAddress(
ifName.c_str(), addrString.c_str(), prefixLength);
if (err != 0) {
return binder::Status::fromServiceSpecificError(-err,
String8::format("InterfaceController error: %s", strerror(-err)));
}
return binder::Status::ok();
}
binder::Status NetdNativeService::setProcSysNet(
int32_t family, int32_t which, const std::string &ifname, const std::string ¶meter,
const std::string &value) {
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
const char *familyStr;
switch (family) {
case INetd::IPV4:
familyStr = "ipv4";
break;
case INetd::IPV6:
familyStr = "ipv6";
break;
default:
return binder::Status::fromServiceSpecificError(EAFNOSUPPORT, String8("Bad family"));
}
const char *whichStr;
switch (which) {
case INetd::CONF:
whichStr = "conf";
break;
case INetd::NEIGH:
whichStr = "neigh";
break;
default:
return binder::Status::fromServiceSpecificError(EINVAL, String8("Bad category"));
}
const int err = InterfaceController::setParameter(
familyStr, whichStr, ifname.c_str(), parameter.c_str(),
value.c_str());
if (err != 0) {
return binder::Status::fromServiceSpecificError(-err,
String8::format("ResolverController error: %s", strerror(-err)));
}
return binder::Status::ok();
}
binder::Status NetdNativeService::getMetricsReportingLevel(int *reportingLevel) {
// This function intentionally does not lock, since the only thing it does is one read from an
// atomic_int.
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ENFORCE_DEBUGGABLE();
*reportingLevel = gCtls->eventReporter.getMetricsReportingLevel();
return binder::Status::ok();
}
binder::Status NetdNativeService::setMetricsReportingLevel(const int reportingLevel) {
// This function intentionally does not lock, since the only thing it does is one write to an
// atomic_int.
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ENFORCE_DEBUGGABLE();
return (gCtls->eventReporter.setMetricsReportingLevel(reportingLevel) == 0)
? binder::Status::ok()
: binder::Status::fromExceptionCode(binder::Status::EX_ILLEGAL_ARGUMENT);
}
binder::Status NetdNativeService::ipSecSetEncapSocketOwner(const android::base::unique_fd& socket,
int newUid) {
ENFORCE_PERMISSION(NETWORK_STACK)
ALOGD("ipSecSetEncapSocketOwner()");
uid_t callerUid = IPCThreadState::self()->getCallingUid();
return asBinderStatus(gCtls->xfrmCtrl.ipSecSetEncapSocketOwner(socket, newUid, callerUid));
}
binder::Status NetdNativeService::ipSecAllocateSpi(
int32_t transformId,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t inSpi,
int32_t* outSpi) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecAllocateSpi()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
transformId,
sourceAddress,
destinationAddress,
inSpi,
outSpi));
}
binder::Status NetdNativeService::ipSecAddSecurityAssociation(
int32_t transformId,
int32_t mode,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t underlyingNetId,
int32_t spi,
int32_t markValue,
int32_t markMask,
const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
const std::string& cryptAlgo, const std::vector<uint8_t>& cryptKey, int32_t cryptTruncBits,
const std::string& aeadAlgo, const std::vector<uint8_t>& aeadKey, int32_t aeadIcvBits,
int32_t encapType,
int32_t encapLocalPort,
int32_t encapRemotePort) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecAddSecurityAssociation()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
transformId, mode, sourceAddress, destinationAddress,
underlyingNetId,
spi, markValue, markMask,
authAlgo, authKey, authTruncBits,
cryptAlgo, cryptKey, cryptTruncBits,
aeadAlgo, aeadKey, aeadIcvBits,
encapType, encapLocalPort, encapRemotePort));
}
binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
int32_t transformId,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t spi,
int32_t markValue,
int32_t markMask) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecDeleteSecurityAssociation()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
transformId,
sourceAddress,
destinationAddress,
spi,
markValue,
markMask));
}
binder::Status NetdNativeService::ipSecApplyTransportModeTransform(
const android::base::unique_fd& socket,
int32_t transformId,
int32_t direction,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t spi) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecApplyTransportModeTransform()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecApplyTransportModeTransform(
socket,
transformId,
direction,
sourceAddress,
destinationAddress,
spi));
}
binder::Status NetdNativeService::ipSecRemoveTransportModeTransform(
const android::base::unique_fd& socket) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecRemoveTransportModeTransform()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecRemoveTransportModeTransform(
socket));
}
binder::Status NetdNativeService::ipSecAddSecurityPolicy(
int32_t transformId,
int32_t direction,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t spi,
int32_t markValue,
int32_t markMask){
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(NETWORK_STACK);
ALOGD("ipSecAddSecurityPolicy()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
transformId,
direction,
sourceAddress,
destinationAddress,
spi,
markValue,
markMask));
}
binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
int32_t transformId,
int32_t direction,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t spi,
int32_t markValue,
int32_t markMask){
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(NETWORK_STACK);
ALOGD("ipSecAddSecurityPolicy()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
transformId,
direction,
sourceAddress,
destinationAddress,
spi,
markValue,
markMask));
}
binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(
int32_t transformId,
int32_t direction,
const std::string& sourceAddress,
const std::string& destinationAddress,
int32_t markValue,
int32_t markMask){
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(NETWORK_STACK);
ALOGD("ipSecAddSecurityPolicy()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
transformId,
direction,
sourceAddress,
destinationAddress,
markValue,
markMask));
}
binder::Status NetdNativeService::addVirtualTunnelInterface(
const std::string& deviceName,
const std::string& localAddress,
const std::string& remoteAddress,
int32_t iKey,
int32_t oKey) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(NETWORK_STACK);
ALOGD("addVirtualTunnelInterface()");
int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
deviceName,
localAddress,
remoteAddress,
iKey,
oKey,
false);
return (ret == 0) ? binder::Status::ok() :
asBinderStatus(netdutils::statusFromErrno(
ret, "Error in creating virtual tunnel interface."));
}
binder::Status NetdNativeService::updateVirtualTunnelInterface(
const std::string& deviceName,
const std::string& localAddress,
const std::string& remoteAddress,
int32_t iKey,
int32_t oKey) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(NETWORK_STACK);
ALOGD("updateVirtualTunnelInterface()");
int ret = gCtls->xfrmCtrl.addVirtualTunnelInterface(
deviceName,
localAddress,
remoteAddress,
iKey,
oKey,
true);
return (ret == 0) ? binder::Status::ok() :
asBinderStatus(netdutils::statusFromErrno(
ret, "Error in updating virtual tunnel interface."));
}
binder::Status NetdNativeService::removeVirtualTunnelInterface(const std::string& deviceName) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(NETWORK_STACK);
ALOGD("removeVirtualTunnelInterface()");
int ret = gCtls->xfrmCtrl.removeVirtualTunnelInterface(deviceName);
return (ret == 0) ? binder::Status::ok() :
asBinderStatus(netdutils::statusFromErrno(
ret, "Error in removing virtual tunnel interface."));
}
binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
int32_t mode) {
ENFORCE_PERMISSION(NETWORK_STACK);
return toBinderStatus(InterfaceController::setIPv6AddrGenMode(ifName, mode));
}
binder::Status NetdNativeService::wakeupAddInterface(const std::string& ifName,
const std::string& prefix, int32_t mark,
int32_t mask) {
ENFORCE_PERMISSION(NETWORK_STACK);
return toBinderStatus(gCtls->wakeupCtrl.addInterface(ifName, prefix, mark, mask));
}
binder::Status NetdNativeService::wakeupDelInterface(const std::string& ifName,
const std::string& prefix, int32_t mark,
int32_t mask) {
ENFORCE_PERMISSION(NETWORK_STACK);
return toBinderStatus(gCtls->wakeupCtrl.delInterface(ifName, prefix, mark, mask));
}
binder::Status NetdNativeService::trafficCheckBpfStatsEnable(bool* ret) {
ENFORCE_PERMISSION(NETWORK_STACK);
*ret = gCtls->trafficCtrl.checkBpfStatsEnable();
return binder::Status::ok();
}
} // namespace net
} // namespace android