Merge tag 'android-4.3_r2.1' into cm-10.2

Android 4.3 release 2.1 Conflicts: Android.mk NatController.cpp SoftapController.cpp Change-Id: I5372a747beb0cc32880f1bed661cfa3ee1b81315
PolishBloodProject · Jul 25, 2013 · e91c613 · e91c613
2 parents 9331e81 + d5b19ca
commit e91c613
Show file tree

Hide file tree

Showing 30 changed files with 1,116 additions and 1,093 deletions.
diff --git a/Android.mk b/Android.mk
@@ -4,6 +4,7 @@ include $(CLEAR_VARS)
 
 LOCAL_SRC_FILES:=                                      \
                   BandwidthController.cpp              \
+                  ClatdController.cpp                  \
                   CommandListener.cpp                  \
                   DnsProxyListener.cpp                 \
                   FirewallController.cpp               \
@@ -19,9 +20,7 @@ LOCAL_SRC_FILES:=                                      \
                   ResolverController.cpp               \
                   SecondaryTableController.cpp         \
                   TetherController.cpp                 \
-                  ThrottleController.cpp               \
                   oem_iptables_hook.cpp                \
-                  logwrapper.c                         \
                   main.cpp                             \
 
 
@@ -37,8 +36,10 @@ LOCAL_C_INCLUDES := $(KERNEL_HEADERS) \
 
 LOCAL_CFLAGS := -Werror=format
 
-LOCAL_SHARED_LIBRARIES := libstlport libsysutils libcutils libnetutils \
-                          libcrypto libhardware_legacy libmdnssd libdl
+LOCAL_SHARED_LIBRARIES := libstlport libsysutils liblog libcutils libnetutils \
+                          libcrypto libhardware_legacy libmdnssd libdl \
+                          liblogwrap
+
 ifdef USES_TI_MAC80211
   LOCAL_SRC_FILES += SoftapControllerTI.cpp
 else

diff --git a/BandwidthController.cpp b/BandwidthController.cpp
@@ -40,16 +40,13 @@
 #define LOG_TAG "BandwidthController"
 #include <cutils/log.h>
 #include <cutils/properties.h>
-
-extern "C" int logwrap(int argc, const char **argv);
-extern "C" int system_nosh(const char *command);
+#include <logwrap/logwrap.h>
 
 #include "NetdConstants.h"
 #include "BandwidthController.h"
 
 /* Alphabetical */
-#define ALERT_IPT_TEMPLATE "%s %s %s -m quota2 ! --quota %lld --name %s"
-const int  BandwidthController::ALERT_RULE_POS_IN_COSTLY_CHAIN = 4;
+#define ALERT_IPT_TEMPLATE "%s %s -m quota2 ! --quota %lld --name %s"
 const char BandwidthController::ALERT_GLOBAL_NAME[] = "globalAlert";
 const char* BandwidthController::LOCAL_INPUT = "bw_INPUT";
 const char* BandwidthController::LOCAL_FORWARD = "bw_FORWARD";
@@ -61,8 +58,6 @@ const int  BandwidthController::MAX_CMD_LEN = 1024;
 const int  BandwidthController::MAX_IFACENAME_LEN = 64;
 const int  BandwidthController::MAX_IPT_OUTPUT_LINE_LEN = 256;
 
-bool BandwidthController::useLogwrapCall = false;
-
 /**
  * Some comments about the rules:
  *  * Ordering
@@ -128,23 +123,17 @@ const char *BandwidthController::IPT_SETUP_COMMANDS[] = {
 };
 
 const char *BandwidthController::IPT_BASIC_ACCOUNTING_COMMANDS[] = {
-    "-A bw_INPUT -i lo --jump RETURN",
     "-A bw_INPUT -m owner --socket-exists", /* This is a tracking rule. */
 
-    "-A bw_OUTPUT -o lo --jump RETURN",
     "-A bw_OUTPUT -m owner --socket-exists", /* This is a tracking rule. */
 
     "-A costly_shared --jump penalty_box",
 
-    "-t raw -A bw_raw_PREROUTING ! -i lo+ -m owner --socket-exists", /* This is a tracking rule. */
-    "-t mangle -A bw_mangle_POSTROUTING ! -o lo+ -m owner --socket-exists", /* This is a tracking rule. */
+    "-t raw -A bw_raw_PREROUTING -m owner --socket-exists", /* This is a tracking rule. */
+    "-t mangle -A bw_mangle_POSTROUTING -m owner --socket-exists", /* This is a tracking rule. */
 };
 
 BandwidthController::BandwidthController(void) {
-    char value[PROPERTY_VALUE_MAX];
-
-    property_get("persist.bandwidth.uselogwrap", value, "0");
-    useLogwrapCall = !strcmp(value, "1");
 }
 
 int BandwidthController::runIpxtablesCmd(const char *cmd, IptRejectOp rejectHandling,
@@ -172,6 +161,7 @@ int BandwidthController::runIptablesCmd(const char *cmd, IptRejectOp rejectHandl
     char *next = buffer;
     char *tmp;
     int res;
+    int status = 0;
 
     std::string fullCmd = cmd;
 
@@ -190,28 +180,27 @@ int BandwidthController::runIptablesCmd(const char *cmd, IptRejectOp rejectHandl
     fullCmd.insert(0, " ");
     fullCmd.insert(0, iptVer == IptIpV4 ? IPTABLES_PATH : IP6TABLES_PATH);
 
-    if (!useLogwrapCall) {
-        res = system_nosh(fullCmd.c_str());
-    } else {
-        if (StrncpyAndCheck(buffer, fullCmd.c_str(), sizeof(buffer))) {
-            ALOGE("iptables command too long");
-            return -1;
-        }
+    if (StrncpyAndCheck(buffer, fullCmd.c_str(), sizeof(buffer))) {
+        ALOGE("iptables command too long");
+        return -1;
+    }
 
-        argc = 0;
-        while ((tmp = strsep(&next, " "))) {
-            argv[argc++] = tmp;
-            if (argc >= MAX_CMD_ARGS) {
-                ALOGE("iptables argument overflow");
-                return -1;
-            }
+    argc = 0;
+    while ((tmp = strsep(&next, " "))) {
+        argv[argc++] = tmp;
+        if (argc >= MAX_CMD_ARGS) {
+            ALOGE("iptables argument overflow");
+            return -1;
         }
-
-        argv[argc] = NULL;
-        res = logwrap(argc, argv);
     }
+
+    argv[argc] = NULL;
+    res = android_fork_execvp(argc, (char **)argv, &status, false,
+            failureHandling == IptFailShow);
+    res = res || !WIFEXITED(status) || WEXITSTATUS(status);
     if (res && failureHandling == IptFailShow) {
-        ALOGE("runIptablesCmd(): failed %s res=%d", fullCmd.c_str(), res);
+      ALOGE("runIptablesCmd(): res=%d status=%d failed %s", res, status,
+            fullCmd.c_str());
     }
     return res;
 }
@@ -290,6 +279,9 @@ std::string BandwidthController::makeIptablesNaughtyCmd(IptOp op, int uid) {
     case IptOpInsert:
         opFlag = "-I";
         break;
+    case IptOpAppend:
+        opFlag = "-A";
+        break;
     case IptOpReplace:
         opFlag = "-R";
         break;
@@ -392,6 +384,9 @@ std::string BandwidthController::makeIptablesQuotaCmd(IptOp op, const char *cost
     case IptOpInsert:
         opFlag = "-I";
         break;
+    case IptOpAppend:
+        opFlag = "-A";
+        break;
     case IptOpReplace:
         opFlag = "-R";
         break;
@@ -635,8 +630,14 @@ int BandwidthController::setInterfaceQuota(const char *iface, int64_t maxBytes)
     }
 
     if (it == quotaIfaces.end()) {
+        /* Preparing the iface adds a penalty_box check */
         res |= prepCostlyIface(ifn, QuotaUnique);
-        quotaCmd = makeIptablesQuotaCmd(IptOpInsert, costName, maxBytes);
+	/*
+	 * The rejecting quota limit should go after the penalty box checks
+	 * or else a naughty app could just eat up the quota.
+	 * So we append here.
+	 */
+        quotaCmd = makeIptablesQuotaCmd(IptOpAppend, costName, maxBytes);
         res |= runIpxtablesCmd(quotaCmd.c_str(), IptRejectAdd);
         if (res) {
             ALOGE("Failed set quota rule");
@@ -740,13 +741,15 @@ int BandwidthController::updateQuota(const char *quotaName, int64_t bytes) {
 int BandwidthController::runIptablesAlertCmd(IptOp op, const char *alertName, int64_t bytes) {
     int res = 0;
     const char *opFlag;
-    const char *ifaceLimiting;
     char *alertQuotaCmd;
 
     switch (op) {
     case IptOpInsert:
         opFlag = "-I";
         break;
+    case IptOpAppend:
+        opFlag = "-A";
+        break;
     case IptOpReplace:
         opFlag = "-R";
         break;
@@ -756,13 +759,11 @@ int BandwidthController::runIptablesAlertCmd(IptOp op, const char *alertName, in
         break;
     }
 
-    ifaceLimiting = "! -i lo+";
-    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "bw_INPUT",
+    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, opFlag, "bw_INPUT",
         bytes, alertName);
     res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
-    ifaceLimiting = "! -o lo+";
-    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "bw_OUTPUT",
+    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, opFlag, "bw_OUTPUT",
         bytes, alertName);
     res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
@@ -772,13 +773,15 @@ int BandwidthController::runIptablesAlertCmd(IptOp op, const char *alertName, in
 int BandwidthController::runIptablesAlertFwdCmd(IptOp op, const char *alertName, int64_t bytes) {
     int res = 0;
     const char *opFlag;
-    const char *ifaceLimiting;
     char *alertQuotaCmd;
 
     switch (op) {
     case IptOpInsert:
         opFlag = "-I";
         break;
+    case IptOpAppend:
+        opFlag = "-A";
+        break;
     case IptOpReplace:
         opFlag = "-R";
         break;
@@ -788,8 +791,7 @@ int BandwidthController::runIptablesAlertFwdCmd(IptOp op, const char *alertName,
         break;
     }
 
-    ifaceLimiting = "! -i lo+";
-    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, ifaceLimiting, opFlag, "bw_FORWARD",
+    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, opFlag, "bw_FORWARD",
         bytes, alertName);
     res = runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
@@ -933,7 +935,7 @@ int BandwidthController::removeInterfaceAlert(const char *iface) {
 
 int BandwidthController::setCostlyAlert(const char *costName, int64_t bytes, int64_t *alertBytes) {
     char *alertQuotaCmd;
-    char *chainNameAndPos;
+    char *chainName;
     int res = 0;
     char *alertName;
 
@@ -945,11 +947,11 @@ int BandwidthController::setCostlyAlert(const char *costName, int64_t bytes, int
     if (*alertBytes) {
         res = updateQuota(alertName, *alertBytes);
     } else {
-        asprintf(&chainNameAndPos, "costly_%s %d", costName, ALERT_RULE_POS_IN_COSTLY_CHAIN);
-        asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "", "-I", chainNameAndPos, bytes, alertName);
+        asprintf(&chainName, "costly_%s", costName);
+        asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "-A", chainName, bytes, alertName);
         res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
         free(alertQuotaCmd);
-        free(chainNameAndPos);
+        free(chainName);
     }
     *alertBytes = bytes;
     free(alertName);
@@ -969,7 +971,7 @@ int BandwidthController::removeCostlyAlert(const char *costName, int64_t *alertB
     }
 
     asprintf(&chainName, "costly_%s", costName);
-    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "", "-D", chainName, *alertBytes, alertName);
+    asprintf(&alertQuotaCmd, ALERT_IPT_TEMPLATE, "-D", chainName, *alertBytes, alertName);
     res |= runIpxtablesCmd(alertQuotaCmd, IptRejectNoAdd);
     free(alertQuotaCmd);
     free(chainName);

diff --git a/BandwidthController.h b/BandwidthController.h
@@ -97,7 +97,7 @@ class BandwidthController {
     };
 
     enum IptIpVer { IptIpV4, IptIpV6 };
-    enum IptOp { IptOpInsert, IptOpReplace, IptOpDelete };
+    enum IptOp { IptOpInsert, IptOpReplace, IptOpDelete, IptOpAppend };
     enum IptRejectOp { IptRejectAdd, IptRejectNoAdd };
     enum NaughtyAppOp { NaughtyAppOpAdd, NaughtyAppOpRemove };
     enum QuotaType { QuotaUnique, QuotaShared };
@@ -169,17 +169,11 @@ class BandwidthController {
     static const char *IPT_BASIC_ACCOUNTING_COMMANDS[];
 
     /* Alphabetical */
-    static const int  ALERT_RULE_POS_IN_COSTLY_CHAIN;
     static const char ALERT_GLOBAL_NAME[];
     static const int  MAX_CMD_ARGS;
     static const int  MAX_CMD_LEN;
     static const int  MAX_IFACENAME_LEN;
     static const int  MAX_IPT_OUTPUT_LINE_LEN;
-
-    /*
-     * When false, it will directly use system() instead of logwrap()
-     */
-    static bool useLogwrapCall;
 };
 
 #endif
diff --git a/ClatdController.cpp b/ClatdController.cpp
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#define LOG_TAG "ClatdController"
+#include <cutils/log.h>
+
+#include "ClatdController.h"
+
+ClatdController::ClatdController() {
+    mClatdPid = 0;
+}
+
+ClatdController::~ClatdController() {
+}
+
+int ClatdController::startClatd(char *interface) {
+    pid_t pid;
+
+    if(mClatdPid != 0) {
+        ALOGE("clatd already running");
+        errno = EBUSY;
+        return -1;
+    }
+
+    ALOGD("starting clatd");
+
+    if ((pid = fork()) < 0) {
+        ALOGE("fork failed (%s)", strerror(errno));
+        return -1;
+    }
+
+    if (!pid) {
+        char **args = (char **)malloc(sizeof(char *) * 4);
+        args[0] = (char *)"/system/bin/clatd";
+        args[1] = (char *)"-i";
+        args[2] = interface;
+        args[3] = NULL;
+
+        if (execv(args[0], args)) {
+            ALOGE("execv failed (%s)", strerror(errno));
+        }
+        ALOGE("Should never get here!");
+        free(args);
+        _exit(0);
+    } else {
+        mClatdPid = pid;
+        ALOGD("clatd started");
+    }
+
+    return 0;
+}
+
+int ClatdController::stopClatd() {
+    if (mClatdPid == 0) {
+        ALOGE("clatd already stopped");
+        return -1;
+    }
+
+    ALOGD("Stopping clatd");
+
+    kill(mClatdPid, SIGTERM);
+    waitpid(mClatdPid, NULL, 0);
+    mClatdPid = 0;
+
+    ALOGD("clatd stopped");
+
+    return 0;
+}
+
+bool ClatdController::isClatdStarted() {
+    pid_t waitpid_status;
+    if(mClatdPid == 0) {
+        return false;
+    }
+    waitpid_status = waitpid(mClatdPid, NULL, WNOHANG);
+    if(waitpid_status != 0) {
+        mClatdPid = 0; // child exited, don't call waitpid on it again
+    }
+    return waitpid_status == 0; // 0 while child is running
+}