Replace system_nosh call with android_fork_execvp Replace the system_nosh call with the android_fork_execvp from liblogwrap. Change-Id: Idfbc6bcf0bef16d4ee90d6af6bd4b07bc79913bb

commit: 001f0a436e9fe0353dccd98ee34b91095d9ed1a1 [log] [tgz]
author: Rom Lemarchand <romlem@google.com> Thu Jan 31 12:41:03 2013 -0800
committer: Rom Lemarchand <romlem@google.com> Fri Feb 08 09:47:01 2013 -0800
tree: fb83eaef4796c9a2ce9ec3a93d999b8b6bea3eb5
parent: 838ef6491794900731760aecc1d4a10bb2fdd2ec [diff] [blame]
diff --git a/NatController.cpp b/NatController.cpp
index e44a29b..ff35d89 100644
--- a/NatController.cpp
+++ b/NatController.cpp

@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/wait.h>
 #include <fcntl.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -28,13 +29,12 @@
 
 #define LOG_TAG "NatController"
 #include <cutils/log.h>
+#include <logwrap/logwrap.h>
 
 #include "NatController.h"
 #include "SecondaryTableController.h"
 #include "NetdConstants.h"
 
-extern "C" int system_nosh(const char *command);
-
 const char* NatController::LOCAL_FORWARD = "natctrl_FORWARD";
 const char* NatController::LOCAL_NAT_POSTROUTING = "natctrl_nat_POSTROUTING";
 
@@ -45,21 +45,11 @@
 NatController::~NatController() {
 }
 
-int NatController::runCmd(const char *path, const char *cmd) {
-    char *buffer;
-    size_t len = strnlen(cmd, 255);
+int NatController::runCmd(int argc, const char **argv) {
     int res;
 
-    if (len == 255) {
-        ALOGE("command too long");
-        errno = E2BIG;
-        return -1;
-    }
-
-    asprintf(&buffer, "%s %s", path, cmd);
-    res = system_nosh(buffer);
-    ALOGV("runCmd() buffer='%s' res=%d", buffer, res);
-    free(buffer);
+    res = android_fork_execvp(argc, (char **)argv, NULL, false, false);
+    ALOGV("runCmd() res=%d", res);
     return res;
 }
 
@@ -69,18 +59,100 @@
 }
 
 int NatController::setDefaults() {
-    if (runCmd(IPTABLES_PATH, "-F natctrl_FORWARD"))
-        return -1;
-    if (runCmd(IPTABLES_PATH, "-t nat -F natctrl_nat_POSTROUTING"))
+    const char *cmd1[] = {
+            IPTABLES_PATH,
+            "-F",
+            "natctrl_FORWARD"
+    };
+    if (runCmd(ARRAY_SIZE(cmd1), cmd1))
         return -1;
 
-    runCmd(IP_PATH, "rule flush");
-    runCmd(IP_PATH, "-6 rule flush");
-    runCmd(IP_PATH, "rule add from all lookup default prio 32767");
-    runCmd(IP_PATH, "rule add from all lookup main prio 32766");
-    runCmd(IP_PATH, "-6 rule add from all lookup default prio 32767");
-    runCmd(IP_PATH, "-6 rule add from all lookup main prio 32766");
-    runCmd(IP_PATH, "route flush cache");
+    const char *cmd2[] = {
+            IPTABLES_PATH,
+            "-t",
+            "nat",
+            "-F",
+            "natctrl_nat_POSTROUTING"
+    };
+    if (runCmd(ARRAY_SIZE(cmd2), cmd2))
+        return -1;
+
+    const char *cmd3[] = {
+            IP_PATH,
+            "rule",
+            "flush"
+    };
+    runCmd(ARRAY_SIZE(cmd3), cmd3);
+
+    const char *cmd4[] = {
+            IP_PATH,
+            "-6",
+            "rule",
+            "flush"
+    };
+    runCmd(ARRAY_SIZE(cmd4), cmd4);
+
+    const char *cmd5[] = {
+            IP_PATH,
+            "rule",
+            "add",
+            "from",
+            "all",
+            "lookup",
+            "default",
+            "prio",
+            "32767"
+    };
+    runCmd(ARRAY_SIZE(cmd5), cmd5);
+
+    const char *cmd6[] = {
+            IP_PATH,
+            "rule",
+            "add",
+            "from",
+            "all",
+            "lookup",
+            "main",
+            "prio",
+            "32766"
+    };
+    runCmd(ARRAY_SIZE(cmd6), cmd6);
+
+    const char *cmd7[] = {
+            IP_PATH,
+            "-6",
+            "rule",
+            "add",
+            "from",
+            "all",
+            "lookup",
+            "default",
+            "prio",
+            "32767"
+    };
+    runCmd(ARRAY_SIZE(cmd7), cmd7);
+
+    const char *cmd8[] = {
+            IP_PATH,
+            "-6",
+            "rule",
+            "add",
+            "from",
+            "all",
+            "lookup",
+            "main",
+            "prio",
+            "32766"
+    };
+    runCmd(ARRAY_SIZE(cmd8), cmd8);
+
+    const char *cmd9[] = {
+            IP_PATH,
+            "route",
+            "flush",
+            "cache"
+    };
+    runCmd(ARRAY_SIZE(cmd9), cmd9);
 
     natCount = 0;
 
@@ -95,7 +167,6 @@
 //  0    1       2       3       4            5
 // nat enable intface extface addrcnt nated-ipaddr/prelength
 int NatController::enableNat(const int argc, char **argv) {
-    char cmd[255];
     int i;
     int addrCount = atoi(argv[4]);
     int ret = 0;
@@ -122,7 +193,13 @@
 
             ret |= secondaryTableCtrl->modifyLocalRoute(tableNumber, ADD, intIface, argv[5+i]);
         }
-        runCmd(IP_PATH, "route flush cache");
+        const char *cmd[] = {
+                IP_PATH,
+                "route",
+                "flush",
+                "cache"
+        };
+        runCmd(ARRAY_SIZE(cmd), cmd);
     }
 
     if (ret != 0 || setForwardRules(true, intIface, extIface) != 0) {
@@ -132,7 +209,13 @@
 
                 secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]);
             }
-            runCmd(IP_PATH, "route flush cache");
+            const char *cmd[] = {
+                    IP_PATH,
+                    "route",
+                    "flush",
+                    "cache"
+            };
+            runCmd(ARRAY_SIZE(cmd), cmd);
         }
         ALOGE("Error setting forward rules");
         errno = ENODEV;
@@ -140,18 +223,40 @@
     }
 
     /* Always make sure the drop rule is at the end */
-    snprintf(cmd, sizeof(cmd), "-D natctrl_FORWARD -j DROP");
-    runCmd(IPTABLES_PATH, cmd);
-    snprintf(cmd, sizeof(cmd), "-A natctrl_FORWARD -j DROP");
-    runCmd(IPTABLES_PATH, cmd);
+    const char *cmd1[] = {
+            IPTABLES_PATH,
+            "-D",
+            "natctrl_FORWARD",
+            "-j",
+            "DROP"
+    };
+    runCmd(ARRAY_SIZE(cmd1), cmd1);
+    const char *cmd2[] = {
+            IPTABLES_PATH,
+            "-A",
+            "natctrl_FORWARD",
+            "-j",
+            "DROP"
+    };
+    runCmd(ARRAY_SIZE(cmd2), cmd2);
 
 
     natCount++;
     // add this if we are the first added nat
     if (natCount == 1) {
-        snprintf(cmd, sizeof(cmd), "-t nat -A natctrl_nat_POSTROUTING -o %s -j MASQUERADE", extIface);
-        if (runCmd(IPTABLES_PATH, cmd)) {
-            ALOGE("Error seting postroute rule: %s", cmd);
+        const char *cmd[] = {
+                IPTABLES_PATH,
+                "-t",
+                "nat",
+                "-A",
+                "natctrl_nat_POSTROUTING",
+                "-o",
+                extIface,
+                "-j",
+                "MASQUERADE"
+        };
+        if (runCmd(ARRAY_SIZE(cmd), cmd)) {
+            ALOGE("Error seting postroute rule: iface=%s", extIface);
             // unwind what's been done, but don't care about success - what more could we do?
             for (i = 0; i < addrCount; i++) {
                 secondaryTableCtrl->modifyLocalRoute(tableNumber, DEL, intIface, argv[5+i]);
@@ -167,56 +272,82 @@
 }
 
 int NatController::setForwardRules(bool add, const char *intIface, const char * extIface) {
-    char cmd[255];
+    const char *cmd1[] = {
+            IPTABLES_PATH,
+            add ? "-A" : "-D",
+            "natctrl_FORWARD",
+            "-i",
+            extIface,
+            "-o",
+            intIface,
+            "-m",
+            "state",
+            "--state",
+            "ESTABLISHED,RELATED",
+            "-j",
+            "RETURN"
+    };
+    int rc = 0;
 
-    snprintf(cmd, sizeof(cmd),
-             "-%s natctrl_FORWARD -i %s -o %s -m state --state ESTABLISHED,RELATED -j RETURN",
-             (add ? "A" : "D"),
-             extIface, intIface);
-    if (runCmd(IPTABLES_PATH, cmd) && add) {
+    if (runCmd(ARRAY_SIZE(cmd1), cmd1) && add) {
         return -1;
     }
 
-    snprintf(cmd, sizeof(cmd),
-            "-%s natctrl_FORWARD -i %s -o %s -m state --state INVALID -j DROP",
-            (add ? "A" : "D"),
-            intIface, extIface);
-    if (runCmd(IPTABLES_PATH, cmd) && add) {
+    const char *cmd2[] = {
+            IPTABLES_PATH,
+            add ? "-A" : "-D",
+            "natctrl_FORWARD",
+            "-i",
+            intIface,
+            "-o",
+            extIface,
+            "-m",
+            "state",
+            "--state",
+            "INVALID",
+            "-j",
+            "DROP"
+    };
+
+    const char *cmd3[] = {
+            IPTABLES_PATH,
+            add ? "-A" : "-D",
+            "natctrl_FORWARD",
+            "-i",
+            intIface,
+            "-o",
+            extIface,
+            "-j",
+            "RETURN"
+    };
+
+    if (runCmd(ARRAY_SIZE(cmd2), cmd2) && add) {
         // bail on error, but only if adding
-        snprintf(cmd, sizeof(cmd),
-                "-%s natctrl_FORWARD -i %s -o %s -m state --state ESTABLISHED,RELATED -j RETURN",
-                (!add ? "A" : "D"),
-                extIface, intIface);
-        runCmd(IPTABLES_PATH, cmd);
-        return -1;
+        rc = -1;
+        goto err_invalid_drop;
     }
 
-    snprintf(cmd, sizeof(cmd), "-%s natctrl_FORWARD -i %s -o %s -j RETURN", (add ? "A" : "D"),
-            intIface, extIface);
-    if (runCmd(IPTABLES_PATH, cmd) && add) {
+    if (runCmd(ARRAY_SIZE(cmd3), cmd3) && add) {
         // unwind what's been done, but don't care about success - what more could we do?
-        snprintf(cmd, sizeof(cmd),
-                "-%s natctrl_FORWARD -i %s -o %s -m state --state INVALID -j DROP",
-                (!add ? "A" : "D"),
-                intIface, extIface);
-        runCmd(IPTABLES_PATH, cmd);
-
-        snprintf(cmd, sizeof(cmd),
-                 "-%s natctrl_FORWARD -i %s -o %s -m state --state ESTABLISHED,RELATED -j RETURN",
-                 (!add ? "A" : "D"),
-                 extIface, intIface);
-        runCmd(IPTABLES_PATH, cmd);
-        return -1;
+        rc = -1;
+        goto err_return;
     }
 
     return 0;
+
+err_return:
+    cmd2[1] = "-D";
+    runCmd(ARRAY_SIZE(cmd2), cmd2);
+err_invalid_drop:
+    cmd1[1] = "-D";
+    runCmd(ARRAY_SIZE(cmd1), cmd1);
+    return rc;
 }
 
 // nat disable intface extface
 //  0    1       2       3       4            5
 // nat enable intface extface addrcnt nated-ipaddr/prelength
 int NatController::disableNat(const int argc, char **argv) {
-    char cmd[255];
     int i;
     int addrCount = atoi(argv[4]);
     const char *intIface = argv[2];
@@ -245,7 +376,13 @@
             secondaryTableCtrl->modifyFromRule(tableNumber, DEL, argv[5+i]);
         }
 
-        runCmd(IP_PATH, "route flush cache");
+        const char *cmd[] = {
+                IP_PATH,
+                "route",
+                "flush",
+                "cache"
+        };
+        runCmd(ARRAY_SIZE(cmd), cmd);
     }
 
     if (--natCount <= 0) {
commit	001f0a436e9fe0353dccd98ee34b91095d9ed1a1	[log] [tgz]
author	Rom Lemarchand <romlem@google.com>	Thu Jan 31 12:41:03 2013 -0800
committer	Rom Lemarchand <romlem@google.com>	Fri Feb 08 09:47:01 2013 -0800
tree	fb83eaef4796c9a2ce9ec3a93d999b8b6bea3eb5
parent	838ef6491794900731760aecc1d4a10bb2fdd2ec [diff] [blame]