Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / b2331e9c34c5c687a5438762b9ebf4b30c8167de / . / core / jni / fd_utils.h
blob: 03298c38dca984ac896fdd6ea394baf954ce136f [file] [log] [blame]
Robert Sesek8225b7c2016-12-16 14:02:31 -0500[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef FRAMEWORKS_BASE_CORE_JNI_FD_UTILS_H_
18#define FRAMEWORKS_BASE_CORE_JNI_FD_UTILS_H_
19
20#include <set>
21#include <string>
22#include <unordered_map>
Robert Sesek54e387d2016-12-02 17:27:50 -0500[diff] [blame]23#include <vector>
Robert Sesek8225b7c2016-12-16 14:02:31 -0500[diff] [blame]24
25#include <dirent.h>
26#include <inttypes.h>
27#include <sys/stat.h>
28
29#include <android-base/macros.h>
30
Robert Sesek54e387d2016-12-02 17:27:50 -0500[diff] [blame]31// Whitelist of open paths that the zygote is allowed to keep open.
32//
33// In addition to the paths listed in kPathWhitelist in file_utils.cpp, and
34// paths dynamically added with Allow(), all files ending with ".jar"
35// under /system/framework" are whitelisted. See IsAllowed() for the canonical
36// definition.
37//
38// If the whitelisted path is associated with a regular file or a
39// character device, the file is reopened after a fork with the same
40// offset and mode. If the whilelisted path is associated with a
41// AF_UNIX socket, the socket will refer to /dev/null after each
42// fork, and all operations on it will fail.
43class FileDescriptorWhitelist {
44 public:
45 // Lazily creates the global whitelist.
46 static FileDescriptorWhitelist* Get();
47
48 // Adds a path to the whitelist.
49 void Allow(const std::string& path) {
50 whitelist_.push_back(path);
51 }
52
53 // Returns true iff. a given path is whitelisted. A path is whitelisted
54 // if it belongs to the whitelist (see kPathWhitelist) or if it's a path
55 // under /system/framework that ends with ".jar" or if it is a system
56 // framework overlay.
57 bool IsAllowed(const std::string& path) const;
58
59 private:
60 FileDescriptorWhitelist();
61
62 static bool StartsWith(const std::string& str, const std::string& prefix);
63
64 static bool EndsWith(const std::string& str, const std::string& suffix);
65
66 static FileDescriptorWhitelist* instance_;
67
68 std::vector<std::string> whitelist_;
69
70 DISALLOW_COPY_AND_ASSIGN(FileDescriptorWhitelist);
71};
72
Robert Sesek8225b7c2016-12-16 14:02:31 -0500[diff] [blame]73// Keeps track of all relevant information (flags, offset etc.) of an
74// open zygote file descriptor.
75class FileDescriptorInfo {
76 public:
77 // Create a FileDescriptorInfo for a given file descriptor. Returns
78 // |NULL| if an error occurred.
79 static FileDescriptorInfo* CreateFromFd(int fd);
80
81 // Checks whether the file descriptor associated with this object
82 // refers to the same description.
83 bool Restat() const;
84
85 bool ReopenOrDetach() const;
86
87 const int fd;
88 const struct stat stat;
89 const std::string file_path;
90 const int open_flags;
91 const int fd_flags;
92 const int fs_flags;
93 const off_t offset;
94 const bool is_sock;
95
96 private:
97 FileDescriptorInfo(int fd);
98
99 FileDescriptorInfo(struct stat stat, const std::string& file_path, int fd, int open_flags,
100 int fd_flags, int fs_flags, off_t offset);
101
Robert Sesek8225b7c2016-12-16 14:02:31 -0500[diff] [blame]102 static bool Readlink(const int fd, std::string* result);
103
104 // Returns the locally-bound name of the socket |fd|. Returns true
105 // iff. all of the following hold :
106 //
107 // - the socket's sa_family is AF_UNIX.
108 // - the length of the path is greater than zero (i.e, not an unnamed socket).
109 // - the first byte of the path isn't zero (i.e, not a socket with an abstract
110 // address).
111 static bool GetSocketName(const int fd, std::string* result);
112
113 bool DetachSocket() const;
114
115 DISALLOW_COPY_AND_ASSIGN(FileDescriptorInfo);
116};
117
118// A FileDescriptorTable is a collection of FileDescriptorInfo objects
119// keyed by their FDs.
120class FileDescriptorTable {
121 public:
122 // Creates a new FileDescriptorTable. This function scans
123 // /proc/self/fd for the list of open file descriptors and collects
124 // information about them. Returns NULL if an error occurs.
Andreas Gampe8dfa1782017-01-05 12:45:58 -0800[diff] [blame]125 static FileDescriptorTable* Create(const std::vector<int>& fds_to_ignore);
Robert Sesek8225b7c2016-12-16 14:02:31 -0500[diff] [blame]126
Andreas Gampe8dfa1782017-01-05 12:45:58 -0800[diff] [blame]127 bool Restat(const std::vector<int>& fds_to_ignore);
Robert Sesek8225b7c2016-12-16 14:02:31 -0500[diff] [blame]128
129 // Reopens all file descriptors that are contained in the table. Returns true
130 // if all descriptors were successfully re-opened or detached, and false if an
131 // error occurred.
132 bool ReopenOrDetach();
133
134 private:
135 FileDescriptorTable(const std::unordered_map<int, FileDescriptorInfo*>& map);
136
137 bool RestatInternal(std::set<int>& open_fds);
138
139 static int ParseFd(dirent* e, int dir_fd);
140
141 // Invariant: All values in this unordered_map are non-NULL.
142 std::unordered_map<int, FileDescriptorInfo*> open_fd_map_;
143
144 DISALLOW_COPY_AND_ASSIGN(FileDescriptorTable);
145};
146
147#endif // FRAMEWORKS_BASE_CORE_JNI_FD_UTILS_H_