Blame - main.cc - platform/system/connectivity/apmanager

blob: d5fdb551b8fccd1d4130c4f5e7e3e43d92d61c28 [file] [log] [blame]

Peter Qiu	5dd242d	2014-10-14 12:23:21 -0700	[diff] [blame]	1	// Copyright 2014 The Chromium OS Authors. All rights reserved.
				2	// Use of this source code is governed by a BSD-style license that can be
				3	// found in the LICENSE file.
				4
				5	#include <vector>
				6
				7	#include <base/bind.h>
				8	#include <base/command_line.h>
				9	#include <base/logging.h>
				10	#include <chromeos/minijail/minijail.h>
				11	#include <chromeos/syslog_logging.h>
				12
				13	#include "apmanager/daemon.h"
				14
				15	using std::vector;
				16
				17	namespace {
				18
				19	namespace switches {
				20
				21	// Don't daemon()ize; run in foreground.
				22	const char kForeground[] = "foreground";
				23	// Flag that causes apmanager to show the help message and exit.
				24	const char kHelp[] = "help";
				25
				26	// The help message shown if help flag is passed to the program.
				27	const char kHelpMessage[] = "\n"
				28	"Available Switches: \n"
				29	" --foreground\n"
				30	" Don\'t daemon()ize; run in foreground.\n";
				31	} // namespace switches
				32
				33	} // namespace
				34
				35	namespace {
				36
				37	const char kLoggerCommand[] = "/usr/bin/logger";
				38	const char kLoggerUser[] = "syslog";
Peter Qiu	58676b6	2014-12-16 16:47:12 -0800	[diff] [blame^]	39	const char kSeccompFilePath[] = "/usr/share/policy/apmanager-seccomp.policy";
Peter Qiu	5dd242d	2014-10-14 12:23:21 -0700	[diff] [blame]	40
				41	} // namespace
				42
				43	// Always logs to the syslog and logs to stderr if
				44	// we are running in the foreground.
				45	void SetupLogging(chromeos::Minijail* minijail,
				46	bool foreground,
				47	const char* daemon_name) {
				48	int log_flags = 0;
				49	log_flags \|= chromeos::kLogToSyslog;
				50	log_flags \|= chromeos::kLogHeader;
				51	if (foreground) {
				52	log_flags \|= chromeos::kLogToStderr;
				53	}
				54	chromeos::InitLog(log_flags);
				55
				56	if (!foreground) {
				57	vector<char*> logger_command_line;
				58	int logger_stdin_fd;
				59	logger_command_line.push_back(const_cast<char*>(kLoggerCommand));
				60	logger_command_line.push_back(const_cast<char*>("--priority"));
				61	logger_command_line.push_back(const_cast<char*>("daemon.err"));
				62	logger_command_line.push_back(const_cast<char*>("--tag"));
				63	logger_command_line.push_back(const_cast<char*>(daemon_name));
				64	logger_command_line.push_back(nullptr);
				65
				66	struct minijail* jail = minijail->New();
				67	minijail->DropRoot(jail, kLoggerUser, kLoggerUser);
				68
				69	if (!minijail->RunPipeAndDestroy(jail, logger_command_line,
				70	nullptr, &logger_stdin_fd)) {
				71	LOG(ERROR) << "Unable to spawn logger. "
				72	<< "Writes to stderr will be discarded.";
				73	return;
				74	}
				75
				76	// Note that we don't set O_CLOEXEC here. This means that stderr
				77	// from any child processes will, by default, be logged to syslog.
				78	if (dup2(logger_stdin_fd, fileno(stderr)) != fileno(stderr)) {
				79	LOG(ERROR) << "Failed to redirect stderr to syslog: "
				80	<< strerror(errno);
				81	}
				82	close(logger_stdin_fd);
				83	}
				84	}
				85
				86	void DropPrivileges(chromeos::Minijail* minijail) {
Peter Qiu	5dd242d	2014-10-14 12:23:21 -0700	[diff] [blame]	87	struct minijail* jail = minijail->New();
				88	minijail->DropRoot(jail, apmanager::Daemon::kAPManagerUserName,
				89	apmanager::Daemon::kAPManagerGroupName);
Peter Qiu	58676b6	2014-12-16 16:47:12 -0800	[diff] [blame^]	90	// Permissions needed for the daemon and its child processes for managing
				91	// network interfaces and binding to network sockets.
				92	minijail->UseCapabilities(jail, CAP_TO_MASK(CAP_NET_ADMIN) \|
				93	CAP_TO_MASK(CAP_NET_RAW) \|
				94	CAP_TO_MASK(CAP_NET_BIND_SERVICE));
				95	minijail->UseSeccompFilter(jail, kSeccompFilePath);
Peter Qiu	5dd242d	2014-10-14 12:23:21 -0700	[diff] [blame]	96	minijail_enter(jail);
				97	minijail->Destroy(jail);
				98	}
				99
				100	void OnStartup(const char* daemon_name, CommandLine* cl) {
				101	chromeos::Minijail* minijail = chromeos::Minijail::GetInstance();
				102	SetupLogging(minijail, cl->HasSwitch(switches::kForeground), daemon_name);
				103
				104	LOG(INFO) << __func__ << ": Dropping privileges";
				105
				106	// Now that the daemon has all the resources it needs to run, we can drop
				107	// privileges further.
Peter Qiu	58676b6	2014-12-16 16:47:12 -0800	[diff] [blame^]	108	DropPrivileges(minijail);
Peter Qiu	5dd242d	2014-10-14 12:23:21 -0700	[diff] [blame]	109	}
				110
				111	int main(int argc, char* argv[]) {
				112	CommandLine::Init(argc, argv);
				113	CommandLine* cl = CommandLine::ForCurrentProcess();
				114
				115	if (cl->HasSwitch(switches::kHelp)) {
				116	LOG(INFO) << switches::kHelpMessage;
				117	return 0;
				118	}
				119
				120	const int nochdir = 0, noclose = 0;
				121	if (!cl->HasSwitch(switches::kForeground))
				122	PLOG_IF(FATAL, daemon(nochdir, noclose) == -1) << "Failed to daemonize";
				123
				124	apmanager::Daemon daemon(base::Bind(&OnStartup, argv[0], cl));
				125
				126	daemon.Run();
				127
				128	return 0;
				129	}