Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 31f4210e6fc5c9b749468a2af0bac94992352010 / . / client / NetdClient.cpp
blob: 8a54354d1a6a91254a891f97c1447e89108c72ca [file] [log] [blame]
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]17#include "NetdClient.h"
18
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]19#include "FwmarkClient.h"
20#include "FwmarkCommand.h"
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]21#include "resolv_netid.h"
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]22
Sreeram Ramachandran9fa2b132014-06-03 12:51:08 -0700[diff] [blame]23#include <atomic>
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]24#include <sys/socket.h>
25#include <unistd.h>
26
27namespace {
28
Sreeram Ramachandran9fa2b132014-06-03 12:51:08 -0700[diff] [blame]29std::atomic_uint netIdForProcess(NETID_UNSET);
30std::atomic_uint netIdForResolv(NETID_UNSET);
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]31
32typedef int (*Accept4FunctionType)(int, sockaddr*, socklen_t*, int);
33typedef int (*ConnectFunctionType)(int, const sockaddr*, socklen_t);
34typedef int (*SocketFunctionType)(int, int, int);
35typedef unsigned (*NetIdForResolvFunctionType)(unsigned);
36
37// These variables are only modified at startup (when libc.so is loaded) and never afterwards, so
38// it's okay that they are read later at runtime without a lock.
39Accept4FunctionType libcAccept4 = 0;
40ConnectFunctionType libcConnect = 0;
41SocketFunctionType libcSocket = 0;
42
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]43int closeFdAndSetErrno(int fd, int error) {
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]44 close(fd);
45 errno = error;
46 return -1;
47}
48
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]49int netdClientAccept4(int sockfd, sockaddr* addr, socklen_t* addrlen, int flags) {
50 int acceptedSocket = libcAccept4(sockfd, addr, addrlen, flags);
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]51 if (acceptedSocket == -1) {
52 return -1;
53 }
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]54 int family;
55 if (addr) {
56 family = addr->sa_family;
57 } else {
58 socklen_t familyLen = sizeof(family);
59 if (getsockopt(acceptedSocket, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]60 return closeFdAndSetErrno(acceptedSocket, errno);
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]61 }
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]62 }
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]63 if (FwmarkClient::shouldSetFwmark(family)) {
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]64 FwmarkCommand command = {FwmarkCommand::ON_ACCEPT, 0};
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]65 int error = FwmarkClient().send(&command, sizeof(command), acceptedSocket);
66 if (error) {
67 return closeFdAndSetErrno(acceptedSocket, error);
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]68 }
69 }
70 return acceptedSocket;
71}
72
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]73int netdClientConnect(int sockfd, const sockaddr* addr, socklen_t addrlen) {
74 if (sockfd >= 0 && addr && FwmarkClient::shouldSetFwmark(addr->sa_family)) {
75 FwmarkCommand command = {FwmarkCommand::ON_CONNECT, 0};
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]76 int error = FwmarkClient().send(&command, sizeof(command), sockfd);
77 if (error) {
78 errno = error;
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]79 return -1;
80 }
81 }
82 return libcConnect(sockfd, addr, addrlen);
83}
84
85int netdClientSocket(int domain, int type, int protocol) {
86 int socketFd = libcSocket(domain, type, protocol);
87 if (socketFd == -1) {
88 return -1;
89 }
90 unsigned netId = netIdForProcess;
91 if (netId != NETID_UNSET && FwmarkClient::shouldSetFwmark(domain)) {
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]92 int error = setNetworkForSocket(netId, socketFd);
93 if (error) {
94 return closeFdAndSetErrno(socketFd, error);
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]95 }
96 }
97 return socketFd;
98}
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]99
100unsigned getNetworkForResolv(unsigned netId) {
101 if (netId != NETID_UNSET) {
102 return netId;
103 }
104 netId = netIdForProcess;
105 if (netId != NETID_UNSET) {
106 return netId;
107 }
108 return netIdForResolv;
109}
110
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]111int setNetworkForTarget(unsigned netId, std::atomic_uint* target) {
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]112 if (netId == NETID_UNSET) {
113 *target = netId;
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]114 return 0;
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]115 }
116 // Verify that we are allowed to use |netId|, by creating a socket and trying to have it marked
Sreeram Ramachandran27560452014-05-30 19:59:51 -0700[diff] [blame]117 // with the netId. Call libcSocket() directly; else the socket creation (via netdClientSocket())
118 // might itself cause another check with the fwmark server, which would be wasteful.
119 int socketFd;
120 if (libcSocket) {
121 socketFd = libcSocket(AF_INET6, SOCK_DGRAM, 0);
122 } else {
123 socketFd = socket(AF_INET6, SOCK_DGRAM, 0);
124 }
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]125 if (socketFd < 0) {
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]126 return errno;
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]127 }
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]128 int error = setNetworkForSocket(netId, socketFd);
129 if (!error) {
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]130 *target = netId;
131 }
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]132 close(socketFd);
133 return error;
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]134}
135
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]136} // namespace
137
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]138// accept() just calls accept4(..., 0), so there's no need to handle accept() separately.
139extern "C" void netdClientInitAccept4(Accept4FunctionType* function) {
140 if (function && *function) {
141 libcAccept4 = *function;
142 *function = netdClientAccept4;
143 }
144}
145
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]146extern "C" void netdClientInitConnect(ConnectFunctionType* function) {
147 if (function && *function) {
148 libcConnect = *function;
149 *function = netdClientConnect;
150 }
151}
152
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]153extern "C" void netdClientInitSocket(SocketFunctionType* function) {
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]154 if (function && *function) {
Sreeram Ramachandran5fc27572014-05-21 13:08:34 -0700[diff] [blame]155 libcSocket = *function;
156 *function = netdClientSocket;
Sreeram Ramachandranf4cfad32014-05-21 08:54:07 -0700[diff] [blame]157 }
158}
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]159
160extern "C" void netdClientInitNetIdForResolv(NetIdForResolvFunctionType* function) {
161 if (function) {
162 *function = getNetworkForResolv;
163 }
164}
165
166extern "C" unsigned getNetworkForProcess() {
167 return netIdForProcess;
168}
169
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]170extern "C" int setNetworkForSocket(unsigned netId, int socketFd) {
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]171 if (socketFd < 0) {
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]172 return EBADF;
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]173 }
174 FwmarkCommand command = {FwmarkCommand::SELECT_NETWORK, netId};
175 return FwmarkClient().send(&command, sizeof(command), socketFd);
176}
177
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]178extern "C" int setNetworkForProcess(unsigned netId) {
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]179 return setNetworkForTarget(netId, &netIdForProcess);
180}
181
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]182extern "C" int setNetworkForResolv(unsigned netId) {
Sreeram Ramachandranefbe05d2014-05-21 11:41:39 -0700[diff] [blame]183 return setNetworkForTarget(netId, &netIdForResolv);
184}
Sreeram Ramachandrand794e582014-06-19 10:03:07 -0700[diff] [blame]185
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]186extern "C" int protectFromVpn(int socketFd) {
Sreeram Ramachandrand794e582014-06-19 10:03:07 -0700[diff] [blame]187 if (socketFd < 0) {
Sreeram Ramachandran31f42102014-06-20 11:51:48 -0700[diff] [blame^]188 return EBADF;
Sreeram Ramachandrand794e582014-06-19 10:03:07 -0700[diff] [blame]189 }
190 FwmarkCommand command = {FwmarkCommand::PROTECT_FROM_VPN, 0};
191 return FwmarkClient().send(&command, sizeof(command), socketFd);
192}