FwmarkServer.cpp revision 3a069e6a76752a0ee73c60f276ae362d1c01467f 
1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "FwmarkServer.h"
18
19#include "Fwmark.h"
20#include "FwmarkCommand.h"
21#include "NetworkController.h"
22#include "PermissionsController.h"
23#include "resolv_netid.h"
24
25#include <sys/socket.h>
26#include <unistd.h>
27
28FwmarkServer::FwmarkServer(NetworkController* networkController,
29                           PermissionsController* permissionsController)
30        : SocketListener("fwmarkd", true),
31          mNetworkController(networkController),
32          mPermissionsController(permissionsController) {
33}
34
35bool FwmarkServer::onDataAvailable(SocketClient* client) {
36    int fd = -1;
37    int error = processClient(client, &fd);
38    if (fd >= 0) {
39        close(fd);
40    }
41
42    // Always send a response even if there were connection errors or read errors, so that we don't
43    // inadvertently cause the client to hang (which always waits for a response).
44    client->sendData(&error, sizeof(error));
45
46    // Always close the client connection (by returning false). This prevents a DoS attack where
47    // the client issues multiple commands on the same connection, never reading the responses,
48    // causing its receive buffer to fill up, and thus causing our client->sendData() to block.
49    return false;
50}
51
52int FwmarkServer::processClient(SocketClient* client, int* fd) {
53    FwmarkCommand command;
54
55    iovec iov;
56    iov.iov_base = &command;
57    iov.iov_len = sizeof(command);
58
59    msghdr message;
60    memset(&message, 0, sizeof(message));
61    message.msg_iov = &iov;
62    message.msg_iovlen = 1;
63
64    union {
65        cmsghdr cmh;
66        char cmsg[CMSG_SPACE(sizeof(*fd))];
67    } cmsgu;
68
69    memset(cmsgu.cmsg, 0, sizeof(cmsgu.cmsg));
70    message.msg_control = cmsgu.cmsg;
71    message.msg_controllen = sizeof(cmsgu.cmsg);
72
73    int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, 0));
74    if (messageLength <= 0) {
75        return -errno;
76    }
77
78    if (messageLength != sizeof(command)) {
79        return -EBADMSG;
80    }
81
82    cmsghdr* const cmsgh = CMSG_FIRSTHDR(&message);
83    if (cmsgh && cmsgh->cmsg_level == SOL_SOCKET && cmsgh->cmsg_type == SCM_RIGHTS &&
84        cmsgh->cmsg_len == CMSG_LEN(sizeof(*fd))) {
85        memcpy(fd, CMSG_DATA(cmsgh), sizeof(*fd));
86    }
87
88    if (*fd < 0) {
89        return -EBADF;
90    }
91
92    Fwmark fwmark;
93    socklen_t fwmarkLen = sizeof(fwmark.intValue);
94    if (getsockopt(*fd, SOL_SOCKET, SO_MARK, &fwmark.intValue, &fwmarkLen) == -1) {
95        return -errno;
96    }
97
98    fwmark.permission = mPermissionsController->getPermissionForUser(client->getUid());
99
100    switch (command.cmdId) {
101        case FwmarkCommand::ON_ACCEPT: {
102            // Called after a socket accept(). The kernel would've marked the netId into the socket
103            // already, so we just need to check permissions here.
104            if (!mPermissionsController->isUserPermittedOnNetwork(client->getUid(), fwmark.netId)) {
105                return -EPERM;
106            }
107            break;
108        }
109
110        case FwmarkCommand::ON_CONNECT: {
111            // Set the netId (of the default network) into the fwmark, if it has not already been
112            // set explicitly. Called before a socket connect() happens.
113            if (!fwmark.explicitlySelected) {
114                fwmark.netId = mNetworkController->getDefaultNetwork();
115            }
116            break;
117        }
118
119        case FwmarkCommand::SELECT_NETWORK: {
120            fwmark.netId = command.netId;
121            if (command.netId == NETID_UNSET) {
122                fwmark.explicitlySelected = false;
123            } else {
124                fwmark.explicitlySelected = true;
125                // If the socket already has the protectedFromVpn bit set, don't reset it, because
126                // non-CONNECTIVITY_INTERNAL apps (e.g.: VpnService) may also protect sockets.
127                if (fwmark.permission & PERMISSION_CONNECTIVITY_INTERNAL) {
128                    fwmark.protectedFromVpn = true;
129                }
130                if (!mNetworkController->isValidNetwork(command.netId)) {
131                    return -ENONET;
132                }
133                if (!mPermissionsController->isUserPermittedOnNetwork(client->getUid(),
134                                                                      command.netId)) {
135                    return -EPERM;
136                }
137            }
138            break;
139        }
140
141        case FwmarkCommand::PROTECT_FROM_VPN: {
142            // set vpn protect
143            // TODO
144            break;
145        }
146
147        default: {
148            // unknown command
149            return -EPROTO;
150        }
151    }
152
153    if (setsockopt(*fd, SOL_SOCKET, SO_MARK, &fwmark.intValue, sizeof(fwmark.intValue)) == -1) {
154        return -errno;
155    }
156
157    return 0;
158}
159