FwmarkServer.cpp revision ec00884cac216d1cb79556ca23b21ce55e35af3e
1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include "FwmarkServer.h" 18 19#include "Fwmark.h" 20#include "FwmarkCommand.h" 21#include "NetworkController.h" 22#include "PermissionsController.h" 23#include "resolv_netid.h" 24 25#include <sys/socket.h> 26#include <unistd.h> 27 28FwmarkServer::FwmarkServer(NetworkController* networkController, 29 PermissionsController* permissionsController) 30 : SocketListener("fwmarkd", true), 31 mNetworkController(networkController), 32 mPermissionsController(permissionsController) { 33} 34 35bool FwmarkServer::onDataAvailable(SocketClient* client) { 36 int fd = -1; 37 processClient(client, &fd); 38 int error = errno; 39 if (fd >= 0) { 40 close(fd); 41 } 42 43 // Always send a response even if there were connection errors or read errors, so that we don't 44 // inadvertently cause the client to hang (which always waits for a response). 45 client->sendData(&error, sizeof(error)); 46 47 // Always close the client connection (by returning false). This prevents a DoS attack where 48 // the client issues multiple commands on the same connection, never reading the responses, 49 // causing its receive buffer to fill up, and thus causing our client->sendData() to block. 50 return false; 51} 52 53void FwmarkServer::processClient(SocketClient* client, int* fd) { 54 FwmarkCommand command; 55 56 iovec iov; 57 iov.iov_base = &command; 58 iov.iov_len = sizeof(command); 59 60 msghdr message; 61 memset(&message, 0, sizeof(message)); 62 message.msg_iov = &iov; 63 message.msg_iovlen = 1; 64 65 union { 66 cmsghdr cmh; 67 char cmsg[CMSG_SPACE(sizeof(*fd))]; 68 } cmsgu; 69 70 memset(cmsgu.cmsg, 0, sizeof(cmsgu.cmsg)); 71 message.msg_control = cmsgu.cmsg; 72 message.msg_controllen = sizeof(cmsgu.cmsg); 73 74 int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, 0)); 75 if (messageLength <= 0) { 76 return; 77 } 78 79 if (messageLength != sizeof(command)) { 80 errno = EINVAL; 81 return; 82 } 83 84 cmsghdr* const cmsgh = CMSG_FIRSTHDR(&message); 85 if (cmsgh && cmsgh->cmsg_level == SOL_SOCKET && cmsgh->cmsg_type == SCM_RIGHTS && 86 cmsgh->cmsg_len == CMSG_LEN(sizeof(*fd))) { 87 memcpy(fd, CMSG_DATA(cmsgh), sizeof(*fd)); 88 } 89 90 if (*fd < 0) { 91 errno = EBADF; 92 return; 93 } 94 95 Fwmark fwmark; 96 socklen_t fwmarkLen = sizeof(fwmark.intValue); 97 if (getsockopt(*fd, SOL_SOCKET, SO_MARK, &fwmark.intValue, &fwmarkLen) == -1) { 98 return; 99 } 100 101 fwmark.permission = mPermissionsController->getPermissionForUser(client->getUid()); 102 103 switch (command.cmdId) { 104 case FwmarkCommand::ON_ACCEPT: { 105 // Called after a socket accept(). The kernel would've marked the netId into the socket 106 // already, so we just need to check permissions here. 107 if (!mPermissionsController->isUserPermittedOnNetwork(client->getUid(), fwmark.netId)) { 108 errno = EPERM; 109 return; 110 } 111 break; 112 } 113 114 case FwmarkCommand::ON_CONNECT: { 115 // Set the netId (of the default network) into the fwmark, if it has not already been 116 // set explicitly. Called before a socket connect() happens. 117 if (!fwmark.explicitlySelected) { 118 fwmark.netId = mNetworkController->getDefaultNetwork(); 119 } 120 break; 121 } 122 123 case FwmarkCommand::SELECT_NETWORK: { 124 fwmark.netId = command.netId; 125 if (command.netId == NETID_UNSET) { 126 fwmark.explicitlySelected = false; 127 } else { 128 fwmark.explicitlySelected = true; 129 // If the socket already has the protectedFromVpn bit set, don't reset it, because 130 // non-CONNECTIVITY_INTERNAL apps (e.g.: VpnService) may also protect sockets. 131 if (fwmark.permission & PERMISSION_CONNECTIVITY_INTERNAL) { 132 fwmark.protectedFromVpn = true; 133 } 134 if (!mNetworkController->isValidNetwork(command.netId)) { 135 errno = ENONET; 136 return; 137 } 138 if (!mPermissionsController->isUserPermittedOnNetwork(client->getUid(), 139 command.netId)) { 140 errno = EPERM; 141 return; 142 } 143 } 144 break; 145 } 146 147 case FwmarkCommand::PROTECT_FROM_VPN: { 148 // set vpn protect 149 // TODO 150 break; 151 } 152 153 default: { 154 // unknown command 155 errno = EINVAL; 156 return; 157 } 158 } 159 160 if (setsockopt(*fd, SOL_SOCKET, SO_MARK, &fwmark.intValue, sizeof(fwmark.intValue)) == -1) { 161 return; 162 } 163 164 errno = 0; 165} 166