FwmarkServer.cpp revision ec00884cac216d1cb79556ca23b21ce55e35af3e 
1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "FwmarkServer.h"
18
19#include "Fwmark.h"
20#include "FwmarkCommand.h"
21#include "NetworkController.h"
22#include "PermissionsController.h"
23#include "resolv_netid.h"
24
25#include <sys/socket.h>
26#include <unistd.h>
27
28FwmarkServer::FwmarkServer(NetworkController* networkController,
29                           PermissionsController* permissionsController)
30        : SocketListener("fwmarkd", true),
31          mNetworkController(networkController),
32          mPermissionsController(permissionsController) {
33}
34
35bool FwmarkServer::onDataAvailable(SocketClient* client) {
36    int fd = -1;
37    processClient(client, &fd);
38    int error = errno;
39    if (fd >= 0) {
40        close(fd);
41    }
42
43    // Always send a response even if there were connection errors or read errors, so that we don't
44    // inadvertently cause the client to hang (which always waits for a response).
45    client->sendData(&error, sizeof(error));
46
47    // Always close the client connection (by returning false). This prevents a DoS attack where
48    // the client issues multiple commands on the same connection, never reading the responses,
49    // causing its receive buffer to fill up, and thus causing our client->sendData() to block.
50    return false;
51}
52
53void FwmarkServer::processClient(SocketClient* client, int* fd) {
54    FwmarkCommand command;
55
56    iovec iov;
57    iov.iov_base = &command;
58    iov.iov_len = sizeof(command);
59
60    msghdr message;
61    memset(&message, 0, sizeof(message));
62    message.msg_iov = &iov;
63    message.msg_iovlen = 1;
64
65    union {
66        cmsghdr cmh;
67        char cmsg[CMSG_SPACE(sizeof(*fd))];
68    } cmsgu;
69
70    memset(cmsgu.cmsg, 0, sizeof(cmsgu.cmsg));
71    message.msg_control = cmsgu.cmsg;
72    message.msg_controllen = sizeof(cmsgu.cmsg);
73
74    int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, 0));
75    if (messageLength <= 0) {
76        return;
77    }
78
79    if (messageLength != sizeof(command)) {
80        errno = EINVAL;
81        return;
82    }
83
84    cmsghdr* const cmsgh = CMSG_FIRSTHDR(&message);
85    if (cmsgh && cmsgh->cmsg_level == SOL_SOCKET && cmsgh->cmsg_type == SCM_RIGHTS &&
86        cmsgh->cmsg_len == CMSG_LEN(sizeof(*fd))) {
87        memcpy(fd, CMSG_DATA(cmsgh), sizeof(*fd));
88    }
89
90    if (*fd < 0) {
91        errno = EBADF;
92        return;
93    }
94
95    Fwmark fwmark;
96    socklen_t fwmarkLen = sizeof(fwmark.intValue);
97    if (getsockopt(*fd, SOL_SOCKET, SO_MARK, &fwmark.intValue, &fwmarkLen) == -1) {
98        return;
99    }
100
101    fwmark.permission = mPermissionsController->getPermissionForUser(client->getUid());
102
103    switch (command.cmdId) {
104        case FwmarkCommand::ON_ACCEPT: {
105            // Called after a socket accept(). The kernel would've marked the netId into the socket
106            // already, so we just need to check permissions here.
107            if (!mPermissionsController->isUserPermittedOnNetwork(client->getUid(), fwmark.netId)) {
108                errno = EPERM;
109                return;
110            }
111            break;
112        }
113
114        case FwmarkCommand::ON_CONNECT: {
115            // Set the netId (of the default network) into the fwmark, if it has not already been
116            // set explicitly. Called before a socket connect() happens.
117            if (!fwmark.explicitlySelected) {
118                fwmark.netId = mNetworkController->getDefaultNetwork();
119            }
120            break;
121        }
122
123        case FwmarkCommand::SELECT_NETWORK: {
124            fwmark.netId = command.netId;
125            if (command.netId == NETID_UNSET) {
126                fwmark.explicitlySelected = false;
127            } else {
128                fwmark.explicitlySelected = true;
129                // If the socket already has the protectedFromVpn bit set, don't reset it, because
130                // non-CONNECTIVITY_INTERNAL apps (e.g.: VpnService) may also protect sockets.
131                if (fwmark.permission & PERMISSION_CONNECTIVITY_INTERNAL) {
132                    fwmark.protectedFromVpn = true;
133                }
134                if (!mNetworkController->isValidNetwork(command.netId)) {
135                    errno = ENONET;
136                    return;
137                }
138                if (!mPermissionsController->isUserPermittedOnNetwork(client->getUid(),
139                                                                      command.netId)) {
140                    errno = EPERM;
141                    return;
142                }
143            }
144            break;
145        }
146
147        case FwmarkCommand::PROTECT_FROM_VPN: {
148            // set vpn protect
149            // TODO
150            break;
151        }
152
153        default: {
154            // unknown command
155            errno = EINVAL;
156            return;
157        }
158    }
159
160    if (setsockopt(*fd, SOL_SOCKET, SO_MARK, &fwmark.intValue, sizeof(fwmark.intValue)) == -1) {
161        return;
162    }
163
164    errno = 0;
165}
166