| // |
| // Copyright (C) 2015 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| |
| #include "apmanager/dbus/permission_broker_dbus_proxy.h" |
| |
| #include <base/bind.h> |
| #include <brillo/errors/error.h> |
| |
| #include "apmanager/event_dispatcher.h" |
| |
| using std::string; |
| |
| namespace apmanager { |
| |
| PermissionBrokerDBusProxy::PermissionBrokerDBusProxy( |
| const scoped_refptr<dbus::Bus>& bus, |
| const base::Closure& service_appeared_callback, |
| const base::Closure& service_vanished_callback) |
| : proxy_(new org::chromium::PermissionBrokerProxy(bus)), |
| dispatcher_(EventDispatcher::GetInstance()), |
| service_appeared_callback_(service_appeared_callback), |
| service_vanished_callback_(service_vanished_callback), |
| service_available_(false) { |
| // Monitor service owner changes. This callback lives for the lifetime of |
| // the ObjectProxy. |
| proxy_->GetObjectProxy()->SetNameOwnerChangedCallback( |
| base::Bind(&PermissionBrokerDBusProxy::OnServiceOwnerChanged, |
| weak_factory_.GetWeakPtr())); |
| |
| // One time callback when service becomes available. |
| proxy_->GetObjectProxy()->WaitForServiceToBeAvailable( |
| base::Bind(&PermissionBrokerDBusProxy::OnServiceAvailable, |
| weak_factory_.GetWeakPtr())); |
| |
| // Setup lifeline pipe to allow permission_broker to monitor this process, |
| // so it can automatically remove the firewall rules when this process |
| // crashed. |
| int fds[2]; |
| CHECK(pipe(fds) == 0) << "Failed to create lifeline pipe"; |
| lifeline_read_fd_ = fds[0]; |
| lifeline_write_fd_ = fds[1]; |
| } |
| |
| PermissionBrokerDBusProxy::~PermissionBrokerDBusProxy() { |
| close(lifeline_read_fd_); |
| close(lifeline_write_fd_); |
| } |
| |
| bool PermissionBrokerDBusProxy::RequestUdpPortAccess(const string& interface, |
| uint16_t port) { |
| if (!service_available_) { |
| LOG(ERROR) << "permission_broker service not available"; |
| return false; |
| } |
| |
| // Pass the read end of the pipe to permission_broker, to allow it to |
| // monitor on this process. |
| dbus::FileDescriptor fd(lifeline_read_fd_); |
| fd.CheckValidity(); |
| bool allowed = false; |
| brillo::ErrorPtr error; |
| if (!proxy_->RequestUdpPortAccess(port, interface, fd, &allowed, &error)) { |
| LOG(ERROR) << "Failed to request UDP port access: " |
| << error->GetCode() << " " << error->GetMessage(); |
| return false; |
| } |
| if (!allowed) { |
| LOG(ERROR) << "Access request for UDP port " << port |
| << " on interface " << interface << " is denied"; |
| return false; |
| } |
| LOG(INFO) << "Access granted for UDP port " << port |
| << " on interface " << interface; |
| return true; |
| } |
| |
| bool PermissionBrokerDBusProxy::ReleaseUdpPortAccess(const string& interface, |
| uint16_t port) { |
| if (!service_available_) { |
| LOG(ERROR) << "permission_broker service not available"; |
| return false; |
| } |
| |
| brillo::ErrorPtr error; |
| bool success; |
| if (!proxy_->ReleaseUdpPort(port, interface, &success, &error)) { |
| LOG(ERROR) << "Failed to release UDP port access: " |
| << error->GetCode() << " " << error->GetMessage(); |
| return false; |
| } |
| if (!success) { |
| LOG(ERROR) << "Release request for UDP port " << port |
| << " on interface " << interface << " is denied"; |
| return false; |
| } |
| LOG(INFO) << "Access released for UDP port " << port |
| << " on interface " << interface; |
| return true; |
| } |
| |
| void PermissionBrokerDBusProxy::OnServiceAvailable(bool available) { |
| LOG(INFO) << __func__ << ": " << available; |
| // The callback might invoke calls to the ObjectProxy, so defer the callback |
| // to event loop. |
| if (available && !service_appeared_callback_.is_null()) { |
| dispatcher_->PostTask(service_appeared_callback_); |
| } else if (!available && !service_vanished_callback_.is_null()) { |
| dispatcher_->PostTask(service_vanished_callback_); |
| } |
| service_available_ = available; |
| } |
| |
| void PermissionBrokerDBusProxy::OnServiceOwnerChanged(const string& old_owner, |
| const string& new_owner) { |
| LOG(INFO) << __func__ << " old: " << old_owner << " new: " << new_owner; |
| if (new_owner.empty()) { |
| OnServiceAvailable(false); |
| } else { |
| OnServiceAvailable(true); |
| } |
| } |
| |
| } // namespace apmanager |