blob: d8098e8c83b879a7b33f3cb159a69b5d2e5a9428 [file] [log] [blame]
/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "FwmarkServer.h"
#include "Fwmark.h"
#include "FwmarkCommand.h"
#include "NetworkController.h"
#include "resolv_netid.h"
#include <sys/socket.h>
#include <unistd.h>
FwmarkServer::FwmarkServer(NetworkController* networkController) :
SocketListener("fwmarkd", true), mNetworkController(networkController) {
}
bool FwmarkServer::onDataAvailable(SocketClient* client) {
int socketFd = -1;
int error = processClient(client, &socketFd);
if (socketFd >= 0) {
close(socketFd);
}
// Always send a response even if there were connection errors or read errors, so that we don't
// inadvertently cause the client to hang (which always waits for a response).
client->sendData(&error, sizeof(error));
// Always close the client connection (by returning false). This prevents a DoS attack where
// the client issues multiple commands on the same connection, never reading the responses,
// causing its receive buffer to fill up, and thus causing our client->sendData() to block.
return false;
}
int FwmarkServer::processClient(SocketClient* client, int* socketFd) {
FwmarkCommand command;
iovec iov;
iov.iov_base = &command;
iov.iov_len = sizeof(command);
msghdr message;
memset(&message, 0, sizeof(message));
message.msg_iov = &iov;
message.msg_iovlen = 1;
union {
cmsghdr cmh;
char cmsg[CMSG_SPACE(sizeof(*socketFd))];
} cmsgu;
memset(cmsgu.cmsg, 0, sizeof(cmsgu.cmsg));
message.msg_control = cmsgu.cmsg;
message.msg_controllen = sizeof(cmsgu.cmsg);
int messageLength = TEMP_FAILURE_RETRY(recvmsg(client->getSocket(), &message, 0));
if (messageLength <= 0) {
return -errno;
}
if (messageLength != sizeof(command)) {
return -EBADMSG;
}
cmsghdr* const cmsgh = CMSG_FIRSTHDR(&message);
if (cmsgh && cmsgh->cmsg_level == SOL_SOCKET && cmsgh->cmsg_type == SCM_RIGHTS &&
cmsgh->cmsg_len == CMSG_LEN(sizeof(*socketFd))) {
memcpy(socketFd, CMSG_DATA(cmsgh), sizeof(*socketFd));
}
if (*socketFd < 0) {
return -EBADF;
}
Fwmark fwmark;
socklen_t fwmarkLen = sizeof(fwmark.intValue);
if (getsockopt(*socketFd, SOL_SOCKET, SO_MARK, &fwmark.intValue, &fwmarkLen) == -1) {
return -errno;
}
Permission permission = mNetworkController->getPermissionForUser(client->getUid());
switch (command.cmdId) {
case FwmarkCommand::ON_ACCEPT: {
// Called after a socket accept(). The kernel would've marked the NetId and necessary
// permissions bits, so we just add the rest of the user's permissions here.
permission = static_cast<Permission>(permission | fwmark.permission);
break;
}
case FwmarkCommand::ON_CONNECT: {
// Called before a socket connect() happens. Set the default network's NetId into the
// fwmark so that the socket routes consistently over that network. Do this even if the
// socket already has a NetId, so that calling connect() multiple times still works.
//
// But respect the existing NetId if it had been explicitly preferred, indicated by:
// + The explicit bit having been set.
// + Or, the NetId being that of a VPN, which indicates a proxy acting on behalf of a
// user who is subject to the VPN. The explicit bit is not set so that it works even
// if the VPN is a split tunnel, but it's an explicit network preference nonetheless.
if (!fwmark.explicitlySelected && !mNetworkController->isVirtualNetwork(fwmark.netId)) {
fwmark.netId = mNetworkController->getDefaultNetwork();
}
break;
}
case FwmarkCommand::SELECT_NETWORK: {
fwmark.netId = command.netId;
if (command.netId == NETID_UNSET) {
fwmark.explicitlySelected = false;
fwmark.protectedFromVpn = false;
permission = PERMISSION_NONE;
} else if (mNetworkController->canUserSelectNetwork(client->getUid(), command.netId)) {
fwmark.explicitlySelected = true;
fwmark.protectedFromVpn = mNetworkController->canProtect(client->getUid());
} else {
return -EPERM;
}
break;
}
case FwmarkCommand::PROTECT_FROM_VPN: {
if (!mNetworkController->canProtect(client->getUid())) {
return -EPERM;
}
fwmark.protectedFromVpn = true;
permission = static_cast<Permission>(permission | fwmark.permission);
break;
}
case FwmarkCommand::SELECT_FOR_USER: {
if ((permission & PERMISSION_SYSTEM) != PERMISSION_SYSTEM) {
return -EPERM;
}
fwmark.netId = mNetworkController->getNetworkForUser(command.uid, NETID_UNSET, false);
fwmark.protectedFromVpn = true;
break;
}
default: {
// unknown command
return -EPROTO;
}
}
fwmark.permission = permission;
if (setsockopt(*socketFd, SOL_SOCKET, SO_MARK, &fwmark.intValue,
sizeof(fwmark.intValue)) == -1) {
return -errno;
}
return 0;
}