| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <getopt.h> |
| #include <poll.h> |
| #include <string.h> |
| #include <sys/socket.h> |
| #include <sys/stat.h> |
| #include <sys/types.h> |
| #include <unistd.h> |
| |
| #include <memory> |
| |
| #include <android-base/logging.h> |
| #include <cutils/sockets.h> |
| #include <libminijail.h> |
| |
| #include <nvram/core/nvram_manager.h> |
| #include <nvram/messages/nvram_messages.h> |
| |
| // This is defined in fake_nvram_storage.h |
| void InitStorage(int data_dir_fd); |
| |
| namespace { |
| |
| // Minijail parameters. |
| constexpr char kNvramUser[] = "nvram"; |
| constexpr char kNvramGroup[] = "nvram"; |
| constexpr char kNvramSeccompPolicyPath[] = |
| "/system/usr/share/policy/fake-nvram-seccomp.policy"; |
| |
| // Name of the control socket served by this daemon. |
| constexpr char kNvramControlSocketName[] = "nvram"; |
| |
| // The default data directory. |
| constexpr char kNvramDataDirectory[] = "/data/misc/fake-nvram/"; |
| |
| // Connection backlog on control socket. |
| constexpr int kControlSocketBacklog = 20; |
| |
| // Maximum number of client sockets supported. |
| constexpr int kMaxClientSockets = 32; |
| |
| // Size of the NVRAM message buffer for reading and writing serialized NVRAM |
| // command messages from and to the control socket. |
| constexpr int kNvramMessageBufferSize = 4096; |
| |
| // Variables holding command-line flags. |
| const char* g_data_directory_path = kNvramDataDirectory; |
| const char* g_control_socket_name = kNvramControlSocketName; |
| |
| // Parses the command line. Returns true if successful. |
| bool ParseCommandLine(int argc, char** argv) { |
| while (true) { |
| static const struct option options[] = { |
| {"data_directory", required_argument, nullptr, 'd'}, |
| {"control_socket", required_argument, nullptr, 's'}, |
| }; |
| |
| int option_index = 0; |
| int c = getopt_long(argc, argv, "", options, &option_index); |
| if (c == -1) { |
| break; |
| } |
| |
| switch (c) { |
| case 'd': |
| g_data_directory_path = optarg; |
| break; |
| case 's': |
| g_control_socket_name = optarg; |
| break; |
| default: |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| // Sets up a restricted environment using minijail and enters it. |
| bool InitMinijail() { |
| std::unique_ptr<struct minijail, void (*)(struct minijail*)> minijail( |
| minijail_new(), &minijail_destroy); |
| if (minijail_change_user(minijail.get(), kNvramUser) || |
| minijail_change_group(minijail.get(), kNvramGroup)) { |
| return false; |
| } |
| minijail_use_seccomp_filter(minijail.get()); |
| minijail_no_new_privs(minijail.get()); |
| minijail_parse_seccomp_filters(minijail.get(), kNvramSeccompPolicyPath); |
| minijail_enter(minijail.get()); |
| return true; |
| } |
| |
| // Reads a single command from |socket|, decodes the command, executes it on |
| // |nvram_manager|, encodes the response, and writes the reply back to |socket|. |
| // Returns true on success, false on errors (in which case the caller is |
| // expected the close the |socket|). |
| bool ProcessCommand(int socket, nvram::NvramManager* nvram_manager) { |
| uint8_t command_buffer[kNvramMessageBufferSize]; |
| ssize_t bytes_read = |
| TEMP_FAILURE_RETRY(read(socket, command_buffer, sizeof(command_buffer))); |
| if (bytes_read == 0) { |
| return false; |
| } |
| |
| if (bytes_read < 0) { |
| PLOG(ERROR) << "Failed to read command from client socket"; |
| return false; |
| } |
| |
| nvram::Request request; |
| if (!nvram::Decode(command_buffer, bytes_read, &request)) { |
| LOG(WARNING) << "Failed to decode command request!"; |
| return false; |
| } |
| |
| nvram::Response response; |
| nvram_manager->Dispatch(request, &response); |
| size_t response_size = sizeof(command_buffer); |
| if (!nvram::Encode(response, command_buffer, &response_size)) { |
| LOG(WARNING) << "Failed to encode command response!"; |
| return false; |
| } |
| |
| if (TEMP_FAILURE_RETRY(write(socket, command_buffer, response_size)) < 0) { |
| PLOG(ERROR) << "Failed to write response to client socket"; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| // Listens for incoming connections or data, accepts connections and processes |
| // data as needed. |
| int ProcessMessages(int control_socket_fd, nvram::NvramManager* nvram_manager) { |
| struct pollfd poll_fds[kMaxClientSockets]; |
| memset(poll_fds, 0, sizeof(poll_fds)); |
| poll_fds[0].fd = control_socket_fd; |
| poll_fds[0].events = POLLIN; |
| poll_fds[0].revents = 0; |
| nfds_t poll_fds_count = 1; |
| while (TEMP_FAILURE_RETRY(poll(poll_fds, poll_fds_count, -1)) >= 0) { |
| if (poll_fds[0].revents & POLLIN) { |
| // Accept a new connection. |
| int client_socket = accept(control_socket_fd, NULL, 0); |
| if (client_socket < 0) { |
| PLOG(ERROR) << "Error accepting connection"; |
| return errno; |
| } |
| |
| // Add |client_socket| to |poll_fds|. |
| if (poll_fds_count < kMaxClientSockets) { |
| poll_fds[poll_fds_count].fd = client_socket; |
| poll_fds[poll_fds_count].events = POLLIN; |
| poll_fds[poll_fds_count].revents = 0; |
| ++poll_fds_count; |
| } else { |
| LOG(WARNING) << "Too many open client sockets, rejecting connection."; |
| // No need to handle EINTR specially here as bionic filters it out. |
| if (close(client_socket)) { |
| PLOG(ERROR) << "Failed to close connection socket after error"; |
| } |
| } |
| } |
| |
| // Walk the connection fds backwards. This way, we can remove fds by |
| // replacing the slot with the last array element, which we have processed |
| // already. |
| for (int i = poll_fds_count - 1; i > 0; --i) { |
| if (poll_fds[i].revents & POLLIN) { |
| if (!ProcessCommand(poll_fds[i].fd, nvram_manager)) { |
| // No need to handle EINTR specially here as bionic filters it out. |
| if (close(poll_fds[i].fd)) { |
| PLOG(ERROR) << "Failed to close connection socket after error"; |
| } |
| --poll_fds_count; |
| poll_fds[i] = poll_fds[poll_fds_count]; |
| } |
| } |
| poll_fds[i].revents = 0; |
| } |
| } |
| |
| // poll error. |
| PLOG(ERROR) << "Failed to poll control socket"; |
| return errno; |
| }; |
| |
| } // namespace |
| |
| int main(int argc, char** argv) { |
| if (!ParseCommandLine(argc, argv)) { |
| return EINVAL; |
| } |
| |
| int control_socket_fd = android_get_control_socket(g_control_socket_name); |
| if (control_socket_fd < 0) { |
| LOG(ERROR) << "Failed to get control socket."; |
| return EINVAL; |
| } |
| |
| if (listen(control_socket_fd, kControlSocketBacklog)) { |
| PLOG(ERROR) << "Failed to listen on control socket"; |
| return errno; |
| } |
| |
| if (!InitMinijail()) { |
| LOG(ERROR) << "Failed to drop privileges."; |
| return -1; |
| } |
| |
| int data_dir_fd = |
| TEMP_FAILURE_RETRY(open(g_data_directory_path, O_RDONLY | O_DIRECTORY)); |
| if (data_dir_fd < 0) { |
| PLOG(ERROR) << "Failed to open data directory"; |
| return errno; |
| } |
| |
| InitStorage(data_dir_fd); |
| |
| nvram::NvramManager nvram_manager; |
| return ProcessMessages(control_socket_fd, &nvram_manager); |
| } |