2 * Copyright (C) 2014 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "NetdClient.h"
20 #include <sys/socket.h>
26 #include "FwmarkClient.h"
27 #include "FwmarkCommand.h"
28 #include "resolv_netid.h"
29 #include "Stopwatch.h"
33 std::atomic_uint netIdForProcess(NETID_UNSET);
34 std::atomic_uint netIdForResolv(NETID_UNSET);
36 typedef int (*Accept4FunctionType)(int, sockaddr*, socklen_t*, int);
37 typedef int (*ConnectFunctionType)(int, const sockaddr*, socklen_t);
38 typedef int (*SocketFunctionType)(int, int, int);
39 typedef unsigned (*NetIdForResolvFunctionType)(unsigned);
41 // These variables are only modified at startup (when libc.so is loaded) and never afterwards, so
42 // it's okay that they are read later at runtime without a lock.
43 Accept4FunctionType libcAccept4 = 0;
44 ConnectFunctionType libcConnect = 0;
45 SocketFunctionType libcSocket = 0;
47 int closeFdAndSetErrno(int fd, int error) {
53 int netdClientAccept4(int sockfd, sockaddr* addr, socklen_t* addrlen, int flags) {
54 int acceptedSocket = libcAccept4(sockfd, addr, addrlen, flags);
55 if (acceptedSocket == -1) {
60 family = addr->sa_family;
62 socklen_t familyLen = sizeof(family);
63 if (getsockopt(acceptedSocket, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
64 return closeFdAndSetErrno(acceptedSocket, -errno);
67 if (FwmarkClient::shouldSetFwmark(family)) {
68 FwmarkCommand command = {FwmarkCommand::ON_ACCEPT, 0, 0};
69 if (int error = FwmarkClient().send(&command, acceptedSocket)) {
70 return closeFdAndSetErrno(acceptedSocket, error);
73 return acceptedSocket;
76 int netdClientConnect(int sockfd, const sockaddr* addr, socklen_t addrlen) {
77 if (sockfd >= 0 && addr && FwmarkClient::shouldSetFwmark(addr->sa_family)) {
78 FwmarkCommand command = {FwmarkCommand::ON_CONNECT, 0, 0};
79 if (int error = FwmarkClient().send(&command, sockfd)) {
84 return libcConnect(sockfd, addr, addrlen);
87 int netdClientSocket(int domain, int type, int protocol) {
88 int socketFd = libcSocket(domain, type, protocol);
92 unsigned netId = netIdForProcess;
93 if (netId != NETID_UNSET && FwmarkClient::shouldSetFwmark(domain)) {
94 if (int error = setNetworkForSocket(netId, socketFd)) {
95 return closeFdAndSetErrno(socketFd, error);
101 unsigned getNetworkForResolv(unsigned netId) {
102 if (netId != NETID_UNSET) {
105 netId = netIdForProcess;
106 if (netId != NETID_UNSET) {
109 return netIdForResolv;
112 int setNetworkForTarget(unsigned netId, std::atomic_uint* target) {
113 if (netId == NETID_UNSET) {
117 // Verify that we are allowed to use |netId|, by creating a socket and trying to have it marked
118 // with the netId. Call libcSocket() directly; else the socket creation (via netdClientSocket())
119 // might itself cause another check with the fwmark server, which would be wasteful.
122 socketFd = libcSocket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
124 socketFd = socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
129 int error = setNetworkForSocket(netId, socketFd);
139 // accept() just calls accept4(..., 0), so there's no need to handle accept() separately.
140 extern "C" void netdClientInitAccept4(Accept4FunctionType* function) {
141 if (function && *function) {
142 libcAccept4 = *function;
143 *function = netdClientAccept4;
147 extern "C" void netdClientInitConnect(ConnectFunctionType* function) {
148 if (function && *function) {
149 libcConnect = *function;
150 *function = netdClientConnect;
154 extern "C" void netdClientInitSocket(SocketFunctionType* function) {
155 if (function && *function) {
156 libcSocket = *function;
157 *function = netdClientSocket;
161 extern "C" void netdClientInitNetIdForResolv(NetIdForResolvFunctionType* function) {
163 *function = getNetworkForResolv;
167 extern "C" int getNetworkForSocket(unsigned* netId, int socketFd) {
168 if (!netId || socketFd < 0) {
172 socklen_t fwmarkLen = sizeof(fwmark.intValue);
173 if (getsockopt(socketFd, SOL_SOCKET, SO_MARK, &fwmark.intValue, &fwmarkLen) == -1) {
176 *netId = fwmark.netId;
180 extern "C" unsigned getNetworkForProcess() {
181 return netIdForProcess;
184 extern "C" int setNetworkForSocket(unsigned netId, int socketFd) {
188 FwmarkCommand command = {FwmarkCommand::SELECT_NETWORK, netId, 0};
189 return FwmarkClient().send(&command, socketFd);
192 extern "C" int setNetworkForProcess(unsigned netId) {
193 return setNetworkForTarget(netId, &netIdForProcess);
196 extern "C" int setNetworkForResolv(unsigned netId) {
197 return setNetworkForTarget(netId, &netIdForResolv);
200 extern "C" int protectFromVpn(int socketFd) {
204 FwmarkCommand command = {FwmarkCommand::PROTECT_FROM_VPN, 0, 0};
205 return FwmarkClient().send(&command, socketFd);
208 extern "C" int setNetworkForUser(uid_t uid, int socketFd) {
212 FwmarkCommand command = {FwmarkCommand::SELECT_FOR_USER, 0, uid};
213 return FwmarkClient().send(&command, socketFd);
216 extern "C" int queryUserAccess(uid_t uid, unsigned netId) {
217 FwmarkCommand command = {FwmarkCommand::QUERY_USER_ACCESS, netId, uid};
218 return FwmarkClient().send(&command, -1);