• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <dirent.h>
18 #include <errno.h>
19 #include <fcntl.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <sys/stat.h>
25 #include <sys/types.h>
26 #include <sys/wait.h>
27 #include <chrono>
28 #include <cinttypes>
29 #include <mutex>
30 
31 #define LOG_TAG "Netd"
32 
33 #include "log/log.h"
34 
35 #include <binder/IPCThreadState.h>
36 #include <binder/IServiceManager.h>
37 #include <libbpf_android.h>
38 #include <netdutils/Stopwatch.h>
39 
40 #include "Controllers.h"
41 #include "FwmarkServer.h"
42 #include "MDnsSdListener.h"
43 #include "NFLogListener.h"
44 #include "NetdConstants.h"
45 #include "NetdHwService.h"
46 #include "NetdNativeService.h"
47 #include "NetlinkManager.h"
48 #include "Process.h"
49 
50 #include "netd_resolv/resolv.h"
51 
52 using android::IPCThreadState;
53 using android::sp;
54 using android::status_t;
55 using android::String16;
56 using android::net::FwmarkServer;
57 using android::net::gCtls;
58 using android::net::gLog;
59 using android::net::makeNFLogListener;
60 using android::net::NetdHwService;
61 using android::net::NetdNativeService;
62 using android::net::NetlinkManager;
63 using android::net::NFLogListener;
64 using android::netdutils::Stopwatch;
65 
66 const char* const PID_FILE_PATH = "/data/misc/net/netd_pid";
67 constexpr const char DNSPROXYLISTENER_SOCKET_NAME[] = "dnsproxyd";
68 
69 std::mutex android::net::gBigNetdLock;
70 
71 namespace {
72 
getNetworkContextCallback(uint32_t netId,uint32_t uid,android_net_context * netcontext)73 void getNetworkContextCallback(uint32_t netId, uint32_t uid, android_net_context* netcontext) {
74     gCtls->netCtrl.getNetworkContext(netId, uid, netcontext);
75 }
76 
checkCallingPermissionCallback(const char * permission)77 bool checkCallingPermissionCallback(const char* permission) {
78     return checkCallingPermission(String16(permission));
79 }
80 
logCallback(const char * msg)81 void logCallback(const char* msg) {
82     gLog.info(std::string(msg));
83 }
84 
tagSocketCallback(int sockFd,uint32_t tag,uid_t uid,pid_t)85 int tagSocketCallback(int sockFd, uint32_t tag, uid_t uid, pid_t) {
86     // Workaround for secureVPN with VpnIsolation enabled, refer to b/159994981 for details.
87     if (tag == TAG_SYSTEM_DNS) uid = AID_DNS;
88     return gCtls->trafficCtrl.tagSocket(sockFd, tag, uid, geteuid());
89 }
90 
evaluateDomainNameCallback(const android_net_context &,const char *)91 bool evaluateDomainNameCallback(const android_net_context&, const char* /*name*/) {
92     return true;
93 }
94 
initDnsResolver()95 bool initDnsResolver() {
96     ResolverNetdCallbacks callbacks = {
97             .check_calling_permission = &checkCallingPermissionCallback,
98             .get_network_context = &getNetworkContextCallback,
99             .log = &logCallback,
100             .tagSocket = &tagSocketCallback,
101             .evaluate_domain_name = &evaluateDomainNameCallback,
102     };
103     return resolv_init(&callbacks);
104 }
105 
106 }  // namespace
107 
main()108 int main() {
109     Stopwatch s;
110     gLog.info("netd 1.0 starting");
111 
112     android::net::process::removePidFile(PID_FILE_PATH);
113     gLog.info("Pid file removed");
114     android::net::process::blockSigPipe();
115     gLog.info("SIGPIPE is blocked");
116 
117     // Before we do anything that could fork, mark CLOEXEC the UNIX sockets that we get from init.
118     // FrameworkListener does this on initialization as well, but we only initialize these
119     // components after having initialized other subsystems that can fork.
120     for (const auto& sock :
121          {DNSPROXYLISTENER_SOCKET_NAME, FwmarkServer::SOCKET_NAME, MDnsSdListener::SOCKET_NAME}) {
122         setCloseOnExec(sock);
123         gLog.info("setCloseOnExec(%s)", sock);
124     }
125 
126     // Make sure BPF programs are loaded before doing anything
127     android::bpf::waitForProgsLoaded();
128     gLog.info("BPF programs are loaded");
129 
130     NetlinkManager *nm = NetlinkManager::Instance();
131     if (nm == nullptr) {
132         ALOGE("Unable to create NetlinkManager");
133         exit(1);
134     };
135     gLog.info("NetlinkManager instanced");
136 
137     gCtls = new android::net::Controllers();
138     gCtls->init();
139 
140     if (nm->start()) {
141         ALOGE("Unable to start NetlinkManager (%s)", strerror(errno));
142         exit(1);
143     }
144 
145     std::unique_ptr<NFLogListener> logListener;
146     {
147         auto result = makeNFLogListener();
148         if (!isOk(result)) {
149             ALOGE("Unable to create NFLogListener: %s", toString(result).c_str());
150             exit(1);
151         }
152         logListener = std::move(result.value());
153         auto status = gCtls->wakeupCtrl.init(logListener.get());
154         if (!isOk(result)) {
155             gLog.error("Unable to init WakeupController: %s", toString(result).c_str());
156             // We can still continue without wakeup packet logging.
157         }
158     }
159 
160     // Set local DNS mode, to prevent bionic from proxying
161     // back to this service, recursively.
162     // TODO: Check if we could remove it since resolver cache no loger
163     // checks this environment variable after aosp/838050.
164     setenv("ANDROID_DNS_MODE", "local", 1);
165     // Note that only call initDnsResolver after gCtls initializing.
166     if (!initDnsResolver()) {
167         ALOGE("Unable to init resolver");
168         exit(1);
169     }
170 
171     MDnsSdListener mdnsl;
172     if (mdnsl.startListener()) {
173         ALOGE("Unable to start MDnsSdListener (%s)", strerror(errno));
174         exit(1);
175     }
176 
177     FwmarkServer fwmarkServer(&gCtls->netCtrl, &gCtls->eventReporter, &gCtls->trafficCtrl);
178     if (fwmarkServer.startListener()) {
179         ALOGE("Unable to start FwmarkServer (%s)", strerror(errno));
180         exit(1);
181     }
182 
183     Stopwatch subTime;
184     status_t ret;
185     if ((ret = NetdNativeService::start()) != android::OK) {
186         ALOGE("Unable to start NetdNativeService: %d", ret);
187         exit(1);
188     }
189     gLog.info("Registering NetdNativeService: %" PRId64 "us", subTime.getTimeAndResetUs());
190 
191     android::net::process::ScopedPidFile pidFile(PID_FILE_PATH);
192 
193     // Now that netd is ready to process commands, advertise service availability for HAL clients.
194     sp<NetdHwService> mHwSvc(new NetdHwService());
195     if ((ret = mHwSvc->start()) != android::OK) {
196         ALOGE("Unable to start NetdHwService: %d", ret);
197         exit(1);
198     }
199     gLog.info("Registering NetdHwService: %" PRId64 "us", subTime.getTimeAndResetUs());
200     gLog.info("Netd started in %" PRId64 "us", s.timeTakenUs());
201 
202     IPCThreadState::self()->joinThreadPool();
203 
204     gLog.info("netd exiting");
205 
206     exit(0);
207 }
208