1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "NetdClient.h"
18
19 #include <arpa/inet.h>
20 #include <errno.h>
21 #include <math.h>
22 #include <resolv.h>
23 #include <stdlib.h>
24 #include <sys/socket.h>
25 #include <sys/system_properties.h>
26 #include <sys/un.h>
27 #include <unistd.h>
28
29 #include <atomic>
30 #include <string>
31 #include <vector>
32
33 #include <DnsProxydProtocol.h> // NETID_USE_LOCAL_NAMESERVERS
34 #include <android-base/parseint.h>
35 #include <android-base/unique_fd.h>
36
37 #include "Fwmark.h"
38 #include "FwmarkClient.h"
39 #include "FwmarkCommand.h"
40 #include "netdclient_priv.h"
41 #include "netdutils/ResponseCode.h"
42 #include "netdutils/Stopwatch.h"
43 #include "netid_client.h"
44
45 using android::base::ParseInt;
46 using android::base::unique_fd;
47 using android::netdutils::ResponseCode;
48 using android::netdutils::Stopwatch;
49
50 namespace {
51
52 // Keep this in sync with CMD_BUF_SIZE in FrameworkListener.cpp.
53 constexpr size_t MAX_CMD_SIZE = 4096;
54 // Whether sendto(), sendmsg(), sendmmsg() in libc are shimmed or not. This property is evaluated at
55 // process start time and cannot change at runtime on a given device.
56 constexpr char PROPERTY_REDIRECT_SOCKET_CALLS[] = "ro.vendor.redirect_socket_calls";
57 // Whether some shimmed functions dispatch FwmarkCommand or not. The property can be changed by
58 // System Server at runtime. Note: accept4(), socket(), connect() are always shimmed.
59 constexpr char PROPERTY_REDIRECT_SOCKET_CALLS_HOOKED[] = "net.redirect_socket_calls.hooked";
60
61 std::atomic_uint netIdForProcess(NETID_UNSET);
62 std::atomic_uint netIdForResolv(NETID_UNSET);
63 std::atomic_bool allowNetworkingForProcess(true);
64
65 typedef int (*Accept4FunctionType)(int, sockaddr*, socklen_t*, int);
66 typedef int (*ConnectFunctionType)(int, const sockaddr*, socklen_t);
67 typedef int (*SocketFunctionType)(int, int, int);
68 typedef unsigned (*NetIdForResolvFunctionType)(unsigned);
69 typedef int (*DnsOpenProxyType)();
70 typedef int (*SendmmsgFunctionType)(int, const mmsghdr*, unsigned int, int);
71 typedef ssize_t (*SendmsgFunctionType)(int, const msghdr*, unsigned int);
72 typedef int (*SendtoFunctionType)(int, const void*, size_t, int, const sockaddr*, socklen_t);
73
74 // These variables are only modified at startup (when libc.so is loaded) and never afterwards, so
75 // it's okay that they are read later at runtime without a lock.
76 Accept4FunctionType libcAccept4 = nullptr;
77 ConnectFunctionType libcConnect = nullptr;
78 SocketFunctionType libcSocket = nullptr;
79 SendmmsgFunctionType libcSendmmsg = nullptr;
80 SendmsgFunctionType libcSendmsg = nullptr;
81 SendtoFunctionType libcSendto = nullptr;
82
propertyValueIsTrue(const char * prop_name)83 static bool propertyValueIsTrue(const char* prop_name) {
84 char prop_value[PROP_VALUE_MAX] = {0};
85 if (__system_property_get(prop_name, prop_value) > 0) {
86 if (strcmp(prop_value, "true") == 0) {
87 return true;
88 }
89 }
90 return false;
91 }
92
checkSocket(int socketFd)93 int checkSocket(int socketFd) {
94 if (socketFd < 0) {
95 return -EBADF;
96 }
97 int family;
98 socklen_t familyLen = sizeof(family);
99 if (getsockopt(socketFd, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
100 return -errno;
101 }
102 if (!FwmarkClient::shouldSetFwmark(family)) {
103 return -EAFNOSUPPORT;
104 }
105 return 0;
106 }
107
shouldMarkSocket(int socketFd,const sockaddr * dst)108 bool shouldMarkSocket(int socketFd, const sockaddr* dst) {
109 // Only mark inet sockets that are connecting to inet destinations. This excludes, for example,
110 // inet sockets connecting to AF_UNSPEC (i.e., being disconnected), and non-inet sockets that
111 // for some reason the caller wants to attempt to connect to an inet destination.
112 return dst && FwmarkClient::shouldSetFwmark(dst->sa_family) && (checkSocket(socketFd) == 0);
113 }
114
closeFdAndSetErrno(int fd,int error)115 int closeFdAndSetErrno(int fd, int error) {
116 close(fd);
117 errno = -error;
118 return -1;
119 }
120
netdClientAccept4(int sockfd,sockaddr * addr,socklen_t * addrlen,int flags)121 int netdClientAccept4(int sockfd, sockaddr* addr, socklen_t* addrlen, int flags) {
122 int acceptedSocket = libcAccept4(sockfd, addr, addrlen, flags);
123 if (acceptedSocket == -1) {
124 return -1;
125 }
126 int family;
127 if (addr) {
128 family = addr->sa_family;
129 } else {
130 socklen_t familyLen = sizeof(family);
131 if (getsockopt(acceptedSocket, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
132 return closeFdAndSetErrno(acceptedSocket, -errno);
133 }
134 }
135 if (FwmarkClient::shouldSetFwmark(family)) {
136 FwmarkCommand command = {FwmarkCommand::ON_ACCEPT, 0, 0, 0};
137 if (int error = FwmarkClient().send(&command, acceptedSocket, nullptr)) {
138 return closeFdAndSetErrno(acceptedSocket, error);
139 }
140 }
141 return acceptedSocket;
142 }
143
netdClientConnect(int sockfd,const sockaddr * addr,socklen_t addrlen)144 int netdClientConnect(int sockfd, const sockaddr* addr, socklen_t addrlen) {
145 const bool shouldSetFwmark = shouldMarkSocket(sockfd, addr);
146 if (shouldSetFwmark) {
147 FwmarkCommand command = {FwmarkCommand::ON_CONNECT, 0, 0, 0};
148 FwmarkConnectInfo connectInfo(0, 0, addr);
149 int error = FwmarkClient().send(&command, sockfd, &connectInfo);
150
151 if (error) {
152 errno = -error;
153 return -1;
154 }
155 }
156 // Latency measurement does not include time of sending commands to Fwmark
157 Stopwatch s;
158 const int ret = libcConnect(sockfd, addr, addrlen);
159 // Save errno so it isn't clobbered by sending ON_CONNECT_COMPLETE
160 const int connectErrno = errno;
161 const auto latencyMs = static_cast<unsigned>(s.timeTakenUs() / 1000);
162 // Send an ON_CONNECT_COMPLETE command that includes sockaddr and connect latency for reporting
163 if (shouldSetFwmark) {
164 FwmarkConnectInfo connectInfo(ret == 0 ? 0 : connectErrno, latencyMs, addr);
165 // TODO: get the netId from the socket mark once we have continuous benchmark runs
166 FwmarkCommand command = {FwmarkCommand::ON_CONNECT_COMPLETE, /* netId (ignored) */ 0,
167 /* uid (filled in by the server) */ 0, 0};
168 // Ignore return value since it's only used for logging
169 FwmarkClient().send(&command, sockfd, &connectInfo);
170 }
171 errno = connectErrno;
172 return ret;
173 }
174
netdClientSocket(int domain,int type,int protocol)175 int netdClientSocket(int domain, int type, int protocol) {
176 // Block creating AF_INET/AF_INET6 socket if networking is not allowed.
177 if (FwmarkCommand::isSupportedFamily(domain) && !allowNetworkingForProcess.load()) {
178 errno = EPERM;
179 return -1;
180 }
181 int socketFd = libcSocket(domain, type, protocol);
182 if (socketFd == -1) {
183 return -1;
184 }
185 unsigned netId = netIdForProcess & ~NETID_USE_LOCAL_NAMESERVERS;
186 if (netId != NETID_UNSET && FwmarkClient::shouldSetFwmark(domain)) {
187 if (int error = setNetworkForSocket(netId, socketFd)) {
188 return closeFdAndSetErrno(socketFd, error);
189 }
190 }
191 return socketFd;
192 }
193
netdClientSendmmsg(int sockfd,const mmsghdr * msgs,unsigned int msgcount,int flags)194 int netdClientSendmmsg(int sockfd, const mmsghdr* msgs, unsigned int msgcount, int flags) {
195 if (propertyValueIsTrue(PROPERTY_REDIRECT_SOCKET_CALLS_HOOKED) && !checkSocket(sockfd)) {
196 const sockaddr* addr = nullptr;
197 if ((msgcount > 0) && (msgs != nullptr) && (msgs[0].msg_hdr.msg_name != nullptr)) {
198 addr = reinterpret_cast<const sockaddr*>(msgs[0].msg_hdr.msg_name);
199 if ((addr != nullptr) && (FwmarkCommand::isSupportedFamily(addr->sa_family))) {
200 FwmarkConnectInfo sendmmsgInfo(0, 0, addr);
201 FwmarkCommand command = {FwmarkCommand::ON_SENDMMSG, 0, 0, 0};
202 FwmarkClient().send(&command, sockfd, &sendmmsgInfo);
203 }
204 }
205 }
206 return libcSendmmsg(sockfd, msgs, msgcount, flags);
207 }
208
netdClientSendmsg(int sockfd,const msghdr * msg,unsigned int flags)209 ssize_t netdClientSendmsg(int sockfd, const msghdr* msg, unsigned int flags) {
210 if (propertyValueIsTrue(PROPERTY_REDIRECT_SOCKET_CALLS_HOOKED) && !checkSocket(sockfd)) {
211 const sockaddr* addr = nullptr;
212 if ((msg != nullptr) && (msg->msg_name != nullptr)) {
213 addr = reinterpret_cast<const sockaddr*>(msg->msg_name);
214 if ((addr != nullptr) && (FwmarkCommand::isSupportedFamily(addr->sa_family))) {
215 FwmarkConnectInfo sendmsgInfo(0, 0, addr);
216 FwmarkCommand command = {FwmarkCommand::ON_SENDMSG, 0, 0, 0};
217 FwmarkClient().send(&command, sockfd, &sendmsgInfo);
218 }
219 }
220 }
221 return libcSendmsg(sockfd, msg, flags);
222 }
223
netdClientSendto(int sockfd,const void * buf,size_t bufsize,int flags,const sockaddr * addr,socklen_t addrlen)224 int netdClientSendto(int sockfd, const void* buf, size_t bufsize, int flags, const sockaddr* addr,
225 socklen_t addrlen) {
226 if (propertyValueIsTrue(PROPERTY_REDIRECT_SOCKET_CALLS_HOOKED) && !checkSocket(sockfd)) {
227 if ((addr != nullptr) && (FwmarkCommand::isSupportedFamily(addr->sa_family))) {
228 FwmarkConnectInfo sendtoInfo(0, 0, addr);
229 FwmarkCommand command = {FwmarkCommand::ON_SENDTO, 0, 0, 0};
230 FwmarkClient().send(&command, sockfd, &sendtoInfo);
231 }
232 }
233 return libcSendto(sockfd, buf, bufsize, flags, addr, addrlen);
234 }
235
getNetworkForResolv(unsigned netId)236 unsigned getNetworkForResolv(unsigned netId) {
237 if (netId != NETID_UNSET) {
238 return netId;
239 }
240 // Special case for DNS-over-TLS bypass; b/72345192 .
241 if ((netIdForResolv & ~NETID_USE_LOCAL_NAMESERVERS) != NETID_UNSET) {
242 return netIdForResolv;
243 }
244 netId = netIdForProcess;
245 if (netId != NETID_UNSET) {
246 return netId;
247 }
248 return netIdForResolv;
249 }
250
setNetworkForTarget(unsigned netId,std::atomic_uint * target)251 int setNetworkForTarget(unsigned netId, std::atomic_uint* target) {
252 const unsigned requestedNetId = netId;
253 netId &= ~NETID_USE_LOCAL_NAMESERVERS;
254
255 if (netId == NETID_UNSET) {
256 *target = netId;
257 return 0;
258 }
259 // Verify that we are allowed to use |netId|, by creating a socket and trying to have it marked
260 // with the netId. Call libcSocket() directly; else the socket creation (via netdClientSocket())
261 // might itself cause another check with the fwmark server, which would be wasteful.
262
263 const auto socketFunc = libcSocket ? libcSocket : socket;
264 int socketFd = socketFunc(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
265 if (socketFd < 0) {
266 return -errno;
267 }
268 int error = setNetworkForSocket(netId, socketFd);
269 if (!error) {
270 *target = requestedNetId;
271 }
272 close(socketFd);
273 return error;
274 }
275
dns_open_proxy()276 int dns_open_proxy() {
277 const char* cache_mode = getenv("ANDROID_DNS_MODE");
278 const bool use_proxy = (cache_mode == NULL || strcmp(cache_mode, "local") != 0);
279 if (!use_proxy) {
280 errno = ENOSYS;
281 return -1;
282 }
283
284 // If networking is not allowed, dns_open_proxy should just fail here.
285 // Then eventually, the DNS related functions in local mode will get
286 // EPERM while creating socket.
287 if (!allowNetworkingForProcess.load()) {
288 errno = EPERM;
289 return -1;
290 }
291 const auto socketFunc = libcSocket ? libcSocket : socket;
292 int s = socketFunc(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
293 if (s == -1) {
294 return -1;
295 }
296 const int one = 1;
297 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
298
299 static const struct sockaddr_un proxy_addr = {
300 .sun_family = AF_UNIX,
301 .sun_path = "/dev/socket/dnsproxyd",
302 };
303
304 const auto connectFunc = libcConnect ? libcConnect : connect;
305 if (TEMP_FAILURE_RETRY(
306 connectFunc(s, (const struct sockaddr*) &proxy_addr, sizeof(proxy_addr))) != 0) {
307 // Store the errno for connect because we only care about why we can't connect to dnsproxyd
308 int storedErrno = errno;
309 close(s);
310 errno = storedErrno;
311 return -1;
312 }
313
314 return s;
315 }
316
divCeil(size_t dividend,size_t divisor)317 auto divCeil(size_t dividend, size_t divisor) {
318 return ((dividend + divisor - 1) / divisor);
319 }
320
321 // FrameworkListener only does only read() call, and fails if the read doesn't contain \0
322 // Do single write here
sendData(int fd,const void * buf,size_t size)323 int sendData(int fd, const void* buf, size_t size) {
324 if (fd < 0) {
325 return -EBADF;
326 }
327
328 ssize_t rc = TEMP_FAILURE_RETRY(write(fd, (char*) buf, size));
329 if (rc > 0) {
330 return rc;
331 } else if (rc == 0) {
332 return -EIO;
333 } else {
334 return -errno;
335 }
336 }
337
readData(int fd,void * buf,size_t size)338 int readData(int fd, void* buf, size_t size) {
339 if (fd < 0) {
340 return -EBADF;
341 }
342
343 size_t current = 0;
344 for (;;) {
345 ssize_t rc = TEMP_FAILURE_RETRY(read(fd, (char*) buf + current, size - current));
346 if (rc > 0) {
347 current += rc;
348 if (current == size) {
349 break;
350 }
351 } else if (rc == 0) {
352 return -EIO;
353 } else {
354 return -errno;
355 }
356 }
357 return 0;
358 }
359
readBE32(int fd,int32_t * result)360 bool readBE32(int fd, int32_t* result) {
361 int32_t tmp;
362 ssize_t n = TEMP_FAILURE_RETRY(read(fd, &tmp, sizeof(tmp)));
363 if (n < static_cast<ssize_t>(sizeof(tmp))) {
364 return false;
365 }
366 *result = ntohl(tmp);
367 return true;
368 }
369
readResponseCode(int fd,int * result)370 bool readResponseCode(int fd, int* result) {
371 char buf[4];
372 ssize_t n = TEMP_FAILURE_RETRY(read(fd, &buf, sizeof(buf)));
373 if (n < static_cast<ssize_t>(sizeof(buf))) {
374 return false;
375 }
376
377 // The format of response code is 3 bytes followed by a space.
378 buf[3] = '\0';
379 if (!ParseInt(buf, result)) {
380 errno = EINVAL;
381 return false;
382 }
383
384 return true;
385 }
386
387 } // namespace
388
389 #define CHECK_SOCKET_IS_MARKABLE(sock) \
390 do { \
391 int err = checkSocket(sock); \
392 if (err) return err; \
393 } while (false)
394
395 #define HOOK_ON_FUNC(remoteFunc, nativeFunc, localFunc) \
396 do { \
397 if ((remoteFunc) && *(remoteFunc)) { \
398 (nativeFunc) = *(remoteFunc); \
399 *(remoteFunc) = (localFunc); \
400 } \
401 } while (false)
402
403 // accept() just calls accept4(..., 0), so there's no need to handle accept() separately.
netdClientInitAccept4(Accept4FunctionType * function)404 extern "C" void netdClientInitAccept4(Accept4FunctionType* function) {
405 HOOK_ON_FUNC(function, libcAccept4, netdClientAccept4);
406 }
407
netdClientInitConnect(ConnectFunctionType * function)408 extern "C" void netdClientInitConnect(ConnectFunctionType* function) {
409 HOOK_ON_FUNC(function, libcConnect, netdClientConnect);
410 }
411
netdClientInitSocket(SocketFunctionType * function)412 extern "C" void netdClientInitSocket(SocketFunctionType* function) {
413 HOOK_ON_FUNC(function, libcSocket, netdClientSocket);
414 }
415
netdClientInitSendmmsg(SendmmsgFunctionType * function)416 extern "C" void netdClientInitSendmmsg(SendmmsgFunctionType* function) {
417 if (!propertyValueIsTrue(PROPERTY_REDIRECT_SOCKET_CALLS)) {
418 return;
419 }
420 HOOK_ON_FUNC(function, libcSendmmsg, netdClientSendmmsg);
421 }
422
netdClientInitSendmsg(SendmsgFunctionType * function)423 extern "C" void netdClientInitSendmsg(SendmsgFunctionType* function) {
424 if (!propertyValueIsTrue(PROPERTY_REDIRECT_SOCKET_CALLS)) {
425 return;
426 }
427 HOOK_ON_FUNC(function, libcSendmsg, netdClientSendmsg);
428 }
429
netdClientInitSendto(SendtoFunctionType * function)430 extern "C" void netdClientInitSendto(SendtoFunctionType* function) {
431 if (!propertyValueIsTrue(PROPERTY_REDIRECT_SOCKET_CALLS)) {
432 return;
433 }
434 HOOK_ON_FUNC(function, libcSendto, netdClientSendto);
435 }
436
netdClientInitNetIdForResolv(NetIdForResolvFunctionType * function)437 extern "C" void netdClientInitNetIdForResolv(NetIdForResolvFunctionType* function) {
438 if (function) {
439 *function = getNetworkForResolv;
440 }
441 }
442
netdClientInitDnsOpenProxy(DnsOpenProxyType * function)443 extern "C" void netdClientInitDnsOpenProxy(DnsOpenProxyType* function) {
444 if (function) {
445 *function = dns_open_proxy;
446 }
447 }
448
getNetworkForSocket(unsigned * netId,int socketFd)449 extern "C" int getNetworkForSocket(unsigned* netId, int socketFd) {
450 if (!netId || socketFd < 0) {
451 return -EBADF;
452 }
453 Fwmark fwmark;
454 socklen_t fwmarkLen = sizeof(fwmark.intValue);
455 if (getsockopt(socketFd, SOL_SOCKET, SO_MARK, &fwmark.intValue, &fwmarkLen) == -1) {
456 return -errno;
457 }
458 *netId = fwmark.netId;
459 return 0;
460 }
461
getNetworkForProcess()462 extern "C" unsigned getNetworkForProcess() {
463 return netIdForProcess & ~NETID_USE_LOCAL_NAMESERVERS;
464 }
465
setNetworkForSocket(unsigned netId,int socketFd)466 extern "C" int setNetworkForSocket(unsigned netId, int socketFd) {
467 CHECK_SOCKET_IS_MARKABLE(socketFd);
468 FwmarkCommand command = {FwmarkCommand::SELECT_NETWORK, netId, 0, 0};
469 return FwmarkClient().send(&command, socketFd, nullptr);
470 }
471
setNetworkForProcess(unsigned netId)472 extern "C" int setNetworkForProcess(unsigned netId) {
473 return setNetworkForTarget(netId, &netIdForProcess);
474 }
475
setNetworkForResolv(unsigned netId)476 extern "C" int setNetworkForResolv(unsigned netId) {
477 return setNetworkForTarget(netId, &netIdForResolv);
478 }
479
protectFromVpn(int socketFd)480 extern "C" int protectFromVpn(int socketFd) {
481 CHECK_SOCKET_IS_MARKABLE(socketFd);
482 FwmarkCommand command = {FwmarkCommand::PROTECT_FROM_VPN, 0, 0, 0};
483 return FwmarkClient().send(&command, socketFd, nullptr);
484 }
485
setNetworkForUser(uid_t uid,int socketFd)486 extern "C" int setNetworkForUser(uid_t uid, int socketFd) {
487 CHECK_SOCKET_IS_MARKABLE(socketFd);
488 FwmarkCommand command = {FwmarkCommand::SELECT_FOR_USER, 0, uid, 0};
489 return FwmarkClient().send(&command, socketFd, nullptr);
490 }
491
queryUserAccess(uid_t uid,unsigned netId)492 extern "C" int queryUserAccess(uid_t uid, unsigned netId) {
493 FwmarkCommand command = {FwmarkCommand::QUERY_USER_ACCESS, netId, uid, 0};
494 return FwmarkClient().send(&command, -1, nullptr);
495 }
496
tagSocket(int socketFd,uint32_t tag,uid_t uid)497 extern "C" int tagSocket(int socketFd, uint32_t tag, uid_t uid) {
498 CHECK_SOCKET_IS_MARKABLE(socketFd);
499 FwmarkCommand command = {FwmarkCommand::TAG_SOCKET, 0, uid, tag};
500 return FwmarkClient().send(&command, socketFd, nullptr);
501 }
502
untagSocket(int socketFd)503 extern "C" int untagSocket(int socketFd) {
504 CHECK_SOCKET_IS_MARKABLE(socketFd);
505 FwmarkCommand command = {FwmarkCommand::UNTAG_SOCKET, 0, 0, 0};
506 return FwmarkClient().send(&command, socketFd, nullptr);
507 }
508
setCounterSet(uint32_t,uid_t)509 extern "C" int setCounterSet(uint32_t, uid_t) {
510 return -ENOTSUP;
511 }
512
deleteTagData(uint32_t,uid_t)513 extern "C" int deleteTagData(uint32_t, uid_t) {
514 return -ENOTSUP;
515 }
516
resNetworkQuery(unsigned netId,const char * dname,int ns_class,int ns_type,uint32_t flags)517 extern "C" int resNetworkQuery(unsigned netId, const char* dname, int ns_class, int ns_type,
518 uint32_t flags) {
519 std::vector<uint8_t> buf(MAX_CMD_SIZE, 0);
520 int len = res_mkquery(ns_o_query, dname, ns_class, ns_type, nullptr, 0, nullptr, buf.data(),
521 MAX_CMD_SIZE);
522
523 return resNetworkSend(netId, buf.data(), len, flags);
524 }
525
resNetworkSend(unsigned netId,const uint8_t * msg,size_t msglen,uint32_t flags)526 extern "C" int resNetworkSend(unsigned netId, const uint8_t* msg, size_t msglen, uint32_t flags) {
527 // Encode
528 // Base 64 encodes every 3 bytes into 4 characters, but then adds padding to the next
529 // multiple of 4 and a \0
530 const size_t encodedLen = divCeil(msglen, 3) * 4 + 1;
531 std::string encodedQuery(encodedLen - 1, 0);
532 int enLen = b64_ntop(msg, msglen, encodedQuery.data(), encodedLen);
533
534 if (enLen < 0) {
535 // Unexpected behavior, encode failed
536 // b64_ntop only fails when size is too long.
537 return -EMSGSIZE;
538 }
539 // Send
540 netId = getNetworkForResolv(netId);
541 const std::string cmd = "resnsend " + std::to_string(netId) + " " + std::to_string(flags) +
542 " " + encodedQuery + '\0';
543 if (cmd.size() > MAX_CMD_SIZE) {
544 // Cmd size must less than buffer size of FrameworkListener
545 return -EMSGSIZE;
546 }
547 int fd = dns_open_proxy();
548 if (fd == -1) {
549 return -errno;
550 }
551 ssize_t rc = sendData(fd, cmd.c_str(), cmd.size());
552 if (rc < 0) {
553 close(fd);
554 return rc;
555 }
556 shutdown(fd, SHUT_WR);
557 return fd;
558 }
559
resNetworkResult(int fd,int * rcode,uint8_t * answer,size_t anslen)560 extern "C" int resNetworkResult(int fd, int* rcode, uint8_t* answer, size_t anslen) {
561 int32_t result = 0;
562 unique_fd ufd(fd);
563 // Read -errno/rcode
564 if (!readBE32(fd, &result)) {
565 // Unexpected behavior, read -errno/rcode fail
566 return -errno;
567 }
568 if (result < 0) {
569 // result < 0, it's -errno
570 return result;
571 }
572 // result >= 0, it's rcode
573 *rcode = result;
574
575 // Read answer
576 int32_t size = 0;
577 if (!readBE32(fd, &size)) {
578 // Unexpected behavior, read ans len fail
579 return -EREMOTEIO;
580 }
581 if (anslen < static_cast<size_t>(size)) {
582 // Answer buffer is too small
583 return -EMSGSIZE;
584 }
585 int rc = readData(fd, answer, size);
586 if (rc < 0) {
587 // Reading the answer failed.
588 return rc;
589 }
590 return size;
591 }
592
resNetworkCancel(int fd)593 extern "C" void resNetworkCancel(int fd) {
594 close(fd);
595 }
596
setAllowNetworkingForProcess(bool allowNetworking)597 extern "C" void setAllowNetworkingForProcess(bool allowNetworking) {
598 allowNetworkingForProcess.store(allowNetworking);
599 }
600
getNetworkForDns(unsigned * dnsNetId)601 extern "C" int getNetworkForDns(unsigned* dnsNetId) {
602 if (dnsNetId == nullptr) return -EFAULT;
603 int fd = dns_open_proxy();
604 if (fd == -1) {
605 return -errno;
606 }
607 unique_fd ufd(fd);
608 return getNetworkForDnsInternal(fd, dnsNetId);
609 }
610
getNetworkForDnsInternal(int fd,unsigned * dnsNetId)611 int getNetworkForDnsInternal(int fd, unsigned* dnsNetId) {
612 if (fd == -1) {
613 return -EBADF;
614 }
615
616 unsigned resolvNetId = getNetworkForResolv(NETID_UNSET);
617
618 const std::string cmd = "getdnsnetid " + std::to_string(resolvNetId);
619 ssize_t rc = sendData(fd, cmd.c_str(), cmd.size() + 1);
620 if (rc < 0) {
621 return rc;
622 }
623
624 int responseCode = 0;
625 // Read responseCode
626 if (!readResponseCode(fd, &responseCode)) {
627 // Unexpected behavior, read responseCode fail
628 return -errno;
629 }
630
631 if (responseCode != ResponseCode::DnsProxyQueryResult) {
632 return -EOPNOTSUPP;
633 }
634
635 int32_t result = 0;
636 // Read -errno/dnsnetid
637 if (!readBE32(fd, &result)) {
638 // Unexpected behavior, read -errno/dnsnetid fail
639 return -errno;
640 }
641
642 *dnsNetId = result;
643
644 return 0;
645 }
646