1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <dirent.h>
18 #include <errno.h>
19 #include <fcntl.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <sys/stat.h>
25 #include <sys/types.h>
26 #include <sys/wait.h>
27 #include <chrono>
28 #include <cinttypes>
29 #include <mutex>
30
31 #define LOG_TAG "Netd"
32
33 #include "log/log.h"
34
35 #include <android/binder_manager.h>
36 #include <android/binder_process.h>
37 #include <binder/IPCThreadState.h>
38 #include <binder/IServiceManager.h>
39 #include <hidl/HidlTransportSupport.h>
40 #include <netdutils/Stopwatch.h>
41 #include <processgroup/processgroup.h>
42
43 #include "Controllers.h"
44 #include "FwmarkServer.h"
45 #include "MDnsSdListener.h"
46 #include "MDnsService.h"
47 #include "NFLogListener.h"
48 #include "NetdConstants.h"
49 #include "NetdHwAidlService.h"
50 #include "NetdHwService.h"
51 #include "NetdNativeService.h"
52 #include "NetlinkManager.h"
53 #include "Process.h"
54
55 #include "NetdUpdatablePublic.h"
56 #include "netd_resolv/resolv.h"
57
58 using android::IPCThreadState;
59 using android::sp;
60 using android::status_t;
61 using android::String16;
62 using android::net::FwmarkServer;
63 using android::net::gCtls;
64 using android::net::gLog;
65 using android::net::makeNFLogListener;
66 using android::net::MDnsService;
67 using android::net::NetdHwService;
68 using android::net::NetdNativeService;
69 using android::net::NetlinkManager;
70 using android::net::NFLogListener;
71 using android::net::aidl::NetdHwAidlService;
72 using android::netdutils::Stopwatch;
73
74 const char* const PID_FILE_PATH = "/data/misc/net/netd_pid";
75 constexpr const char DNSPROXYLISTENER_SOCKET_NAME[] = "dnsproxyd";
76
77 std::mutex android::net::gBigNetdLock;
78
79 namespace {
80
getNetworkContextCallback(uint32_t netId,uint32_t uid,android_net_context * netcontext)81 void getNetworkContextCallback(uint32_t netId, uint32_t uid, android_net_context* netcontext) {
82 gCtls->netCtrl.getNetworkContext(netId, uid, netcontext);
83 }
84
checkCallingPermissionCallback(const char * permission)85 bool checkCallingPermissionCallback(const char* permission) {
86 return checkCallingPermission(String16(permission));
87 }
88
logCallback(const char * msg)89 void logCallback(const char* msg) {
90 gLog.info(std::string(msg));
91 }
92
tagSocketCallback(int sockFd,uint32_t tag,uid_t uid,pid_t)93 int tagSocketCallback(int sockFd, uint32_t tag, uid_t uid, pid_t) {
94 // Workaround for secureVPN with VpnIsolation enabled, refer to b/159994981 for details.
95 if (tag == TAG_SYSTEM_DNS) uid = AID_DNS;
96 return libnetd_updatable_tagSocket(sockFd, tag, uid, AID_DNS);
97 }
98
evaluateDomainNameCallback(const android_net_context & netcontext,const char *)99 bool evaluateDomainNameCallback(const android_net_context& netcontext, const char* /*name*/) {
100 // OEMs should NOT modify IF statement, or DNS control provided by mainline modules may break.
101 if (!gCtls->netCtrl.isUidAllowed(netcontext.app_netid, netcontext.uid)) {
102 ALOGI("uid %d is not allowed to use netid %u", netcontext.uid, netcontext.app_netid);
103 return false;
104 }
105
106 // Add OEM customization from here
107 // ...
108 return true;
109 }
110
initDnsResolver()111 bool initDnsResolver() {
112 ResolverNetdCallbacks callbacks = {
113 .check_calling_permission = &checkCallingPermissionCallback,
114 .get_network_context = &getNetworkContextCallback,
115 .log = &logCallback,
116 .tagSocket = &tagSocketCallback,
117 .evaluate_domain_name = &evaluateDomainNameCallback,
118 };
119 return resolv_init(&callbacks);
120 }
121
122 } // namespace
123
main()124 int main() {
125 Stopwatch s;
126 gLog.info("netd 1.0 starting");
127
128 android::net::process::removePidFile(PID_FILE_PATH);
129 gLog.info("Pid file removed");
130 android::net::process::blockSigPipe();
131 gLog.info("SIGPIPE is blocked");
132
133 // Before we do anything that could fork, mark CLOEXEC the UNIX sockets that we get from init.
134 // FrameworkListener does this on initialization as well, but we only initialize these
135 // components after having initialized other subsystems that can fork.
136 for (const auto& sock :
137 {DNSPROXYLISTENER_SOCKET_NAME, FwmarkServer::SOCKET_NAME, MDnsSdListener::SOCKET_NAME}) {
138 setCloseOnExec(sock);
139 gLog.info("setCloseOnExec(%s)", sock);
140 }
141
142 std::string cg2_path;
143 if (!CgroupGetControllerPath(CGROUPV2_CONTROLLER_NAME, &cg2_path)) {
144 ALOGE("Failed to find cgroup v2 root %s", strerror(errno));
145 exit(1);
146 }
147
148 if (libnetd_updatable_init(cg2_path.c_str())) {
149 ALOGE("libnetd_updatable_init failed");
150 exit(1);
151 }
152 gLog.info("libnetd_updatable_init success");
153
154 NetlinkManager *nm = NetlinkManager::Instance();
155 if (nm == nullptr) {
156 ALOGE("Unable to create NetlinkManager");
157 exit(1);
158 };
159 gLog.info("NetlinkManager instanced");
160
161 gCtls = new android::net::Controllers();
162 gCtls->init();
163
164 if (nm->start()) {
165 ALOGE("Unable to start NetlinkManager (%s)", strerror(errno));
166 exit(1);
167 }
168
169 std::unique_ptr<NFLogListener> logListener;
170 {
171 auto result = makeNFLogListener();
172 if (!isOk(result)) {
173 ALOGE("Unable to create NFLogListener: %s", toString(result).c_str());
174 exit(1);
175 }
176 logListener = std::move(result.value());
177 auto status = gCtls->wakeupCtrl.init(logListener.get());
178 if (!isOk(status)) {
179 gLog.error("Unable to init WakeupController: %s", toString(status).c_str());
180 // We can still continue without wakeup packet logging.
181 }
182 }
183
184 // Set local DNS mode, to prevent bionic from proxying
185 // back to this service, recursively.
186 // TODO: Check if we could remove it since resolver cache no loger
187 // checks this environment variable after aosp/838050.
188 setenv("ANDROID_DNS_MODE", "local", 1);
189 // Note that only call initDnsResolver after gCtls initializing.
190 if (!initDnsResolver()) {
191 ALOGE("Unable to init resolver");
192 exit(1);
193 }
194
195 FwmarkServer fwmarkServer(&gCtls->netCtrl, &gCtls->eventReporter);
196 if (fwmarkServer.startListener()) {
197 ALOGE("Unable to start FwmarkServer (%s)", strerror(errno));
198 exit(1);
199 }
200
201 Stopwatch subTime;
202 status_t ret;
203 if ((ret = NetdNativeService::start()) != android::OK) {
204 ALOGE("Unable to start NetdNativeService: %d", ret);
205 exit(1);
206 }
207 gLog.info("Registering NetdNativeService: %" PRId64 "us", subTime.getTimeAndResetUs());
208
209 if ((ret = MDnsService::start()) != android::OK) {
210 ALOGE("Unable to start MDnsService: %d", ret);
211 exit(1);
212 }
213 gLog.info("Registering MDnsService: %" PRId64 "us", subTime.getTimeAndResetUs());
214
215 android::net::process::ScopedPidFile pidFile(PID_FILE_PATH);
216
217 // Now that netd is ready to process commands, advertise service availability for HAL clients.
218 // Usage of this HAL is anticipated to be thin; one thread per HAL service should suffice,
219 // AIDL and HIDL.
220 android::hardware::configureRpcThreadpool(2, true /* callerWillJoin */);
221 IPCThreadState::self()->disableBackgroundScheduling(true);
222
223 std::thread aidlService = std::thread(NetdHwAidlService::run);
224
225 sp<NetdHwService> mHwSvc(new NetdHwService());
226 bool startedHidlService = true;
227 if ((ret = mHwSvc->start()) != android::OK) {
228 ALOGE("Unable to start HIDL NetdHwService: %d", ret);
229 startedHidlService = false;
230 }
231
232 gLog.info("Registering NetdHwService: %" PRId64 "us", subTime.getTimeAndResetUs());
233 gLog.info("Netd started in %" PRId64 "us", s.timeTakenUs());
234 if (startedHidlService) {
235 IPCThreadState::self()->joinThreadPool();
236 }
237 aidlService.join();
238 gLog.info("netd exiting");
239
240 exit(0);
241 }
242