• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <dirent.h>
18 #include <errno.h>
19 #include <fcntl.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <sys/stat.h>
25 #include <sys/types.h>
26 #include <sys/wait.h>
27 #include <chrono>
28 #include <cinttypes>
29 #include <mutex>
30 
31 #define LOG_TAG "Netd"
32 
33 #include "log/log.h"
34 
35 #include <android/binder_manager.h>
36 #include <android/binder_process.h>
37 #include <binder/IPCThreadState.h>
38 #include <binder/IServiceManager.h>
39 #include <hidl/HidlTransportSupport.h>
40 #include <netdutils/Stopwatch.h>
41 #include <processgroup/processgroup.h>
42 
43 #include "Controllers.h"
44 #include "FwmarkServer.h"
45 #include "MDnsSdListener.h"
46 #include "MDnsService.h"
47 #include "NFLogListener.h"
48 #include "NetdConstants.h"
49 #include "NetdHwAidlService.h"
50 #include "NetdHwService.h"
51 #include "NetdNativeService.h"
52 #include "NetlinkManager.h"
53 #include "Process.h"
54 
55 #include "NetdUpdatablePublic.h"
56 #include "netd_resolv/resolv.h"
57 
58 using android::IPCThreadState;
59 using android::sp;
60 using android::status_t;
61 using android::String16;
62 using android::net::FwmarkServer;
63 using android::net::gCtls;
64 using android::net::gLog;
65 using android::net::makeNFLogListener;
66 using android::net::MDnsService;
67 using android::net::NetdHwService;
68 using android::net::NetdNativeService;
69 using android::net::NetlinkManager;
70 using android::net::NFLogListener;
71 using android::net::aidl::NetdHwAidlService;
72 using android::netdutils::Stopwatch;
73 
74 const char* const PID_FILE_PATH = "/data/misc/net/netd_pid";
75 constexpr const char DNSPROXYLISTENER_SOCKET_NAME[] = "dnsproxyd";
76 
77 std::mutex android::net::gBigNetdLock;
78 
79 namespace {
80 
getNetworkContextCallback(uint32_t netId,uint32_t uid,android_net_context * netcontext)81 void getNetworkContextCallback(uint32_t netId, uint32_t uid, android_net_context* netcontext) {
82     gCtls->netCtrl.getNetworkContext(netId, uid, netcontext);
83 }
84 
checkCallingPermissionCallback(const char * permission)85 bool checkCallingPermissionCallback(const char* permission) {
86     return checkCallingPermission(String16(permission));
87 }
88 
logCallback(const char * msg)89 void logCallback(const char* msg) {
90     gLog.info(std::string(msg));
91 }
92 
tagSocketCallback(int sockFd,uint32_t tag,uid_t uid,pid_t)93 int tagSocketCallback(int sockFd, uint32_t tag, uid_t uid, pid_t) {
94     // Workaround for secureVPN with VpnIsolation enabled, refer to b/159994981 for details.
95     if (tag == TAG_SYSTEM_DNS) uid = AID_DNS;
96     return libnetd_updatable_tagSocket(sockFd, tag, uid, AID_DNS);
97 }
98 
evaluateDomainNameCallback(const android_net_context & netcontext,const char *)99 bool evaluateDomainNameCallback(const android_net_context& netcontext, const char* /*name*/) {
100     // OEMs should NOT modify IF statement, or DNS control provided by mainline modules may break.
101     if (!gCtls->netCtrl.isUidAllowed(netcontext.app_netid, netcontext.uid)) {
102         ALOGI("uid %d is not allowed to use netid %u", netcontext.uid, netcontext.app_netid);
103         return false;
104     }
105 
106     // Add OEM customization from here
107     // ...
108     return true;
109 }
110 
initDnsResolver()111 bool initDnsResolver() {
112     ResolverNetdCallbacks callbacks = {
113             .check_calling_permission = &checkCallingPermissionCallback,
114             .get_network_context = &getNetworkContextCallback,
115             .log = &logCallback,
116             .tagSocket = &tagSocketCallback,
117             .evaluate_domain_name = &evaluateDomainNameCallback,
118     };
119     return resolv_init(&callbacks);
120 }
121 
122 }  // namespace
123 
main()124 int main() {
125     Stopwatch s;
126     gLog.info("netd 1.0 starting");
127 
128     android::net::process::removePidFile(PID_FILE_PATH);
129     gLog.info("Pid file removed");
130     android::net::process::blockSigPipe();
131     gLog.info("SIGPIPE is blocked");
132 
133     // Before we do anything that could fork, mark CLOEXEC the UNIX sockets that we get from init.
134     // FrameworkListener does this on initialization as well, but we only initialize these
135     // components after having initialized other subsystems that can fork.
136     for (const auto& sock :
137          {DNSPROXYLISTENER_SOCKET_NAME, FwmarkServer::SOCKET_NAME, MDnsSdListener::SOCKET_NAME}) {
138         setCloseOnExec(sock);
139         gLog.info("setCloseOnExec(%s)", sock);
140     }
141 
142     std::string cg2_path;
143     if (!CgroupGetControllerPath(CGROUPV2_CONTROLLER_NAME, &cg2_path)) {
144         ALOGE("Failed to find cgroup v2 root %s", strerror(errno));
145         exit(1);
146     }
147 
148     if (libnetd_updatable_init(cg2_path.c_str())) {
149         ALOGE("libnetd_updatable_init failed");
150         exit(1);
151     }
152     gLog.info("libnetd_updatable_init success");
153 
154     NetlinkManager *nm = NetlinkManager::Instance();
155     if (nm == nullptr) {
156         ALOGE("Unable to create NetlinkManager");
157         exit(1);
158     };
159     gLog.info("NetlinkManager instanced");
160 
161     gCtls = new android::net::Controllers();
162     gCtls->init();
163 
164     if (nm->start()) {
165         ALOGE("Unable to start NetlinkManager (%s)", strerror(errno));
166         exit(1);
167     }
168 
169     std::unique_ptr<NFLogListener> logListener;
170     {
171         auto result = makeNFLogListener();
172         if (!isOk(result)) {
173             ALOGE("Unable to create NFLogListener: %s", toString(result).c_str());
174             exit(1);
175         }
176         logListener = std::move(result.value());
177         auto status = gCtls->wakeupCtrl.init(logListener.get());
178         if (!isOk(status)) {
179             gLog.error("Unable to init WakeupController: %s", toString(status).c_str());
180             // We can still continue without wakeup packet logging.
181         }
182     }
183 
184     // Set local DNS mode, to prevent bionic from proxying
185     // back to this service, recursively.
186     // TODO: Check if we could remove it since resolver cache no loger
187     // checks this environment variable after aosp/838050.
188     setenv("ANDROID_DNS_MODE", "local", 1);
189     // Note that only call initDnsResolver after gCtls initializing.
190     if (!initDnsResolver()) {
191         ALOGE("Unable to init resolver");
192         exit(1);
193     }
194 
195     FwmarkServer fwmarkServer(&gCtls->netCtrl, &gCtls->eventReporter);
196     if (fwmarkServer.startListener()) {
197         ALOGE("Unable to start FwmarkServer (%s)", strerror(errno));
198         exit(1);
199     }
200 
201     Stopwatch subTime;
202     status_t ret;
203     if ((ret = NetdNativeService::start()) != android::OK) {
204         ALOGE("Unable to start NetdNativeService: %d", ret);
205         exit(1);
206     }
207     gLog.info("Registering NetdNativeService: %" PRId64 "us", subTime.getTimeAndResetUs());
208 
209     if ((ret = MDnsService::start()) != android::OK) {
210         ALOGE("Unable to start MDnsService: %d", ret);
211         exit(1);
212     }
213     gLog.info("Registering MDnsService: %" PRId64 "us", subTime.getTimeAndResetUs());
214 
215     android::net::process::ScopedPidFile pidFile(PID_FILE_PATH);
216 
217     // Now that netd is ready to process commands, advertise service availability for HAL clients.
218     // Usage of this HAL is anticipated to be thin; one thread per HAL service should suffice,
219     // AIDL and HIDL.
220     android::hardware::configureRpcThreadpool(2, true /* callerWillJoin */);
221     IPCThreadState::self()->disableBackgroundScheduling(true);
222 
223     std::thread aidlService = std::thread(NetdHwAidlService::run);
224 
225     sp<NetdHwService> mHwSvc(new NetdHwService());
226     bool startedHidlService = true;
227     if ((ret = mHwSvc->start()) != android::OK) {
228         ALOGE("Unable to start HIDL NetdHwService: %d", ret);
229         startedHidlService = false;
230     }
231 
232     gLog.info("Registering NetdHwService: %" PRId64 "us", subTime.getTimeAndResetUs());
233     gLog.info("Netd started in %" PRId64 "us", s.timeTakenUs());
234     if (startedHidlService) {
235         IPCThreadState::self()->joinThreadPool();
236     }
237     aidlService.join();
238     gLog.info("netd exiting");
239 
240     exit(0);
241 }
242