1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include <vector>
18
19 #include <base/bind.h>
20 #include <base/command_line.h>
21 #include <base/logging.h>
22 #include <brillo/minijail/minijail.h>
23 #include <brillo/syslog_logging.h>
24
25 #include "apmanager/daemon.h"
26
27 using std::vector;
28
29 namespace {
30
31 namespace switches {
32
33 // Don't daemon()ize; run in foreground.
34 const char kForeground[] = "foreground";
35 // Flag that causes apmanager to show the help message and exit.
36 const char kHelp[] = "help";
37
38 // The help message shown if help flag is passed to the program.
39 const char kHelpMessage[] = "\n"
40 "Available Switches: \n"
41 " --foreground\n"
42 " Don\'t daemon()ize; run in foreground.\n";
43 } // namespace switches
44
45 } // namespace
46
47 namespace {
48
49 #if !defined(__ANDROID__)
50 const char kLoggerCommand[] = "/usr/bin/logger";
51 const char kLoggerUser[] = "syslog";
52 #endif // __ANDROID__
53
54 const char kSeccompFilePath[] = "/usr/share/policy/apmanager-seccomp.policy";
55
56 } // namespace
57
58 // Always logs to the syslog and logs to stderr if
59 // we are running in the foreground.
SetupLogging(brillo::Minijail * minijail,bool foreground,const char * daemon_name)60 void SetupLogging(brillo::Minijail* minijail,
61 bool foreground,
62 const char* daemon_name) {
63 int log_flags = 0;
64 log_flags |= brillo::kLogToSyslog;
65 log_flags |= brillo::kLogHeader;
66 if (foreground) {
67 log_flags |= brillo::kLogToStderr;
68 }
69 brillo::InitLog(log_flags);
70
71 #if !defined(__ANDROID__)
72 // Logger utility doesn't exist on Android, so do not run it on Android.
73 // TODO(zqiu): add support to redirect stderr logs from child processes
74 // to Android logging facility.
75 if (!foreground) {
76 vector<char*> logger_command_line;
77 int logger_stdin_fd;
78 logger_command_line.push_back(const_cast<char*>(kLoggerCommand));
79 logger_command_line.push_back(const_cast<char*>("--priority"));
80 logger_command_line.push_back(const_cast<char*>("daemon.err"));
81 logger_command_line.push_back(const_cast<char*>("--tag"));
82 logger_command_line.push_back(const_cast<char*>(daemon_name));
83 logger_command_line.push_back(nullptr);
84
85 struct minijail* jail = minijail->New();
86 minijail->DropRoot(jail, kLoggerUser, kLoggerUser);
87
88 if (!minijail->RunPipeAndDestroy(jail, logger_command_line,
89 nullptr, &logger_stdin_fd)) {
90 LOG(ERROR) << "Unable to spawn logger. "
91 << "Writes to stderr will be discarded.";
92 return;
93 }
94
95 // Note that we don't set O_CLOEXEC here. This means that stderr
96 // from any child processes will, by default, be logged to syslog.
97 if (dup2(logger_stdin_fd, fileno(stderr)) != fileno(stderr)) {
98 LOG(ERROR) << "Failed to redirect stderr to syslog: "
99 << strerror(errno);
100 }
101 close(logger_stdin_fd);
102 }
103 #endif // __ANDROID__
104 }
105
DropPrivileges(brillo::Minijail * minijail)106 void DropPrivileges(brillo::Minijail* minijail) {
107 struct minijail* jail = minijail->New();
108 minijail->DropRoot(jail, apmanager::Daemon::kAPManagerUserName,
109 apmanager::Daemon::kAPManagerGroupName);
110 // Permissions needed for the daemon and its child processes for managing
111 // network interfaces and binding to network sockets.
112 minijail->UseCapabilities(jail, CAP_TO_MASK(CAP_NET_ADMIN) |
113 CAP_TO_MASK(CAP_NET_RAW) |
114 CAP_TO_MASK(CAP_NET_BIND_SERVICE));
115 minijail->UseSeccompFilter(jail, kSeccompFilePath);
116 minijail_enter(jail);
117 minijail->Destroy(jail);
118 }
119
OnStartup(const char * daemon_name,base::CommandLine * cl)120 void OnStartup(const char* daemon_name, base::CommandLine* cl) {
121 brillo::Minijail* minijail = brillo::Minijail::GetInstance();
122 SetupLogging(minijail, cl->HasSwitch(switches::kForeground), daemon_name);
123
124 LOG(INFO) << __func__ << ": Dropping privileges";
125
126 // TODO(zqiu): apmanager is currently started as the "system" user on Android,
127 // so there is no need to drop privileges to the "system" user again.
128 // Drop user privileges when we're running apmanager under a different
129 // user/group.
130 #if !defined(__ANDROID__)
131 // Now that the daemon has all the resources it needs to run, we can drop
132 // privileges further.
133 DropPrivileges(minijail);
134 #endif // __ANDROID
135 }
136
main(int argc,char * argv[])137 int main(int argc, char* argv[]) {
138 base::CommandLine::Init(argc, argv);
139 base::CommandLine* cl = base::CommandLine::ForCurrentProcess();
140
141 if (cl->HasSwitch(switches::kHelp)) {
142 LOG(INFO) << switches::kHelpMessage;
143 return 0;
144 }
145
146 apmanager::Daemon daemon(base::Bind(&OnStartup, argv[0], cl));
147
148 daemon.Run();
149
150 return 0;
151 }
152