arc/network/adb_proxy.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2019 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "arc/network/adb_proxy.h"

 #include <linux/vm_sockets.h>
 #include <sys/socket.h>
 #include <sys/types.h>

 #include <utility>

 #include <base/bind.h>
 #include <base/logging.h>
 #include <base/strings/stringprintf.h>
 #include <brillo/minijail/minijail.h>

 namespace arc_networkd {
 namespace {
 constexpr uint16_t kTcpPort = 5555;
 constexpr uint32_t kTcpAddr = 0x64735C02;  // 100.115.92.2
 constexpr uint32_t kVsockPort = 5555;
 // Reference: (./src/private-overlays/project-cheets-private/
 // chromeos-base/android-vm-pi/files/run-arcvm)
 constexpr uint32_t kVsockCid = 5;
 constexpr uint64_t kCapMask = CAP_TO_MASK(CAP_NET_RAW);
 constexpr char kUnprivilegedUser[] = "arc-networkd";
 constexpr int kMaxConn = 16;

 }  // namespace

 AdbProxy::AdbProxy() : src_watcher_(FROM_HERE) {}

 AdbProxy::~AdbProxy() {
   src_watcher_.StopWatchingFileDescriptor();
 }

 int AdbProxy::OnInit() {
   // Prevent the main process from sending us any signals.
   if (setsid() < 0) {
     PLOG(ERROR) << "Failed to created a new session with setsid; exiting";
     return -1;
   }

   // Run with minimal privileges.
   brillo::Minijail* m = brillo::Minijail::GetInstance();
   struct minijail* jail = m->New();

   // Most of these return void, but DropRoot() can fail if the user/group
   // does not exist.
   CHECK(m->DropRoot(jail, kUnprivilegedUser, kUnprivilegedUser))
       << "Could not drop root privileges";
   m->UseCapabilities(jail, kCapMask);
   m->Enter(jail);
   m->Destroy(jail);

   src_ = std::make_unique<Socket>(AF_INET, SOCK_STREAM | SOCK_NONBLOCK);
   struct sockaddr_in addr = {0};
   addr.sin_family = AF_INET;
   addr.sin_port = htons(kTcpPort);
   addr.sin_addr.s_addr = htonl(INADDR_ANY);
   if (!src_->Bind((const struct sockaddr*)&addr)) {
     LOG(ERROR) << "Cannot bind source socket; exiting";
     return -1;
   }

   if (!src_->Listen(kMaxConn)) {
     LOG(ERROR) << "Cannot listen on source socket; exiting";
     return -1;
   }

   RegisterHandler(SIGUSR1,
                   base::Bind(&AdbProxy::OnSignal, base::Unretained(this)));
   RegisterHandler(SIGUSR2,
                   base::Bind(&AdbProxy::OnSignal, base::Unretained(this)));

   base::MessageLoopForIO::current()->WatchFileDescriptor(
       src_->fd(), true, base::MessageLoopForIO::WATCH_READ, &src_watcher_,
       this);

   return Daemon::OnInit();
 }

 void AdbProxy::OnFileCanReadWithoutBlocking(int fd) {
   if (auto conn = src_->Accept()) {
     if (auto dst = Connect()) {
       LOG(INFO) << "Connection established: " << *conn << " <-> " << *dst;
       auto fwd = std::make_unique<SocketForwarder>(
           base::StringPrintf("adbp%d-%d", conn->fd(), dst->fd()),
           std::move(conn), std::move(dst));
       fwd->Start();
       fwd_.emplace_back(std::move(fwd));
     }
   }

   // Cleanup any defunct forwarders.
   for (auto it = fwd_.begin(); it != fwd_.end();) {
     if (!(*it)->IsValid() && (*it)->HasBeenStarted())
       it = fwd_.erase(it);
     else
       ++it;
   }
 }

 std::unique_ptr<Socket> AdbProxy::Connect() const {
   // Try to connect with VSOCK.
   struct sockaddr_vm addr_vm;
   addr_vm.svm_family = AF_VSOCK;
   addr_vm.svm_port = kVsockPort;
   addr_vm.svm_cid = kVsockCid;

   auto dst = std::make_unique<Socket>(AF_VSOCK, SOCK_STREAM);
   if (dst->Connect((const struct sockaddr*)&addr_vm))
     return dst;

   // Try to connect with TCP IPv4.
   struct sockaddr_in addr_in;
   addr_in.sin_family = AF_INET;
   addr_in.sin_port = htons(kTcpPort);
   addr_in.sin_addr.s_addr = htonl(kTcpAddr);

   dst = std::make_unique<Socket>(AF_INET, SOCK_STREAM);
   if (dst->Connect((const struct sockaddr*)&addr_in))
     return dst;

   return nullptr;
 }

 bool AdbProxy::OnSignal(const struct signalfd_siginfo& info) {
   // On guest down just ensure any existing connections are culled.
   if (info.ssi_signo == SIGUSR2)
     fwd_.clear();

   // Stay registered.
   return false;
 }

 }  // namespace arc_networkd
	// Copyright 2019 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "arc/network/adb_proxy.h"

	#include <linux/vm_sockets.h>
	#include <sys/socket.h>
	#include <sys/types.h>

	#include <utility>

	#include <base/bind.h>
	#include <base/logging.h>
	#include <base/strings/stringprintf.h>
	#include <brillo/minijail/minijail.h>

	namespace arc_networkd {
	namespace {
	constexpr uint16_t kTcpPort = 5555;
	constexpr uint32_t kTcpAddr = 0x64735C02; // 100.115.92.2
	constexpr uint32_t kVsockPort = 5555;
	// Reference: (./src/private-overlays/project-cheets-private/
	// chromeos-base/android-vm-pi/files/run-arcvm)
	constexpr uint32_t kVsockCid = 5;
	constexpr uint64_t kCapMask = CAP_TO_MASK(CAP_NET_RAW);
	constexpr char kUnprivilegedUser[] = "arc-networkd";
	constexpr int kMaxConn = 16;

	} // namespace

	AdbProxy::AdbProxy() : src_watcher_(FROM_HERE) {}

	AdbProxy::~AdbProxy() {
	src_watcher_.StopWatchingFileDescriptor();
	}

	int AdbProxy::OnInit() {
	// Prevent the main process from sending us any signals.
	if (setsid() < 0) {
	PLOG(ERROR) << "Failed to created a new session with setsid; exiting";
	return -1;
	}

	// Run with minimal privileges.
	brillo::Minijail* m = brillo::Minijail::GetInstance();
	struct minijail* jail = m->New();

	// Most of these return void, but DropRoot() can fail if the user/group
	// does not exist.
	CHECK(m->DropRoot(jail, kUnprivilegedUser, kUnprivilegedUser))
	<< "Could not drop root privileges";
	m->UseCapabilities(jail, kCapMask);
	m->Enter(jail);
	m->Destroy(jail);

	src_ = std::make_unique<Socket>(AF_INET, SOCK_STREAM \| SOCK_NONBLOCK);
	struct sockaddr_in addr = {0};
	addr.sin_family = AF_INET;
	addr.sin_port = htons(kTcpPort);
	addr.sin_addr.s_addr = htonl(INADDR_ANY);
	if (!src_->Bind((const struct sockaddr*)&addr)) {
	LOG(ERROR) << "Cannot bind source socket; exiting";
	return -1;
	}

	if (!src_->Listen(kMaxConn)) {
	LOG(ERROR) << "Cannot listen on source socket; exiting";
	return -1;
	}

	RegisterHandler(SIGUSR1,
	base::Bind(&AdbProxy::OnSignal, base::Unretained(this)));
	RegisterHandler(SIGUSR2,
	base::Bind(&AdbProxy::OnSignal, base::Unretained(this)));

	base::MessageLoopForIO::current()->WatchFileDescriptor(
	src_->fd(), true, base::MessageLoopForIO::WATCH_READ, &src_watcher_,
	this);

	return Daemon::OnInit();
	}

	void AdbProxy::OnFileCanReadWithoutBlocking(int fd) {
	if (auto conn = src_->Accept()) {
	if (auto dst = Connect()) {
	LOG(INFO) << "Connection established: " << conn << " <-> " << dst;
	auto fwd = std::make_unique<SocketForwarder>(
	base::StringPrintf("adbp%d-%d", conn->fd(), dst->fd()),
	std::move(conn), std::move(dst));
	fwd->Start();
	fwd_.emplace_back(std::move(fwd));
	}
	}

	// Cleanup any defunct forwarders.
	for (auto it = fwd_.begin(); it != fwd_.end();) {
	if (!(it)->IsValid() && (it)->HasBeenStarted())
	it = fwd_.erase(it);
	else
	++it;
	}
	}

	std::unique_ptr<Socket> AdbProxy::Connect() const {
	// Try to connect with VSOCK.
	struct sockaddr_vm addr_vm;
	addr_vm.svm_family = AF_VSOCK;
	addr_vm.svm_port = kVsockPort;
	addr_vm.svm_cid = kVsockCid;

	auto dst = std::make_unique<Socket>(AF_VSOCK, SOCK_STREAM);
	if (dst->Connect((const struct sockaddr*)&addr_vm))
	return dst;

	// Try to connect with TCP IPv4.
	struct sockaddr_in addr_in;
	addr_in.sin_family = AF_INET;
	addr_in.sin_port = htons(kTcpPort);
	addr_in.sin_addr.s_addr = htonl(kTcpAddr);

	dst = std::make_unique<Socket>(AF_INET, SOCK_STREAM);
	if (dst->Connect((const struct sockaddr*)&addr_in))
	return dst;

	return nullptr;
	}

	bool AdbProxy::OnSignal(const struct signalfd_siginfo& info) {
	// On guest down just ensure any existing connections are culled.
	if (info.ssi_signo == SIGUSR2)
	fwd_.clear();

	// Stay registered.
	return false;
	}

	} // namespace arc_networkd