| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 1 | // Copyright 2019 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| Garrick Evans | 3388a03 | 2020-03-24 11:25:55 +0900 | [diff] [blame] | 5 | #ifndef PATCHPANEL_MINIJAILED_PROCESS_RUNNER_H_ |
| 6 | #define PATCHPANEL_MINIJAILED_PROCESS_RUNNER_H_ |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 7 | |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 8 | #include <memory> |
| Hugo Benichi | 33860d7 | 2020-07-09 16:34:01 +0900 | [diff] [blame] | 9 | #include <sys/types.h> |
| 10 | |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 11 | #include <string> |
| 12 | #include <vector> |
| 13 | |
| 14 | #include <brillo/minijail/minijail.h> |
| 15 | |
| Garrick Evans | 3388a03 | 2020-03-24 11:25:55 +0900 | [diff] [blame] | 16 | namespace patchpanel { |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 17 | |
| Jason Jeremy Iman | d89b5f5 | 2019-10-24 10:39:17 +0900 | [diff] [blame] | 18 | // Runs the current process with minimal privileges. This function is expected |
| 19 | // to be used by child processes that need only CAP_NET_RAW and to run as the |
| Garrick Evans | 6776b50 | 2020-05-01 10:41:56 +0900 | [diff] [blame] | 20 | // patchpaneld user. |
| Jason Jeremy Iman | d89b5f5 | 2019-10-24 10:39:17 +0900 | [diff] [blame] | 21 | void EnterChildProcessJail(); |
| 22 | |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 23 | // Enforces the expected processes are run with the correct privileges. |
| 24 | class MinijailedProcessRunner { |
| 25 | public: |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 26 | // For mocking waitpid(). |
| 27 | class SyscallImpl { |
| 28 | public: |
| 29 | virtual pid_t WaitPID(pid_t pid, int* wstatus, int options = 0); |
| 30 | virtual ~SyscallImpl() = default; |
| 31 | }; |
| 32 | |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 33 | // Ownership of |mj| is not assumed and must be managed by the caller. |
| 34 | // If |mj| is null, the default instance will be used. |
| 35 | explicit MinijailedProcessRunner(brillo::Minijail* mj = nullptr); |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 36 | // Provided for testing only. |
| 37 | MinijailedProcessRunner(brillo::Minijail* mj, |
| 38 | std::unique_ptr<SyscallImpl> syscall); |
| Qijiang Fan | 6bc59e1 | 2020-11-11 02:51:06 +0900 | [diff] [blame] | 39 | MinijailedProcessRunner(const MinijailedProcessRunner&) = delete; |
| 40 | MinijailedProcessRunner& operator=(const MinijailedProcessRunner&) = delete; |
| 41 | |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 42 | virtual ~MinijailedProcessRunner() = default; |
| 43 | |
| Garrick Evans | 8e8e347 | 2020-01-23 14:03:50 +0900 | [diff] [blame] | 44 | // Runs ip. |
| 45 | virtual int ip(const std::string& obj, |
| 46 | const std::string& cmd, |
| 47 | const std::vector<std::string>& args, |
| 48 | bool log_failures = true); |
| 49 | virtual int ip6(const std::string& obj, |
| 50 | const std::string& cmd, |
| 51 | const std::vector<std::string>& args, |
| 52 | bool log_failures = true); |
| 53 | |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 54 | // Runs iptables. If |output| is not nullptr, it will be filled with the |
| 55 | // result from stdout of iptables command. |
| Garrick Evans | 8e8e347 | 2020-01-23 14:03:50 +0900 | [diff] [blame] | 56 | virtual int iptables(const std::string& table, |
| 57 | const std::vector<std::string>& argv, |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 58 | bool log_failures = true, |
| 59 | std::string* output = nullptr); |
| Garrick Evans | 8e8e347 | 2020-01-23 14:03:50 +0900 | [diff] [blame] | 60 | |
| 61 | virtual int ip6tables(const std::string& table, |
| 62 | const std::vector<std::string>& argv, |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 63 | bool log_failures = true, |
| 64 | std::string* output = nullptr); |
| Garrick Evans | 8e8e347 | 2020-01-23 14:03:50 +0900 | [diff] [blame] | 65 | |
| 66 | // Installs all |modules| via modprobe. |
| 67 | virtual int modprobe_all(const std::vector<std::string>& modules, |
| 68 | bool log_failures = true); |
| 69 | |
| 70 | // Updates kernel parameter |key| to |value| using sysctl. |
| 71 | virtual int sysctl_w(const std::string& key, |
| 72 | const std::string& value, |
| 73 | bool log_failures = true); |
| 74 | |
| Jie Jiang | f679931 | 2021-05-14 16:27:03 +0900 | [diff] [blame] | 75 | // Creates a new named network namespace with name |netns_name|. |
| 76 | virtual int ip_netns_add(const std::string& netns_name, |
| 77 | bool log_failures = true); |
| 78 | |
| Hugo Benichi | 33860d7 | 2020-07-09 16:34:01 +0900 | [diff] [blame] | 79 | // Attaches a name to the network namespace of the given pid |
| 80 | // TODO(hugobenichi) How can patchpanel create a |netns_name| file in |
| 81 | // /run/netns without running ip as root ? |
| 82 | virtual int ip_netns_attach(const std::string& netns_name, |
| 83 | pid_t netns_pid, |
| 84 | bool log_failures = true); |
| 85 | |
| 86 | virtual int ip_netns_delete(const std::string& netns_name, |
| 87 | bool log_failures = true); |
| 88 | |
| Garrick Evans | 8e8e347 | 2020-01-23 14:03:50 +0900 | [diff] [blame] | 89 | protected: |
| 90 | // Runs a process (argv[0]) with optional arguments (argv[1]...) |
| 91 | // in a minijail as an unprivileged user with CAP_NET_ADMIN and |
| 92 | // CAP_NET_RAW capabilities. |
| 93 | virtual int Run(const std::vector<std::string>& argv, |
| 94 | bool log_failures = true); |
| Jie Jiang | c9a5cd5 | 2020-12-14 17:38:52 +0900 | [diff] [blame] | 95 | |
| 96 | // Invokes RunSyncDestroy() with |mj_|. If |output| is not nullptr, it will be |
| 97 | // filled with the result from stdout of the execution. |
| Hugo Benichi | b5b44cc | 2020-12-11 11:01:02 +0900 | [diff] [blame] | 98 | virtual int RunSync(const std::vector<std::string>& argv, |
| Hugo Benichi | b5b44cc | 2020-12-11 11:01:02 +0900 | [diff] [blame] | 99 | bool log_failures, |
| Jie Jiang | c9a5cd5 | 2020-12-14 17:38:52 +0900 | [diff] [blame] | 100 | std::string* output); |
| Garrick Evans | 6d227b9 | 2019-12-03 16:11:29 +0900 | [diff] [blame] | 101 | |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 102 | private: |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 103 | int RunSyncDestroy(const std::vector<std::string>& argv, |
| 104 | brillo::Minijail* mj, |
| 105 | minijail* jail, |
| 106 | bool log_failures, |
| Jie Jiang | 0137f5d | 2020-12-16 16:23:59 +0900 | [diff] [blame] | 107 | std::string* output); |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 108 | |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 109 | brillo::Minijail* mj_; |
| 110 | |
| Jie Jiang | cf5ce9c | 2020-07-14 17:22:03 +0900 | [diff] [blame] | 111 | std::unique_ptr<SyscallImpl> syscall_; |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 112 | }; |
| 113 | |
| Garrick Evans | 3388a03 | 2020-03-24 11:25:55 +0900 | [diff] [blame] | 114 | } // namespace patchpanel |
| Garrick Evans | 64a2df3 | 2018-12-12 16:53:46 +0900 | [diff] [blame] | 115 | |
| Garrick Evans | 3388a03 | 2020-03-24 11:25:55 +0900 | [diff] [blame] | 116 | #endif // PATCHPANEL_MINIJAILED_PROCESS_RUNNER_H_ |