arc/network/adb_proxy.cc

// Copyright 2019 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "arc/network/adb_proxy.h"

#include <linux/vm_sockets.h>
#include <sys/socket.h>
#include <sys/types.h>

#include <utility>

#include <base/bind.h>
#include <base/logging.h>
#include <base/strings/stringprintf.h>
#include <brillo/minijail/minijail.h>

namespace arc_networkd {
namespace {
constexpr uint16_t kTcpPort = 5555;
constexpr uint32_t kTcpAddr = 0x64735C02;  // 100.115.92.2
constexpr uint32_t kVsockPort = 5555;
// Reference: (./src/private-overlays/project-cheets-private/
// chromeos-base/android-vm-pi/files/run-arcvm)
constexpr uint32_t kVsockCid = 5;
constexpr uint64_t kCapMask = CAP_TO_MASK(CAP_NET_RAW);
constexpr char kUnprivilegedUser[] = "arc-networkd";
constexpr int kMaxConn = 16;

}  // namespace

AdbProxy::AdbProxy() : src_watcher_(FROM_HERE) {}

AdbProxy::~AdbProxy() {
  src_watcher_.StopWatchingFileDescriptor();
}

int AdbProxy::OnInit() {
  // Prevent the main process from sending us any signals.
  if (setsid() < 0) {
    PLOG(ERROR) << "Failed to created a new session with setsid; exiting";
    return -1;
  }

  // Run with minimal privileges.
  brillo::Minijail* m = brillo::Minijail::GetInstance();
  struct minijail* jail = m->New();

  // Most of these return void, but DropRoot() can fail if the user/group
  // does not exist.
  CHECK(m->DropRoot(jail, kUnprivilegedUser, kUnprivilegedUser))
      << "Could not drop root privileges";
  m->UseCapabilities(jail, kCapMask);
  m->Enter(jail);
  m->Destroy(jail);

  src_ = std::make_unique<Socket>(AF_INET, SOCK_STREAM | SOCK_NONBLOCK);
  struct sockaddr_in addr = {0};
  addr.sin_family = AF_INET;
  addr.sin_port = htons(kTcpPort);
  addr.sin_addr.s_addr = htonl(INADDR_ANY);
  if (!src_->Bind((const struct sockaddr*)&addr, sizeof(addr))) {
    LOG(ERROR) << "Cannot bind source socket; exiting";
    return -1;
  }

  if (!src_->Listen(kMaxConn)) {
    LOG(ERROR) << "Cannot listen on source socket; exiting";
    return -1;
  }

  RegisterHandler(SIGUSR1,
                  base::Bind(&AdbProxy::OnSignal, base::Unretained(this)));
  RegisterHandler(SIGUSR2,
                  base::Bind(&AdbProxy::OnSignal, base::Unretained(this)));

  base::MessageLoopForIO::current()->WatchFileDescriptor(
      src_->fd(), true, base::MessageLoopForIO::WATCH_READ, &src_watcher_,
      this);

  return Daemon::OnInit();
}

void AdbProxy::OnFileCanReadWithoutBlocking(int fd) {
  if (auto conn = src_->Accept()) {
    if (auto dst = Connect()) {
      LOG(INFO) << "Connection established: " << *conn << " <-> " << *dst;
      auto fwd = std::make_unique<SocketForwarder>(
          base::StringPrintf("adbp%d-%d", conn->fd(), dst->fd()),
          std::move(conn), std::move(dst));
      fwd->Start();
      fwd_.emplace_back(std::move(fwd));
    }
  }

  // Cleanup any defunct forwarders.
  for (auto it = fwd_.begin(); it != fwd_.end();) {
    if (!(*it)->IsValid() && (*it)->HasBeenStarted())
      it = fwd_.erase(it);
    else
      ++it;
  }
}

std::unique_ptr<Socket> AdbProxy::Connect() const {
  // Try to connect with VSOCK.
  struct sockaddr_vm addr_vm = {0};
  addr_vm.svm_family = AF_VSOCK;
  addr_vm.svm_port = kVsockPort;
  addr_vm.svm_cid = kVsockCid;

  auto dst = std::make_unique<Socket>(AF_VSOCK, SOCK_STREAM);
  if (dst->Connect((const struct sockaddr*)&addr_vm, sizeof(addr_vm)))
    return dst;

  // Try to connect with TCP IPv4.
  struct sockaddr_in addr_in = {0};
  addr_in.sin_family = AF_INET;
  addr_in.sin_port = htons(kTcpPort);
  addr_in.sin_addr.s_addr = htonl(kTcpAddr);

  dst = std::make_unique<Socket>(AF_INET, SOCK_STREAM);
  if (dst->Connect((const struct sockaddr*)&addr_in, sizeof(addr_in)))
    return dst;

  return nullptr;
}

bool AdbProxy::OnSignal(const struct signalfd_siginfo& info) {
  // On guest down just ensure any existing connections are culled.
  if (info.ssi_signo == SIGUSR2)
    fwd_.clear();

  // Stay registered.
  return false;
}

}  // namespace arc_networkd