Revert "Revert "[RFCLAT#1] Move the raw socket creation from cla..."

Revert submission 1919326-revert-1902610-clat_move_raw_socket-XKUYDBPMIO

Reason for revert: security patch (aosp/1903466) and clean up patch (aosp/1911234) have merged
Reverted Changes:
I849cf4150:Revert "[RFNETD#1] Move the raw socket creation fr...
Ic4fad13f5:Revert "[RFCLAT#1] Move the raw socket creation fr...

Bug: 212345928
Test: atest clatd_test

Change-Id: Ib3f35c293b160f57917bf6f52a533faecf2abf80

3 files changed, 18 insertions, 17 deletions

diff --git a/clatd.c b/clatd.c
index 7ec3454..4a34bf3 100644
--- a/clatd.c
+++ b/clatd.c
@@ -182,19 +182,7 @@ void drop_root_and_caps() {
  *   tunnel - tun device data
  *   mark - the socket mark to use for the sending raw socket
  */
-void open_sockets(struct tun_data *tunnel, uint32_t mark) {
-  int rawsock = socket(AF_INET6, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_RAW);
-  if (rawsock < 0) {
-    logmsg(ANDROID_LOG_FATAL, "raw socket failed: %s", strerror(errno));
-    exit(1);
-  }
-
-  if (mark != MARK_UNSET && setsockopt(rawsock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark)) < 0) {
-    logmsg(ANDROID_LOG_ERROR, "could not set mark on raw socket: %s", strerror(errno));
-  }
-
-  tunnel->write_fd6 = rawsock;
-
+void open_sockets(struct tun_data *tunnel) {
   // Will eventually be bound to htons(ETH_P_IPV6) protocol,
   // but only after appropriate bpf filter is attached.
   tunnel->read_fd6 = socket(AF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
diff --git a/clatd.h b/clatd.h
index 75ffea3..6907829 100644
--- a/clatd.h
+++ b/clatd.h
@@ -41,7 +41,7 @@ extern volatile sig_atomic_t running;
 void configure_tun_ip(const struct tun_data *tunnel, const char *v4_addr, int mtu);
 void set_capability(uint64_t target_cap);
 void drop_root_and_caps();
-void open_sockets(struct tun_data *tunnel, uint32_t mark);
+void open_sockets(struct tun_data *tunnel);
 int ipv6_address_changed(const char *interface);
 int configure_clat_ipv6_address(const struct tun_data *tunnel, const char *interface,
                                 const char *src_addr);
diff --git a/main.c b/main.c
index d452985..e4f7356 100644
--- a/main.c
+++ b/main.c
@@ -51,6 +51,7 @@ void print_help() {
   printf("-6 [IPv6 address]\n");
   printf("-m [socket mark]\n");
   printf("-t [tun file descriptor number]\n");
+  printf("-w [write socket descriptor number]\n");
 }
 
 /* function: main
@@ -60,11 +61,11 @@ int main(int argc, char **argv) {
   struct tun_data tunnel;
   int opt;
   char *uplink_interface = NULL, *plat_prefix = NULL, *mark_str = NULL;
-  char *v4_addr = NULL, *v6_addr = NULL, *tunfd_str = NULL;
+  char *v4_addr = NULL, *v6_addr = NULL, *tunfd_str = NULL, *write_sock_str = NULL;
   uint32_t mark   = MARK_UNSET;
   unsigned len;
 
-  while ((opt = getopt(argc, argv, "i:p:4:6:m:t:h")) != -1) {
+  while ((opt = getopt(argc, argv, "i:p:4:6:m:t:w:h")) != -1) {
     switch (opt) {
       case 'i':
         uplink_interface = optarg;
@@ -84,6 +85,9 @@ int main(int argc, char **argv) {
       case 't':
         tunfd_str = optarg;
         break;
+      case 'w':
+        write_sock_str = optarg;
+        break;
       case 'h':
         print_help();
         exit(0);
@@ -112,6 +116,15 @@ int main(int argc, char **argv) {
     exit(1);
   }
 
+  if (write_sock_str != NULL && !parse_int(write_sock_str, &tunnel.write_fd6)) {
+    logmsg(ANDROID_LOG_FATAL, "invalid sock_write %s", write_sock_str);
+    exit(1);
+  }
+  if (!tunnel.write_fd6) {
+    logmsg(ANDROID_LOG_FATAL, "no write_fd6 specified on commandline.");
+    exit(1);
+  }
+
   len = snprintf(tunnel.device4, sizeof(tunnel.device4), "%s%s", DEVICEPREFIX, uplink_interface);
   if (len >= sizeof(tunnel.device4)) {
     logmsg(ANDROID_LOG_FATAL, "interface name too long '%s'", tunnel.device4);
@@ -124,7 +137,7 @@ int main(int argc, char **argv) {
          v6_addr ? v6_addr : "(none)");
 
   // open our raw sockets before dropping privs
-  open_sockets(&tunnel, mark);
+  open_sockets(&tunnel);
 
   configure_interface(uplink_interface, plat_prefix, v4_addr, v6_addr, &tunnel, mark);