diff options
author | Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> | 2015-02-13 15:20:23 +0100 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-02-20 15:23:03 +0000 |
commit | 77e768323e57058b4660bb72ba2544a1cbe6d435 (patch) | |
tree | 6812c9ab5c8ec1dabb39bfc42c429317c4431bfb /permission_broker_proxy.cc | |
parent | aab63499fccbd5b94fcfd2fa88e5fda83a8b5da8 (diff) | |
download | shill-77e768323e57058b4660bb72ba2544a1cbe6d435.tar.gz |
shill: Setup Iptable entries for ThirdPartyVpn using PermissionBroker
This CL makes shill setup iptables entries to mark traffic from user
dynamically using a proxy to permission broker.
BUG=chromium:458075
TEST=Manual testing
CQ-DEPEND=CL:249140
Change-Id: Ic376c67b588ae0f82abeb6b7fab31051cd6d08a4
Reviewed-on: https://chromium-review.googlesource.com/250290
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
Commit-Queue: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
Diffstat (limited to 'permission_broker_proxy.cc')
-rw-r--r-- | permission_broker_proxy.cc | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/permission_broker_proxy.cc b/permission_broker_proxy.cc new file mode 100644 index 00000000..9731bffd --- /dev/null +++ b/permission_broker_proxy.cc @@ -0,0 +1,74 @@ +// Copyright 2015 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "shill/permission_broker_proxy.h" + +#include <string> +#include <vector> + +#include <chromeos/dbus/service_constants.h> + +#include "shill/logging.h" + +namespace shill { +// static +const int PermissionBrokerProxy::kInvalidHandle = -1; + +PermissionBrokerProxyInterface::PermissionBrokerProxyInterface() {} + +PermissionBrokerProxyInterface::~PermissionBrokerProxyInterface() {} + +PermissionBrokerProxy::PermissionBrokerProxy(DBus::Connection *connection) + : proxy_(connection), + lifeline_read_fd_(kInvalidHandle), + lifeline_write_fd_(kInvalidHandle) {} + +PermissionBrokerProxy::~PermissionBrokerProxy() {} + +bool PermissionBrokerProxy::RequestVpnSetup( + const std::vector<std::string> &user_names, + const std::string &interface) { + if (lifeline_read_fd_ != kInvalidHandle || + lifeline_write_fd_ != kInvalidHandle) { + LOG(ERROR) << "Already setup?"; + return false; + } + + int fds[2]; + if (pipe(fds) != 0) { + LOG(ERROR) << "Failed to create lifeline pipe"; + return false; + } + lifeline_read_fd_ = fds[0]; + lifeline_write_fd_ = fds[1]; + + DBus::FileDescriptor dbus_fd(lifeline_read_fd_); + bool return_value = false; + try { + return_value = proxy_.RequestVpnSetup(user_names, interface, dbus_fd); + } catch (const DBus::Error &e) { + LOG(FATAL) << "DBus exception: " << e.name() << ": " << e.what(); + } + return return_value; +} + +bool PermissionBrokerProxy::RemoveVpnSetup() { + if (lifeline_read_fd_ != kInvalidHandle && + lifeline_write_fd_ != kInvalidHandle) { + close(lifeline_read_fd_); + close(lifeline_write_fd_); + lifeline_read_fd_ = kInvalidHandle; + lifeline_write_fd_ = kInvalidHandle; + } + return true; +} + +PermissionBrokerProxy::Proxy::Proxy(DBus::Connection *connection) + : DBus::ObjectProxy(*connection, + permission_broker::kPermissionBrokerServicePath, + permission_broker::kPermissionBrokerServiceName) {} + +PermissionBrokerProxy::Proxy::~Proxy() {} + +} // namespace shill |