shill: Setup Iptable entries for ThirdPartyVpn using PermissionBroker

This CL makes shill setup iptables entries to mark traffic from user dynamically using a proxy to permission broker. BUG=chromium:458075 TEST=Manual testing CQ-DEPEND=CL:249140 Change-Id: Ic376c67b588ae0f82abeb6b7fab31051cd6d08a4 Reviewed-on: https://chromium-review.googlesource.com/250290 Reviewed-by: Paul Stewart <pstew@chromium.org> Tested-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> Commit-Queue: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
author: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> 2015-02-13 15:20:23 +0100
committer: ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> 2015-02-20 15:23:03 +0000
commit: 77e768323e57058b4660bb72ba2544a1cbe6d435 (patch)
tree: 6812c9ab5c8ec1dabb39bfc42c429317c4431bfb /permission_broker_proxy.cc
parent: aab63499fccbd5b94fcfd2fa88e5fda83a8b5da8 (diff)
download: shill-77e768323e57058b4660bb72ba2544a1cbe6d435.tar.gz
1 files changed, 74 insertions, 0 deletions
diff --git a/permission_broker_proxy.cc b/permission_broker_proxy.cc
new file mode 100644
index 00000000..9731bffd
--- /dev/null
+++ b/permission_broker_proxy.cc
@@ -0,0 +1,74 @@
+// Copyright 2015 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "shill/permission_broker_proxy.h"
+
+#include <string>
+#include <vector>
+
+#include <chromeos/dbus/service_constants.h>
+
+#include "shill/logging.h"
+
+namespace shill {
+// static
+const int PermissionBrokerProxy::kInvalidHandle = -1;
+
+PermissionBrokerProxyInterface::PermissionBrokerProxyInterface() {}
+
+PermissionBrokerProxyInterface::~PermissionBrokerProxyInterface() {}
+
+PermissionBrokerProxy::PermissionBrokerProxy(DBus::Connection *connection)
+    : proxy_(connection),
+      lifeline_read_fd_(kInvalidHandle),
+      lifeline_write_fd_(kInvalidHandle) {}
+
+PermissionBrokerProxy::~PermissionBrokerProxy() {}
+
+bool PermissionBrokerProxy::RequestVpnSetup(
+    const std::vector<std::string> &user_names,
+    const std::string &interface) {
+  if (lifeline_read_fd_ != kInvalidHandle ||
+      lifeline_write_fd_ != kInvalidHandle) {
+    LOG(ERROR) << "Already setup?";
+    return false;
+  }
+
+  int fds[2];
+  if (pipe(fds) != 0) {
+    LOG(ERROR) << "Failed to create lifeline pipe";
+    return false;
+  }
+  lifeline_read_fd_ = fds[0];
+  lifeline_write_fd_ = fds[1];
+
+  DBus::FileDescriptor dbus_fd(lifeline_read_fd_);
+  bool return_value = false;
+  try {
+    return_value = proxy_.RequestVpnSetup(user_names, interface, dbus_fd);
+  } catch (const DBus::Error &e) {
+    LOG(FATAL) << "DBus exception: " << e.name() << ": " << e.what();
+  }
+  return return_value;
+}
+
+bool PermissionBrokerProxy::RemoveVpnSetup() {
+  if (lifeline_read_fd_ != kInvalidHandle &&
+      lifeline_write_fd_ != kInvalidHandle) {
+    close(lifeline_read_fd_);
+    close(lifeline_write_fd_);
+    lifeline_read_fd_ = kInvalidHandle;
+    lifeline_write_fd_ = kInvalidHandle;
+  }
+  return true;
+}
+
+PermissionBrokerProxy::Proxy::Proxy(DBus::Connection *connection)
+    : DBus::ObjectProxy(*connection,
+                        permission_broker::kPermissionBrokerServicePath,
+                        permission_broker::kPermissionBrokerServiceName) {}
+
+PermissionBrokerProxy::Proxy::~Proxy() {}
+
+}  // namespace shill
author	Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>	2015-02-13 15:20:23 +0100
committer	ChromeOS Commit Bot <chromeos-commit-bot@chromium.org>	2015-02-20 15:23:03 +0000
commit	77e768323e57058b4660bb72ba2544a1cbe6d435 (patch)
tree	6812c9ab5c8ec1dabb39bfc42c429317c4431bfb /permission_broker_proxy.cc
parent	aab63499fccbd5b94fcfd2fa88e5fda83a8b5da8 (diff)
download	shill-77e768323e57058b4660bb72ba2544a1cbe6d435.tar.gz