diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-06 07:34:02 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2017-09-06 07:34:02 +0000 |
commit | 862f9f4549787a4918eace8fc32d88cd3466e71e (patch) | |
tree | 502a0844276387be22e4c7a1862b677c3dcdb15c | |
parent | 47b77a3844963c0bc386af181c0877481134e845 (diff) | |
parent | 7b0ab7a59ad1f28b8985cb673beb551b42c07059 (diff) | |
download | netd-862f9f4549787a4918eace8fc32d88cd3466e71e.tar.gz |
release-request-ee600ee1-fadc-4a92-9feb-e22548c84a75-for-git_oc-mr1-release-4318546 snap-temp-L23800000099760172
Change-Id: Iada703f8bccc97031624744de0300c1f2c7df8af
-rw-r--r-- | server/CommandListener.cpp | 3 | ||||
-rw-r--r-- | server/CommandListener.h | 2 | ||||
-rw-r--r-- | server/DnsProxyListener.cpp | 2 | ||||
-rw-r--r-- | server/DnsProxyListener.h | 2 | ||||
-rw-r--r-- | server/FwmarkServer.cpp | 2 | ||||
-rw-r--r-- | server/FwmarkServer.h | 2 | ||||
-rw-r--r-- | server/IptablesRestoreController.cpp | 16 | ||||
-rw-r--r-- | server/MDnsSdListener.cpp | 3 | ||||
-rw-r--r-- | server/MDnsSdListener.h | 2 | ||||
-rw-r--r-- | server/NetdConstants.cpp | 14 | ||||
-rw-r--r-- | server/NetdConstants.h | 1 | ||||
-rw-r--r-- | server/main.cpp | 10 |
12 files changed, 40 insertions, 19 deletions
diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp index d191c05d..27954824 100644 --- a/server/CommandListener.cpp +++ b/server/CommandListener.cpp @@ -104,8 +104,7 @@ void CommandListener::registerLockingCmd(FrameworkCommand *cmd, android::RWLock& registerCmd(new LockingFrameworkCommand(cmd, lock)); } -CommandListener::CommandListener() : - FrameworkListener("netd", true) { +CommandListener::CommandListener() : FrameworkListener(SOCKET_NAME, true) { registerLockingCmd(new InterfaceCmd()); registerLockingCmd(new IpFwdCmd()); registerLockingCmd(new TetherCmd()); diff --git a/server/CommandListener.h b/server/CommandListener.h index 762ae7c9..d37e5b3c 100644 --- a/server/CommandListener.h +++ b/server/CommandListener.h @@ -42,6 +42,8 @@ public: CommandListener(); virtual ~CommandListener() {} + static constexpr const char* SOCKET_NAME = "netd"; + private: void registerLockingCmd(FrameworkCommand *cmd, android::RWLock& lock); void registerLockingCmd(FrameworkCommand *cmd) { diff --git a/server/DnsProxyListener.cpp b/server/DnsProxyListener.cpp index 8db1da85..8f8858d4 100644 --- a/server/DnsProxyListener.cpp +++ b/server/DnsProxyListener.cpp @@ -136,7 +136,7 @@ res_sendhookact qhook(sockaddr* const * nsap, const u_char** buf, int* buflen, } // namespace DnsProxyListener::DnsProxyListener(const NetworkController* netCtrl, EventReporter* eventReporter) : - FrameworkListener("dnsproxyd"), mNetCtrl(netCtrl), mEventReporter(eventReporter) { + FrameworkListener(SOCKET_NAME), mNetCtrl(netCtrl), mEventReporter(eventReporter) { registerCmd(new GetAddrInfoCmd(this)); registerCmd(new GetHostByAddrCmd(this)); registerCmd(new GetHostByNameCmd(this)); diff --git a/server/DnsProxyListener.h b/server/DnsProxyListener.h index b08a1143..a215bb63 100644 --- a/server/DnsProxyListener.h +++ b/server/DnsProxyListener.h @@ -35,6 +35,8 @@ public: explicit DnsProxyListener(const NetworkController* netCtrl, EventReporter* eventReporter); virtual ~DnsProxyListener() {} + static constexpr const char* SOCKET_NAME = "dnsproxyd"; + private: const NetworkController *mNetCtrl; EventReporter *mEventReporter; diff --git a/server/FwmarkServer.cpp b/server/FwmarkServer.cpp index a9a18c53..48008649 100644 --- a/server/FwmarkServer.cpp +++ b/server/FwmarkServer.cpp @@ -34,7 +34,7 @@ namespace android { namespace net { FwmarkServer::FwmarkServer(NetworkController* networkController, EventReporter* eventReporter) : - SocketListener("fwmarkd", true), mNetworkController(networkController), + SocketListener(SOCKET_NAME, true), mNetworkController(networkController), mEventReporter(eventReporter) { } diff --git a/server/FwmarkServer.h b/server/FwmarkServer.h index c9b19a5f..4d109c02 100644 --- a/server/FwmarkServer.h +++ b/server/FwmarkServer.h @@ -30,6 +30,8 @@ class FwmarkServer : public SocketListener { public: explicit FwmarkServer(NetworkController* networkController, EventReporter* eventReporter); + static constexpr const char* SOCKET_NAME = "fwmarkd"; + private: // Overridden from SocketListener: bool onDataAvailable(SocketClient* client); diff --git a/server/IptablesRestoreController.cpp b/server/IptablesRestoreController.cpp index 37b94bf4..88d88f64 100644 --- a/server/IptablesRestoreController.cpp +++ b/server/IptablesRestoreController.cpp @@ -143,9 +143,9 @@ IptablesProcess* IptablesRestoreController::forkAndExec(const IptablesProcessTyp int stdout_pipe[2]; int stderr_pipe[2]; - if (pipe2(stdin_pipe, 0) == -1 || - pipe2(stdout_pipe, O_NONBLOCK) == -1 || - pipe2(stderr_pipe, O_NONBLOCK) == -1) { + if (pipe2(stdin_pipe, O_CLOEXEC) == -1 || + pipe2(stdout_pipe, O_NONBLOCK | O_CLOEXEC) == -1 || + pipe2(stderr_pipe, O_NONBLOCK | O_CLOEXEC) == -1) { ALOGE("pipe2() failed: %s", strerror(errno)); return nullptr; @@ -161,16 +161,6 @@ IptablesProcess* IptablesRestoreController::forkAndExec(const IptablesProcessTyp if (child_pid.value() == 0) { // The child process. Reads from stdin, writes to stderr and stdout. - // stdin_pipe[1] : The write end of the stdin pipe. - // stdout_pipe[0] : The read end of the stdout pipe. - // stderr_pipe[0] : The read end of the stderr pipe. - if (close(stdin_pipe[1]) == -1 || - close(stdout_pipe[0]) == -1 || - close(stderr_pipe[0]) == -1) { - - ALOGW("close() failed: %s", strerror(errno)); - } - // stdin_pipe[0] : The read end of the stdin pipe. // stdout_pipe[1] : The write end of the stdout pipe. // stderr_pipe[1] : The write end of the stderr pipe. diff --git a/server/MDnsSdListener.cpp b/server/MDnsSdListener.cpp index 9551d45c..b2a79df0 100644 --- a/server/MDnsSdListener.cpp +++ b/server/MDnsSdListener.cpp @@ -45,8 +45,7 @@ #define CEIL(x, y) (((x) + (y) - 1) / (y)) -MDnsSdListener::MDnsSdListener() : - FrameworkListener("mdns", true) { +MDnsSdListener::MDnsSdListener() : FrameworkListener(SOCKET_NAME, true) { Monitor *m = new Monitor(); registerCmd(new Handler(m, this)); } diff --git a/server/MDnsSdListener.h b/server/MDnsSdListener.h index 3833ad62..8cd596a0 100644 --- a/server/MDnsSdListener.h +++ b/server/MDnsSdListener.h @@ -51,6 +51,8 @@ public: MDnsSdListener(); virtual ~MDnsSdListener() {} + static constexpr const char* SOCKET_NAME = "mdns"; + class Context { public: MDnsSdListener *mListener; diff --git a/server/NetdConstants.cpp b/server/NetdConstants.cpp index 5abdacd5..82db842c 100644 --- a/server/NetdConstants.cpp +++ b/server/NetdConstants.cpp @@ -29,6 +29,7 @@ #include <android-base/stringprintf.h> #include <cutils/log.h> +#include <cutils/sockets.h> #include <logwrap/logwrap.h> #include "Controllers.h" @@ -164,3 +165,16 @@ void blockSigpipe() { if (sigprocmask(SIG_BLOCK, &mask, NULL) != 0) ALOGW("WARNING: SIGPIPE not blocked\n"); } + +void setCloseOnExec(const char *sock) { + int fd = android_get_control_socket(sock); + int flags = fcntl(fd, F_GETFD, 0); + if (flags == -1) { + ALOGE("Can't get fd flags for control socket %s", sock); + flags = 0; + } + flags |= FD_CLOEXEC; + if (fcntl(fd, F_SETFD, flags) == -1) { + ALOGE("Can't set control socket %s to FD_CLOEXEC", sock); + } +} diff --git a/server/NetdConstants.h b/server/NetdConstants.h index b1117c43..5fbeae6f 100644 --- a/server/NetdConstants.h +++ b/server/NetdConstants.h @@ -48,6 +48,7 @@ int execIptablesRestoreCommand(IptablesTarget target, const std::string& table, bool isIfaceName(const std::string& name); int parsePrefix(const char *prefix, uint8_t *family, void *address, int size, uint8_t *prefixlen); void blockSigpipe(); +void setCloseOnExec(const char *sock); #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) diff --git a/server/main.cpp b/server/main.cpp index 176d3218..d3e0046e 100644 --- a/server/main.cpp +++ b/server/main.cpp @@ -79,6 +79,16 @@ int main() { blockSigpipe(); + // Before we do anything that could fork, mark CLOEXEC the UNIX sockets that we get from init. + // FrameworkListener does this on initialization as well, but we only initialize these + // components after having initialized other subsystems that can fork. + for (const auto& sock : { CommandListener::SOCKET_NAME, + DnsProxyListener::SOCKET_NAME, + FwmarkServer::SOCKET_NAME, + MDnsSdListener::SOCKET_NAME }) { + setCloseOnExec(sock); + } + NetlinkManager *nm = NetlinkManager::Instance(); if (nm == nullptr) { ALOGE("Unable to create NetlinkManager"); |