diff options
author | Sebastien RAILLET <sebastien.raillet@marelli.com> | 2021-09-22 16:54:31 +0200 |
---|---|---|
committer | Saya Sugiura <39760799+ssugiura@users.noreply.github.com> | 2021-10-12 14:55:32 +0900 |
commit | 1919000c897ccf0f88a5584faf3a2efc1a7a3c30 (patch) | |
tree | 2e10abe01f75c9ac2a3427b3a3d5ecf893a800e9 /src/daemon/dlt-daemon.c | |
parent | 9214f892302615beed95222b56065655a40ff2a7 (diff) | |
download | DLT-daemon-1919000c897ccf0f88a5584faf3a2efc1a7a3c30.tar.gz |
dlt-daemon: create sockets using "android way"
* Before this commit, dlt-daemon sockets were created inside
/data/local/tmp. This works but have many drawbacks:
- /data/local/tmp isn't always a tmpfs depending of the android
system you have. Means sockets are potentially created on a
filesystem which binds to a real device
- as the sockets are created by the dlt-daemon itself, this
prevent the usage of specific SELinux labels / contexts as
they will inherit the label / context from its parent
location (e.g the ones from /data/local/tmp). This prevent a
fine control of the SELinux label / context that you would like
to apply on them
* This commit adapts the dlt-daemon in such way:
- application and control sockets are now created inside
/dev/socket which is the standard path for sockets on android
- these sockets are now created by init (see dlt-daemon.rc) and
their fds are recovered by dlt-daemon through a specific android
API (dlt_daemon_unix_android_get_socket). If the fds can't be
recovered, we fallback to the previous mechanism by creating
by ourself the sockets (even if this will prevent SELinux
label / context on this socket)
- all these modifications have been put under compilation flag
for android
Signed-off-by: Sebastien RAILLET <sebastien.raillet@marelli.com>
Diffstat (limited to 'src/daemon/dlt-daemon.c')
-rw-r--r-- | src/daemon/dlt-daemon.c | 143 |
1 files changed, 105 insertions, 38 deletions
diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index 68a51e0..955c231 100644 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -1458,12 +1458,111 @@ static int dlt_daemon_init_vsock(DltDaemonLocal *daemon_local) } #endif +#ifdef DLT_DAEMON_USE_UNIX_SOCKET_IPC +static DltReturnValue dlt_daemon_init_app_socket(DltDaemonLocal *daemon_local) +{ + /* socket access permission set to srw-rw-rw- (666) */ + int mask = S_IXUSR | S_IXGRP | S_IXOTH; + DltReturnValue ret = DLT_RETURN_OK; + int fd = -1; + + if (daemon_local == NULL) { + dlt_vlog(LOG_ERR, "%s: Invalid function parameters\n", __func__); + return DLT_RETURN_ERROR; + } + +#ifdef ANDROID + /* on android if we want to use security contexts on Unix sockets, + * they should be created by init (see dlt-daemon.rc in src/daemon) + * and recovered through the below API */ + ret = dlt_daemon_unix_android_get_socket(&fd, daemon_local->flags.appSockPath); + if (ret < DLT_RETURN_OK) { + /* we failed to get app socket created by init. + * To avoid blocking users to launch dlt-daemon only through + * init on android (e.g: by hand for debugging purpose), try to + * create app socket by ourselves */ + ret = dlt_daemon_unix_socket_open(&fd, + daemon_local->flags.appSockPath, + SOCK_STREAM, + mask); + } +#else + ret = dlt_daemon_unix_socket_open(&fd, + daemon_local->flags.appSockPath, + SOCK_STREAM, + mask); +#endif + if (ret == DLT_RETURN_OK) { + if (dlt_connection_create(daemon_local, + &daemon_local->pEvent, + fd, + POLLIN, + DLT_CONNECTION_APP_CONNECT)) { + dlt_log(LOG_CRIT, "Could not create connection for app socket.\n"); + return DLT_RETURN_ERROR; + } + } + else { + dlt_log(LOG_CRIT, "Could not create and open app socket.\n"); + return DLT_RETURN_ERROR; + } + + return ret; +} +#endif + +static DltReturnValue dlt_daemon_initialize_control_socket(DltDaemonLocal *daemon_local) +{ + /* socket access permission set to srw-rw---- (660) */ + int mask = S_IXUSR | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH; + DltReturnValue ret = DLT_RETURN_OK; + int fd = -1; + + if (daemon_local == NULL) { + dlt_vlog(LOG_ERR, "%s: Invalid function parameters\n", __func__); + return -1; + } + +#ifdef ANDROID + /* on android if we want to use security contexts on Unix sockets, + * they should be created by init (see dlt-daemon.rc in src/daemon) + * and recovered through the below API */ + ret = dlt_daemon_unix_android_get_socket(&fd, daemon_local->flags.ctrlSockPath); + if (ret < DLT_RETURN_OK) { + /* we failed to get app socket created by init. + * To avoid blocking users to launch dlt-daemon only through + * init on android (e.g by hand for debugging purpose), try to + * create app socket by ourselves */ + ret = dlt_daemon_unix_socket_open(&fd, + daemon_local->flags.ctrlSockPath, + SOCK_STREAM, + mask); + } +#else + ret = dlt_daemon_unix_socket_open(&fd, + daemon_local->flags.ctrlSockPath, + SOCK_STREAM, + mask); +#endif + if (ret == DLT_RETURN_OK) { + if (dlt_connection_create(daemon_local, + &daemon_local->pEvent, + fd, + POLLIN, + DLT_CONNECTION_CONTROL_CONNECT) < DLT_RETURN_OK) { + dlt_log(LOG_ERR, "Could not initialize control socket.\n"); + ret = DLT_RETURN_ERROR; + } + } + + return ret; +} + int dlt_daemon_local_connection_init(DltDaemon *daemon, DltDaemonLocal *daemon_local, int verbose) { int fd = -1; - int mask = 0; PRINT_FUNCTION_VERBOSE(verbose); @@ -1475,25 +1574,9 @@ int dlt_daemon_local_connection_init(DltDaemon *daemon, DltBindAddress_t *head = daemon_local->flags.ipNodes; #ifdef DLT_DAEMON_USE_UNIX_SOCKET_IPC - /* create and open socket to receive incoming connections from user application - * socket access permission set to srw-rw-rw- (666) */ - mask = S_IXUSR | S_IXGRP | S_IXOTH; - - if (dlt_daemon_unix_socket_open(&fd, - daemon_local->flags.appSockPath, - SOCK_STREAM, - mask) == DLT_RETURN_OK) { - if (dlt_connection_create(daemon_local, - &daemon_local->pEvent, - fd, - POLLIN, - DLT_CONNECTION_APP_CONNECT)) { - dlt_log(LOG_CRIT, "Could not initialize app socket.\n"); - return DLT_RETURN_ERROR; - } - } - else { - dlt_log(LOG_CRIT, "Could not initialize app socket.\n"); + /* create and open socket to receive incoming connections from user application */ + if (dlt_daemon_init_app_socket(daemon_local) < DLT_RETURN_OK) { + dlt_log(LOG_ERR, "Unable to initialize app socket.\n"); return DLT_RETURN_ERROR; } @@ -1570,24 +1653,8 @@ int dlt_daemon_local_connection_init(DltDaemon *daemon, #endif /* create and open unix socket to receive incoming connections from - * control application - * socket access permission set to srw-rw---- (660) */ - mask = S_IXUSR | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH; - - if (dlt_daemon_unix_socket_open(&fd, - daemon_local->flags.ctrlSockPath, - SOCK_STREAM, - mask) == DLT_RETURN_OK) { - if (dlt_connection_create(daemon_local, - &daemon_local->pEvent, - fd, - POLLIN, - DLT_CONNECTION_CONTROL_CONNECT)) { - dlt_log(LOG_ERR, "Could not initialize control socket.\n"); - return DLT_RETURN_ERROR; - } - } - else { + * control application */ + if (dlt_daemon_initialize_control_socket(daemon_local) < DLT_RETURN_OK) { dlt_log(LOG_ERR, "Could not initialize control socket.\n"); return DLT_RETURN_ERROR; } |