diff --git a/include/cutils/qtaguid.h b/include/cutils/qtaguid.h new file mode 100644 index 000000000..e6d61e639 --- /dev/null +++ b/include/cutils/qtaguid.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __CUTILS_QTAGUID_H +#define __CUTILS_QTAGUID_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Set tags (and owning UIDs) for network sockets. +*/ +extern int qtaguid_tagSocket(int sockfd, int tag, uid_t uid); + +/* + * Untag a network socket before closing. +*/ +extern int qtaguid_untagSocket(int sockfd); + +#ifdef __cplusplus +} +#endif + +#endif /* __CUTILS_QTAG_UID_H */ diff --git a/libcutils/Android.mk b/libcutils/Android.mk index 5f38bf6a4..283a6bf73 100644 --- a/libcutils/Android.mk +++ b/libcutils/Android.mk @@ -110,7 +110,7 @@ else #!sim # ======================================================== include $(CLEAR_VARS) LOCAL_MODULE := libcutils -LOCAL_SRC_FILES := $(commonSources) ashmem-dev.c mq.c android_reboot.c uevent.c +LOCAL_SRC_FILES := $(commonSources) ashmem-dev.c mq.c android_reboot.c uevent.c qtaguid.c ifeq ($(TARGET_ARCH),arm) LOCAL_SRC_FILES += arch-arm/memset32.S diff --git a/libcutils/qtaguid.c b/libcutils/qtaguid.c new file mode 100644 index 000000000..218a21f13 --- /dev/null +++ b/libcutils/qtaguid.c @@ -0,0 +1,67 @@ +/* libcutils/qtaguid.c +** +** Copyright 2011, The Android Open Source Project +** +** Licensed under the Apache License, Version 2.0 (the "License"); +** you may not use this file except in compliance with the License. +** You may obtain a copy of the License at +** +** http://www.apache.org/licenses/LICENSE-2.0 +** +** Unless required by applicable law or agreed to in writing, software +** distributed under the License is distributed on an "AS IS" BASIS, +** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +** See the License for the specific language governing permissions and +** limitations under the License. +*/ + +#define LOG_TAG "qtaguid" + +#include +#include +#include +#include +#include +#include +#include + +extern int qtaguid_tagSocket(int sockfd, int tag, uid_t uid) { + char lineBuf[128]; + int fd, cnt = 0, res = 0; + uint64_t kTag = (uint64_t)tag << 32; + snprintf(lineBuf, sizeof(lineBuf), "t %d %llu %d", sockfd, kTag, uid); + + LOGI("Tagging socket %d with tag %llx(%d) for uid %d", sockfd, kTag, tag, uid); + fd = open("/proc/net/xt_qtaguid/ctrl", O_WRONLY); + if (fd < 0) { + return -errno; + } + + cnt = write(fd, lineBuf, strlen(lineBuf)); + if (cnt < 0) { + res = -errno; + } + + close(fd); + return res; +} + +extern int qtaguid_untagSocket(int sockfd) { + char lineBuf[128]; + int fd, cnt = 0, res = 0; + snprintf(lineBuf, sizeof(lineBuf), "u %d", sockfd); + + LOGI("Untagging socket %d", sockfd); + fd = open("/proc/net/xt_qtaguid/ctrl", O_WRONLY); + if (fd < 0) { + return -errno; + } + + cnt = write(fd, lineBuf, strlen(lineBuf)); + if (cnt < 0) { + res = -errno; + } + + close(fd); + return res; +}