xref: /aosp_15_r20/external/sandboxed-api/sandboxed_api/sandbox2/network_proxy/client.h (revision ec63e07ab9515d95e79c211197c445ef84cefa6a) 
1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef SANDBOXED_API_SANDBOX2_NETWORK_PROXY_CLIENT_H_
16 #define SANDBOXED_API_SANDBOX2_NETWORK_PROXY_CLIENT_H_
17 
18 #include <sys/socket.h>
19 
20 #include <cstdint>
21 
22 #include "absl/status/status.h"
23 #include "absl/synchronization/mutex.h"
24 #include "sandboxed_api/sandbox2/comms.h"
25 #include "sandboxed_api/sandbox2/util/syscall_trap.h"
26 
27 namespace sandbox2 {
28 
29 class NetworkProxyClient {
30  public:
31   static constexpr char kFDName[] = "sb2_networkproxy";
32 
NetworkProxyClient(int fd)33   explicit NetworkProxyClient(int fd) : comms_(fd) {}
34 
35   NetworkProxyClient(const NetworkProxyClient&) = delete;
36   NetworkProxyClient& operator=(const NetworkProxyClient&) = delete;
37 
38   // Establishes a new network connection with semantics similar to a regular
39   // connect() call. Arguments are sent to network proxy server, which sends
40   // back a connected socket.
41   absl::Status Connect(int sockfd, const struct sockaddr* addr,
42                        socklen_t addrlen);
43  private:
44   Comms comms_;
45   absl::Status ReceiveRemoteResult();
46 
47   // Needed to make the Proxy thread safe.
48   absl::Mutex mutex_;
49 };
50 
51 class NetworkProxyHandler {
52  public:
53   // Installs the handler that redirects connect() syscalls to the trap
54   // function. This function exchanges data with NetworkProxyServer that checks
55   // if this connection is allowed and sends the connected socket to us.
56   static absl::Status InstallNetworkProxyHandler(NetworkProxyClient* npc);
57 
58   static bool ProcessSeccompTrap(int nr, SyscallTrap::Args args, uintptr_t* rv);
59 
60   static NetworkProxyClient* network_proxy_client_;
61 };
62 
63 }  // namespace sandbox2
64 
65 #endif  // SANDBOXED_API_SANDBOX2_NETWORK_PROXY_CLIENT_H_
66