xref: /aosp_15_r20/external/sandboxed-api/sandboxed_api/sandbox2/network_proxy/server.h (revision ec63e07ab9515d95e79c211197c445ef84cefa6a) 
1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #ifndef SANDBOXED_API_SANDBOX2_NETWORK_PROXY_SERVER_H_
16 #define SANDBOXED_API_SANDBOX2_NETWORK_PROXY_SERVER_H_
17 
18 #include <pthread.h>
19 
20 #include <atomic>
21 #include <memory>
22 #include <string>
23 
24 #include "sandboxed_api/sandbox2/comms.h"
25 #include "sandboxed_api/sandbox2/network_proxy/filtering.h"
26 
27 namespace sandbox2 {
28 
29 // This is a proxy server that spawns connected sockets on requests.
30 // Then it sends the file descriptor to the requestor. It is used to get around
31 // limitations created by network namespaces. It also contains a set of rules
32 // of allowed hosts.
33 class NetworkProxyServer {
34  public:
35   NetworkProxyServer(int fd, AllowedHosts* allowed_hosts,
36                      pthread_t monitor_thread_id);
37 
38   NetworkProxyServer(const NetworkProxyServer&) = delete;
39   NetworkProxyServer& operator=(const NetworkProxyServer&) = delete;
40 
41   // Starts handling incoming connection requests.
42   void Run();
43 
44   // When the network rules were violated violation_occurred_ is set and
45   // violation_msg_ contains details about the host.
46   std::atomic<bool> violation_occurred_;
47   std::string violation_msg_;
48 
49  private:
50   // Notifies the network proxy client about the error and sends its code.
51   void SendError(int saved_errno);
52 
53   // Notifies the network proxy client that no error occurred.
54   void NotifySuccess();
55 
56   // Serves connection requests from the network proxy client.
57   void ProcessConnectRequest();
58 
59   // Throw a violation when the network rules are subverted.
60   void NotifyViolation(const struct sockaddr* saddr);
61 
62   std::unique_ptr<Comms> comms_;
63   bool fatal_error_;
64   pthread_t monitor_thread_id_;
65 
66   // Contains list of allowed to connect hosts.
67   AllowedHosts* allowed_hosts_;
68 };
69 
70 }  // namespace sandbox2
71 
72 #endif  // SANDBOXED_API_SANDBOX2_NETWORK_PROXY_SERVER_H_
73