1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "sandboxed_api/var_int.h"
16
17 #include <unistd.h>
18
19 #include "absl/log/log.h"
20 #include "absl/status/status.h"
21 #include "sandboxed_api/rpcchannel.h"
22 #include "sandboxed_api/util/status_macros.h"
23
24 namespace sapi::v {
25
~Fd()26 Fd::~Fd() {
27 if (GetFreeRPCChannel() && GetRemoteFd() >= 0 && own_remote_) {
28 this->CloseRemoteFd(GetFreeRPCChannel()).IgnoreError();
29 }
30 if (GetValue() >= 0 && own_local_) {
31 CloseLocalFd();
32 }
33 }
34
CloseRemoteFd(RPCChannel * rpc_channel)35 absl::Status Fd::CloseRemoteFd(RPCChannel* rpc_channel) {
36 SAPI_RETURN_IF_ERROR(rpc_channel->Close(GetRemoteFd()));
37
38 SetRemoteFd(-1);
39 return absl::OkStatus();
40 }
41
CloseLocalFd()42 void Fd::CloseLocalFd() {
43 if (GetValue() < 0) {
44 return;
45 }
46 if (close(GetValue()) != 0) {
47 PLOG(WARNING) << "close(" << GetValue() << ") failed";
48 }
49
50 SetValue(-1);
51 }
52
TransferToSandboxee(RPCChannel * rpc_channel,pid_t)53 absl::Status Fd::TransferToSandboxee(RPCChannel* rpc_channel, pid_t /* pid */) {
54 int remote_fd;
55
56 SetFreeRPCChannel(rpc_channel);
57 OwnRemoteFd(true);
58
59 if (GetValue() < 0) {
60 return absl::FailedPreconditionError(
61 "Cannot transfer FD: Local FD not valid");
62 }
63
64 if (GetRemoteFd() >= 0) {
65 return absl::FailedPreconditionError(
66 "Cannot transfer FD: Sandboxee already has a valid FD");
67 }
68
69 SAPI_RETURN_IF_ERROR(rpc_channel->SendFD(GetValue(), &remote_fd));
70 SetRemoteFd(remote_fd);
71
72 return absl::OkStatus();
73 }
74
TransferFromSandboxee(RPCChannel * rpc_channel,pid_t)75 absl::Status Fd::TransferFromSandboxee(RPCChannel* rpc_channel,
76 pid_t /* pid */) {
77 int local_fd;
78
79 SetFreeRPCChannel(rpc_channel);
80 OwnRemoteFd(false);
81
82 if (GetValue()) {
83 return absl::FailedPreconditionError(
84 "Cannot transfer FD back: Our FD is already valid");
85 }
86
87 if (GetRemoteFd() < 0) {
88 return absl::FailedPreconditionError(
89 "Cannot transfer FD back: Sandboxee has no valid FD");
90 }
91
92 SAPI_RETURN_IF_ERROR(rpc_channel->RecvFD(GetRemoteFd(), &local_fd));
93 SetValue(local_fd);
94
95 return absl::OkStatus();
96 }
97
98 } // namespace sapi::v
99