1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <sys/resource.h>
20 #include <sys/types.h>
21 
22 #include <optional>
23 #include <string>
24 #include <vector>
25 
26 #include <android-base/unique_fd.h>
27 #include <cutils/iosched_policy.h>
28 
29 #include "mount_namespace.h"
30 #include "result.h"
31 
32 namespace android {
33 namespace init {
34 
35 class Descriptor {
36   public:
Descriptor(const std::string & name,android::base::unique_fd fd)37     Descriptor(const std::string& name, android::base::unique_fd fd)
38         : name_(name), fd_(std::move(fd)){};
39 
40     // Publish() unsets FD_CLOEXEC from the FD and publishes its name via setenv().  It should be
41     // called when starting a service after fork() and before exec().
42     void Publish() const;
43 
44   private:
45     std::string name_;
46     android::base::unique_fd fd_;
47 };
48 
49 struct SocketDescriptor {
50     std::string name;
51     int type = 0;
52     uid_t uid = 0;
53     gid_t gid = 0;
54     int perm = 0;
55     std::string context;
56     bool passcred = false;
57 
58     // Create() creates the named unix domain socket in /dev/socket and returns a Descriptor object.
59     // It should be called when starting a service, before calling fork(), such that the socket is
60     // synchronously created before starting any other services, which may depend on it.
61     Result<Descriptor> Create(const std::string& global_context) const;
62 };
63 
64 struct FileDescriptor {
65     std::string name;
66     std::string type;
67 
68     Result<Descriptor> Create() const;
69 };
70 
71 struct NamespaceInfo {
72     int flags;
73     // Pair of namespace type, path to name.
74     std::vector<std::pair<int, std::string>> namespaces_to_enter;
75 };
76 Result<void> EnterNamespaces(const NamespaceInfo& info, const std::string& name,
77                              std::optional<MountNamespace> override_mount_namespace);
78 
79 struct ProcessAttributes {
80     std::string console;
81     IoSchedClass ioprio_class;
82     int ioprio_pri;
83     std::vector<std::pair<int, rlimit>> rlimits;
84     uid_t uid;
85     gid_t gid;
86     std::vector<gid_t> supp_gids;
87     int priority;
88     bool stdio_to_kmsg;
89 };
90 Result<void> SetProcessAttributes(const ProcessAttributes& attr);
91 
92 Result<void> WritePidToFiles(std::vector<std::string>* files);
93 
94 }  // namespace init
95 }  // namespace android
96