int daemon_main(int argc, char *argv[])
{
int opt;
bool fork_flag = false;
bool replace_flag = false;
bool patch_sepolicy = true;
enum {
OPT_ALLOW_ROOT_CLIENT = 1000,
OPT_NO_PATCH_SEPOLICY = 1001,
OPT_SIGSTOP_WHEN_READY = 1002,
OPT_LOG_TO_KMSG = 1003,
OPT_LOG_TO_STDIO = 1004,
OPT_NO_UNSHARE = 1005,
};
static struct option long_options[] = {
{"daemonize", no_argument, 0, 'd'},
{"replace", no_argument, 0, 'r'},
{"help", no_argument, 0, 'h'},
{"allow-root-client", no_argument, 0, OPT_ALLOW_ROOT_CLIENT},
{"no-patch-sepolicy", no_argument, 0, OPT_NO_PATCH_SEPOLICY},
{"sigstop-when-ready", no_argument, 0, OPT_SIGSTOP_WHEN_READY},
{"log-to-kmsg", no_argument, 0, OPT_LOG_TO_KMSG},
{"log-to-stdio", no_argument, 0, OPT_LOG_TO_STDIO},
{"no-unshare", no_argument, 0, OPT_NO_UNSHARE},
{0, 0, 0, 0}
};
int long_index = 0;
while ((opt = getopt_long(argc, argv, "drh", long_options, &long_index)) != -1) {
switch (opt) {
case 'd':
fork_flag = true;
break;
case 'r':
replace_flag = true;
break;
case 'h':
daemon_usage(0);
return EXIT_SUCCESS;
case OPT_ALLOW_ROOT_CLIENT:
allow_root_client = true;
break;
case OPT_NO_PATCH_SEPOLICY:
patch_sepolicy = false;
break;
case OPT_SIGSTOP_WHEN_READY:
sigstop_when_ready = true;
break;
case OPT_LOG_TO_KMSG:
log_to_kmsg = true;
break;
case OPT_LOG_TO_STDIO:
log_to_stdio = true;
break;
case OPT_NO_UNSHARE:
no_unshare = true;
break;
default:
daemon_usage(1);
return EXIT_FAILURE;
}
}
// There should be no other arguments
if (argc - optind != 0) {
daemon_usage(1);
return EXIT_FAILURE;
}
if (!no_unshare && unshare(CLONE_NEWNS) < 0) {
fprintf(stderr, "unshare() failed: %s\n", strerror(errno));
return EXIT_FAILURE;
}
if (patch_sepolicy) {
patch_loaded_sepolicy(SELinuxPatch::MAIN);
}
if (!switch_context(MB_EXEC_CONTEXT)) {
fprintf(stderr, "Failed to switch context; %s may not run properly",
argv[0]);
}
if (replace_flag) {
PROCTAB *proc = openproc(PROC_FILLCOM | PROC_FILLSTAT);
if (proc) {
pid_t curpid = getpid();
while (proc_t *info = readproc(proc, nullptr)) {
// NOTE: Can't check 'strcmp(info->cmd, "mbtool") == 0' (which
// is the basename of /proc/<pid>/cmd) because the binary is not
// always called "mbtool". For example, when run via SignedExec,
// it's just called "binary".
// If we can read the cmdline and argc >= 2
if (info->cmdline && info->cmdline[0] && info->cmdline[1]) {
const char *name = strrchr(info->cmdline[0], '/');
if (name) {
++name;
} else {
name = info->cmdline[0];
}
if (strcmp(name, "mbtool") == 0 // This is mbtool
&& strstr(info->cmdline[1], "daemon") // And it's a daemon process
&& info->tid != curpid) { // And we're not killing ourself
// Kill the daemon process
LOGV("Killing PID %d", info->tid);
kill(info->tid, SIGTERM);
}
}
freeproc(info);
}
closeproc(proc);
}
// Give processes a chance to exit
usleep(500000);
}
if (fork_flag) {
run_daemon_fork();
} else {
return (daemon_init() && run_daemon())
? EXIT_SUCCESS : EXIT_FAILURE;
}
}
int daemon_main(int argc, char *argv[])
{
int opt;
bool fork_flag = false;
bool replace_flag = false;
static struct option long_options[] = {
{"daemonize", no_argument, 0, 'd'},
{"replace", no_argument, 0, 'r'},
{"help", no_argument, 0, 'h'},
{0, 0, 0, 0}
};
int long_index = 0;
while ((opt = getopt_long(argc, argv, "drh", long_options, &long_index)) != -1) {
switch (opt) {
case 'd':
fork_flag = true;
break;
case 'r':
replace_flag = true;
break;
case 'h':
daemon_usage(0);
return EXIT_SUCCESS;
default:
daemon_usage(1);
return EXIT_FAILURE;
}
}
// There should be no other arguments
if (argc - optind != 0) {
daemon_usage(1);
return EXIT_FAILURE;
}
// Patch SELinux policy to make init permissive
patch_loaded_sepolicy();
// Allow untrusted_app to connect to our daemon
patch_sepolicy_daemon();
// Set version property if we're the system mbtool (i.e. launched by init)
// Possible to override this with another program by double forking, letting
// 2nd child reparent to init, and then calling execve("/mbtool", ...), but
// meh ...
if (getppid() == 1) {
if (!util::set_property("ro.multiboot.version", get_mbtool_version())) {
std::printf("Failed to set 'ro.multiboot.version' to '%s'\n",
get_mbtool_version());
}
}
if (replace_flag) {
PROCTAB *proc = openproc(PROC_FILLCOM | PROC_FILLSTAT);
if (proc) {
pid_t curpid = getpid();
while (proc_t *info = readproc(proc, nullptr)) {
if (strcmp(info->cmd, "mbtool") == 0 // This is mbtool
&& info->cmdline // And we can see the command line
&& info->cmdline[1] // And argc > 1
&& strstr(info->cmdline[1], "daemon") // And it's a daemon process
&& info->tid != curpid) { // And we're not killing ourself
// Kill the daemon process
std::printf("Killing PID %d\n", info->tid);
kill(info->tid, SIGTERM);
}
freeproc(info);
}
closeproc(proc);
}
// Give processes a chance to exit
usleep(500000);
}
// Set up logging
if (!util::mkdir_parent(MULTIBOOT_LOG_DAEMON, 0775) && errno != EEXIST) {
fprintf(stderr, "Failed to create parent directory of %s: %s\n",
MULTIBOOT_LOG_DAEMON, strerror(errno));
return EXIT_FAILURE;
}
autoclose::file fp(autoclose::fopen(MULTIBOOT_LOG_DAEMON, "w"));
if (!fp) {
fprintf(stderr, "Failed to open log file %s: %s\n",
MULTIBOOT_LOG_DAEMON, strerror(errno));
return EXIT_FAILURE;
}
fix_multiboot_permissions();
// mbtool logging
log::log_set_logger(std::make_shared<log::StdioLogger>(fp.get(), true));
if (fork_flag) {
run_daemon_fork();
} else {
return run_daemon() ? EXIT_SUCCESS : EXIT_FAILURE;
}
}
