// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "brillo/process.h"
#include <fcntl.h>
#include <signal.h>
#include <stdint.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <map>
#include <memory>
#include <base/files/file_util.h>
#include <base/logging.h>
#include <base/memory/ptr_util.h>
#include <base/posix/eintr_wrapper.h>
#include <base/process/process_metrics.h>
#include <base/strings/string_number_conversions.h>
#include <base/strings/string_util.h>
#include <base/time/time.h>
#ifndef __linux__
#define setresuid(_u1, _u2, _u3) setreuid(_u1, _u2)
#define setresgid(_g1, _g2, _g3) setregid(_g1, _g2)
#endif // !__linux__
namespace brillo {
bool ReturnTrue() {
return true;
}
Process::Process() {
}
Process::~Process() {
}
bool Process::ProcessExists(pid_t pid) {
return base::DirectoryExists(
base::FilePath(base::StringPrintf("/proc/%d", pid)));
}
ProcessImpl::ProcessImpl()
: pid_(0),
uid_(-1),
gid_(-1),
pre_exec_(base::Bind(&ReturnTrue)),
search_path_(false),
inherit_parent_signal_mask_(false),
close_unused_file_descriptors_(false) {
}
ProcessImpl::~ProcessImpl() {
Reset(0);
}
void ProcessImpl::AddArg(const std::string& arg) {
arguments_.push_back(arg);
}
void ProcessImpl::RedirectOutput(const std::string& output_file) {
output_file_ = output_file;
}
void ProcessImpl::RedirectUsingPipe(int child_fd, bool is_input) {
PipeInfo info;
info.is_input_ = is_input;
info.is_bound_ = false;
pipe_map_[child_fd] = info;
}
void ProcessImpl::BindFd(int parent_fd, int child_fd) {
PipeInfo info;
info.is_bound_ = true;
// info.child_fd_ is the 'child half' of the pipe, which gets dup2()ed into
// place over child_fd. Since we already have the child we want to dup2() into
// place, we can set info.child_fd_ to parent_fd and leave info.parent_fd_
// invalid.
info.child_fd_ = parent_fd;
info.parent_fd_ = -1;
pipe_map_[child_fd] = info;
}
void ProcessImpl::SetCloseUnusedFileDescriptors(bool close_unused_fds) {
close_unused_file_descriptors_ = close_unused_fds;
}
void ProcessImpl::SetUid(uid_t uid) {
uid_ = uid;
}
void ProcessImpl::SetGid(gid_t gid) {
gid_ = gid;
}
void ProcessImpl::SetCapabilities(uint64_t /*capmask*/) {
// No-op, since ProcessImpl does not support sandboxing.
return;
}
void ProcessImpl::ApplySyscallFilter(const std::string& /*path*/) {
// No-op, since ProcessImpl does not support sandboxing.
return;
}
void ProcessImpl::EnterNewPidNamespace() {
// No-op, since ProcessImpl does not support sandboxing.
return;
}
void ProcessImpl::SetInheritParentSignalMask(bool inherit) {
inherit_parent_signal_mask_ = inherit;
}
void ProcessImpl::SetPreExecCallback(const PreExecCallback& cb) {
pre_exec_ = cb;
}
void ProcessImpl::SetSearchPath(bool search_path) {
search_path_ = search_path;
}
int ProcessImpl::GetPipe(int child_fd) {
PipeMap::iterator i = pipe_map_.find(child_fd);
if (i == pipe_map_.end())
return -1;
else
return i->second.parent_fd_;
}
bool ProcessImpl::PopulatePipeMap() {
// Verify all target fds are already open. With this assumption we
// can be sure that the pipe fds created below do not overlap with
// any of the target fds which simplifies how we dup2 to them. Note
// that multi-threaded code could close i->first between this loop
// and the next.
for (PipeMap::iterator i = pipe_map_.begin(); i != pipe_map_.end(); ++i) {
struct stat stat_buffer;
if (fstat(i->first, &stat_buffer) < 0) {
int saved_errno = errno;
LOG(ERROR) << "Unable to fstat fd " << i->first << ": " << saved_errno;
return false;
}
}
for (PipeMap::iterator i = pipe_map_.begin(); i != pipe_map_.end(); ++i) {
if (i->second.is_bound_) {
// already have a parent fd, and the child fd gets dup()ed later.
continue;
}
int pipefds[2];
if (pipe(pipefds) < 0) {
int saved_errno = errno;
LOG(ERROR) << "pipe call failed with: " << saved_errno;
return false;
}
if (i->second.is_input_) {
// pipe is an input from the prospective of the child.
i->second.parent_fd_ = pipefds[1];
i->second.child_fd_ = pipefds[0];
} else {
i->second.parent_fd_ = pipefds[0];
i->second.child_fd_ = pipefds[1];
}
}
return true;
}
bool ProcessImpl::IsFileDescriptorInPipeMap(int fd) const {
for (const auto& pipe : pipe_map_) {
if (fd == pipe.second.parent_fd_ ||
fd == pipe.second.child_fd_ ||
fd == pipe.first) {
return true;
}
}
return false;
}
void ProcessImpl::CloseUnusedFileDescriptors() {
size_t max_fds = base::GetMaxFds();
for (size_t i = 0; i < max_fds; i++) {
const int fd = static_cast<int>(i);
// Ignore STD file descriptors.
if (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) {
continue;
}
// Ignore file descriptors used by the PipeMap, they will be handled
// by this process later on.
if (IsFileDescriptorInPipeMap(fd)) {
continue;
}
// Since we're just trying to close anything we can find,
// ignore any error return values of close().
IGNORE_EINTR(close(fd));
}
}
bool ProcessImpl::Start() {
// If no arguments are provided, fail.
if (arguments_.empty()) {
return false;
}
std::unique_ptr<char* []> argv =
base::MakeUnique<char* []>(arguments_.size() + 1);
for (size_t i = 0; i < arguments_.size(); ++i)
argv[i] = const_cast<char*>(arguments_[i].c_str());
argv[arguments_.size()] = nullptr;
if (!PopulatePipeMap()) {
LOG(ERROR) << "Failing to start because pipe creation failed";
return false;
}
pid_t pid = fork();
int saved_errno = errno;
if (pid < 0) {
LOG(ERROR) << "Fork failed: " << saved_errno;
Reset(0);
return false;
}
if (pid == 0) {
// Executing inside the child process.
// Close unused file descriptors.
if (close_unused_file_descriptors_) {
CloseUnusedFileDescriptors();
}
// Close parent's side of the child pipes. dup2 ours into place and
// then close our ends.
for (PipeMap::iterator i = pipe_map_.begin(); i != pipe_map_.end(); ++i) {
if (i->second.parent_fd_ != -1)
IGNORE_EINTR(close(i->second.parent_fd_));
// If we want to bind a fd to the same fd in the child, we don't need to
// close and dup2 it.
if (i->second.child_fd_ == i->first)
continue;
HANDLE_EINTR(dup2(i->second.child_fd_, i->first));
}
// Defer the actual close() of the child fd until afterward; this lets the
// same child fd be bound to multiple fds using BindFd. Don't close the fd
// if it was bound to itself.
for (PipeMap::iterator i = pipe_map_.begin(); i != pipe_map_.end(); ++i) {
if (i->second.child_fd_ == i->first)
continue;
IGNORE_EINTR(close(i->second.child_fd_));
}
if (!output_file_.empty()) {
int output_handle = HANDLE_EINTR(open(
output_file_.c_str(), O_CREAT | O_WRONLY | O_TRUNC | O_NOFOLLOW,
0666));
if (output_handle < 0) {
PLOG(ERROR) << "Could not create " << output_file_;
// Avoid exit() to avoid atexit handlers from parent.
_exit(kErrorExitStatus);
}
HANDLE_EINTR(dup2(output_handle, STDOUT_FILENO));
HANDLE_EINTR(dup2(output_handle, STDERR_FILENO));
// Only close output_handle if it does not happen to be one of
// the two standard file descriptors we are trying to redirect.
if (output_handle != STDOUT_FILENO && output_handle != STDERR_FILENO) {
IGNORE_EINTR(close(output_handle));
}
}
if (gid_ != static_cast<gid_t>(-1) && setresgid(gid_, gid_, gid_) < 0) {
int saved_errno = errno;
LOG(ERROR) << "Unable to set GID to " << gid_ << ": " << saved_errno;
_exit(kErrorExitStatus);
}
if (uid_ != static_cast<uid_t>(-1) && setresuid(uid_, uid_, uid_) < 0) {
int saved_errno = errno;
LOG(ERROR) << "Unable to set UID to " << uid_ << ": " << saved_errno;
_exit(kErrorExitStatus);
}
if (!pre_exec_.Run()) {
LOG(ERROR) << "Pre-exec callback failed";
_exit(kErrorExitStatus);
}
// Reset signal mask for the child process if not inheriting signal mask
// from the parent process.
if (!inherit_parent_signal_mask_) {
sigset_t signal_mask;
CHECK_EQ(0, sigemptyset(&signal_mask));
CHECK_EQ(0, sigprocmask(SIG_SETMASK, &signal_mask, nullptr));
}
if (search_path_) {
execvp(argv[0], &argv[0]);
} else {
execv(argv[0], &argv[0]);
}
PLOG(ERROR) << "Exec of " << argv[0] << " failed:";
_exit(kErrorExitStatus);
} else {
// Still executing inside the parent process with known child pid.
arguments_.clear();
UpdatePid(pid);
// Close our copy of child side pipes only if we created those pipes.
for (const auto& i : pipe_map_) {
if (!i.second.is_bound_) {
IGNORE_EINTR(close(i.second.child_fd_));
}
}
}
return true;
}
int ProcessImpl::Wait() {
int status = 0;
if (pid_ == 0) {
LOG(ERROR) << "Process not running";
return -1;
}
if (HANDLE_EINTR(waitpid(pid_, &status, 0)) < 0) {
int saved_errno = errno;
LOG(ERROR) << "Problem waiting for pid " << pid_ << ": " << saved_errno;
return -1;
}
pid_t old_pid = pid_;
// Update the pid to 0 - do not Reset as we do not want to try to
// kill the process that has just exited.
UpdatePid(0);
if (!WIFEXITED(status)) {
DCHECK(WIFSIGNALED(status)) << old_pid
<< " neither exited, nor died on a signal?";
LOG(ERROR) << "Process " << old_pid
<< " did not exit normally: " << WTERMSIG(status);
return -1;
}
return WEXITSTATUS(status);
}
int ProcessImpl::Run() {
if (!Start()) {
return -1;
}
return Wait();
}
pid_t ProcessImpl::pid() {
return pid_;
}
bool ProcessImpl::Kill(int signal, int timeout) {
if (pid_ == 0) {
// Passing pid == 0 to kill is committing suicide. Check specifically.
LOG(ERROR) << "Process not running";
return false;
}
if (kill(pid_, signal) < 0) {
PLOG(ERROR) << "Unable to send signal to " << pid_;
return false;
}
base::TimeTicks start_signal = base::TimeTicks::Now();
do {
int status = 0;
pid_t w = waitpid(pid_, &status, WNOHANG);
if (w < 0) {
if (errno == ECHILD)
return true;
PLOG(ERROR) << "Waitpid returned " << w;
return false;
}
if (w > 0) {
Reset(0);
return true;
}
usleep(100);
} while ((base::TimeTicks::Now() - start_signal).InSecondsF() <= timeout);
LOG(INFO) << "process " << pid_ << " did not exit from signal " << signal
<< " in " << timeout << " seconds";
return false;
}
void ProcessImpl::UpdatePid(pid_t new_pid) {
pid_ = new_pid;
}
void ProcessImpl::Reset(pid_t new_pid) {
arguments_.clear();
// Close our side of all pipes to this child giving the child to
// handle sigpipes and shutdown nicely, though likely it won't
// have time.
for (PipeMap::iterator i = pipe_map_.begin(); i != pipe_map_.end(); ++i)
IGNORE_EINTR(close(i->second.parent_fd_));
pipe_map_.clear();
if (pid_)
Kill(SIGKILL, 0);
UpdatePid(new_pid);
}
bool ProcessImpl::ResetPidByFile(const std::string& pid_file) {
std::string contents;
if (!base::ReadFileToString(base::FilePath(pid_file), &contents)) {
LOG(ERROR) << "Could not read pid file" << pid_file;
return false;
}
base::TrimWhitespaceASCII(contents, base::TRIM_TRAILING, &contents);
int64_t pid_int64 = 0;
if (!base::StringToInt64(contents, &pid_int64)) {
LOG(ERROR) << "Unexpected pid file contents";
return false;
}
Reset(pid_int64);
return true;
}
pid_t ProcessImpl::Release() {
pid_t old_pid = pid_;
pid_ = 0;
return old_pid;
}
} // namespace brillo