CharonVpnService provides a function to get trusted certificates via JNI
[strongswan.git] / src / frontends / android / jni / libandroidbridge / charonservice.c
index c865549..ac6df0d 100644 (file)
  * for more details.
  */
 
+#include <signal.h>
 #include <string.h>
 #include <android/log.h>
 
 #include "charonservice.h"
 #include "android_jni.h"
+#include "kernel/android_ipsec.h"
+#include "kernel/android_net.h"
 
 #include <daemon.h>
 #include <hydra.h>
 #include <ipsec.h>
 #include <library.h>
+#include <threading/thread.h>
+
+#define ANDROID_DEBUG_LEVEL 1
 
 typedef struct private_charonservice_t private_charonservice_t;
 
@@ -37,6 +43,11 @@ struct private_charonservice_t {
         * public interface
         */
        charonservice_t public;
+
+       /**
+        * CharonVpnService reference
+        */
+       jobject vpn_service;
 };
 
 /**
@@ -56,10 +67,11 @@ static void dbg_android(debug_t group, level_t level, char *fmt, ...)
 {
        va_list args;
 
-       if (level <= 4)
+       if (level <= ANDROID_DEBUG_LEVEL)
        {
                char sgroup[16], buffer[8192];
                char *current = buffer, *next;
+
                snprintf(sgroup, sizeof(sgroup), "%N", debug_names, group);
                va_start(args, fmt);
                vsnprintf(buffer, sizeof(buffer), fmt, args);
@@ -78,36 +90,164 @@ static void dbg_android(debug_t group, level_t level, char *fmt, ...)
        }
 }
 
+METHOD(charonservice_t, update_status, bool,
+       private_charonservice_t *this, android_vpn_state_t code)
+{
+       JNIEnv *env;
+       jmethodID method_id;
+       bool success = FALSE;
+
+       androidjni_attach_thread(&env);
+
+       method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
+                                                                       "updateStatus", "(I)V");
+       if (!method_id)
+       {
+               goto failed;
+       }
+       (*env)->CallVoidMethod(env, this->vpn_service, method_id, (jint)code);
+       success = !androidjni_exception_occurred(env);
+
+failed:
+       androidjni_exception_occurred(env);
+       androidjni_detach_thread();
+       return success;
+}
+
+METHOD(charonservice_t, bypass_socket, bool,
+       private_charonservice_t *this, int fd, int family)
+{
+       JNIEnv *env;
+       jmethodID method_id;
+
+       androidjni_attach_thread(&env);
+
+       method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
+                                                                       "protect", "(I)Z");
+       if (!method_id)
+       {
+               goto failed;
+       }
+       if (!(*env)->CallBooleanMethod(env, this->vpn_service, method_id, fd))
+       {
+               DBG1(DBG_CFG, "VpnService.protect() failed");
+               goto failed;
+       }
+       androidjni_detach_thread();
+       return TRUE;
+
+failed:
+       androidjni_exception_occurred(env);
+       androidjni_detach_thread();
+       return FALSE;
+}
+
+METHOD(charonservice_t, get_trusted_certificates, linked_list_t*,
+       private_charonservice_t *this)
+{
+       JNIEnv *env;
+       jmethodID method_id;
+       jobjectArray jcerts;
+       linked_list_t *list;
+       jsize i;
+
+       androidjni_attach_thread(&env);
+
+       method_id = (*env)->GetMethodID(env,
+                                               android_charonvpnservice_class,
+                                               "getTrustedCertificates", "(Ljava/lang/String;)[[B");
+       if (!method_id)
+       {
+               goto failed;
+       }
+       jcerts = (*env)->CallObjectMethod(env, this->vpn_service, method_id, NULL);
+       if (!jcerts)
+       {
+               goto failed;
+       }
+       list = linked_list_create();
+       for (i = 0; i < (*env)->GetArrayLength(env, jcerts); ++i)
+       {
+               chunk_t *ca_cert;
+               jbyteArray jcert;
+
+               ca_cert = malloc_thing(chunk_t);
+               list->insert_last(list, ca_cert);
+
+               jcert = (*env)->GetObjectArrayElement(env, jcerts, i);
+               *ca_cert = chunk_alloc((*env)->GetArrayLength(env, jcert));
+               (*env)->GetByteArrayRegion(env, jcert, 0, ca_cert->len, ca_cert->ptr);
+               (*env)->DeleteLocalRef(env, jcert);
+       }
+       (*env)->DeleteLocalRef(env, jcerts);
+       androidjni_detach_thread();
+       return list;
+
+failed:
+       androidjni_exception_occurred(env);
+       androidjni_detach_thread();
+       return NULL;
+}
+
 /**
  * Initialize the charonservice object
  */
-static void charonservice_init()
+static void charonservice_init(JNIEnv *env, jobject service)
 {
        private_charonservice_t *this;
+       static plugin_feature_t features[] = {
+               PLUGIN_CALLBACK(kernel_net_register, kernel_android_net_create),
+                       PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
+               PLUGIN_CALLBACK(kernel_ipsec_register, kernel_android_ipsec_create),
+                       PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+       };
 
        INIT(this,
                .public = {
+                       .update_status = _update_status,
+                       .bypass_socket = _bypass_socket,
+                       .get_trusted_certificates = _get_trusted_certificates,
                },
+               .vpn_service = (*env)->NewGlobalRef(env, service),
        );
        charonservice = &this->public;
+
+       lib->plugins->add_static_features(lib->plugins, "androidbridge", features,
+                                                                         countof(features), TRUE);
+
+       lib->settings->set_int(lib->settings,
+                                       "charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
 }
 
 /**
  * Deinitialize the charonservice object
  */
-static void charonservice_deinit()
+static void charonservice_deinit(JNIEnv *env)
 {
        private_charonservice_t *this = (private_charonservice_t*)charonservice;
 
+       (*env)->DeleteGlobalRef(env, this->vpn_service);
        free(this);
        charonservice = NULL;
 }
 
 /**
+ * Handle SIGSEGV/SIGILL signals raised by threads
+ */
+static void segv_handler(int signal)
+{
+       dbg_android(DBG_DMN, 1, "thread %u received %d", thread_current_id(),
+                               signal);
+       exit(1);
+}
+
+/**
  * Initialize charon and the libraries via JNI
  */
 JNI_METHOD(CharonVpnService, initializeCharon, void)
 {
+       struct sigaction action;
+
        /* logging for library during initialization, as we have no bus yet */
        dbg = dbg_android;
 
@@ -133,19 +273,29 @@ JNI_METHOD(CharonVpnService, initializeCharon, void)
                return;
        }
 
-       charonservice_init();
+       charonservice_init(env, this);
 
        if (!libcharon_init("charon") ||
                !charon->initialize(charon, PLUGINS))
        {
                libcharon_deinit();
-               charonservice_deinit();
+               charonservice_deinit(env);
                libipsec_deinit();
                libhydra_deinit();
                library_deinit();
                return;
        }
 
+       /* add handler for SEGV and ILL etc. */
+       action.sa_handler = segv_handler;
+       action.sa_flags = 0;
+       sigemptyset(&action.sa_mask);
+       sigaction(SIGSEGV, &action, NULL);
+       sigaction(SIGILL, &action, NULL);
+       sigaction(SIGBUS, &action, NULL);
+       action.sa_handler = SIG_IGN;
+       sigaction(SIGPIPE, &action, NULL);
+
        /* start daemon (i.e. the threads in the thread-pool) */
        charon->start(charon);
 }
@@ -156,7 +306,7 @@ JNI_METHOD(CharonVpnService, initializeCharon, void)
 JNI_METHOD(CharonVpnService, deinitializeCharon, void)
 {
        libcharon_deinit();
-       charonservice_deinit();
+       charonservice_deinit(env);
        libipsec_deinit();
        libhydra_deinit();
        library_deinit();