Farhan/openssh
| Revision | 721b075c99229747ef85cc53d5883a9138ebd42f (tree) |
|---|---|
| Time | 2017-10-19 07:08:36 |
| Author | Tomasz Wiszkowski <ender@goog...> |
| Commiter | Tomasz Wiszkowski |
Allow SSH to function with more strict android network stack.
This change relocates SSH listening port to external network namespace,
that is not under direct android supervision. SSH is functional even when
ssh_key_fetcher is not.
Test: manual
BUG=67899876
Change-Id: Ia729103d7bf0ec84abb5969d8b4edf733e525702
Android.mk (diff)
sshd.c (diff)| @@ -258,6 +258,9 @@ LOCAL_SRC_FILES := \ | ||
| 258 | 258 | LOCAL_MODULE := sshd |
| 259 | 259 | |
| 260 | 260 | LOCAL_CFLAGS += -Wno-unused-parameter |
| 261 | +ifneq ($(filter gce_x86 calypso, $(TARGET_DEVICE)),) | |
| 262 | +LOCAL_CFLAGS += -DANDROID_GCE $(GCE_VERSION_CFLAGS) | |
| 263 | +endif | |
| 261 | 264 | |
| 262 | 265 | LOCAL_C_INCLUDES := \ |
| 263 | 266 | external/zlib \ |
| @@ -1034,9 +1034,44 @@ server_listen(void) | ||
| 1034 | 1034 | ssh_gai_strerror(ret)); |
| 1035 | 1035 | continue; |
| 1036 | 1036 | } |
| 1037 | + | |
| 1038 | +#if defined(ANDROID_GCE) && defined(GCE_PLATFORM_SDK_VERSION) && GCE_PLATFORM_SDK_VERSION >= 28 | |
| 1039 | + /* | |
| 1040 | + * Android GCE specific, bug 67899876 | |
| 1041 | + * Open socket in external namespace, making it possible to serve SSH | |
| 1042 | + * connections regardless of internal interface states. | |
| 1043 | + */ | |
| 1044 | + int outerfd = open("/var/run/netns/outer.net", O_RDONLY); | |
| 1045 | + int androidfd = open("/var/run/netns/android.net", O_RDONLY); | |
| 1046 | + if (outerfd > 0 && androidfd > 0) { | |
| 1047 | + if (setns(outerfd, 0) != 0) { | |
| 1048 | + fprintf(stderr, "Could not set netns: %s\n", | |
| 1049 | + strerror(errno)); | |
| 1050 | + exit(1); | |
| 1051 | + } | |
| 1052 | + } | |
| 1053 | +#endif | |
| 1054 | + | |
| 1037 | 1055 | /* Create socket for listening. */ |
| 1038 | 1056 | listen_sock = socket(ai->ai_family, ai->ai_socktype, |
| 1039 | 1057 | ai->ai_protocol); |
| 1058 | + | |
| 1059 | +#if defined(ANDROID_GCE) && defined(GCE_PLATFORM_SDK_VERSION) && GCE_PLATFORM_SDK_VERSION >= 28 | |
| 1060 | + if (androidfd > 0) { | |
| 1061 | + if (setns(androidfd, 0) != 0) { | |
| 1062 | + fprintf(stderr, "Could not set netns: %s\n", | |
| 1063 | + strerror(errno)); | |
| 1064 | + exit(1); | |
| 1065 | + } | |
| 1066 | + } | |
| 1067 | + if (outerfd > 0) { | |
| 1068 | + close(outerfd); | |
| 1069 | + } | |
| 1070 | + if (androidfd > 0) { | |
| 1071 | + close(androidfd); | |
| 1072 | + } | |
| 1073 | +#endif | |
| 1074 | + | |
| 1040 | 1075 | if (listen_sock < 0) { |
| 1041 | 1076 | /* kernel may not support ipv6 */ |
| 1042 | 1077 | verbose("socket: %.100s", strerror(errno)); |
Fork