simplify netd updatable
Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I8987f33b3f3427683e5ae9b2931528f91d6f0aeb
This commit is contained in:
Maciej Żenczykowski
@@ -134,18 +134,16 @@ bool BpfHandler::hasUpdateDeviceStatsPermission(uid_t uid) {
|
|||||||
|
|
||||||
int BpfHandler::tagSocket(int sockFd, uint32_t tag, uid_t chargeUid, uid_t realUid) {
|
int BpfHandler::tagSocket(int sockFd, uint32_t tag, uid_t chargeUid, uid_t realUid) {
|
||||||
std::lock_guard guard(mMutex);
|
std::lock_guard guard(mMutex);
|
||||||
if (chargeUid != realUid && !hasUpdateDeviceStatsPermission(realUid)) {
|
if (!mCookieTagMap.isValid()) return -EPERM;
|
||||||
return -EPERM;
|
|
||||||
}
|
if (chargeUid != realUid && !hasUpdateDeviceStatsPermission(realUid)) return -EPERM;
|
||||||
|
|
||||||
// Note that tagging the socket to AID_CLAT is only implemented in JNI ClatCoordinator.
|
// Note that tagging the socket to AID_CLAT is only implemented in JNI ClatCoordinator.
|
||||||
// The process is not allowed to tag socket to AID_CLAT via tagSocket() which would cause
|
// The process is not allowed to tag socket to AID_CLAT via tagSocket() which would cause
|
||||||
// process data usage accounting to be bypassed. Tagging AID_CLAT is used for avoiding counting
|
// process data usage accounting to be bypassed. Tagging AID_CLAT is used for avoiding counting
|
||||||
// CLAT traffic data usage twice. See packages/modules/Connectivity/service/jni/
|
// CLAT traffic data usage twice. See packages/modules/Connectivity/service/jni/
|
||||||
// com_android_server_connectivity_ClatCoordinator.cpp
|
// com_android_server_connectivity_ClatCoordinator.cpp
|
||||||
if (chargeUid == AID_CLAT) {
|
if (chargeUid == AID_CLAT) return -EPERM;
|
||||||
return -EPERM;
|
|
||||||
}
|
|
||||||
|
|
||||||
// The socket destroy listener only monitors on the group {INET_TCP, INET_UDP, INET6_TCP,
|
// The socket destroy listener only monitors on the group {INET_TCP, INET_UDP, INET6_TCP,
|
||||||
// INET6_UDP}. Tagging listener unsupported socket causes that the tag can't be removed from
|
// INET6_UDP}. Tagging listener unsupported socket causes that the tag can't be removed from
|
||||||
@@ -180,6 +178,7 @@ int BpfHandler::tagSocket(int sockFd, uint32_t tag, uid_t chargeUid, uid_t realU
|
|||||||
|
|
||||||
uint64_t sock_cookie = getSocketCookie(sockFd);
|
uint64_t sock_cookie = getSocketCookie(sockFd);
|
||||||
if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
|
if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
|
||||||
|
|
||||||
UidTagValue newKey = {.uid = (uint32_t)chargeUid, .tag = tag};
|
UidTagValue newKey = {.uid = (uint32_t)chargeUid, .tag = tag};
|
||||||
|
|
||||||
uint32_t totalEntryCount = 0;
|
uint32_t totalEntryCount = 0;
|
||||||
@@ -242,9 +241,11 @@ int BpfHandler::tagSocket(int sockFd, uint32_t tag, uid_t chargeUid, uid_t realU
|
|||||||
|
|
||||||
int BpfHandler::untagSocket(int sockFd) {
|
int BpfHandler::untagSocket(int sockFd) {
|
||||||
std::lock_guard guard(mMutex);
|
std::lock_guard guard(mMutex);
|
||||||
uint64_t sock_cookie = getSocketCookie(sockFd);
|
|
||||||
|
|
||||||
|
uint64_t sock_cookie = getSocketCookie(sockFd);
|
||||||
if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
|
if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
|
||||||
|
|
||||||
|
if (!mCookieTagMap.isValid()) return -EPERM;
|
||||||
base::Result<void> res = mCookieTagMap.deleteValue(sock_cookie);
|
base::Result<void> res = mCookieTagMap.deleteValue(sock_cookie);
|
||||||
if (!res.ok()) {
|
if (!res.ok()) {
|
||||||
ALOGE("Failed to untag socket: %s", strerror(res.error().code()));
|
ALOGE("Failed to untag socket: %s", strerror(res.error().code()));
|
||||||
|
|||||||
@@ -16,19 +16,20 @@
|
|||||||
|
|
||||||
#define LOG_TAG "NetdUpdatable"
|
#define LOG_TAG "NetdUpdatable"
|
||||||
|
|
||||||
#include "NetdUpdatable.h"
|
#include "BpfHandler.h"
|
||||||
|
|
||||||
#include <android-base/logging.h>
|
#include <android-base/logging.h>
|
||||||
#include <netdutils/Status.h>
|
#include <netdutils/Status.h>
|
||||||
|
|
||||||
#include "NetdUpdatablePublic.h"
|
#include "NetdUpdatablePublic.h"
|
||||||
|
|
||||||
|
static android::net::BpfHandler sBpfHandler;
|
||||||
|
|
||||||
int libnetd_updatable_init(const char* cg2_path) {
|
int libnetd_updatable_init(const char* cg2_path) {
|
||||||
android::base::InitLogging(/*argv=*/nullptr);
|
android::base::InitLogging(/*argv=*/nullptr);
|
||||||
LOG(INFO) << __func__ << ": Initializing";
|
LOG(INFO) << __func__ << ": Initializing";
|
||||||
|
|
||||||
android::net::gNetdUpdatable = android::net::NetdUpdatable::getInstance();
|
android::netdutils::Status ret = sBpfHandler.init(cg2_path);
|
||||||
android::netdutils::Status ret = android::net::gNetdUpdatable->mBpfHandler.init(cg2_path);
|
|
||||||
if (!android::netdutils::isOk(ret)) {
|
if (!android::netdutils::isOk(ret)) {
|
||||||
LOG(ERROR) << __func__ << ": BPF handler init failed";
|
LOG(ERROR) << __func__ << ": BPF handler init failed";
|
||||||
return -ret.code();
|
return -ret.code();
|
||||||
@@ -37,25 +38,9 @@ int libnetd_updatable_init(const char* cg2_path) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int libnetd_updatable_tagSocket(int sockFd, uint32_t tag, uid_t chargeUid, uid_t realUid) {
|
int libnetd_updatable_tagSocket(int sockFd, uint32_t tag, uid_t chargeUid, uid_t realUid) {
|
||||||
if (android::net::gNetdUpdatable == nullptr) return -EPERM;
|
return sBpfHandler.tagSocket(sockFd, tag, chargeUid, realUid);
|
||||||
return android::net::gNetdUpdatable->mBpfHandler.tagSocket(sockFd, tag, chargeUid, realUid);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int libnetd_updatable_untagSocket(int sockFd) {
|
int libnetd_updatable_untagSocket(int sockFd) {
|
||||||
if (android::net::gNetdUpdatable == nullptr) return -EPERM;
|
return sBpfHandler.untagSocket(sockFd);
|
||||||
return android::net::gNetdUpdatable->mBpfHandler.untagSocket(sockFd);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace android {
|
|
||||||
namespace net {
|
|
||||||
|
|
||||||
NetdUpdatable* gNetdUpdatable = nullptr;
|
|
||||||
|
|
||||||
NetdUpdatable* NetdUpdatable::getInstance() {
|
|
||||||
// Instantiated on first use.
|
|
||||||
static NetdUpdatable instance;
|
|
||||||
return &instance;
|
|
||||||
}
|
|
||||||
|
|
||||||
} // namespace net
|
|
||||||
} // namespace android
|
|
||||||
|
|||||||
@@ -1,37 +0,0 @@
|
|||||||
/**
|
|
||||||
* Copyright (c) 2022, The Android Open Source Project
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#pragma once
|
|
||||||
|
|
||||||
#include "BpfHandler.h"
|
|
||||||
|
|
||||||
namespace android {
|
|
||||||
namespace net {
|
|
||||||
|
|
||||||
class NetdUpdatable {
|
|
||||||
public:
|
|
||||||
NetdUpdatable() = default;
|
|
||||||
NetdUpdatable(const NetdUpdatable&) = delete;
|
|
||||||
NetdUpdatable& operator=(const NetdUpdatable&) = delete;
|
|
||||||
static NetdUpdatable* getInstance();
|
|
||||||
|
|
||||||
BpfHandler mBpfHandler;
|
|
||||||
};
|
|
||||||
|
|
||||||
extern NetdUpdatable* gNetdUpdatable;
|
|
||||||
|
|
||||||
} // namespace net
|
|
||||||
} // namespace android
|
|
||||||
Reference in New Issue
Block a user