Vendor AIDL interface for port blocking via eBPF

New Connectivity Service exposed to vendor for restricting certain ports for use only in vendor. Bug: 179733303 Change-Id: Iad9aff6924498ede5a08cfa5482082f094c0a90b
2021-10-01 13:22:00 -07:00
parent dc1832cd83
commit b37f551287
13 changed files with 786 additions and 1 deletions
--- a/service-t/src/com/android/server/ConnectivityServiceInitializer.java
+++ b/service-t/src/com/android/server/ConnectivityServiceInitializer.java
@@ -21,6 +21,7 @@ import android.util.Log;

 import com.android.modules.utils.build.SdkLevel;
 import com.android.networkstack.apishim.ConstantsShim;
+import com.android.server.connectivity.ConnectivityNativeService;
 import com.android.server.ethernet.EthernetService;
 import com.android.server.ethernet.EthernetServiceImpl;
 import com.android.server.nearby.NearbyService;
@@ -31,6 +32,7 @@ import com.android.server.nearby.NearbyService;
 */
 public final class ConnectivityServiceInitializer extends SystemService {
    private static final String TAG = ConnectivityServiceInitializer.class.getSimpleName();
+    private final ConnectivityNativeService mConnectivityNative;
    private final ConnectivityService mConnectivity;
    private final IpSecService mIpSecService;
    private final NsdService mNsdService;
@@ -44,6 +46,7 @@ public final class ConnectivityServiceInitializer extends SystemService {
        mEthernetServiceImpl = createEthernetService(context);
        mConnectivity = new ConnectivityService(context);
        mIpSecService = createIpSecService(context);
+        mConnectivityNative = createConnectivityNativeService(context);
        mNsdService = createNsdService(context);
        mNearbyService = createNearbyService(context);
    }
@@ -65,6 +68,12 @@ public final class ConnectivityServiceInitializer extends SystemService {
            publishBinderService(Context.IPSEC_SERVICE, mIpSecService, /* allowIsolated= */ false);
        }

+        if (mConnectivityNative != null) {
+            Log.i(TAG, "Registering " + ConnectivityNativeService.SERVICE_NAME);
+            publishBinderService(ConnectivityNativeService.SERVICE_NAME, mConnectivityNative,
+                    /* allowIsolated= */ false);
+        }
+
        if (mNsdService != null) {
            Log.i(TAG, "Registering " + Context.NSD_SERVICE);
            publishBinderService(Context.NSD_SERVICE, mNsdService, /* allowIsolated= */ false);
@@ -98,6 +107,19 @@ public final class ConnectivityServiceInitializer extends SystemService {
        return new IpSecService(context);
    }

+    /**
+     * Return ConnectivityNativeService instance, or null if current SDK is lower than T.
+     */
+    private ConnectivityNativeService createConnectivityNativeService(final Context context) {
+        if (!SdkLevel.isAtLeastT()) return null;
+        try {
+            return new ConnectivityNativeService(context);
+        } catch (UnsupportedOperationException e) {
+            Log.d(TAG, "Unable to get ConnectivityNative service", e);
+            return null;
+        }
+    }
+
    /** Return NsdService instance or null if current SDK is lower than T */
    private NsdService createNsdService(final Context context) {
        if (!SdkLevel.isAtLeastT()) return null;