LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Refactor] Make uid owner match comparison logic into a function

Browse Source 
As an inline function, the logic can be reused by others.

Bug: Bug: 288340533
Test: build; presubmit
Change-Id: I8e57829e304e829eed72cc165b051cd22088260d
This commit is contained in:
Ken Chen
2023-09-16 16:44:42 +08:00
parent c3a188d7dc
commit f7d23e1a60
2 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
bpf_progs/netd.c
View File

@@ -401,11 +401,6 @@ static __always_inline inline bool ingress_should_discard(struct __sk_buff* skb,
return true; // disallowed interface return true; // disallowed interface
} }
// DROP_IF_SET is set of rules that DROP if rule is globally enabled, and per-uid bit is set
#define DROP_IF_SET (STANDBY_MATCH | OEM_DENY_1_MATCH | OEM_DENY_2_MATCH | OEM_DENY_3_MATCH)
// DROP_IF_UNSET is set of rules that should DROP if globally enabled, and per-uid bit is NOT set
#define DROP_IF_UNSET (DOZABLE_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH | LOW_POWER_STANDBY_MATCH)
static __always_inline inline int bpf_owner_match(struct __sk_buff* skb, uint32_t uid, static __always_inline inline int bpf_owner_match(struct __sk_buff* skb, uint32_t uid,
bool egress, const unsigned kver) { bool egress, const unsigned kver) {
if (is_system_uid(uid)) return PASS; if (is_system_uid(uid)) return PASS;
@@ -418,12 +413,7 @@ static __always_inline inline int bpf_owner_match(struct __sk_buff* skb, uint32_
uint32_t uidRules = uidEntry ? uidEntry->rule : 0; uint32_t uidRules = uidEntry ? uidEntry->rule : 0;
uint32_t allowed_iif = uidEntry ? uidEntry->iif : 0; uint32_t allowed_iif = uidEntry ? uidEntry->iif : 0;
// Warning: funky bit-wise arithmetic: in parallel, for all DROP_IF_SET/UNSET rules if (isBlockedByUidRules(enabledRules, uidRules)) return DROP;
// check whether the rules are globally enabled, and if so whether the rules are
// set/unset for the specific uid. DROP if that is the case for ANY of the rules.
// We achieve this by masking out only the bits/rules we're interested in checking,
// and negating (via bit-wise xor) the bits/rules that should drop if unset.
if (enabledRules & (DROP_IF_SET | DROP_IF_UNSET) & (uidRules ^ DROP_IF_UNSET)) return DROP;
if (!egress && skb->ifindex != 1) { if (!egress && skb->ifindex != 1) {
if (ingress_should_discard(skb, kver)) return DROP; if (ingress_should_discard(skb, kver)) return DROP;

14
bpf_progs/netd.h
View File

@@ -235,3 +235,17 @@ STRUCT_SIZE(IngressDiscardValue, 2 * 4); // 8
#define CURRENT_STATS_MAP_CONFIGURATION_KEY 1 #define CURRENT_STATS_MAP_CONFIGURATION_KEY 1
#undef STRUCT_SIZE #undef STRUCT_SIZE
// DROP_IF_SET is set of rules that DROP if rule is globally enabled, and per-uid bit is set
#define DROP_IF_SET (STANDBY_MATCH | OEM_DENY_1_MATCH | OEM_DENY_2_MATCH | OEM_DENY_3_MATCH)
// DROP_IF_UNSET is set of rules that should DROP if globally enabled, and per-uid bit is NOT set
#define DROP_IF_UNSET (DOZABLE_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH | LOW_POWER_STANDBY_MATCH)
// Warning: funky bit-wise arithmetic: in parallel, for all DROP_IF_SET/UNSET rules
// check whether the rules are globally enabled, and if so whether the rules are
// set/unset for the specific uid. DROP if that is the case for ANY of the rules.
// We achieve this by masking out only the bits/rules we're interested in checking,
// and negating (via bit-wise xor) the bits/rules that should drop if unset.
static inline bool isBlockedByUidRules(BpfConfig enabledRules, uint32_t uidRules) {
return enabledRules & (DROP_IF_SET | DROP_IF_UNSET) & (uidRules ^ DROP_IF_UNSET);
}