(in preparation for moving it into netbpfload)
The programs themselves (in bpf_progs/block.c) required a 5.4+ kernel.
We relax this restriction to 4.19+ as we don't have any 5.4 device coverage
(while the pixel 4a 5G / 5 / 5a are all 4.19 devices).
I believe we could relax it further to 4.14+ but Pixel 4/4xl/4a that
would exercise those code paths are EOL and probably have poor to
non existent test coverage, and we cannot do anything for 4.9 T devices
anyway.
Note: on <4.19 kernels (ie. T devices running 4.9/4.14, U running 4.14)
this results in ConnectivityNativeService going from null to initialized
(as the bpf map will exist).
This doesn't hurt as the set/clear port interfaces are only ever
called by vendor code on devices where the kernel doesn't support
the older mechanism. And even if you call them it will just set/clear
the bits in the bpf bitmap, they just won't actually affect anything.
We could flag the map itself as being 4.19+ as well, but I think
I prefer the no-op map to exist...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1085addd22f4f3b709e1875049633832c5dac836
Network tracing was only available on userdebug and eng builds. This
change makes it available on all build types behind a flag.
Bug: 298197881
Test: flash & trace, toggle flag on/off
Change-Id: I75d854aee74adf7e23f7a970b20233790f9b0354
Move the test component configuration from subdirectories
to the common OWNERS file. This ensures that all test directories
like unit/ that did not have the component set are covered.
Bug: 288137916
Change-Id: I48fbe846309cace41588c5ff3dfd46e878c38576
Test: TH
Mainline push to Q was stopped in February 2023.
Test: TreeHugger
Bug: 283996141
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic645cce4df5780cdd62eda4e8c596396c2f83b25
The logic about testing API levels was wrong: it simply isn't
meaningful to say it doesn't support and needs to be updated for U+.
This test *always* needs to be kept up to date wrt. any changes
we make to mainline provided bpf programs and maps.
That's why the test is in the same git repo and is MTS not CTS.
Additionally we *can* make (and have made) changes to programs/maps
available on older API levels as well, so it's not even set in stone
for older API levels either.
Getting rid of the api level checks simplifies things.
As does moving the 4.9+ check into the test logic itself.
This has the added benefit of not skipping the test on S
simply because kernel is < 4.9 [not that's valid, but...].
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib0400f4534254b7a35a96d364720a7c800953456
This effectively reverts commit 6ed2ab9b57,
while ensuring that the program has the right permissions as
defined in r.android.com/2130014 :
oriole:/ # ls -lZ /sys/fs/bpf/netd_shared/prog_netd_cgroupsock_inet_create
-r--r----- 1 root root u:object_r:fs_bpf_netd_readonly:s0 0 2022-10-27 20:05 /sys/fs/bpf/netd_shared/prog_netd_cgroupsock_inet_create
Reason for revert: need to support 4.9 devices upgrading to T.
The only thing that cannot currently be supported on those
devices is the inet_create program which implements the
INTERNET permission.
Also, update bpf_existence_test so it does not check for the
existence of the program on pre-4.14 devices.
Bug: 254001921
Test: atest bpf_existence_test
Change-Id: I14f26cee5feeaae93b4d9710a7b9a2f835ff405f
This is not used, and cannot be used: clat v4-* interfaces
are - by virtue of method of creation - always rawip.
This is because they are tun (not tap) devices.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iaafdd6e471c63668d7fe79b62257255bf98c4fb8
(and merge the ipv4 and ipv6 caches into one,
as there really is no need for separate ones)
Test: TreeHugger, atest DscpPolicyTest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie62393ea428885076ef59af69ac3eafeeba2934f
The 'switch_comp_map' is never written to,
hence map A is always used anyway...
Additionally this is backwards - ie. the *wrong* maps were A/B:
it is not the cache that should be A/B but rather the policy map(s).
This simplification has the nice benefit of making the program
much simpler and thus presumably optimizing bpf verifier processing
and thus bpfloader runtime during boot.
The fact that these socket cache maps are never cleared from userspace
is a different bug that needs to be fixed.
Bug: 235559605
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic2b0d20cd4e9e7290fb9fae38e1625ea1ed85a78
This program was only used for tests as WiFi interfaces should always
include an ethernet header. Since the test has moved from tun to tap,
this can be deleted.
Support for using this program was already removed in a previous CL.
Test: TH
Bug: 235559605
Change-Id: I2148bce60992070790ba237176b99a40597ee751
Underscore character may cause bpf prog/map naming collision. For
example, x.o with map y_z and x_y.o with map z both result in x_y_z
prog/map name, which should be prevented during compile-time.
aosp/2147825 will prohibit underscore character in bpf source name
(source name derives the obj name). Existing bpf modules with underscore
characters in source name need to be updated accordingly.
Bug: 236706995
Test: atest bpf_existence_test
Test: adb root; adb shell ls -l sys/fs/bpf/net_shared | grep dscpPolicy
Change-Id: Ibe98944d09d42bd11b78b5e9ae35ded48c70416d
(mainly driven by the desire to make it clear this
is about *current* mainline state and not at-T-launch state
of things)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I928f91704f78205ffe44611a3d3abe383c4e560b
The core idea here is everything starts unexpected,
and then things are either removed from unexpected
and added to expected, or the reverse.
Test: TreeHugger, but not really, since too many combinations, hopefully any bugs will be found later...
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I44915e2ba459a8c90d9e706d46c6b89d85f0edd7
(out of current /sys/fs/bpf/net_shared/...)
This will allow genfscon regexp changes in a followup selinux commit.
Note that this has a hard dependency on system/bpf change
'bpfloader: add support for netd_shared and net_private subdirs'
which also bumps bpfloader to v0.13.
This was merged May 12, 2022 (into both aosp/master and tm-dev)
and it is in Android T starting with Beta 3 release.
This isn't really an issue since amusingly T Beta 2 is already
incompatible with current mainline releases due to the snap
reverting a previous required bpfloader system/bpf change:
move net_shared bpf programs into net_shared subdirectory
See: http://b/232050459#comment14
So this doesn't break T Beta1/2, since they already don't work,
and Beta3 will work.
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id5f14d6e3f11cfe35d9d8a9496548a2bc4d022ec
(this is safe because on pre-T none of these maps and programs are mainlined
and thus safe to access from mainline code anyway)
Test: TreeHugger, manual
Bug: 218408035
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I23e565d665247f33e084978890a1ee8ffe0fe568
BPF is supported after kernel 4.9. Skip the test on BPF
unsupported device. Ex: walleye.
Bug: 219696135
Test: atest bpf_existence_test on walleye
Change-Id: I583a858587c0501582c9e77c8b584b3136312cd5
The TEST_MAPPING file already contains a mainline-postsubmit
stanza, but according to go/test-mapping-mainline-user-guide
this information also needs to be in AndroidTest.xml (or in
Android.bp, for tests that are not covered by an AndroidTest.xml
and where soong autogenerates the test config).
Test: m bpf_existence_test
Change-Id: I103f5fefbfefa6fd2b59ab6c209fbf1dceada4ba
Non-const refs are not allowed by style guide.
This was just an oversight.
Test: m bpf_existence_test
Change-Id: I8947118618dd5beef7f5643475d348f709799922
1. Use set instead of vector. This simplifies the code a bit.
2. Use proper NDK constants and functions to check the device
OS version.
Test: test-only change
Test: passes on flame running qt-dev build (no-op)
Test: passes on flame running RQ3A build
Test: passes on raven running SP2A build
Test: passes on barbet running aosp/master
Change-Id: Ie13e1df674e50fcfb70811bc0dccae515cbb6e1c
While this does not capture all nuances of optional programs,
go devices, etc. it should be a useful starting point to tell us
if something is really unexpected.
Test: test-only change
Test: passes on flame running qt-dev build (no-op)
Test: passes on flame running RQ3A build
Test: passes on raven running SP2A build
Test: passes on barbet running aosp/master
Change-Id: I43ff8c61c861c008cce459d2dcb487bb536c8da8
