BpfMap.reset(createMap()) is equivalent to newly added BpfMap.resetMap(),
except that the latter makes it impossible to screw up the Key/Value sizes.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I290986e9ae8660f3fc6f73b086d33f4ab93d6095
We notice that:
BpfMap.reset(dupFd_with_cloexec(BpfMap.getMap())
is equivalent to
BpfMap = BpfMap
due to the current implementation of the BpfMap assignment operator.
Except the latter also verifies BpfMap<K,V> template types match.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I99fcf77bc6aa360b6a19e22c2cd58d67a1e62976
In the BPF code, per-UID network access (e.g., for doze mode,
standby, etc.) is stored in UidOwnerValue structures. Each of
these stores that UID's rules in a 32-bit bitmask of
UidOwnerMatchType values, so the code can support ~31 match
types.
However, which match types are enabled is stored in
configuration_map at index UID_RULES_CONFIGURATION_KEY, and
configuration_map only stores 8-bit values. So it's not
possible to define more than 7 match types.
Widen configuration_map to from 8 to 32 bits to match the width
of UidOwnerValue.rule. This doesn't impact memory because
configuration_map only has 2 entries.
Bug: 208371987
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7e1eee2daedd66d27965a2dd4ce6b4c3667892f7
In order to get counted by mts code coverage, these native tests need to
be run as part of mts.
Bug: 233904825
Test: m mts && mts-tradefed run mts-tethering-coverage
Change-Id: I79313197b146c7043ffb5e164faa46c2e16dd1d2
(for consistency with rest of code base)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5660615f24daf4285e2b6cbacecb7cd99061c5f5
Configuration map index 1(CURRENT_STATS_MAP_CONFIGURATION_KEY) can only
have value 0(SELECT_MAP_A) or 1(SELECT_MAP_B). Return error if it is any
other values. Otherwise, read out of array boundary can cause memory
corruption or security issues.
Bug: 231420457
Test: TH
Change-Id: Ia800ad78781f72b8118469c0230cc550796d334e
S had a minimum kernel requirement of 4.9,
T bumps this up to 4.14, which adds net cgroup bpf support.
It's important to ship T with this otherwise we'll be forced
into trying to somehow support 4.9 kernels with T mainline
module updates for years and years, when we no longer have
any tests of the old code paths...
Test: TreeHugger
Bug: 232017472
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6e873f0815f176f5618278087132156c9974d6ea
This is a follow up commit for the family validation {INET, INET6}.
The protocol validation {TCP, UDP} has been added in previous
commit.
The TrafficController socket destroy listener only monitors
on the group {INET_TCP, INET_UDP, INET6_TCP, INET6_UDP}.
Tagging listener unsupported socket causes that the tag can't
be removed from tag map automatically. Eventually, the tag map
run out of space because of dead tag entries.
See TrafficController::makeSkDestroyListener in
packages/modules/Connectivity/service/native/TrafficController.cpp
Also address the comments from previous commit.
- Remove the useless else-statment in tagSocket protocol validation.
- Make the socket cookie query and test into one line in
BpfHandlerTest#TestTagSocketWithUnsupportedProtocol
Bug: 223094609
Test: atest BpfHandlerTest
Change-Id: I0f571fc00caa01c86399f0dbb593e8a40ad94bbd
The TrafficController socket destroy listener only monitors
on the group {INET_TCP, INET_UDP, INET6_TCP, INET6_UDP}.
Tagging listener unsupported socket causes that the tag can't
be removed from tag map automatically. Eventually, the tag map
run out of space because of dead tag entries.
See TrafficController::makeSkDestroyListener in
packages/modules/Connectivity/service/native/TrafficController.cpp
Bug: 223094609
Test: atest BpfHandlerTest
Change-Id: Icc19b7c9f37fef498b89f43e44767f6b9e931a5a
The process is not allowed to tag socket to AID_CLAT via tagSocket()
which would cause process data usage accounting to be bypassed.
Bug: 218407445
Test: atest BpfHandlerTest
Change-Id: Ia7b071e1065733da25e9f02f34ccd17f63653217
Added SPDX-license-identifier-Apache-2.0 to:
netd/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: Ib1377fbb050fe52ee195eec58fea67ef769a487a
Before (aosp_cf_x86_phone-userdebug):
$ adbz shell ls -l /apex/com.android.tethering/lib
-rw-r--r-- 1 system system 251404 1969-12-31 16:00 libbase.so
-rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
-rw-r--r-- 1 system system 64560 1969-12-31 16:00 libcom_android_connectivity_com_android_net_module_util_jni.so
-rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
-rw-r--r-- 1 system system 45776 1969-12-31 16:00 libnetd_updatable.so
-rw-r--r-- 1 system system 948032 1969-12-31 16:00 libservice-connectivity.so
After (aosp_cf_x86_phone-userdebug):
$ adbz shell ls -l /apex/com.android.tethering/lib
-rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
-rw-r--r-- 1 system system 64560 1969-12-31 16:00 libcom_android_connectivity_com_android_net_module_util_jni.so
-rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
-rw-r--r-- 1 system system 212624 1969-12-31 16:00 libnetd_updatable.so
-rw-r--r-- 1 system system 948032 1969-12-31 16:00 libservice-connectivity.so
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I19c9d73ba3555bbc1987fbdc0be19af1f0511948
1. Add libnetd_updatable.so in com.android.tethering. The library is
loaded by netd. Currently, it mainly targets on a few functions which
access BPF maps. The functionality may extend in the future.
2. Attach gcroup progs from libnetd_updatable.so.
3. Move (privileged)TagSocket and untagSocket implementation to mainline
module. Combine privilegedTagSocket and untagSocket into a single
function.
4. Split related unit tests from netd_unit_test to
libnetd_updatable_unit_test as well.
Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest
Change-Id: Ib556458103a4cbb643c1342d9b689ac692160de0
