Network tracing was only available on userdebug and eng builds. This
change makes it available on all build types behind a flag.
Bug: 298197881
Test: flash & trace, toggle flag on/off
Change-Id: I75d854aee74adf7e23f7a970b20233790f9b0354
The logic about testing API levels was wrong: it simply isn't
meaningful to say it doesn't support and needs to be updated for U+.
This test *always* needs to be kept up to date wrt. any changes
we make to mainline provided bpf programs and maps.
That's why the test is in the same git repo and is MTS not CTS.
Additionally we *can* make (and have made) changes to programs/maps
available on older API levels as well, so it's not even set in stone
for older API levels either.
Getting rid of the api level checks simplifies things.
As does moving the 4.9+ check into the test logic itself.
This has the added benefit of not skipping the test on S
simply because kernel is < 4.9 [not that's valid, but...].
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib0400f4534254b7a35a96d364720a7c800953456
This effectively reverts commit 6ed2ab9b57,
while ensuring that the program has the right permissions as
defined in r.android.com/2130014 :
oriole:/ # ls -lZ /sys/fs/bpf/netd_shared/prog_netd_cgroupsock_inet_create
-r--r----- 1 root root u:object_r:fs_bpf_netd_readonly:s0 0 2022-10-27 20:05 /sys/fs/bpf/netd_shared/prog_netd_cgroupsock_inet_create
Reason for revert: need to support 4.9 devices upgrading to T.
The only thing that cannot currently be supported on those
devices is the inet_create program which implements the
INTERNET permission.
Also, update bpf_existence_test so it does not check for the
existence of the program on pre-4.14 devices.
Bug: 254001921
Test: atest bpf_existence_test
Change-Id: I14f26cee5feeaae93b4d9710a7b9a2f835ff405f
This is not used, and cannot be used: clat v4-* interfaces
are - by virtue of method of creation - always rawip.
This is because they are tun (not tap) devices.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iaafdd6e471c63668d7fe79b62257255bf98c4fb8
(and merge the ipv4 and ipv6 caches into one,
as there really is no need for separate ones)
Test: TreeHugger, atest DscpPolicyTest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie62393ea428885076ef59af69ac3eafeeba2934f
The 'switch_comp_map' is never written to,
hence map A is always used anyway...
Additionally this is backwards - ie. the *wrong* maps were A/B:
it is not the cache that should be A/B but rather the policy map(s).
This simplification has the nice benefit of making the program
much simpler and thus presumably optimizing bpf verifier processing
and thus bpfloader runtime during boot.
The fact that these socket cache maps are never cleared from userspace
is a different bug that needs to be fixed.
Bug: 235559605
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic2b0d20cd4e9e7290fb9fae38e1625ea1ed85a78
This program was only used for tests as WiFi interfaces should always
include an ethernet header. Since the test has moved from tun to tap,
this can be deleted.
Support for using this program was already removed in a previous CL.
Test: TH
Bug: 235559605
Change-Id: I2148bce60992070790ba237176b99a40597ee751
Underscore character may cause bpf prog/map naming collision. For
example, x.o with map y_z and x_y.o with map z both result in x_y_z
prog/map name, which should be prevented during compile-time.
aosp/2147825 will prohibit underscore character in bpf source name
(source name derives the obj name). Existing bpf modules with underscore
characters in source name need to be updated accordingly.
Bug: 236706995
Test: atest bpf_existence_test
Test: adb root; adb shell ls -l sys/fs/bpf/net_shared | grep dscpPolicy
Change-Id: Ibe98944d09d42bd11b78b5e9ae35ded48c70416d
(mainly driven by the desire to make it clear this
is about *current* mainline state and not at-T-launch state
of things)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I928f91704f78205ffe44611a3d3abe383c4e560b
The core idea here is everything starts unexpected,
and then things are either removed from unexpected
and added to expected, or the reverse.
Test: TreeHugger, but not really, since too many combinations, hopefully any bugs will be found later...
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I44915e2ba459a8c90d9e706d46c6b89d85f0edd7
(out of current /sys/fs/bpf/net_shared/...)
This will allow genfscon regexp changes in a followup selinux commit.
Note that this has a hard dependency on system/bpf change
'bpfloader: add support for netd_shared and net_private subdirs'
which also bumps bpfloader to v0.13.
This was merged May 12, 2022 (into both aosp/master and tm-dev)
and it is in Android T starting with Beta 3 release.
This isn't really an issue since amusingly T Beta 2 is already
incompatible with current mainline releases due to the snap
reverting a previous required bpfloader system/bpf change:
move net_shared bpf programs into net_shared subdirectory
See: http://b/232050459#comment14
So this doesn't break T Beta1/2, since they already don't work,
and Beta3 will work.
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id5f14d6e3f11cfe35d9d8a9496548a2bc4d022ec
(this is safe because on pre-T none of these maps and programs are mainlined
and thus safe to access from mainline code anyway)
Test: TreeHugger, manual
Bug: 218408035
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I23e565d665247f33e084978890a1ee8ffe0fe568
BPF is supported after kernel 4.9. Skip the test on BPF
unsupported device. Ex: walleye.
Bug: 219696135
Test: atest bpf_existence_test on walleye
Change-Id: I583a858587c0501582c9e77c8b584b3136312cd5
Non-const refs are not allowed by style guide.
This was just an oversight.
Test: m bpf_existence_test
Change-Id: I8947118618dd5beef7f5643475d348f709799922
1. Use set instead of vector. This simplifies the code a bit.
2. Use proper NDK constants and functions to check the device
OS version.
Test: test-only change
Test: passes on flame running qt-dev build (no-op)
Test: passes on flame running RQ3A build
Test: passes on raven running SP2A build
Test: passes on barbet running aosp/master
Change-Id: Ie13e1df674e50fcfb70811bc0dccae515cbb6e1c
While this does not capture all nuances of optional programs,
go devices, etc. it should be a useful starting point to tell us
if something is really unexpected.
Test: test-only change
Test: passes on flame running qt-dev build (no-op)
Test: passes on flame running RQ3A build
Test: passes on raven running SP2A build
Test: passes on barbet running aosp/master
Change-Id: I43ff8c61c861c008cce459d2dcb487bb536c8da8
