diff options
| author | Maciej Żenczykowski <maze@google.com> | 2022-06-15 00:40:43 -0700 |
|---|---|---|
| committer | Maciej Żenczykowski <maze@google.com> | 2022-06-21 03:18:57 +0000 |
| commit | d1b3b02c27e3fb88dfa5f92c7a06fbe4ff3ff7cd (patch) | |
| tree | 609f6174f23f8fa707a4181b5c82c389b774942a | |
| parent | 30e547674648ea6b61856f1940e1f53399590fd7 (diff) | |
| download | Connectivity-d1b3b02c27e3fb88dfa5f92c7a06fbe4ff3ff7cd.tar.gz | |
bpf_progs - eliminate netd.c dependency on UidConstants.h
Per Lorenzo's request on:
https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2123888
Bug: 218408035
Bug: 235778483
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id464fc2418efcb3764fae2a25c11fdda4439f411
(cherry picked from commit b909d8af557105c33501c9e3318b696da9445e11)
Merged-In: Id464fc2418efcb3764fae2a25c11fdda4439f411
| -rw-r--r-- | bpf_progs/Android.bp | 5 | ||||
| -rw-r--r-- | bpf_progs/netd.c | 7 |
2 files changed, 4 insertions, 8 deletions
diff --git a/bpf_progs/Android.bp b/bpf_progs/Android.bp index 45cb7eb1fb..9e516bf933 100644 --- a/bpf_progs/Android.bp +++ b/bpf_progs/Android.bp @@ -116,11 +116,6 @@ bpf { "-Wall", "-Werror", ], - // need //frameworks/libs/net/common/netd/libnetdutils/include/netdutils/UidConstants.h - // MIN_SYSTEM_UID, MAX_SYSTEM_UID, PER_USER_RANGE - include_dirs: [ - "frameworks/libs/net/common/netd/libnetdutils/include", - ], // WARNING: Android T's non-updatable netd depends on 'netd_shared' string for xt_bpf programs sub_dir: "netd_shared", } diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c index 3e24468e0b..acb2f9c3d3 100644 --- a/bpf_progs/netd.c +++ b/bpf_progs/netd.c @@ -28,7 +28,6 @@ #include <linux/ipv6.h> #include <linux/pkt_cls.h> #include <linux/tcp.h> -#include <netdutils/UidConstants.h> #include <stdbool.h> #include <stdint.h> #include "bpf_net_helpers.h" @@ -78,7 +77,9 @@ DEFINE_BPF_MAP_RW_NETD(uid_permission_map, HASH, uint32_t, uint8_t, UID_OWNER_MA DEFINE_BPF_MAP_NO_NETD(iface_index_name_map, HASH, uint32_t, IfaceValue, IFACE_INDEX_NAME_MAP_SIZE) static __always_inline int is_system_uid(uint32_t uid) { - return (uid <= MAX_SYSTEM_UID) && (uid >= MIN_SYSTEM_UID); + // MIN_SYSTEM_UID is AID_ROOT == 0, so uint32_t is *always* >= 0 + // MAX_SYSTEM_UID is AID_NOBODY == 9999, while AID_APP_START == 10000 + return (uid < AID_APP_START); } /* @@ -411,7 +412,7 @@ DEFINE_BPF_PROG_KVER("cgroupsock/inet/create", AID_ROOT, AID_ROOT, inet_socket_c * user at install time so we only check the appId part of a request uid at * run time. See UserHandle#isSameApp for detail. */ - uint32_t appId = (gid_uid & 0xffffffff) % PER_USER_RANGE; + uint32_t appId = (gid_uid & 0xffffffff) % AID_USER_OFFSET; // == PER_USER_RANGE == 100000 uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&appId); if (!permissions) { // UID not in map. Default to just INTERNET permission. |