diff options
author | Maciej Żenczykowski <maze@google.com> | 2020-06-19 04:52:43 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-19 04:52:43 +0000 |
commit | 6f8117d218bdfdfe150001ea37645ae97ca92185 (patch) | |
tree | b38b94f4ad793eaefd4ab1a338a030e32e18b5ed | |
parent | 10673993449b54d593bf1df91d008d99e05f007f (diff) | |
parent | 251b3ee12de52afc82d90eca99255e2a726a15d1 (diff) | |
download | netd-6f8117d218bdfdfe150001ea37645ae97ca92185.tar.gz |
stop abusing netd's DAC override on prog accesses by using R/O fetch am: 251b3ee12d
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/netd/+/11920239
Change-Id: I067ce221740d1efc117525cc20abdcc38970c335
-rw-r--r-- | server/OffloadUtils.h | 23 | ||||
-rw-r--r-- | server/TrafficController.cpp | 2 | ||||
-rw-r--r-- | tests/netlink_listener_test.cpp | 2 |
3 files changed, 13 insertions, 14 deletions
diff --git a/server/OffloadUtils.h b/server/OffloadUtils.h index e7193e46..818fd39d 100644 --- a/server/OffloadUtils.h +++ b/server/OffloadUtils.h @@ -48,46 +48,45 @@ int hardwareAddressType(const std::string& interface); base::Result<bool> isEthernet(const std::string& interface); inline int getClatEgressMapFd(void) { - const int fd = bpf::bpfFdGet(CLAT_EGRESS_MAP_PATH, 0); + const int fd = bpf::mapRetrieveRW(CLAT_EGRESS_MAP_PATH); return (fd == -1) ? -errno : fd; } inline int getClatEgressProgFd(bool with_ethernet_header) { - const int fd = bpf::bpfFdGet( - with_ethernet_header ? CLAT_EGRESS_PROG_ETHER_PATH : CLAT_EGRESS_PROG_RAWIP_PATH, 0); + const int fd = bpf::retrieveProgram(with_ethernet_header ? CLAT_EGRESS_PROG_ETHER_PATH + : CLAT_EGRESS_PROG_RAWIP_PATH); return (fd == -1) ? -errno : fd; } inline int getClatIngressMapFd(void) { - const int fd = bpf::bpfFdGet(CLAT_INGRESS_MAP_PATH, 0); + const int fd = bpf::mapRetrieveRW(CLAT_INGRESS_MAP_PATH); return (fd == -1) ? -errno : fd; } inline int getClatIngressProgFd(bool with_ethernet_header) { - const int fd = bpf::bpfFdGet( - with_ethernet_header ? CLAT_INGRESS_PROG_ETHER_PATH : CLAT_INGRESS_PROG_RAWIP_PATH, 0); + const int fd = bpf::retrieveProgram(with_ethernet_header ? CLAT_INGRESS_PROG_ETHER_PATH + : CLAT_INGRESS_PROG_RAWIP_PATH); return (fd == -1) ? -errno : fd; } inline int getTetherIngressMapFd(void) { - const int fd = bpf::bpfFdGet(TETHER_INGRESS_MAP_PATH, 0); + const int fd = bpf::mapRetrieveRW(TETHER_INGRESS_MAP_PATH); return (fd == -1) ? -errno : fd; } inline int getTetherIngressProgFd(bool with_ethernet_header) { - const int fd = bpf::bpfFdGet( - with_ethernet_header ? TETHER_INGRESS_PROG_ETHER_PATH : TETHER_INGRESS_PROG_RAWIP_PATH, - 0); + const int fd = bpf::retrieveProgram(with_ethernet_header ? TETHER_INGRESS_PROG_ETHER_PATH + : TETHER_INGRESS_PROG_RAWIP_PATH); return (fd == -1) ? -errno : fd; } inline int getTetherStatsMapFd(void) { - const int fd = bpf::bpfFdGet(TETHER_STATS_MAP_PATH, 0); + const int fd = bpf::mapRetrieveRW(TETHER_STATS_MAP_PATH); return (fd == -1) ? -errno : fd; } inline int getTetherLimitMapFd(void) { - const int fd = bpf::bpfFdGet(TETHER_LIMIT_MAP_PATH, 0); + const int fd = bpf::mapRetrieveRW(TETHER_LIMIT_MAP_PATH); return (fd == -1) ? -errno : fd; } diff --git a/server/TrafficController.cpp b/server/TrafficController.cpp index 9d7d6a1d..3839962f 100644 --- a/server/TrafficController.cpp +++ b/server/TrafficController.cpp @@ -202,7 +202,7 @@ Status TrafficController::initMaps() { static Status attachProgramToCgroup(const char* programPath, const unique_fd& cgroupFd, bpf_attach_type type) { - unique_fd cgroupProg(bpfFdGet(programPath, 0)); + unique_fd cgroupProg(retrieveProgram(programPath)); if (cgroupProg == -1) { int ret = errno; ALOGE("Failed to get program from %s: %s", programPath, strerror(ret)); diff --git a/tests/netlink_listener_test.cpp b/tests/netlink_listener_test.cpp index 95c6d1af..46394cac 100644 --- a/tests/netlink_listener_test.cpp +++ b/tests/netlink_listener_test.cpp @@ -69,7 +69,7 @@ class NetlinkListenerTest : public testing::Test { void SetUp() { SKIP_IF_BPF_NOT_SUPPORTED; - mCookieTagMap.reset(android::bpf::mapRetrieve(COOKIE_TAG_MAP_PATH, 0)); + mCookieTagMap.reset(android::bpf::mapRetrieveRW(COOKIE_TAG_MAP_PATH)); ASSERT_TRUE(mCookieTagMap.isValid()); } |