diff options
| author | Maciej Żenczykowski <maze@google.com> | 2022-06-13 22:53:58 -0700 |
|---|---|---|
| committer | Maciej Żenczykowski <maze@google.com> | 2022-06-15 08:19:11 +0000 |
| commit | cb4554093b9c32854c7a5656409fe091ce8e5456 (patch) | |
| tree | af95cbc90e18b13b8f42349479113445727c48cf | |
| parent | 92d5157c6213aa16aa44eb68375c6cc14f111568 (diff) | |
| download | netd-cb4554093b9c32854c7a5656409fe091ce8e5456.tar.gz | |
move definition of xt_bpf program pin locations to system/netd
As this ends up built in to the netd binary, and should thus
not be pulling in mainline (and thus mutable) header files.
We could technically export the path out of the netd_updatable.so,
but there is no benefit to doing so.
This is because the pin directory is determined by selinux access
having to make these available to netd & iptables (netdutils_wrappers),
and the entire structure of the iptables setup (ie. chains, etc) is
already entirely left up to netd.
Thus the only meaningful thing mainline could do here is rename
the programs (while maintaining their behaviour) but that provides
absolutely no value.
(If the programs are missing, then bandwidth accounting fails,
and there is no way to add additional programs)
Bug: 235778483
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I3c235d63b3695deb04564bb929913a9050b9fc10
(cherry picked from commit acfd2041ce52f25dd5c5a0cafaf4572d7a634f63)
Merged-In: I3c235d63b3695deb04564bb929913a9050b9fc10
| -rw-r--r-- | Android.bp | 2 | ||||
| -rw-r--r-- | include/binder_utils/XtBpfProgLocations.h | 37 | ||||
| -rw-r--r-- | server/Android.bp | 6 | ||||
| -rw-r--r-- | server/BandwidthControllerTest.cpp | 2 | ||||
| -rw-r--r-- | server/TetherController.h | 3 | ||||
| -rw-r--r-- | tests/binder_test.cpp | 1 |
6 files changed, 45 insertions, 6 deletions
@@ -29,7 +29,9 @@ cc_library_headers { apex_available: [ "//apex_available:platform", "com.android.resolv", + "com.android.tethering", ], + sdk_version: "29", min_sdk_version: "29", } diff --git a/include/binder_utils/XtBpfProgLocations.h b/include/binder_utils/XtBpfProgLocations.h new file mode 100644 index 00000000..95a5742c --- /dev/null +++ b/include/binder_utils/XtBpfProgLocations.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +/* -=-=-=-=-= WARNING -=-=-=-=-=- + * + * DO *NOT* *EVER* CHANGE THESE - they *MUST* match what the Tethering mainline module provides! + * + * You cannot even change them in sync, since newer module must work on older Android T releases. + * + * You could with difficulty, uprevs of the bpfloader, api detection logic in mainline, etc, + * change this in Android U or later, but even that is a very bad idea and not worth the hassle. + * + * + * Mainline Tethering module on T+ is expected to make available to netd (for use by + * BandwidthController iptables initialization code) four xt_bpf programs at the following + * locations: + */ +#define XT_BPF_NETD(NAME) "/sys/fs/bpf/netd_shared/prog_netd_skfilter_" NAME "_xtbpf" +#define XT_BPF_ALLOWLIST_PROG_PATH XT_BPF_NETD("allowlist") +#define XT_BPF_DENYLIST_PROG_PATH XT_BPF_NETD("denylist") +#define XT_BPF_EGRESS_PROG_PATH XT_BPF_NETD("egress") +#define XT_BPF_INGRESS_PROG_PATH XT_BPF_NETD("ingress") diff --git a/server/Android.bp b/server/Android.bp index f29f6cfc..16252a46 100644 --- a/server/Android.bp +++ b/server/Android.bp @@ -42,7 +42,7 @@ cc_library_static { "system/netd/include", "system/netd/server/binder", ], - header_libs: ["bpf_connectivity_headers"], + header_libs: ["bpf_headers"], srcs: [ "BandwidthController.cpp", "Controllers.cpp", @@ -95,7 +95,7 @@ cc_binary { required: [ "bpfloader", ], - header_libs: ["bpf_connectivity_headers"], + header_libs: ["bpf_headers"], shared_libs: [ "android.system.net.netd@1.0", "android.system.net.netd@1.1", @@ -195,7 +195,7 @@ cc_test { "system/netd/server/binder", "system/netd/tests", ], - header_libs: ["bpf_connectivity_headers"], + header_libs: ["bpf_headers"], tidy_timeout_srcs: [ "BandwidthControllerTest.cpp", "InterfaceControllerTest.cpp", diff --git a/server/BandwidthControllerTest.cpp b/server/BandwidthControllerTest.cpp index e7d29d23..bf4c2e2a 100644 --- a/server/BandwidthControllerTest.cpp +++ b/server/BandwidthControllerTest.cpp @@ -34,7 +34,7 @@ #include "BandwidthController.h" #include "Fwmark.h" #include "IptablesBaseTest.h" -#include "bpf_shared.h" +#include "binder_utils/XtBpfProgLocations.h" #include "tun_interface.h" using ::testing::_; diff --git a/server/TetherController.h b/server/TetherController.h index b4472bd5..bbabcee4 100644 --- a/server/TetherController.h +++ b/server/TetherController.h @@ -28,10 +28,11 @@ #include "NetdConstants.h" #include "android-base/result.h" #include "bpf/BpfMap.h" -#include "bpf_shared.h" #include "android/net/TetherOffloadRuleParcel.h" +#include "binder_utils/XtBpfProgLocations.h" + namespace android { namespace net { diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp index f423ea38..ddd25c50 100644 --- a/tests/binder_test.cpp +++ b/tests/binder_test.cpp @@ -54,7 +54,6 @@ #include <binder/IPCThreadState.h> #include <bpf/BpfMap.h> #include <bpf/BpfUtils.h> -#include <bpf_shared.h> #include <com/android/internal/net/BnOemNetdUnsolicitedEventListener.h> #include <com/android/internal/net/IOemNetd.h> #include <cutils/multiuser.h> |