Merge "Remove temporary hardcoded local exclusion routes" am: e120ec8c14

Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2063246

Change-Id: I10262acaa0cf9aac2461446401f5cc692ca408ec
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

3 files changed, 3 insertions, 106 deletions

diff --git a/server/RouteController.cpp b/server/RouteController.cpp
index 1e7d69a0..5ed33cdd 100644
--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -653,64 +653,9 @@ int RouteController::modifyVpnLocalExclusionRule(bool add, const char* physicalI
     fwmark.permission = PERMISSION_NONE;
     mask.permission = PERMISSION_NONE;
 
-    if (int ret = modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_LOCAL_ROUTES, table,
-                               fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE, INVALID_UID,
-                               INVALID_UID)) {
-        return ret;
-    }
-    return modifyVpnLocalExclusionRoutes(add, physicalInterface);
-}
-
-// TODO: Update the local exclusion routes based on what actual subnet the network is.
-int RouteController::modifyVpnLocalExclusionRoutes(bool add, const char* interface) {
-    for (size_t i = 0; i < ARRAY_SIZE(LOCAL_EXCLUSION_ROUTES_V4); ++i) {
-        if (int err = modifyVpnLocalExclusionRoute(add, interface, LOCAL_EXCLUSION_ROUTES_V4[i])) {
-            return err;
-        }
-    }
-
-    // Stop setting v6 routes if the v6 is disabled on the interface.
-    std::string disable_ipv6;
-    if (int err = InterfaceController::getParameter("ipv6", "conf", interface, "disable_ipv6",
-                                                    &disable_ipv6)) {
-        ALOGE("Error getting %s v6 route configuration: %s", interface, strerror(-err));
-    }
-
-    if (!disable_ipv6.compare("1")) {
-        return 0;
-    }
-
-    for (size_t i = 0; i < ARRAY_SIZE(LOCAL_EXCLUSION_ROUTES_V6); ++i) {
-        if (int err = modifyVpnLocalExclusionRoute(add, interface, LOCAL_EXCLUSION_ROUTES_V6[i])) {
-            return err;
-        }
-    }
-    return 0;
-}
-
-int RouteController::modifyVpnLocalExclusionRoute(bool add, const char* interface,
-                                                  const char* destination) {
-    uint32_t table = getRouteTableForInterface(interface, true /* local */);
-    if (table == RT_TABLE_UNSPEC) {
-        return -ESRCH;
-    }
-
-    if (int ret = modifyIpRoute(add ? RTM_NEWROUTE : RTM_DELROUTE,
-                                add ? NETLINK_ROUTE_CREATE_FLAGS : NETLINK_REQUEST_FLAGS, table,
-                                interface, destination, nullptr, 0 /* mtu */, 0 /* priority */)) {
-        // Trying to delete a route that already deleted or trying to remove route on a non-exist
-        // interface shouldn't cause an error. ENODEV happens in an IPv6 only network with clatd
-        // started. Clat will be stopped first before calling destroying network, so the clat
-        // interface is removed first before destroying the network. While trying to find the index
-        // from the interface for removing the route during network destroying process, it will
-        // cause an ENODEV since the interface has been removed already. This expected error should
-        // not fail the follow up routing clean up.
-        if (add || (ret != -ESRCH && ret != -ENODEV)) {
-            return ret;
-        }
-    }
-
-    return 0;
+    return modifyIpRule(add ? RTM_NEWRULE : RTM_DELRULE, RULE_PRIORITY_LOCAL_ROUTES, table,
+                        fwmark.intValue, mask.intValue, IIF_LOOPBACK, OIF_NONE, INVALID_UID,
+                        INVALID_UID);
 }
 
 // A rule to enable split tunnel VPNs.
diff --git a/server/RouteController.h b/server/RouteController.h
index 6de07dd1..9b04cfd2 100644
--- a/server/RouteController.h
+++ b/server/RouteController.h
@@ -79,13 +79,6 @@ constexpr int32_t RULE_PRIORITY_DEFAULT_NETWORK                   = 30000;
 constexpr int32_t RULE_PRIORITY_UNREACHABLE                       = 32000;
 // clang-format on
 
-constexpr const char* LOCAL_EXCLUSION_ROUTES_V4[] = {
-        "169.254.0.0/16",  // Link-local, RFC3927
-};
-constexpr const char* LOCAL_EXCLUSION_ROUTES_V6[] = {
-        "fe80::/10"  // Link-local, RFC-4291
-};
-
 class UidRanges;
 
 class RouteController {
@@ -228,9 +221,6 @@ public:
                                     bool modifyNonUidBasedRules, bool excludeLocalRoutes);
     static void updateTableNamesFile() EXCLUDES(sInterfaceToTableLock);
     static int modifyVpnLocalExclusionRule(bool add, const char* physicalInterface);
-    static int modifyVpnLocalExclusionRoutes(bool add, const char* interface);
-    static int modifyVpnLocalExclusionRoute(bool add, const char* interface,
-                                            const char* destination);
 };
 
 // Public because they are called by by RouteControllerTest.cpp.
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp
index bc0d37de..75b782e6 100644
--- a/tests/binder_test.cpp
+++ b/tests/binder_test.cpp
@@ -112,8 +112,6 @@ using android::binder::Status;
 using android::net::INetd;
 using android::net::InterfaceConfigurationParcel;
 using android::net::InterfaceController;
-using android::net::LOCAL_EXCLUSION_ROUTES_V4;
-using android::net::LOCAL_EXCLUSION_ROUTES_V6;
 using android::net::MarkMaskParcel;
 using android::net::NativeNetworkConfig;
 using android::net::NativeNetworkType;
@@ -1456,16 +1454,6 @@ void expectNetworkRouteExistsWithMtu(const char* ipVersion, const std::string& i
             << "] in table " << table;
 }
 
-bool ipRouteExists(const char* ipType, std::string& ipRoute, const std::string& tableName) {
-    std::vector<std::string> routes = listIpRoutes(ipType, tableName.c_str());
-    for (const auto& route : routes) {
-        if (route.find(ipRoute) != std::string::npos) {
-            return true;
-        }
-    }
-    return false;
-}
-
 void expectVpnLocalExclusionRuleExists(const std::string& ifName, bool expectExists) {
     std::string tableName = std::string(ifName + "_local");
     // Check if rule exists
@@ -3552,30 +3540,6 @@ void expectVpnFallthroughRuleExists(const std::string& ifName, int vpnNetId) {
     }
 }
 
-void expectVpnLocalExclusionRouteExists(const std::string& ifName) {
-    std::string tableName = std::string(ifName + "_local");
-    // Check if routes exist
-    for (size_t i = 0; i < ARRAY_SIZE(LOCAL_EXCLUSION_ROUTES_V4); ++i) {
-        const auto& dst = LOCAL_EXCLUSION_ROUTES_V4[i];
-        std::string vpnLocalExclusionRoute =
-                StringPrintf("%s dev %s proto static scope link", dst, ifName.c_str());
-        EXPECT_TRUE(ipRouteExists(IP_RULE_V4, vpnLocalExclusionRoute, tableName));
-    }
-    // expect no other rule
-    std::vector<std::string> routes = listIpRoutes(IP_RULE_V4, tableName.c_str());
-    EXPECT_EQ(routes.size(), ARRAY_SIZE(LOCAL_EXCLUSION_ROUTES_V4));
-
-    for (size_t i = 0; i < ARRAY_SIZE(LOCAL_EXCLUSION_ROUTES_V6); ++i) {
-        const auto& dst = LOCAL_EXCLUSION_ROUTES_V6[i];
-        std::string vpnLocalExclusionRoute =
-                StringPrintf("%s dev %s proto static", dst, ifName.c_str());
-        EXPECT_TRUE(ipRouteExists(IP_RULE_V6, vpnLocalExclusionRoute, tableName));
-    }
-    // expect no other rule
-    routes = listIpRoutes(IP_RULE_V6, tableName.c_str());
-    EXPECT_EQ(routes.size(), ARRAY_SIZE(LOCAL_EXCLUSION_ROUTES_V6));
-}
-
 void expectVpnFallthroughWorks(android::net::INetd* netdService, bool bypassable, uid_t uid,
                                const TunInterface& fallthroughNetwork,
                                const TunInterface& vpnNetwork, int vpnNetId = TEST_NETID2,
@@ -3615,8 +3579,6 @@ void expectVpnFallthroughWorks(android::net::INetd* netdService, bool bypassable
 
     // Check if local exclusion rule exists
     expectVpnLocalExclusionRuleExists(fallthroughNetwork.name(), true);
-    // Check if local exclusion route exists
-    expectVpnLocalExclusionRouteExists(fallthroughNetwork.name());
 
     // Expect fallthrough to default network
     // The fwmark differs depending on whether the VPN is bypassable or not.