Snap for 6001391 from 624b332a987413c143cdcb2bce734a0ca72ad351 to qt-aml-tzdata-release

Change-Id: Id9c3e27ef8ed08872ecf50f155e7a437205592d9

13 files changed, 93 insertions, 34 deletions

diff --git a/Android.bp b/Android.bp
index 114b2e16..97637304 100644
--- a/Android.bp
+++ b/Android.bp
@@ -10,6 +10,8 @@ cc_defaults {
         "-Werror",
         // Override -Wno-error=implicit-fallthrough from soong
         "-Werror=implicit-fallthrough",
+        "-Werror=sometimes-uninitialized",
+        "-Werror=conditional-uninitialized",
         "-Wnullable-to-nonnull-conversion",
         "-Wsign-compare",
         "-Wthread-safety",
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index c8dbf77f..27eac943 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -1,5 +1,6 @@
 [Builtin Hooks]
 clang_format = true
+commit_msg_test_field = false
 
 [Builtin Hooks Options]
 clang_format = --commit ${PREUPLOAD_COMMIT} --style file --extensions c,h,cc,cpp
diff --git a/bpf_progs/Android.bp b/bpf_progs/Android.bp
index a393035b..7b1f015a 100644
--- a/bpf_progs/Android.bp
+++ b/bpf_progs/Android.bp
@@ -14,6 +14,11 @@
 // limitations under the License.
 //
 
+cc_library_headers {
+    name: "netd_bpf_progs_headers",
+    export_include_dirs: ["."],
+}
+
 //
 // bpf kernel programs
 //
diff --git a/bpf_progs/bpf_net_helpers.h b/bpf_progs/bpf_net_helpers.h
new file mode 100644
index 00000000..714b7e6e
--- /dev/null
+++ b/bpf_progs/bpf_net_helpers.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NETDBPF_BPF_NET_HELPERS_H
+#define NETDBPF_BPF_NET_HELPERS_H
+
+#include <linux/bpf.h>
+#include <linux/if_packet.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+// this returns 0 iff skb->sk is NULL
+static uint64_t (*bpf_get_socket_cookie)(struct __sk_buff* skb) = (void*)BPF_FUNC_get_socket_cookie;
+
+static uint32_t (*bpf_get_socket_uid)(struct __sk_buff* skb) = (void*)BPF_FUNC_get_socket_uid;
+static int (*bpf_skb_load_bytes)(struct __sk_buff* skb, int off, void* to,
+                                 int len) = (void*)BPF_FUNC_skb_load_bytes;
+
+static int (*bpf_skb_change_proto)(struct __sk_buff* skb, __be16 proto,
+                                   __u64 flags) = (void*)BPF_FUNC_skb_change_proto;
+static int (*bpf_l3_csum_replace)(struct __sk_buff* skb, __u32 offset, __u64 from, __u64 to,
+                                  __u64 flags) = (void*)BPF_FUNC_l3_csum_replace;
+static int (*bpf_l4_csum_replace)(struct __sk_buff* skb, __u32 offset, __u64 from, __u64 to,
+                                  __u64 flags) = (void*)BPF_FUNC_l4_csum_replace;
+static int (*bpf_redirect)(__u32 ifindex, __u64 flags) = (void*)BPF_FUNC_redirect;
+
+// Android only supports little endian architectures
+#define htons(x) (__builtin_constant_p(x) ? ___constant_swab16(x) : __builtin_bswap16(x))
+#define htonl(x) (__builtin_constant_p(x) ? ___constant_swab32(x) : __builtin_bswap32(x))
+#define ntohs(x) htons(x)
+#define ntohl(x) htonl(x)
+
+static inline __always_inline __unused bool is_received_skb(struct __sk_buff* skb) {
+    return skb->pkt_type == PACKET_HOST || skb->pkt_type == PACKET_BROADCAST ||
+           skb->pkt_type == PACKET_MULTICAST;
+}
+
+#endif  // NETDBPF_BPF_NET_HELPERS_H
diff --git a/bpf_progs/clatd.c b/bpf_progs/clatd.c
index c2cd9502..fb7acfab 100644
--- a/bpf_progs/clatd.c
+++ b/bpf_progs/clatd.c
@@ -27,17 +27,12 @@
 #include <stdint.h>
 
 #include "bpf_helpers.h"
+#include "bpf_net_helpers.h"
 #include "netdbpf/bpf_shared.h"
 
 // From kernel:include/net/ip.h
 #define IP_DF 0x4000  // Flag: "Don't Fragment"
 
-// Android only supports little endian architectures
-#define htons(x) (__builtin_constant_p(x) ? ___constant_swab16(x) : __builtin_bswap16(x))
-#define htonl(x) (__builtin_constant_p(x) ? ___constant_swab32(x) : __builtin_bswap32(x))
-#define ntohs(x) htons(x)
-#define ntohl(x) htonl(x)
-
 DEFINE_BPF_MAP(clat_ingress_map, HASH, ClatIngressKey, ClatIngressValue, 16)
 
 static inline __always_inline int nat64(struct __sk_buff* skb, bool is_ethernet) {
@@ -121,8 +116,9 @@ static inline __always_inline int nat64(struct __sk_buff* skb, bool is_ethernet)
     // Note that there is no L4 checksum update: we are relying on the checksum neutrality
     // of the ipv6 address chosen by netd's ClatdController.
 
-    // Packet mutations begin - point of no return.
-    if (bpf_skb_change_proto(skb, htons(ETH_P_IP), 0)) return TC_ACT_SHOT;
+    // Packet mutations begin - point of no return, but if this first modification fails
+    // the packet is probably still pristine, so let clatd handle it.
+    if (bpf_skb_change_proto(skb, htons(ETH_P_IP), 0)) return TC_ACT_OK;
 
     // bpf_skb_change_proto() invalidates all pointers - reload them.
     data = (void*)(long)skb->data;
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 1362be25..32123148 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -51,9 +51,7 @@ int xt_bpf_whitelist_prog(struct __sk_buff* skb) {
     // that skb->sk is NULL during RX (early decap socket lookup failure),
     // which commonly happens for incoming packets to an unconnected udp socket.
     // Additionally bpf_get_socket_cookie() returns 0 if skb->sk is NULL
-    if ((sock_uid == 65534) && !bpf_get_socket_cookie(skb) &&
-        (skb->pkt_type == PACKET_HOST || skb->pkt_type == PACKET_BROADCAST ||
-         skb->pkt_type == PACKET_MULTICAST))
+    if ((sock_uid == 65534) && !bpf_get_socket_cookie(skb) && is_received_skb(skb))
         return BPF_MATCH;
 
     UidOwnerValue* whitelistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
diff --git a/bpf_progs/netd.h b/bpf_progs/netd.h
index 8be21be1..be9aaeee 100644
--- a/bpf_progs/netd.h
+++ b/bpf_progs/netd.h
@@ -29,6 +29,7 @@
 #include <linux/ipv6.h>
 #include <stdbool.h>
 #include <stdint.h>
+#include "bpf_net_helpers.h"
 #include "netdbpf/bpf_shared.h"
 
 typedef struct {
diff --git a/server/Android.bp b/server/Android.bp
index ae5d204e..eba80bce 100644
--- a/server/Android.bp
+++ b/server/Android.bp
@@ -102,7 +102,7 @@ cc_library_static {
         "libqtaguid",
         "libssl",
         "netd_aidl_interface-cpp",
-        "netd_event_listener_interface-V1-cpp",
+        "netd_event_listener_interface-cpp",
     ],
     header_libs: [
         "libnetd_resolv_headers",
@@ -142,8 +142,8 @@ cc_binary {
         "libselinux",
         "libsysutils",
         "libutils",
-        "netd_aidl_interface-cpp",
-        "netd_event_listener_interface-V1-cpp",
+        "netd_aidl_interface-unstable-cpp",
+        "netd_event_listener_interface-cpp",
         "oemnetd_aidl_interface-cpp",
     ],
     static_libs: [
@@ -192,8 +192,8 @@ cc_binary {
         "liblog",
         "libutils",
         "libbinder",
-        "dnsresolver_aidl_interface-V2-cpp",
-        "netd_aidl_interface-V2-cpp",
+        "dnsresolver_aidl_interface-cpp",
+        "netd_aidl_interface-cpp",
     ],
     srcs: [
         "ndc.cpp",
@@ -236,8 +236,8 @@ cc_test {
         "libnetd_server",
         "libnetd_test_tun_interface",
         "libqtaguid",
-        "netd_aidl_interface-V2-cpp",
-        "netd_event_listener_interface-V1-cpp",
+        "netd_aidl_interface-cpp",
+        "netd_event_listener_interface-cpp",
     ],
     shared_libs: [
         "libbase",
diff --git a/server/ClatdController.cpp b/server/ClatdController.cpp
index bf29693f..cf0ab966 100644
--- a/server/ClatdController.cpp
+++ b/server/ClatdController.cpp
@@ -142,7 +142,7 @@ bool ClatdController::isIpv4AddressFree(in_addr_t addr) {
     // same then the address is already assigned to the system and we can't use it.
     struct sockaddr_in sin = {
             .sin_family = AF_INET,
-            .sin_port = 53,
+            .sin_port = htons(53),
             .sin_addr = {addr},
     };
     socklen_t len = sizeof(sin);
diff --git a/server/ResolvStub.cpp b/server/ResolvStub.cpp
index 5199e6e2..2fb66254 100644
--- a/server/ResolvStub.cpp
+++ b/server/ResolvStub.cpp
@@ -55,7 +55,7 @@ static void resolvStubInitFunction(void* handle, const char* symbol, FunctionTyp
 }
 
 int resolv_stub_init() {
-    void* netdResolvHandle;
+    void* netdResolvHandle = nullptr;
 
     for (const auto& dir : {APEX_LIB64_DIR, APEX_LIB_DIR}) {
         std::string path = std::string(dir) + "/" + LIBNAME;
@@ -76,7 +76,7 @@ int resolv_stub_init() {
 #define RESOLV_STUB_LOAD_SYMBOL(x) resolvStubInitFunction(netdResolvHandle, STR(x), &RESOLV_STUB.x)
     RESOLV_STUB_LOAD_SYMBOL(resolv_has_nameservers);
     RESOLV_STUB_LOAD_SYMBOL(resolv_init);
-    RESOLV_STUB_LOAD_SYMBOL(resolv_gethostbyaddr_from_local_cache);
+    RESOLV_STUB_LOAD_SYMBOL(resolv_gethostbyaddr_from_cache);
 #undef RESOLV_STUB_LOAD_SYMBOL
 #undef STR
 
diff --git a/server/main.cpp b/server/main.cpp
index ed50c14c..d8ed96fc 100644
--- a/server/main.cpp
+++ b/server/main.cpp
@@ -86,12 +86,17 @@ int tagSocketCallback(int sockFd, uint32_t tag, uid_t uid, pid_t) {
     return gCtls->trafficCtrl.tagSocket(sockFd, tag, uid, geteuid());
 }
 
+bool evaluateDomainNameCallback(const android_net_context&, const char* /*name*/) {
+    return true;
+}
+
 bool initDnsResolver() {
     ResolverNetdCallbacks callbacks = {
             .check_calling_permission = &checkCallingPermissionCallback,
             .get_network_context = &getNetworkContextCallback,
             .log = &logCallback,
             .tagSocket = &tagSocketCallback,
+            .evaluate_domain_name = &evaluateDomainNameCallback,
     };
     return RESOLV_STUB.resolv_init(callbacks);
 }
diff --git a/tests/Android.bp b/tests/Android.bp
index 535cae37..1ac413ff 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -93,7 +93,7 @@ cc_test {
         "libnetdbpf",
         "libnetdutils",
         "libqtaguid",
-        "netd_aidl_interface-cpp",
+        "netd_aidl_interface-unstable-cpp",
         "netd_event_listener_interface-cpp",
         "oemnetd_aidl_interface-cpp",
     ],
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp
index 8fad188f..7be8e55e 100644
--- a/tests/binder_test.cpp
+++ b/tests/binder_test.cpp
@@ -87,6 +87,7 @@ using android::base::ReadFileToString;
 using android::base::StartsWith;
 using android::base::StringPrintf;
 using android::base::Trim;
+using android::base::unique_fd;
 using android::net::INetd;
 using android::net::InterfaceConfigurationParcel;
 using android::net::InterfaceController;
@@ -150,7 +151,8 @@ class BinderTest : public ::testing::Test {
         sTun2.destroy();
     }
 
-    static void fakeRemoteSocketPair(int *clientSocket, int *serverSocket, int *acceptedSocket);
+    static void fakeRemoteSocketPair(unique_fd* clientSocket, unique_fd* serverSocket,
+                                     unique_fd* acceptedSocket);
 
     void createVpnNetworkWithUid(bool secure, uid_t uid, int vpnNetId = TEST_NETID2,
                                  int fallthroughNetId = TEST_NETID1);
@@ -291,7 +293,7 @@ TEST_F(BinderTest, IpSecTunnelInterface) {
 }
 
 TEST_F(BinderTest, IpSecSetEncapSocketOwner) {
-    android::base::unique_fd uniqueFd(socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0));
+    unique_fd uniqueFd(socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0));
     android::os::ParcelFileDescriptor sockFd(std::move(uniqueFd));
 
     int sockOptVal = UDP_ENCAP_ESPINUDP;
@@ -601,8 +603,9 @@ TEST_F(BinderTest, NetworkRejectNonSecureVpn) {
 }
 
 // Create a socket pair that isLoopbackSocket won't think is local.
-void BinderTest::fakeRemoteSocketPair(int *clientSocket, int *serverSocket, int *acceptedSocket) {
-    *serverSocket = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
+void BinderTest::fakeRemoteSocketPair(unique_fd* clientSocket, unique_fd* serverSocket,
+                                      unique_fd* acceptedSocket) {
+    serverSocket->reset(socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0));
     struct sockaddr_in6 server6 = { .sin6_family = AF_INET6, .sin6_addr = sTun.dstAddr() };
     ASSERT_EQ(0, bind(*serverSocket, (struct sockaddr *) &server6, sizeof(server6)));
 
@@ -610,13 +613,14 @@ void BinderTest::fakeRemoteSocketPair(int *clientSocket, int *serverSocket, int
     ASSERT_EQ(0, getsockname(*serverSocket, (struct sockaddr *) &server6, &addrlen));
     ASSERT_EQ(0, listen(*serverSocket, 10));
 
-    *clientSocket = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
+    clientSocket->reset(socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0));
     struct sockaddr_in6 client6 = { .sin6_family = AF_INET6, .sin6_addr = sTun.srcAddr() };
     ASSERT_EQ(0, bind(*clientSocket, (struct sockaddr *) &client6, sizeof(client6)));
     ASSERT_EQ(0, connect(*clientSocket, (struct sockaddr *) &server6, sizeof(server6)));
     ASSERT_EQ(0, getsockname(*clientSocket, (struct sockaddr *) &client6, &addrlen));
 
-    *acceptedSocket = accept4(*serverSocket, (struct sockaddr *) &server6, &addrlen, SOCK_CLOEXEC);
+    acceptedSocket->reset(
+            accept4(*serverSocket, (struct sockaddr*)&server6, &addrlen, SOCK_CLOEXEC));
     ASSERT_NE(-1, *acceptedSocket);
 
     ASSERT_EQ(0, memcmp(&client6, &server6, sizeof(client6)));
@@ -644,7 +648,7 @@ void checkSocketpairClosed(int clientSocket, int acceptedSocket) {
 }
 
 TEST_F(BinderTest, SocketDestroy) {
-    int clientSocket, serverSocket, acceptedSocket;
+    unique_fd clientSocket, serverSocket, acceptedSocket;
     ASSERT_NO_FATAL_FAILURE(fakeRemoteSocketPair(&clientSocket, &serverSocket, &acceptedSocket));
 
     // Pick a random UID in the system UID range.
@@ -684,10 +688,6 @@ TEST_F(BinderTest, SocketDestroy) {
     skipUids.resize(skipUids.size() - 1);
     EXPECT_TRUE(mNetd->socketDestroy(uidRanges, skipUids).isOk());
     checkSocketpairClosed(clientSocket, acceptedSocket);
-
-    close(clientSocket);
-    close(serverSocket);
-    close(acceptedSocket);
 }
 
 namespace {
@@ -3108,7 +3108,7 @@ void checkDataReceived(int udpSocket, int tunFd) {
 
 bool sendIPv6PacketFromUid(uid_t uid, const in6_addr& dstAddr, Fwmark* fwmark, int tunFd) {
     ScopedUidChange scopedUidChange(uid);
-    android::base::unique_fd testSocket(socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0));
+    unique_fd testSocket(socket(AF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0));
     if (testSocket < 0) return false;
 
     const sockaddr_in6 dst6 = {