Fix kernel net tests fail in user build

Before this change, system routing only can be bypassed by
the debug build process. This change let the process running
as root can bypass system routing if this process have
specific env flag. In other word, the other processes own by
root would not be affected if they don't set the specific env
flag.

Bug: 135422468
Test: run vts -m VtsKernelNetTest in both user and eng build
Change-Id: I39d0b0141ef51c6f16052ffc785d1d2f523cf11f
Merged-In: I39d0b0141ef51c6f16052ffc785d1d2f523cf11f

4 files changed, 15 insertions, 27 deletions

diff --git a/client/Android.bp b/client/Android.bp
index 3dae6f09..7b51322e 100644
--- a/client/Android.bp
+++ b/client/Android.bp
@@ -28,11 +28,6 @@ cc_library {
         "system/netd/libnetdutils/include",
     ],
     defaults: ["netd_defaults"],
-    product_variables: {
-        debuggable: {
-            cflags: ["-DNETD_CLIENT_DEBUGGABLE_BUILD"],
-        }
-    }
 }
 
 cc_test {
diff --git a/client/FwmarkClient.cpp b/client/FwmarkClient.cpp
index cc4893db..592fe31e 100644
--- a/client/FwmarkClient.cpp
+++ b/client/FwmarkClient.cpp
@@ -31,21 +31,11 @@
 namespace {
 
 // Env flag to control whether FwmarkClient sends sockets to netd for marking.
-// This can only be disabled in debuggable builds and is meant for kernel testing.
+// This can only be disabled when the process running as root and is meant for kernel testing.
 inline constexpr char ANDROID_NO_USE_FWMARK_CLIENT[] = "ANDROID_NO_USE_FWMARK_CLIENT";
 
 const sockaddr_un FWMARK_SERVER_PATH = {AF_UNIX, "/dev/socket/fwmarkd"};
 
-#if defined(NETD_CLIENT_DEBUGGABLE_BUILD)
-constexpr bool isBuildDebuggable = true;
-#else
-constexpr bool isBuildDebuggable = false;
-#endif
-
-bool isOverriddenBy(const char *name) {
-    return isBuildDebuggable && getenv(name);
-}
-
 bool commandHasFd(int cmdId) {
     return (cmdId != FwmarkCommand::QUERY_USER_ACCESS) &&
         (cmdId != FwmarkCommand::SET_COUNTERSET) &&
@@ -55,13 +45,20 @@ bool commandHasFd(int cmdId) {
 }  // namespace
 
 bool FwmarkClient::shouldSetFwmark(int family) {
-    if (isOverriddenBy(ANDROID_NO_USE_FWMARK_CLIENT)) return false;
-    return FwmarkCommand::isSupportedFamily(family);
-}
+    // Checking whether family is supported before checking whether this can be
+    // disabled. Because there are existing processes using AF_LOCAL socket but it
+    // doesn't have permission to call geteuid(). Reference b/135422468.
+    if (!FwmarkCommand::isSupportedFamily(family)) {
+        return false;
+    }
+
+    // Permit processes running as root to disable marking. This is required, for
+    // example, to run the kernel networking tests.
+    if (getenv(ANDROID_NO_USE_FWMARK_CLIENT) && geteuid() == 0) {
+        return false;
+    }
 
-bool FwmarkClient::shouldReportConnectComplete(int family) {
-    if (isOverriddenBy(ANDROID_NO_USE_FWMARK_CLIENT)) return false;
-    return shouldSetFwmark(family);
+    return true;
 }
 
 FwmarkClient::FwmarkClient() : mChannel(-1) {
diff --git a/client/FwmarkClient.h b/client/FwmarkClient.h
index 31fcbc40..c51688f8 100644
--- a/client/FwmarkClient.h
+++ b/client/FwmarkClient.h
@@ -28,10 +28,6 @@ public:
     // its SO_MARK set.
     static bool shouldSetFwmark(int family);
 
-    // Returns true if an additional call should be made after ON_CONNECT calls, to log extra
-    // information like latency and source IP.
-    static bool shouldReportConnectComplete(int family);
-
     FwmarkClient();
     ~FwmarkClient();
 
diff --git a/client/NetdClient.cpp b/client/NetdClient.cpp
index f6fa8864..d5945d03 100644
--- a/client/NetdClient.cpp
+++ b/client/NetdClient.cpp
@@ -132,7 +132,7 @@ int netdClientConnect(int sockfd, const sockaddr* addr, socklen_t addrlen) {
     const int connectErrno = errno;
     const auto latencyMs = static_cast<unsigned>(s.timeTakenUs() / 1000);
     // Send an ON_CONNECT_COMPLETE command that includes sockaddr and connect latency for reporting
-    if (shouldSetFwmark && FwmarkClient::shouldReportConnectComplete(addr->sa_family)) {
+    if (shouldSetFwmark) {
         FwmarkConnectInfo connectInfo(ret == 0 ? 0 : connectErrno, latencyMs, addr);
         // TODO: get the netId from the socket mark once we have continuous benchmark runs
         FwmarkCommand command = {FwmarkCommand::ON_CONNECT_COMPLETE, /* netId (ignored) */ 0,