From f3daae6f1d4aaea8ba6bc7cf64454131e4213c45 Mon Sep 17 00:00:00 2001 From: harvey186 Date: Wed, 16 Oct 2024 08:39:51 +0200 Subject: [PATCH] packages_modules_conectivity_legacy Change-Id: Ib38a920e949092e1f7fcb2d25331c3da7ac8effa --- .../src/android/net/BpfNetMapsUtils.java | 4 +++ .../android/net/NetworkStackBpfNetMaps.java | 6 ++-- netbpfload/NetBpfLoad.cpp | 36 +++++++++---------- .../src/com/android/server/BpfNetMaps.java | 4 +++ .../native/bpf_headers/include/bpf/BpfMap.h | 3 +- 5 files changed, 29 insertions(+), 24 deletions(-) diff --git a/framework/src/android/net/BpfNetMapsUtils.java b/framework/src/android/net/BpfNetMapsUtils.java index 282a11e..a788407 100644 --- a/framework/src/android/net/BpfNetMapsUtils.java +++ b/framework/src/android/net/BpfNetMapsUtils.java @@ -212,6 +212,8 @@ public class BpfNetMapsUtils { public static boolean isChainEnabled( final IBpfMap configurationMap, final int chain) { throwIfPreT("isChainEnabled is not available on pre-T devices"); + + if (configurationMap == null) return false; final long match = getMatchByFirewallChain(chain); try { @@ -237,6 +239,8 @@ public class BpfNetMapsUtils { public static int getUidRule(final IBpfMap uidOwnerMap, final int chain, final int uid) { throwIfPreT("getUidRule is not available on pre-T devices"); + + if (uidOwnerMap == null) return FIREWALL_RULE_ALLOW; final long match = getMatchByFirewallChain(chain); final boolean isAllowList = isFirewallAllowList(chain); diff --git a/framework/src/android/net/NetworkStackBpfNetMaps.java b/framework/src/android/net/NetworkStackBpfNetMaps.java index b7c4e34..750490a 100644 --- a/framework/src/android/net/NetworkStackBpfNetMaps.java +++ b/framework/src/android/net/NetworkStackBpfNetMaps.java @@ -97,7 +97,7 @@ public class NetworkStackBpfNetMaps { return new BpfMap<>(CONFIGURATION_MAP_PATH, BpfMap.BPF_F_RDONLY, S32.class, U32.class); } catch (ErrnoException e) { - throw new IllegalStateException("Cannot open configuration map", e); + return null; } } @@ -107,7 +107,7 @@ public class NetworkStackBpfNetMaps { return new BpfMap<>(UID_OWNER_MAP_PATH, BpfMap.BPF_F_RDONLY, S32.class, UidOwnerValue.class); } catch (ErrnoException e) { - throw new IllegalStateException("Cannot open uid owner map", e); + return null; } } @@ -117,7 +117,7 @@ public class NetworkStackBpfNetMaps { return new BpfMap<>(DATA_SAVER_ENABLED_MAP_PATH, BpfMap.BPF_F_RDONLY, S32.class, U8.class); } catch (ErrnoException e) { - throw new IllegalStateException("Cannot open data saver enabled map", e); + return null; } } } diff --git a/netbpfload/NetBpfLoad.cpp b/netbpfload/NetBpfLoad.cpp index 8a3fe04..b293a98 100644 --- a/netbpfload/NetBpfLoad.cpp +++ b/netbpfload/NetBpfLoad.cpp @@ -282,6 +282,7 @@ static int doLoad(char** argv, char * const envp[]) { const bool isAtLeastT = (effective_api_level >= __ANDROID_API_T__); const bool isAtLeastU = (effective_api_level >= __ANDROID_API_U__); const bool isAtLeastV = (effective_api_level >= __ANDROID_API_V__); + bool failed = false; // last in U QPR2 beta1 const bool has_platform_bpfloader_rc = exists("/system/etc/init/bpfloader.rc"); @@ -320,20 +321,20 @@ static int doLoad(char** argv, char * const envp[]) { // both S and T require kernel 4.9 (and eBpf support) if (isAtLeastT && !isAtLeastKernelVersion(4, 9, 0)) { ALOGE("Android T requires kernel 4.9."); - return 1; + failed = true; } // U bumps the kernel requirement up to 4.14 if (isAtLeastU && !isAtLeastKernelVersion(4, 14, 0)) { ALOGE("Android U requires kernel 4.14."); - return 1; + failed = true; } // V bumps the kernel requirement up to 4.19 // see also: //system/netd/tests/kernel_test.cpp TestKernel419 if (isAtLeastV && !isAtLeastKernelVersion(4, 19, 0)) { ALOGE("Android V requires kernel 4.19."); - return 1; + failed = true; } // Technically already required by U, but only enforce on V+ @@ -402,14 +403,14 @@ static int doLoad(char** argv, char * const envp[]) { * and 32-bit userspace on 64-bit kernel bpf ringbuffer compatibility is broken. */ ALOGE("64-bit userspace required on 6.2+ kernels."); - if (!isTV()) return 1; + failed = true; } // Ensure we can determine the Android build type. if (!isEng() && !isUser() && !isUserdebug()) { ALOGE("Failed to determine the build type: got %s, want 'eng', 'user', or 'userdebug'", getBuildType().c_str()); - return 1; + failed = true; } if (runningAsRoot) { @@ -447,7 +448,9 @@ static int doLoad(char** argv, char * const envp[]) { // which could otherwise fail with ENOENT during object pinning or renaming, // due to ordering issues) for (const auto& location : locations) { - if (createSysFsBpfSubDir(location.prefix)) return 1; + if (createSysFsBpfSubDir(location.prefix)) { + failed = true; + } } // Note: there's no actual src dir for fs_bpf_loader .o's, @@ -460,23 +463,16 @@ static int doLoad(char** argv, char * const envp[]) { // Load all ELF objects, create programs and maps, and pin them for (const auto& location : locations) { if (loadAllElfObjects(bpfloader_ver, location) != 0) { - ALOGE("=== CRITICAL FAILURE LOADING BPF PROGRAMS FROM %s ===", location.dir); - ALOGE("If this triggers reliably, you're probably missing kernel options or patches."); - ALOGE("If this triggers randomly, you might be hitting some memory allocation " - "problems or startup script race."); - ALOGE("--- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---"); - sleep(20); - return 2; + failed = true; } } - int key = 1; - int value = 123; - base::unique_fd map( - createMap(BPF_MAP_TYPE_ARRAY, sizeof(key), sizeof(value), 2, 0)); - if (writeToMapEntry(map, &key, &value, BPF_ANY)) { - ALOGE("Critical kernel bug - failure to write into index 1 of 2 element bpf map array."); - return 1; + if (failed) { + ALOGE("=== CRITICAL FAILURE LOADING BPF PROGRAMS ==="); + ALOGE("If this triggers reliably, you're probably missing kernel options or patches."); + ALOGE("If this triggers randomly, you might be hitting some memory allocation " + "problems or startup script race."); + ALOGE("--- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---"); } // leave a flag that we're done diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java index b3e7d8c..58160ff 100644 --- a/service/src/com/android/server/BpfNetMaps.java +++ b/service/src/com/android/server/BpfNetMaps.java @@ -745,6 +745,8 @@ public class BpfNetMaps { @RequiresApi(Build.VERSION_CODES.TIRAMISU) public void swapActiveStatsMap() { throwIfPreT("swapActiveStatsMap is not available on pre-T devices"); + + if (sConfigurationMap == null) return; try { synchronized (sCurrentStatsMapConfigLock) { @@ -786,6 +788,8 @@ public class BpfNetMaps { return; } + if (sUidPermissionMap == null) return; + // Remove the entry if package is uninstalled or uid has only INTERNET permission. if (permissions == PERMISSION_UNINSTALLED || permissions == PERMISSION_INTERNET) { for (final int uid : uids) { diff --git a/staticlibs/native/bpf_headers/include/bpf/BpfMap.h b/staticlibs/native/bpf_headers/include/bpf/BpfMap.h index 1037beb..c70f90b 100644 --- a/staticlibs/native/bpf_headers/include/bpf/BpfMap.h +++ b/staticlibs/native/bpf_headers/include/bpf/BpfMap.h @@ -65,7 +65,8 @@ class BpfMapRO { int flags = bpfGetFdMapFlags(mMapFd); if (flags < 0) abort(); if (flags & BPF_F_WRONLY) abort(); - if (writable && (flags & BPF_F_RDONLY)) abort(); + (void) writable; +// if (writable && (flags & BPF_F_RDONLY)) abort(); if (bpfGetFdKeySize(mMapFd) != sizeof(Key)) abort(); if (bpfGetFdValueSize(mMapFd) != sizeof(Value)) abort(); } -- 2.34.1