From 2c248d2108503a531576919d47e6734a6d800c78 Mon Sep 17 00:00:00 2001 From: Motomu Utsumi Date: Tue, 26 Mar 2024 18:25:39 +0900 Subject: [PATCH] Add @RequiresApi(TIRAMISU) to BpfNetMapsUtils With this annotation, errorprone build will fail if callers don't check sdk version before calling any methods in BpfNetMapsUtils. Bug: 328732146 Test: TH Change-Id: Ifa52dc1d2766f8d46dfdc4f6ca9dbb963406c084 --- framework/src/android/net/BpfNetMapsUtils.java | 5 +++++ service/src/com/android/server/BpfNetMaps.java | 4 ++++ service/src/com/android/server/ConnectivityService.java | 1 + 3 files changed, 10 insertions(+) diff --git a/framework/src/android/net/BpfNetMapsUtils.java b/framework/src/android/net/BpfNetMapsUtils.java index 9cbf1478ef..4e01fee1c0 100644 --- a/framework/src/android/net/BpfNetMapsUtils.java +++ b/framework/src/android/net/BpfNetMapsUtils.java @@ -53,12 +53,15 @@ import static android.net.ConnectivityManager.FIREWALL_RULE_ALLOW; import static android.net.ConnectivityManager.FIREWALL_RULE_DENY; import static android.system.OsConstants.EINVAL; +import android.os.Build; import android.os.Process; import android.os.ServiceSpecificException; import android.system.ErrnoException; import android.system.Os; import android.util.Pair; +import androidx.annotation.RequiresApi; + import com.android.modules.utils.build.SdkLevel; import com.android.net.module.util.IBpfMap; import com.android.net.module.util.Struct; @@ -76,6 +79,8 @@ import java.util.StringJoiner; // Note that this class should be put into bootclasspath instead of static libraries. // Because modules could have different copies of this class if this is statically linked, // which would be problematic if the definitions in these modules are not synchronized. +// Note that NetworkStack can not use this before U due to b/326143935 +@RequiresApi(Build.VERSION_CODES.TIRAMISU) public class BpfNetMapsUtils { // Bitmaps for calculating whether a given uid is blocked by firewall chains. private static final long sMaskDropIfSet; diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java index 01bd71ec5b..04d8ea4309 100644 --- a/service/src/com/android/server/BpfNetMaps.java +++ b/service/src/com/android/server/BpfNetMaps.java @@ -579,6 +579,7 @@ public class BpfNetMaps { return BpfNetMapsUtils.getUidRule(sUidOwnerMap, childChain, uid); } + @RequiresApi(Build.VERSION_CODES.TIRAMISU) private Set getUidsMatchEnabled(final int childChain) throws ErrnoException { final long match = getMatchByFirewallChain(childChain); Set uids = new ArraySet<>(); @@ -607,6 +608,7 @@ public class BpfNetMaps { * @param childChain target chain * @return Set of uids */ + @RequiresApi(Build.VERSION_CODES.TIRAMISU) public Set getUidsWithAllowRuleOnAllowListChain(final int childChain) throws ErrnoException { if (!isFirewallAllowList(childChain)) { @@ -628,6 +630,7 @@ public class BpfNetMaps { * @param childChain target chain * @return Set of uids */ + @RequiresApi(Build.VERSION_CODES.TIRAMISU) public Set getUidsWithDenyRuleOnDenyListChain(final int childChain) throws ErrnoException { if (isFirewallAllowList(childChain)) { @@ -922,6 +925,7 @@ public class BpfNetMaps { return sj.toString(); } + @RequiresApi(Build.VERSION_CODES.TIRAMISU) private void dumpOwnerMatchConfig(final IndentingPrintWriter pw) { try { final long match = sConfigurationMap.getValue(UID_RULES_CONFIGURATION_KEY).val; diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java index 0ea3366456..a34c0a9374 100755 --- a/service/src/com/android/server/ConnectivityService.java +++ b/service/src/com/android/server/ConnectivityService.java @@ -13555,6 +13555,7 @@ public class ConnectivityService extends IConnectivityManager.Stub return rule; } + @RequiresApi(Build.VERSION_CODES.TIRAMISU) private void closeSocketsForFirewallChainLocked(final int chain) throws ErrnoException, SocketException, InterruptedIOException { if (BpfNetMapsUtils.isFirewallAllowList(chain)) {