tequilaOS/platform_packages_modules_Connectivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
106412 commits 1 branch 0 tags 544 MiB
Commit graph

83 commits

Author SHA1 Message Date
Maciej Żenczykowski
22db590580 bpf: attach a *bunch* more cgroup hooks 
We attach trivial programs to:
  {connect,recvmsg,sendmsg}{4,6}
  inet_release
  {g,s}etsockopt

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifd3a6dff20a5881f4fdb5d1b4b7b03a55988fd74
 2024-06-16 10:04:35 -07:00
Maciej Żenczykowski
231598bc92 NetBpfLoad: gently enable mainline 
Only the non-CRITICAL test@mainline.o is loaded from netbpfload
on T and U < QPR3, everything else is loaded by platform bpfloader

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic07a57cf93851d3a1411b62c97d8ce057507360b
 2024-06-14 15:09:41 -07:00
Maciej Żenczykowski
686f6ac0ee changes requested on 'NetBpfLoad: on aosp/main bump version from U QPR3 to V' 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibe6f42291242b1b8dca93c826969b6efc666e3b8
 2024-06-14 15:09:41 -07:00
Maciej Żenczykowski
7262899d17 NetBpfLoad: add requested comments 
As requested by Patrick on http://go/aog/3132975

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie49426c5e8c19bd0329e93c78a0918ca1120f164
 2024-06-14 14:27:28 -07:00
Maciej Żenczykowski
4a0838c2ce NetBpfLoad: remove isGSI() check 
it doesn't work due to sepolicy anyway:

I auditd  : type=1400 audit(0.0:6): avc:  denied  { search } for  comm="netbpfload" name="gsi" dev="sda8" ino=23 scontext=u:r:bpfloader:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0

Bug: 347309609
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic8c56a096a89a89950585b939379634accb78e56
 2024-06-14 20:23:16 +00:00
Maciej Żenczykowski
7b95d99077 NetBpfLoad: on aosp/main bump version from U QPR3 to V 
aosp/main is currently still sdk 34/U, and netbpfload
runs as root (like on U QPR3 and V) which makes us treat
it as U QPR3.

This change will make us treat it as 35/V.

This will also potentially result in us already seeing
sdk 36 in places (goog/main?), but this won't currently hurt
(because we don't distinguish anything >=35).

And indeed it likely won't ever hurt us, as too high
a version on dev branches (goog/main?) is unlikely
to be a practical problem.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I318df93e5b3a06af2ee2c6ab1cb40d8a8dffa212
 2024-06-14 05:49:17 -07:00
Maciej Żenczykowski
15f9731efc NetBpfLoad: change condition for when we execute platform bpfloader 
Note that 'true iff U QPR3 or V+' comment is subtle.

netbpfload.35rc runs netbpfload as 'root' uid, so V+ is obvious.

However, netbpfload.33rc runs netbpfload as 'system' uid, so one
would think that this isn't true on T/U.

However the U QPR2 and U QPR3 'service bpfloader' actually run
platform netbpfload, and the U QPR3 platform netbpfload immediately
executes the apex provided netbpfload...

Once the apex netbpfload finishes mainline init is considered
'done', and thus we won't (need to) start service mdnsd_netbpfload.

As a result even on U QPR3, we never run netbpfload as system uid.

Test: TreeHugger
Change-Id: I02661dff07c317394a9d8ba3d48e4cb9cd694fd0
Signed-off-by: Maciej Żenczykowski <maze@google.com>
 2024-06-14 05:48:49 -07:00
Maciej Żenczykowski
1a3b54f005 introduce BPFLOADER_MAINLINE_U_QPR3_VERSION 
Note: this is technically a little bit early,
as U QPR3 still runs netbpfload as 'system' uid by virtue of
netbpfload.33rc overriding 'service bpfloader',
but this will change in a followup, at which point U QPR3
will become special by virtue of always using mainline netbpfload

See: https://android.googlesource.com/platform/packages/modules/Connectivity/+/refs/heads/android14-qpr3-release/netbpfload/NetBpfLoad.cpp#262

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0f52d1e78652501c8601227c4740d9b34673bf5f
 2024-06-13 15:38:33 -07:00
Maciej Żenczykowski
6295614bc8 NetBpfLoad: log bpfloader_ver 
since this is dynamic, it seems like a useful thing to log

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I073e76ab54b4f2182c9b5c2b128425a5294ed50a
 2024-06-13 15:38:33 -07:00
Maciej Żenczykowski
48e476bdfa NetBpfLoad: change condition for writing 'unprivileged_bpf_disabled' sysctl 
(and add a few more comments for what access is needed in general)

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2aa596f4f2d34179bb36360ad1c9a795fbb97d0d
 2024-06-13 15:26:55 -07:00
Maciej Żenczykowski
08c82c3b65 NetBpfLoad: rename 'mdnsd_loadbpf' to 'mdnsd_netbpfload' 
(perhaps a clearer name, especially once we switch what this does)

Test: TreeHugger
Change-Id: I99c811fc357ab0bb3b4065658c9e5e4733689728
Signed-off-by: Maciej Żenczykowski <maze@google.com>
 2024-06-13 15:26:55 -07:00
Maciej Żenczykowski
b4a1e87ccc rename netbpfload.mainline.rc to netbpfload.33rc 
(easier to realize what is happening, and clearer with the also
 existing netbpfload.35rc)

Test: TreeHugger
Change-Id: I587aa3d8b846800c7fc93765ecb0acc9715b0521
Signed-off-by: Maciej Żenczykowski <maze@google.com>
 2024-06-13 15:26:55 -07:00
Maciej Żenczykowski
6a16741152 NetBpfLoad: remove android_get_application_target_sdk_version() 
This isn't actually useful as it is apparently always just 10000

Test: TreeHugger
Change-Id: Ibf625150ee8f964a386a5e9f15e0552d611ce927
Signed-off-by: Maciej Żenczykowski <maze@google.com>
 2024-06-13 15:26:55 -07:00
Maciej Żenczykowski
c834fdb760 move V+ kernel/arch/bitness checks from BpfHandler to NetBpfLoad 
Mainline netbpfload is mandatory on V+, so it matters little
whether we perform the checks in it, or in BpfHandler
(which runs as part of netd startup via libnetd_updatable.so),
and this avoids the need to reimplement isTV() opt-out.

Bug: 333970930
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I599f2c9d6710f0caa2cd71f0946459d43ddbfc17
 2024-06-02 22:28:35 +00:00
Maciej Żenczykowski
68eab8928b NetBpfLoad: TV - don't abort boot on unsupported kernel/arch/bitness 
Android TV OEMs & vendors are more interested in keeping costs down
rather than keeping networking functional.

Considering this probably mostly affects more advanced networking,
like VPNs and/or network statistics, it may be an acceptable trade off.

Bug: 333970930
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7bf8d1bbd87b7af4f7c98372b6c1d3d3be62a600
 2024-05-30 11:10:06 +00:00
Treehugger Robot
d637e21917 Merge "Revert "NetBpfLoad: slow down V boot on unsupported kernels"" into main 2024-05-28 18:28:54 +00:00
Rishi Sikka
9cfccad9b7 Revert "NetBpfLoad: slow down V boot on unsupported kernels" 
This reverts commit 75caacdd10.

Reason for revert: The policy is already checked in VTS. It seems delaying the boot is out-of-scope for NetBpfLoad.

Change-Id: I12cec43dc2efb90ae35ccda7203317d198054d0e
 2024-05-28 16:55:49 +00:00
Jonathon Reinhart
021a423641 NetBpfLoad: Fix ALOGI domain type argument 
The previous code would emit these warnings:

packages/modules/Connectivity/netbpfload/loader.cpp:977:52: warning: format specifies type 'int' but the argument has type 'domain' [-Wformat]
  976 |             ALOGI("prog %s selinux_context [%-32s] -> %d -> '%s' (%s)", name.c_str(),
      |                                                       ~~
  977 |                   cs[i].prog_def->selinux_context, selinux_context,
      |                                                    ^~~~~~~~~~~~~~~
      |                                                    static_cast<int>(

packages/modules/Connectivity/netbpfload/loader.cpp:983:47: warning: format specifies type 'int' but the argument has type 'domain' [-Wformat]
  982 |             ALOGI("prog %s pin_subdir [%-32s] -> %d -> '%s'", name.c_str(),
      |                                                  ~~
  983 |                   cs[i].prog_def->pin_subdir, pin_subdir, lookupPinSubdir(pin_subdir));
      |                                               ^~~~~~~~~~
      |                                               static_cast<int>(

Change-Id: Id4856ad7835de8fea14be543ee0e198bb98f4d35
 2024-05-23 12:18:37 +00:00
Maciej Żenczykowski
e6a863a002 Merge "NetBpfLoad: log on success" into main 2024-05-21 18:04:10 +00:00
Maciej Żenczykowski
66f1629a52 NetBpfLoad: log on success 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9266822e83a42910a43b765ad9693835a6897b6c
 2024-05-20 12:52:21 -07:00
Maciej Żenczykowski
75caacdd10 NetBpfLoad: slow down V boot on unsupported kernels 
(such kernels are already in violation of VTS)

I don't quite want to break boot, but I figure a slow
boot will result in devices getting fixed rather than
released with ancient/unsupported/buggy kernels...

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia2cf550f661ce468acbc5ecff0ce5b6fa16b0e3a
 2024-05-20 12:02:47 +00:00
Maciej Żenczykowski
6d151ef0e9 NetBpfLoad: support 'done' finalization step 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9bb97549838980fb4c9a26bfcc4689aac0e73a97
 2024-04-30 23:59:51 -07:00
Maciej Żenczykowski
5c057ed065 NetBpfLoad: reduce log severity of 2 more messages 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Idb0cae4c8c09d18ef77325f6aa448ce5359fb617
 2024-04-30 12:00:18 +00:00
Treehugger Robot
2e25355351 Merge "NetBpfLoad: reduce logging" into main 2024-04-30 11:26:54 +00:00
Maciej Żenczykowski
1dc09189a2 NetBpfLoad: reduce logging 
Move most spamy logs from ALOGD to ALOGV.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I04d472c363ab77de438ffb9b1227c69aa161f613
 2024-04-30 10:17:12 +00:00
Maciej Żenczykowski
731acfe233 NetBpfLoad: remove exists log 
Not actually needed, we already log the result.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8391825cb5171162afb9bdf8fdf695d9f85693cb
 2024-04-30 10:10:12 +00:00
Maciej Żenczykowski
c982a4be64 NetBpfLoad: log on non-LTS or too old LTS kernel version 
minimum versions chosen to match:
  //system/netd/tests/kernel_test.cpp
  //kernel/tests/net/test/kernel_feature_test.py

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ife6900333d97181765460c16676172bf05f8fd5f
 2024-04-26 22:27:33 +00:00
Maciej Żenczykowski
4e5fb4a153 NetBpfLoad: one less startup log line 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia15d46aeee3e3803f4134daac6b001afbd58d5b5
 2024-04-26 22:27:26 +00:00
Maciej Żenczykowski
8b74cbb34b NetBpfLoad: add describeArch() to log 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I959caf62dbf06b8a4fcac1e33a6e540b879b398e
 2024-04-26 22:27:11 +00:00
Maciej Żenczykowski
75c2def0ea NetBpfLoad: move into android namespace 
Change-Id: I5f841f796e49eebbf882b769cecf352b76800cf5
 2024-04-25 14:26:50 -07:00
Maciej Żenczykowski
89efcc36e7 NetBpfLoad: prog names are only valid on 4.15+ 
The following commit is only in 4.15:

  commit cb4d2b3f03d8eed90be3a194e5b54b734ec4bbe9
  Author: Martin KaFai Lau <kafai@fb.com>
  Date:   Wed Sep 27 14:37:52 2017 -0700

    bpf: Add name, load_time, uid and map_ids to bpf_prog_info

  $ git describe cb4d2b3f03d8eed90be3a194e5b54b734ec4bbe9
  v4.14-rc1-661-gcb4d2b3f03d8

Bug: 335390828
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I246a7a8640bea1e939f12f3ffd3fedc25a0a6422
 2024-04-23 03:16:05 +00:00
Maciej Żenczykowski
d0bb172371 NetBpfLoad: map names are only valid on 4.15+ 
$ git checkout v4.14
HEAD is now at bebc6082da0a Linux 4.14

$ git grep map_name | egrep -v '^(arch|drivers|fs|include|samples|tools)/'

(nothing)

$ git checkout v4.15
HEAD is now at d8a5b80568a9 Linux 4.15

$ git co remotes/linux-$ git grep map_name | egrep -v '^(arch|drivers|fs|include|samples|tools)/'
kernel/bpf/syscall.c:381:#define BPF_MAP_CREATE_LAST_FIELD map_name
kernel/bpf/syscall.c:408:	err = bpf_obj_name_cpy(map->name, attr->map_name);

  commit ad5b177bd73f5107d97c36f56395c4281fb6f089
  Author: Martin KaFai Lau <kafai@fb.com>
  Date:   Wed Sep 27 14:37:53 2017 -0700

    bpf: Add map_name to bpf_map_info

  $ git describe ad5b177bd73f5
  v4.14-rc1-662-gad5b177bd73f

Bug: 335390828
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I74f8ac8bbf78184a06b3ce005d0bb520b1d1feeb
 2024-04-22 23:42:10 +00:00
Maciej Żenczykowski
3d14144698 NetBpfLoad: consistently use logging tag of 'NetBpfLoad' 
instead of using 'NetBpfLoad' from NetBpfLoad.cpp
and 'NetBpfLoader' from loader.cpp

This will make it easier to filter logcat.

Test: N/A
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibd4e0b04592e8b41cde651c5596ce84bd8893c19
 2024-04-20 00:03:19 +00:00
Maciej Żenczykowski
3218a81a57 NetBpfLoad: use exec path for api level 35+ (ie. V) 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I075b2a6166454d36599b0ecc25ccaeec545d183c
 2024-04-15 02:13:56 -07:00
Theodore Dubois
6e8c1aa03d NetBpfLoad: Get logs back 
r.android.com/3005052 changed the user id of the bpfloader service to
system, which cut off its access to /dev/kmsg, resulting in its logs
silently being dropped. Give back its access to /dev/kmsg.

See //system/core/init/README.md:

file <path> <type>

Open a file path and pass its fd to the launched process. type must be "r", "w" or "rw". For native executables see libcutils android_get_control_file().

and //system/libbase/logging.cpp's OpenKmsg()

Test: boot sdk_phone64_x86_64, check logs
Change-Id: I65f00545400140983737f3ff92e2c912eebce1fd
 2024-03-25 22:49:56 +00:00
Maciej Żenczykowski
732a14164f NetBpfLoad: rework mainline bpf execution codepath 
(for now for better testing we don't make V special)

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id2835bd393c0ec9e1710644681bc5aab0d7d2aae
 2024-03-19 21:45:21 +00:00
Maciej Żenczykowski
11141da623 NetBpfLoad: enable mainline on T+ 
Note:
   2 == BPFLOADER_S_VERSION
  19 == BPFLOADER_T_VERSION
  25 == BPFLOADER_OBJ_AT_VER_VERSION
  33 == BPFLOADER_IGNORED_ON_VERSION
  37 == BPFLOADER_U_VERSION [*]
  41 == BPFLOADER_V_VERSION [**]
and currently we have:
  42 == BPFLOADER_MAINLINE_VERSION
  43 == BPFLOADER_MAINLINE_T_VERSION
  44 == BPFLOADER_MAINLINE_U_VERSION
  45 == BPFLOADER_MAINLINE_V_VERSION

[*] udc-dev/udc-release are actually 38, as 37 was some earlier
    udc beta2 (2.1 ifirc), and beta3+ switched to 38

[**] 24Q{1,2}-release (ie. U QPR2+) are technically actually 41,
     but their platform bpfloader no longer even looks in /apex/com.android.tethering/etc/bpf/...
     so it doesn't really matter (although 24Q1's platform
     netbpfload still does, however that is obsoleted by
     this change)

Thus we need to (as minimum for NetBpfLoad):
  BPFLOADER_T_VERSION -> BPFLOADER_MAINLINE_T_VERSION
  BPFLOADER_IGNORED_ON_VERSION -> BPFLOADER_MAINLINE_U_VERSION
to cause these to load appropriately from mainline.

One would perhaps also expect (as minimum for NetBpfLoad):
  BPFLOADER_OBJ_AT_VERSION -> BPFLOADER_MAINLINE_U_VERSION
but (as maximum for platform bpfloader):
  BPFLOADER_OBJ_AT_VERSION -> BPFLOADER_MAINLINE_U_VERSION

However, since the goal is actually for those to load via mainline on T+,
(with the 'old' version of the .o's loading on S via platform bpfloader)
thus one actually needs (as minimum for NetBpfLoad):
  BPFLOADER_OBJ_AT_VERSION -> BPFLOADER_MAINLINE_T_VERSION
and (as maximum for platform bpfloader):
  BPFLOADER_OBJ_AT_VERSION -> BPFLOADER_T_VERSION

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I4b688692ffca0db7ead20cefd9e7e892ca92c70a
 2024-03-19 21:33:55 +00:00
Maciej Żenczykowski
a2706bf76c NetBpfLoad: add a few more consts for safety 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I4f59ec295b34d6942732bb5f636699385e998bba
 2024-03-18 22:28:25 -07:00
Maciej Żenczykowski
65f7022461 NetBpfLoad: chose bpfloader version at runtime based on Android OS 
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iee55d9c6f828f05d4096dff2e874abc6c41eadeb
 2024-03-18 15:02:53 -07:00
Maciej Żenczykowski
221b248c6e NetBpfLoad - change BPFLOADER_VERSION macro into an argument 
(in preparation for this being run-time dynamic)

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Icac8d1afdd3d55b80c232dd5a124a79a9063f350
 2024-03-18 14:40:08 -07:00
Maciej Żenczykowski
22836357ec NetBpfLoad: more 4.9-T support 
(older kernels don't support naming maps/programs)

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If59b8947021394e1ce0a91326fee4272a5bddd38
 2024-03-15 23:32:27 +00:00
Maciej Żenczykowski
0de80f1a9f Eliminate spurious COMPILE_FOR_BPFLOADER_VERSION macro 
and make platform bpf.o's target V's platform bpfloader.

Note that all mainline shipped bpf.o's already manually
specify BPFLOADER_MIN_VER.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I67b73969def24e1e169c70c5fb1a402bf6e8cabc
 2024-03-15 18:14:16 +00:00
Maciej Żenczykowski
7e5b09a37e netbpfload: add back support for 4.9-T kernels 
This effectively reverts aosp/2268766

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I42da5c56fe4b69635b9678ff57ade7788c17f7c8
 2024-03-11 12:40:33 +00:00
Maciej Żenczykowski
60414671ec NetBpfLoad: remove support for 'old' formats 
cannot happen as it only loads mainline code
that it was built (and tested) along side of.

ie. a failure here would cause a TH boot failure.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia350deb10b4e40c9f4f01ea140a0bf97db508086
 2024-03-08 19:31:17 +00:00
Maciej Żenczykowski
8c21593e6a netbpfload.rc - directly exec apex netbpfload 
(instead of going via platform symlink to it)

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5ae8105525733788b62f2866fc4eedcce3f51085
 2024-03-08 19:07:40 +00:00
Treehugger Robot
09f372dc4a Merge "netbpfload: is now *always* mainline" into main 2024-03-08 13:04:52 +00:00
Maciej Żenczykowski
59fb77f8bf NetBpfLoad: bump version to 0.42 
(this may well be the last version bump ever)

To get mainline version > any existing platform version.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I20c5dc515b0f94fae2c2fb6f45b6b8907fe7506e
 2024-03-08 08:00:48 +00:00
Maciej Żenczykowski
08d4b8c27b netbpfload: is now *always* mainline 
since there is no longer a platform netbpfload...
hence we can simplify

Now:
  git grep 'platformNetBpfLoad|apexNetBpfLoad|is_mainline|is_platform'
comes up empty

Test: TreeHugger, manual
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I834656bc4860386b6463db3f6a898d249a05e3a4
 2024-03-08 02:19:09 +00:00
Maciej Żenczykowski
e0dd869f25 Reapply "replace platform netbpfload binary with a symlink to apex" 
This reverts commit e636c61fd7.

Reason for revert: main is now building mainline modules from source

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0fc96a9eda10deed8f2d014fcb6f12a71ba73571
 2024-03-07 02:09:18 +00:00
Vaibhav Devmurari
e636c61fd7 Revert "replace platform netbpfload binary with a symlink to apex" 
This reverts commit 7f3d748cef.

Reason for revert: Potential cause for Build failures: b/328408957

Change-Id: I2a1e2375429ce1556362d369a97724c829b5aeb6
 2024-03-06 14:38:33 +00:00