Remove TrafficController
BpfNetMaps now updates bpf map by Java library and does not use
TrafficController.
Bug: 217624062
Test: TH
Change-Id: Id727cf7b79592e913c967156e6e224de338f5f65
diff --git a/service/jni/com_android_server_BpfNetMaps.cpp b/service/jni/com_android_server_BpfNetMaps.cpp
index 50a0635..29f6a60 100644
--- a/service/jni/com_android_server_BpfNetMaps.cpp
+++ b/service/jni/com_android_server_BpfNetMaps.cpp
@@ -14,179 +14,13 @@
* limitations under the License.
*/
-#define LOG_TAG "TrafficControllerJni"
-
-#include "TrafficController.h"
-
-#include "netd.h"
+#include "bpf/BpfUtils.h"
#include <jni.h>
-#include <log/log.h>
#include <nativehelper/JNIHelp.h>
-#include <nativehelper/ScopedUtfChars.h>
-#include <nativehelper/ScopedPrimitiveArray.h>
-#include <netjniutils/netjniutils.h>
-#include <net/if.h>
-#include <private/android_filesystem_config.h>
-#include <unistd.h>
-#include <vector>
-
-
-using android::net::TrafficController;
-using android::netdutils::Status;
-
-using UidOwnerMatchType::PENALTY_BOX_MATCH;
-using UidOwnerMatchType::HAPPY_BOX_MATCH;
-
-static android::net::TrafficController mTc;
namespace android {
-#define CHECK_LOG(status) \
- do { \
- if (!isOk(status)) \
- ALOGE("%s failed, error code = %d", __func__, status.code()); \
- } while (0)
-
-static void native_init(JNIEnv* env, jclass clazz, jboolean startSkDestroyListener) {
- Status status = mTc.start(startSkDestroyListener);
- CHECK_LOG(status);
- if (!isOk(status)) {
- uid_t uid = getuid();
- ALOGE("BpfNetMaps jni init failure as uid=%d", uid);
- // We probably only ever get called from system_server (ie. AID_SYSTEM)
- // or from tests, and never from network_stack (ie. AID_NETWORK_STACK).
- // However, if we ever do add calls from production network_stack code
- // we do want to make sure this initializes correctly.
- // TODO: Fix tests to not use this jni lib, so we can unconditionally abort()
- if (uid == AID_SYSTEM || uid == AID_NETWORK_STACK) abort();
- }
-}
-
-static jint native_addNaughtyApp(JNIEnv* env, jobject self, jint uid) {
- const uint32_t appUids = static_cast<uint32_t>(abs(uid));
- Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
- TrafficController::IptOp::IptOpInsert);
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static jint native_removeNaughtyApp(JNIEnv* env, jobject self, jint uid) {
- const uint32_t appUids = static_cast<uint32_t>(abs(uid));
- Status status = mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH,
- TrafficController::IptOp::IptOpDelete);
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static jint native_addNiceApp(JNIEnv* env, jobject self, jint uid) {
- const uint32_t appUids = static_cast<uint32_t>(abs(uid));
- Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
- TrafficController::IptOp::IptOpInsert);
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static jint native_removeNiceApp(JNIEnv* env, jobject self, jint uid) {
- const uint32_t appUids = static_cast<uint32_t>(abs(uid));
- Status status = mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH,
- TrafficController::IptOp::IptOpDelete);
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static jint native_setChildChain(JNIEnv* env, jobject self, jint childChain, jboolean enable) {
- auto chain = static_cast<ChildChain>(childChain);
- int res = mTc.toggleUidOwnerMap(chain, enable);
- if (res) ALOGE("%s failed, error code = %d", __func__, res);
- return (jint)res;
-}
-
-static jint native_replaceUidChain(JNIEnv* env, jobject self, jstring name, jboolean isAllowlist,
- jintArray jUids) {
- const ScopedUtfChars chainNameUtf8(env, name);
- if (chainNameUtf8.c_str() == nullptr) return -EINVAL;
- const std::string chainName(chainNameUtf8.c_str());
-
- ScopedIntArrayRO uids(env, jUids);
- if (uids.get() == nullptr) return -EINVAL;
-
- size_t size = uids.size();
- static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
- std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
- int res = mTc.replaceUidOwnerMap(chainName, isAllowlist, data);
- if (res) ALOGE("%s failed, error code = %d", __func__, res);
- return (jint)res;
-}
-
-static jint native_setUidRule(JNIEnv* env, jobject self, jint childChain, jint uid,
- jint firewallRule) {
- auto chain = static_cast<ChildChain>(childChain);
- auto rule = static_cast<FirewallRule>(firewallRule);
- FirewallType fType = mTc.getFirewallType(chain);
-
- int res = mTc.changeUidOwnerRule(chain, uid, rule, fType);
- if (res) ALOGE("%s failed, error code = %d", __func__, res);
- return (jint)res;
-}
-
-static jint native_addUidInterfaceRules(JNIEnv* env, jobject self, jstring ifName,
- jintArray jUids) {
- // Null ifName is a wildcard to allow apps to receive packets on all interfaces and ifIndex is
- // set to 0.
- int ifIndex = 0;
- if (ifName != nullptr) {
- const ScopedUtfChars ifNameUtf8(env, ifName);
- const std::string interfaceName(ifNameUtf8.c_str());
- ifIndex = if_nametoindex(interfaceName.c_str());
- }
-
- ScopedIntArrayRO uids(env, jUids);
- if (uids.get() == nullptr) return -EINVAL;
-
- size_t size = uids.size();
- static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
- std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
- Status status = mTc.addUidInterfaceRules(ifIndex, data);
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static jint native_removeUidInterfaceRules(JNIEnv* env, jobject self, jintArray jUids) {
- ScopedIntArrayRO uids(env, jUids);
- if (uids.get() == nullptr) return -EINVAL;
-
- size_t size = uids.size();
- static_assert(sizeof(*(uids.get())) == sizeof(int32_t));
- std::vector<int32_t> data ((int32_t *)&uids[0], (int32_t*)&uids[size]);
- Status status = mTc.removeUidInterfaceRules(data);
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static jint native_updateUidLockdownRule(JNIEnv* env, jobject self, jint uid, jboolean add) {
- Status status = mTc.updateUidLockdownRule(uid, add);
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static jint native_swapActiveStatsMap(JNIEnv* env, jobject self) {
- Status status = mTc.swapActiveStatsMap();
- CHECK_LOG(status);
- return (jint)status.code();
-}
-
-static void native_setPermissionForUids(JNIEnv* env, jobject self, jint permission,
- jintArray jUids) {
- ScopedIntArrayRO uids(env, jUids);
- if (uids.get() == nullptr) return;
-
- size_t size = uids.size();
- static_assert(sizeof(*(uids.get())) == sizeof(uid_t));
- std::vector<uid_t> data ((uid_t *)&uids[0], (uid_t*)&uids[size]);
- mTc.setPermissionForUids(permission, data);
-}
-
static jint native_synchronizeKernelRCU(JNIEnv* env, jobject self) {
return -bpf::synchronizeKernelRCU();
}
@@ -197,32 +31,6 @@
// clang-format off
static const JNINativeMethod gMethods[] = {
/* name, signature, funcPtr */
- {"native_init", "(Z)V",
- (void*)native_init},
- {"native_addNaughtyApp", "(I)I",
- (void*)native_addNaughtyApp},
- {"native_removeNaughtyApp", "(I)I",
- (void*)native_removeNaughtyApp},
- {"native_addNiceApp", "(I)I",
- (void*)native_addNiceApp},
- {"native_removeNiceApp", "(I)I",
- (void*)native_removeNiceApp},
- {"native_setChildChain", "(IZ)I",
- (void*)native_setChildChain},
- {"native_replaceUidChain", "(Ljava/lang/String;Z[I)I",
- (void*)native_replaceUidChain},
- {"native_setUidRule", "(III)I",
- (void*)native_setUidRule},
- {"native_addUidInterfaceRules", "(Ljava/lang/String;[I)I",
- (void*)native_addUidInterfaceRules},
- {"native_removeUidInterfaceRules", "([I)I",
- (void*)native_removeUidInterfaceRules},
- {"native_updateUidLockdownRule", "(IZ)I",
- (void*)native_updateUidLockdownRule},
- {"native_swapActiveStatsMap", "()I",
- (void*)native_swapActiveStatsMap},
- {"native_setPermissionForUids", "(I[I)V",
- (void*)native_setPermissionForUids},
{"native_synchronizeKernelRCU", "()I",
(void*)native_synchronizeKernelRCU},
};