commit 5f52f4f2fbd6ec3fbe7ecc9c286750935ed0788f
author Motomu Utsumi <motomuman@google.com> Thu Jun 30 03:31:09 2022 +0000
committer Motomu Utsumi <motomuman@google.com> Wed Jul 13 11:11:59 2022 +0000
tree e88699a7bdea66290a51606499cd97b480430246
parent 370ba4f3c597388ffc8db32a4df3634618922f08

Use java BpfMap in BpfNetMaps#addUidInterfaceRules

Bug: 217624062
Test: atest BpfNetMapsTest HostsideVpnTests#testBlockIncomingPacket
Change-Id: I8aeb4712c852167d553eb331f32d770582199b13

service/src/com/android/server/BpfNetMaps.java

diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index 6599c7f..f0e9ec4 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java
@@ -25,6 +25,7 @@
 import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
 import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
 import static android.system.OsConstants.EINVAL;
+import static android.system.OsConstants.ENODEV;
 import static android.system.OsConstants.ENOENT;
 import static android.system.OsConstants.EOPNOTSUPP;
 
@@ -60,6 +61,7 @@
 
     private static final String TAG = "BpfNetMaps";
     private final INetd mNetd;
+    private final Dependencies mDeps;
     // Use legacy netd for releases before T.
     private static boolean sInitialized = false;
 
@@ -163,6 +165,19 @@
         sInitialized = true;
     }
 
+    /**
+     * Dependencies of BpfNetMaps, for injection in tests.
+     */
+    @VisibleForTesting
+    public static class Dependencies {
+        /**
+         * Get interface index.
+         */
+        public int getIfIndex(final String ifName) {
+            return Os.if_nametoindex(ifName);
+        }
+    }
+
     /** Constructor used after T that doesn't need to use netd anymore. */
     public BpfNetMaps() {
         this(null);
@@ -171,10 +186,16 @@
     }
 
     public BpfNetMaps(final INetd netd) {
+        this(netd, new Dependencies());
+    }
+
+    @VisibleForTesting
+    public BpfNetMaps(final INetd netd, final Dependencies deps) {
         if (!PRE_T) {
             ensureInitialized();
         }
         mNetd = netd;
+        mDeps = deps;
     }
 
     /**
@@ -419,9 +440,24 @@
             mNetd.firewallAddUidInterfaceRules(ifName, uids);
             return;
         }
-        synchronized (sUidOwnerMap) {
-            final int err = native_addUidInterfaceRules(ifName, uids);
-            maybeThrow(err, "Unable to add uid interface rules");
+        // Null ifName is a wildcard to allow apps to receive packets on all interfaces and ifIndex
+        // is set to 0.
+        final int ifIndex;
+        if (ifName == null) {
+            ifIndex = 0;
+        } else {
+            ifIndex = mDeps.getIfIndex(ifName);
+            if (ifIndex == 0) {
+                throw new ServiceSpecificException(ENODEV,
+                        "Failed to get index of interface " + ifName);
+            }
+        }
+        for (final int uid: uids) {
+            try {
+                addRule(uid, IIF_MATCH, ifIndex, "addUidInterfaceRules");
+            } catch (ServiceSpecificException e) {
+                Log.e(TAG, "addRule failed uid=" + uid + " ifName=" + ifName + ", " + e);
+            }
         }
     }