Gitiles
Code Review Sign In
review.blissroms.org / packages_modules_Connectivity / c350db788ac68d641e15403ddab379f3155aff41^! / . / service / src / com / android / server / BpfNetMaps.java
commitc350db788ac68d641e15403ddab379f3155aff41[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Wed Nov 08 23:40:50 2023 -0800
committerMaciej Żenczykowski <maze@google.com>Thu Nov 09 11:08:58 2023 +0000
treeedcbf7c02c67a0981a1ec0ac4f72a97e96db72c6
parentd97fdbb3bcf53ae50989144b606647aabcdb27b0 [diff] [blame]
switch SynchronizeKernelRCU back to jni - but from BpfMap

we can't use java for this, because pre-U-QPR2 does not include:
  https://android-review.googlesource.com/c/platform/system/sepolicy/+/2821590
  system_server dontaudit key_socket getopt

so we'll spew lots of:
  11-08 07:52:43.776 1469 1469 I auditd : type=1400 audit(0.0:4): avc: denied { getopt } for comm="system_server" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=key_socket permissive=0
  11-08 07:52:44.360 1469 1469 I auditd : type=1400 audit(0.0:5): avc: denied { getopt } for comm="NetworkStats" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=key_socket permissive=0
  11-08 07:52:44.508 1469 1469 I auditd : type=1400 audit(0.0:7): avc: denied { getopt } for comm="android.bg" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=key_socket permissive=0
and the like.

This is due to Java's Os.close() in:
  libcore/luni/src/main/java/libcore/io/BlockGuardOs.java;l=100
calling:
  if (fd.isSocket$()) if (isLingerSocket(fd)) ...

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib87fa5e8f0dfd9fbbccb25fb58a9fa78d6a07111

diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index 086d276..ad9cfbe 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java

@@ -45,8 +45,6 @@
 import static android.system.OsConstants.ENODEV;
 import static android.system.OsConstants.ENOENT;
 import static android.system.OsConstants.EOPNOTSUPP;
-import static android.system.OsConstants.SOCK_RAW;
-import static android.system.OsConstants.SOCK_CLOEXEC;
 
 import static com.android.server.ConnectivityStatsLog.NETWORK_BPF_MAP_INFO;
 
@@ -327,19 +325,9 @@
          */
         @RequiresApi(Build.VERSION_CODES.TIRAMISU)
         public int synchronizeKernelRCU() {
-            // See p/m/C's staticlibs/native/bpf_headers/include/bpf/BpfUtils.h
-            // for equivalent C implementation of this function.
             try {
-                // When closing socket, kernel calls synchronize_rcu()
-                // from pf_key's sock_release().
-                // Constants from //bionic/libc/include/sys/socket.h: AF_KEY=15
-                // and kernel's include/uapi/linux/pfkeyv2.h: PF_KEY_V2=2
-                Os.close(Os.socket(15 /*PF_KEY*/, SOCK_RAW | SOCK_CLOEXEC, 2));
+                BpfMap.synchronizeKernelRCU();
             } catch (ErrnoException e) {
-                // socket() can only fail due to lack of privs (selinux) or OOM,
-                // close() always succeeds, but may return a pending error,
-                // however on a freshly opened socket that cannot happen.
-                // As such this failing is basically a build configuration error.
                 return -e.errno;
             }
             return 0;