commit 866420c61be751a29389ebfeaa213a93e86d8e0d
author Maciej Żenczykowski <maze@google.com> Tue Jun 21 09:05:41 2022 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Jun 21 09:05:41 2022 +0000
tree e9f25d50cce58636f922ffe86e0691b475e9e089
parent 5e8d2f3de93abe5da58f12780710758bc6bb1524
parent d1b3b02c27e3fb88dfa5f92c7a06fbe4ff3ff7cd

bpf_progs - eliminate netd.c dependency on UidConstants.h am: d1b3b02c27

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/18992477

Change-Id: I5d2e2c0aeefcea22a73bad837f7c5d9995f085af
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

bpf_progs/Android.bp

diff --git a/bpf_progs/Android.bp b/bpf_progs/Android.bp
index 45cb7eb..9e516bf 100644
--- a/bpf_progs/Android.bp
+++ b/bpf_progs/Android.bp
@@ -116,11 +116,6 @@
         "-Wall",
         "-Werror",
     ],
-    // need //frameworks/libs/net/common/netd/libnetdutils/include/netdutils/UidConstants.h
-    // MIN_SYSTEM_UID, MAX_SYSTEM_UID, PER_USER_RANGE
-    include_dirs: [
-        "frameworks/libs/net/common/netd/libnetdutils/include",
-    ],
     // WARNING: Android T's non-updatable netd depends on 'netd_shared' string for xt_bpf programs
     sub_dir: "netd_shared",
 }

bpf_progs/netd.c

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 3e24468..acb2f9c 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -28,7 +28,6 @@
 #include <linux/ipv6.h>
 #include <linux/pkt_cls.h>
 #include <linux/tcp.h>
-#include <netdutils/UidConstants.h>
 #include <stdbool.h>
 #include <stdint.h>
 #include "bpf_net_helpers.h"
@@ -78,7 +77,9 @@
 DEFINE_BPF_MAP_NO_NETD(iface_index_name_map, HASH, uint32_t, IfaceValue, IFACE_INDEX_NAME_MAP_SIZE)
 
 static __always_inline int is_system_uid(uint32_t uid) {
-    return (uid <= MAX_SYSTEM_UID) && (uid >= MIN_SYSTEM_UID);
+    // MIN_SYSTEM_UID is AID_ROOT == 0, so uint32_t is *always* >= 0
+    // MAX_SYSTEM_UID is AID_NOBODY == 9999, while AID_APP_START == 10000
+    return (uid < AID_APP_START);
 }
 
 /*
@@ -411,7 +412,7 @@
      * user at install time so we only check the appId part of a request uid at
      * run time. See UserHandle#isSameApp for detail.
      */
-    uint32_t appId = (gid_uid & 0xffffffff) % PER_USER_RANGE;
+    uint32_t appId = (gid_uid & 0xffffffff) % AID_USER_OFFSET;  // == PER_USER_RANGE == 100000
     uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&appId);
     if (!permissions) {
         // UID not in map. Default to just INTERNET permission.