Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_modules_Connectivity-old / d1b3b02c27e3fb88dfa5f92c7a06fbe4ff3ff7cd / . / netd / BpfHandler.cpp
blob: 003433919b61665993d3805776822bd858e179e8 [file] [log] [blame]
Ken Chen1647f602021-10-05 21:55:22 +0800[diff] [blame]1/**
2 * Copyright (c) 2022, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "BpfHandler"
18
19#include "BpfHandler.h"
20
21#include <linux/bpf.h>
22
23#include <android-base/unique_fd.h>
24#include <bpf/WaitForProgsLoaded.h>
25#include <log/log.h>
26#include <netdutils/UidConstants.h>
27#include <private/android_filesystem_config.h>
28
29#include "BpfSyscallWrappers.h"
30
31namespace android {
32namespace net {
33
34using base::unique_fd;
35using bpf::NONEXISTENT_COOKIE;
36using bpf::getSocketCookie;
37using bpf::retrieveProgram;
38using netdutils::Status;
39using netdutils::statusFromErrno;
40
41constexpr int PER_UID_STATS_ENTRIES_LIMIT = 500;
42// At most 90% of the stats map may be used by tagged traffic entries. This ensures
43// that 10% of the map is always available to count untagged traffic, one entry per UID.
44// Otherwise, apps would be able to avoid data usage accounting entirely by filling up the
45// map with tagged traffic entries.
46constexpr int TOTAL_UID_STATS_ENTRIES_LIMIT = STATS_MAP_SIZE * 0.9;
47
48static_assert(STATS_MAP_SIZE - TOTAL_UID_STATS_ENTRIES_LIMIT > 100,
49 "The limit for stats map is to high, stats data may be lost due to overflow");
50
51static Status attachProgramToCgroup(const char* programPath, const unique_fd& cgroupFd,
52 bpf_attach_type type) {
53 unique_fd cgroupProg(retrieveProgram(programPath));
54 if (cgroupProg == -1) {
55 int ret = errno;
56 ALOGE("Failed to get program from %s: %s", programPath, strerror(ret));
57 return statusFromErrno(ret, "cgroup program get failed");
58 }
59 if (android::bpf::attachProgram(type, cgroupProg, cgroupFd)) {
60 int ret = errno;
61 ALOGE("Program from %s attach failed: %s", programPath, strerror(ret));
62 return statusFromErrno(ret, "program attach failed");
63 }
64 return netdutils::status::ok;
65}
66
67static Status initPrograms(const char* cg2_path) {
68 unique_fd cg_fd(open(cg2_path, O_DIRECTORY | O_RDONLY | O_CLOEXEC));
69 if (cg_fd == -1) {
70 int ret = errno;
71 ALOGE("Failed to open the cgroup directory: %s", strerror(ret));
72 return statusFromErrno(ret, "Open the cgroup directory failed");
73 }
74 RETURN_IF_NOT_OK(attachProgramToCgroup(BPF_EGRESS_PROG_PATH, cg_fd, BPF_CGROUP_INET_EGRESS));
75 RETURN_IF_NOT_OK(attachProgramToCgroup(BPF_INGRESS_PROG_PATH, cg_fd, BPF_CGROUP_INET_INGRESS));
76
77 // For the devices that support cgroup socket filter, the socket filter
78 // should be loaded successfully by bpfloader. So we attach the filter to
79 // cgroup if the program is pinned properly.
80 // TODO: delete the if statement once all devices should support cgroup
81 // socket filter (ie. the minimum kernel version required is 4.14).
82 if (!access(CGROUP_SOCKET_PROG_PATH, F_OK)) {
83 RETURN_IF_NOT_OK(
84 attachProgramToCgroup(CGROUP_SOCKET_PROG_PATH, cg_fd, BPF_CGROUP_INET_SOCK_CREATE));
85 }
86 return netdutils::status::ok;
87}
88
89BpfHandler::BpfHandler()
90 : mPerUidStatsEntriesLimit(PER_UID_STATS_ENTRIES_LIMIT),
91 mTotalUidStatsEntriesLimit(TOTAL_UID_STATS_ENTRIES_LIMIT) {}
92
93BpfHandler::BpfHandler(uint32_t perUidLimit, uint32_t totalLimit)
94 : mPerUidStatsEntriesLimit(perUidLimit), mTotalUidStatsEntriesLimit(totalLimit) {}
95
96Status BpfHandler::init(const char* cg2_path) {
97 // Make sure BPF programs are loaded before doing anything
98 android::bpf::waitForProgsLoaded();
99 ALOGI("BPF programs are loaded");
100
101 RETURN_IF_NOT_OK(initPrograms(cg2_path));
102 RETURN_IF_NOT_OK(initMaps());
103
104 return netdutils::status::ok;
105}
106
107Status BpfHandler::initMaps() {
108 std::lock_guard guard(mMutex);
109 RETURN_IF_NOT_OK(mCookieTagMap.init(COOKIE_TAG_MAP_PATH));
110 RETURN_IF_NOT_OK(mStatsMapA.init(STATS_MAP_A_PATH));
111 RETURN_IF_NOT_OK(mStatsMapB.init(STATS_MAP_B_PATH));
112 RETURN_IF_NOT_OK(mConfigurationMap.init(CONFIGURATION_MAP_PATH));
113 RETURN_IF_NOT_OK(mConfigurationMap.writeValue(CURRENT_STATS_MAP_CONFIGURATION_KEY, SELECT_MAP_A,
114 BPF_ANY));
115 RETURN_IF_NOT_OK(mUidPermissionMap.init(UID_PERMISSION_MAP_PATH));
116
117 return netdutils::status::ok;
118}
119
120bool BpfHandler::hasUpdateDeviceStatsPermission(uid_t uid) {
121 // This implementation is the same logic as method ActivityManager#checkComponentPermission.
122 // It implies that the real uid can never be the same as PER_USER_RANGE.
123 uint32_t appId = uid % PER_USER_RANGE;
124 auto permission = mUidPermissionMap.readValue(appId);
125 if (permission.ok() && (permission.value() & BPF_PERMISSION_UPDATE_DEVICE_STATS)) {
126 return true;
127 }
128 return ((appId == AID_ROOT) || (appId == AID_SYSTEM) || (appId == AID_DNS));
129}
130
131int BpfHandler::tagSocket(int sockFd, uint32_t tag, uid_t chargeUid, uid_t realUid) {
132 std::lock_guard guard(mMutex);
133 if (chargeUid != realUid && !hasUpdateDeviceStatsPermission(realUid)) {
134 return -EPERM;
135 }
136
Hungming Chen436547e2022-02-18 17:52:11 +0800[diff] [blame]137 // Note that tagging the socket to AID_CLAT is only implemented in JNI ClatCoordinator.
138 // The process is not allowed to tag socket to AID_CLAT via tagSocket() which would cause
139 // process data usage accounting to be bypassed. Tagging AID_CLAT is used for avoiding counting
140 // CLAT traffic data usage twice. See packages/modules/Connectivity/service/jni/
141 // com_android_server_connectivity_ClatCoordinator.cpp
142 if (chargeUid == AID_CLAT) {
143 return -EPERM;
144 }
145
Hungming Chen478c0eb2022-03-04 21:16:59 +0800[diff] [blame]146 // The socket destroy listener only monitors on the group {INET_TCP, INET_UDP, INET6_TCP,
147 // INET6_UDP}. Tagging listener unsupported socket causes that the tag can't be removed from
148 // tag map automatically. Eventually, the tag map may run out of space because of dead tag
Hungming Chenbcc0f5b2022-03-07 14:13:49 +0800[diff] [blame]149 // entries. Note that although tagSocket() of net client has already denied the family which
150 // is neither AF_INET nor AF_INET6, the family validation is still added here just in case.
151 // See tagSocket in system/netd/client/NetdClient.cpp and
152 // TrafficController::makeSkDestroyListener in
Hungming Chen478c0eb2022-03-04 21:16:59 +0800[diff] [blame]153 // packages/modules/Connectivity/service/native/TrafficController.cpp
154 // TODO: remove this once the socket destroy listener can detect more types of socket destroy.
Hungming Chenbcc0f5b2022-03-07 14:13:49 +0800[diff] [blame]155 int socketFamily;
156 socklen_t familyLen = sizeof(socketFamily);
157 if (getsockopt(sockFd, SOL_SOCKET, SO_DOMAIN, &socketFamily, &familyLen)) {
158 ALOGE("Failed to getsockopt SO_DOMAIN: %s, fd: %d", strerror(errno), sockFd);
Hungming Chen478c0eb2022-03-04 21:16:59 +0800[diff] [blame]159 return -errno;
Hungming Chenbcc0f5b2022-03-07 14:13:49 +0800[diff] [blame]160 }
161 if (socketFamily != AF_INET && socketFamily != AF_INET6) {
162 ALOGE("Unsupported family: %d", socketFamily);
163 return -EAFNOSUPPORT;
164 }
165
166 int socketProto;
167 socklen_t protoLen = sizeof(socketProto);
168 if (getsockopt(sockFd, SOL_SOCKET, SO_PROTOCOL, &socketProto, &protoLen)) {
169 ALOGE("Failed to getsockopt SO_PROTOCOL: %s, fd: %d", strerror(errno), sockFd);
170 return -errno;
171 }
172 if (socketProto != IPPROTO_UDP && socketProto != IPPROTO_TCP) {
173 ALOGE("Unsupported protocol: %d", socketProto);
174 return -EPROTONOSUPPORT;
Hungming Chen478c0eb2022-03-04 21:16:59 +0800[diff] [blame]175 }
176
Ken Chen1647f602021-10-05 21:55:22 +0800[diff] [blame]177 uint64_t sock_cookie = getSocketCookie(sockFd);
178 if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
179 UidTagValue newKey = {.uid = (uint32_t)chargeUid, .tag = tag};
180
181 uint32_t totalEntryCount = 0;
182 uint32_t perUidEntryCount = 0;
183 // Now we go through the stats map and count how many entries are associated
184 // with chargeUid. If the uid entry hit the limit for each chargeUid, we block
185 // the request to prevent the map from overflow. It is safe here to iterate
186 // over the map since when mMutex is hold, system server cannot toggle
187 // the live stats map and clean it. So nobody can delete entries from the map.
188 const auto countUidStatsEntries = [chargeUid, &totalEntryCount, &perUidEntryCount](
189 const StatsKey& key,
190 const BpfMap<StatsKey, StatsValue>&) {
191 if (key.uid == chargeUid) {
192 perUidEntryCount++;
193 }
194 totalEntryCount++;
195 return base::Result<void>();
196 };
197 auto configuration = mConfigurationMap.readValue(CURRENT_STATS_MAP_CONFIGURATION_KEY);
198 if (!configuration.ok()) {
199 ALOGE("Failed to get current configuration: %s, fd: %d",
200 strerror(configuration.error().code()), mConfigurationMap.getMap().get());
201 return -configuration.error().code();
202 }
203 if (configuration.value() != SELECT_MAP_A && configuration.value() != SELECT_MAP_B) {
204 ALOGE("unknown configuration value: %d", configuration.value());
205 return -EINVAL;
206 }
207
208 BpfMap<StatsKey, StatsValue>& currentMap =
209 (configuration.value() == SELECT_MAP_A) ? mStatsMapA : mStatsMapB;
Maciej Żenczykowskieb9b6fa2022-06-13 17:28:41 -0700[diff] [blame]210 // HACK: mStatsMapB becomes RW BpfMap here, but countUidStatsEntries doesn't modify so it works
Ken Chen1647f602021-10-05 21:55:22 +0800[diff] [blame]211 base::Result<void> res = currentMap.iterate(countUidStatsEntries);
212 if (!res.ok()) {
213 ALOGE("Failed to count the stats entry in map %d: %s", currentMap.getMap().get(),
214 strerror(res.error().code()));
215 return -res.error().code();
216 }
217
218 if (totalEntryCount > mTotalUidStatsEntriesLimit ||
219 perUidEntryCount > mPerUidStatsEntriesLimit) {
220 ALOGE("Too many stats entries in the map, total count: %u, chargeUid(%u) count: %u,"
221 " blocking tag request to prevent map overflow",
222 totalEntryCount, chargeUid, perUidEntryCount);
223 return -EMFILE;
224 }
225 // Update the tag information of a socket to the cookieUidMap. Use BPF_ANY
226 // flag so it will insert a new entry to the map if that value doesn't exist
227 // yet. And update the tag if there is already a tag stored. Since the eBPF
228 // program in kernel only read this map, and is protected by rcu read lock. It
229 // should be fine to cocurrently update the map while eBPF program is running.
230 res = mCookieTagMap.writeValue(sock_cookie, newKey, BPF_ANY);
231 if (!res.ok()) {
232 ALOGE("Failed to tag the socket: %s, fd: %d", strerror(res.error().code()),
233 mCookieTagMap.getMap().get());
234 return -res.error().code();
235 }
236 return 0;
237}
238
239int BpfHandler::untagSocket(int sockFd) {
240 std::lock_guard guard(mMutex);
241 uint64_t sock_cookie = getSocketCookie(sockFd);
242
243 if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
244 base::Result<void> res = mCookieTagMap.deleteValue(sock_cookie);
245 if (!res.ok()) {
246 ALOGE("Failed to untag socket: %s\n", strerror(res.error().code()));
247 return -res.error().code();
248 }
249 return 0;
250}
251
252} // namespace net
253} // namespace android