Gitiles
Code Review Sign In
review.blissroms.org / platform_system_netd / bf660aae5f02ebc5e645634a94a66a2164d85cd8
commitbf660aae5f02ebc5e645634a94a66a2164d85cd8[log] [tgz]
authorChenbo Feng <fengc@google.com>Tue Feb 26 16:12:27 2019 -0800
committerChenbo Feng <fengc@google.com>Wed Apr 03 10:15:22 2019 -0700
treedd1948f7943e775a11ffd8d2d904a8bfdb51465f
parentbb0db5f7ced1e0b50be3f93d1eb24d7554a8d82d [diff]
Do not block system uid from creating inet socket

Some system uid such as root is not in the package list send to netd
when device start. But they should still have INTERNET permission. Add a
check in eBPF program to stop blocking them from creating sockets. Also
fix the name of program so it can be correctly identified. Also switch
the eBPF map from a whitelist to a blacklist, now only uids in the map
but not have PERMISSION_INTERNET bit set will get blocked. Otherwise the
eBPF map will not block the uid from creating inet/inet6 sockets.

Bug: 111560570
Bug: 128944261
Test: netd_integration_test
Change-Id: I0dd4e74a0f2b301ceea90829eda1564a4922e27a
7 files changed
tree: dd1948f7943e775a11ffd8d2d904a8bfdb51465f
  1. apex/
  2. bpf_progs/
  3. client/
  4. include/
  5. libnetdbpf/
  6. libnetdutils/
  7. netutils_wrappers/
  8. resolv/
  9. server/
  10. tests/
  11. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  12. .editorconfig
  13. Android.bp
  14. MODULE_LICENSE_APACHE2
  15. NOTICE
  16. OWNERS
  17. PREUPLOAD.cfg