Android-x86
Fork
Spenden

  • R/O
  • HTTP
  • SSH
  • HTTPS

system-netd: Commit

system/netd


Commit MetaInfo

Revisionfea3956fb7116e451abeab0c17a15145e1697cd0 (tree)
Zeit2017-08-10 10:48:06
AutorLorenzo Colitti <lorenzo@goog...>
CommiterChih-Wei Huang

Log Message

Set both legacy and new UID routing attributes.

This should work on kernels that support either, as long as they
are older than 4.8.

Test: netd_integration_test passes with updated iproute and kernel
Test: netd_integration_test passes with existing iproute and kernel
Test: ConnectivityManagerTest and HostsideVpnTests pass on existing kernel
Test: ConnectivityManagerTest and HostsideVpnTests pass on updated kernel
Bug: 16355602
Change-Id: I9a2ef08ba2782587f43ea7d0609f5f07f6c3adb0

Ändern Zusammenfassung

Diff

--- a/server/RouteController.cpp
+++ b/server/RouteController.cpp
@@ -73,15 +73,19 @@ const char* const ROUTE_TABLE_NAME_LEGACY_SYSTEM = "legacy_system";
7373 const char* const ROUTE_TABLE_NAME_LOCAL = "local";
7474 const char* const ROUTE_TABLE_NAME_MAIN = "main";
7575
76-// TODO: These values aren't defined by the Linux kernel, because our UID routing changes are not
77-// upstream (yet?), so we can't just pick them up from kernel headers. When (if?) the changes make
78-// it upstream, we'll remove this and rely on the kernel header values. For now, add a static assert
79-// that will warn us if upstream has given these values some other meaning.
76+// TODO: These values aren't defined by the Linux kernel, because legacy UID routing (as used in N
77+// and below) was not upstreamed. Now that the UID routing code is upstream, we should remove these
78+// and rely on the kernel header values.
8079 const uint16_t FRA_UID_START = 18;
8180 const uint16_t FRA_UID_END = 19;
82-static_assert(FRA_UID_START > FRA_MAX,
83- "Android-specific FRA_UID_{START,END} values also assigned in Linux uapi. "
84- "Check that these values match what the kernel does and then update this assertion.");
81+
82+// These values are upstream, but not yet in our headers.
83+// TODO: delete these definitions when updating the headers.
84+const uint16_t FRA_UID_RANGE = 20;
85+struct fib_rule_uid_range {
86+ __u32 start;
87+ __u32 end;
88+};
8589
8690 const uint16_t NETLINK_REQUEST_FLAGS = NLM_F_REQUEST | NLM_F_ACK;
8791 const uint16_t NETLINK_CREATE_REQUEST_FLAGS = NETLINK_REQUEST_FLAGS | NLM_F_CREATE | NLM_F_EXCL;
@@ -113,15 +117,16 @@ constexpr uint16_t U16_RTA_LENGTH(uint16_t x) {
113117
114118 // These are practically const, but can't be declared so, because they are used to initialize
115119 // non-const pointers ("void* iov_base") in iovec arrays.
116-rtattr FRATTR_PRIORITY = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_PRIORITY };
117-rtattr FRATTR_TABLE = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_TABLE };
118-rtattr FRATTR_FWMARK = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_FWMARK };
119-rtattr FRATTR_FWMASK = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_FWMASK };
120-rtattr FRATTR_UID_START = { U16_RTA_LENGTH(sizeof(uid_t)), FRA_UID_START };
121-rtattr FRATTR_UID_END = { U16_RTA_LENGTH(sizeof(uid_t)), FRA_UID_END };
120+rtattr FRATTR_PRIORITY = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_PRIORITY };
121+rtattr FRATTR_TABLE = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_TABLE };
122+rtattr FRATTR_FWMARK = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_FWMARK };
123+rtattr FRATTR_FWMASK = { U16_RTA_LENGTH(sizeof(uint32_t)), FRA_FWMASK };
124+rtattr FRATTR_UID_START = { U16_RTA_LENGTH(sizeof(uid_t)), FRA_UID_START };
125+rtattr FRATTR_UID_END = { U16_RTA_LENGTH(sizeof(uid_t)), FRA_UID_END };
126+rtattr FRATTR_UID_RANGE = { U16_RTA_LENGTH(sizeof(fib_rule_uid_range)), FRA_UID_RANGE };
122127
123-rtattr RTATTR_TABLE = { U16_RTA_LENGTH(sizeof(uint32_t)), RTA_TABLE };
124-rtattr RTATTR_OIF = { U16_RTA_LENGTH(sizeof(uint32_t)), RTA_OIF };
128+rtattr RTATTR_TABLE = { U16_RTA_LENGTH(sizeof(uint32_t)), RTA_TABLE };
129+rtattr RTATTR_OIF = { U16_RTA_LENGTH(sizeof(uint32_t)), RTA_OIF };
125130
126131 uint8_t PADDING_BUFFER[RTA_ALIGNTO] = {0, 0, 0, 0};
127132
@@ -308,6 +313,7 @@ WARN_UNUSED_RESULT int modifyIpRule(uint16_t action, uint32_t priority, uint8_t
308313
309314 rtattr fraIifName = { U16_RTA_LENGTH(iifLength), FRA_IIFNAME };
310315 rtattr fraOifName = { U16_RTA_LENGTH(oifLength), FRA_OIFNAME };
316+ struct fib_rule_uid_range uidRange = { uidStart, uidEnd };
311317
312318 iovec iov[] = {
313319 { NULL, 0 },
@@ -320,10 +326,20 @@ WARN_UNUSED_RESULT int modifyIpRule(uint16_t action, uint32_t priority, uint8_t
320326 { &fwmark, mask ? sizeof(fwmark) : 0 },
321327 { &FRATTR_FWMASK, mask ? sizeof(FRATTR_FWMASK) : 0 },
322328 { &mask, mask ? sizeof(mask) : 0 },
329+ // Rules that contain both legacy and new UID routing attributes will work on old kernels,
330+ // which will simply ignore the FRA_UID_RANGE attribute since it is larger than their
331+ // FRA_MAX. They will also work on kernels that are not too new:
332+ // - FRA_UID_START clashes with FRA_PAD in 4.7, but that shouldn't be a problem because
333+ // FRA_PAD has no validation.
334+ // - FRA_UID_END clashes with FRA_L3MDEV in 4.8 and above, and will cause an error because
335+ // FRA_L3MDEV has a maximum length of 1.
336+ // TODO: delete the legacy UID routing code before running it on 4.8 or above.
323337 { &FRATTR_UID_START, isUidRule ? sizeof(FRATTR_UID_START) : 0 },
324338 { &uidStart, isUidRule ? sizeof(uidStart) : 0 },
325339 { &FRATTR_UID_END, isUidRule ? sizeof(FRATTR_UID_END) : 0 },
326340 { &uidEnd, isUidRule ? sizeof(uidEnd) : 0 },
341+ { &FRATTR_UID_RANGE, isUidRule ? sizeof(FRATTR_UID_RANGE) : 0 },
342+ { &uidRange, isUidRule ? sizeof(uidRange) : 0 },
327343 { &fraIifName, iif != IIF_NONE ? sizeof(fraIifName) : 0 },
328344 { iifName, iifLength },
329345 { PADDING_BUFFER, iifPadding },
Show on old repository browser