Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 15f9731efc59deb271eb8086d05f532209c8561e^! / . / netbpfload / NetBpfLoad.cpp
commit15f9731efc59deb271eb8086d05f532209c8561e[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Thu Jun 13 14:11:28 2024 -0700
committerMaciej Żenczykowski <maze@google.com>Fri Jun 14 05:48:49 2024 -0700
tree3837b5404c3b6fab2afaeb803239d310a3c2c536
parentc390083c0cec02f09a208ff0cd63da5dd1824322 [diff] [blame]
NetBpfLoad: change condition for when we execute platform bpfloader

Note that 'true iff U QPR3 or V+' comment is subtle.

netbpfload.35rc runs netbpfload as 'root' uid, so V+ is obvious.

However, netbpfload.33rc runs netbpfload as 'system' uid, so one
would think that this isn't true on T/U.

However the U QPR2 and U QPR3 'service bpfloader' actually run
platform netbpfload, and the U QPR3 platform netbpfload immediately
executes the apex provided netbpfload...

Once the apex netbpfload finishes mainline init is considered
'done', and thus we won't (need to) start service mdnsd_netbpfload.

As a result even on U QPR3, we never run netbpfload as system uid.

Test: TreeHugger
Change-Id: I02661dff07c317394a9d8ba3d48e4cb9cd694fd0
Signed-off-by: Maciej Żenczykowski <maze@google.com>

diff --git a/netbpfload/NetBpfLoad.cpp b/netbpfload/NetBpfLoad.cpp
index fefe99b..e9f8e7c 100644
--- a/netbpfload/NetBpfLoad.cpp
+++ b/netbpfload/NetBpfLoad.cpp

@@ -254,7 +254,7 @@
 }
 
 static int doLoad(char** argv, char * const envp[]) {
-    const bool runningAsRoot = !getuid();
+    const bool runningAsRoot = !getuid();  // true iff U QPR3 or V+
     const int device_api_level = android_get_device_api_level();
     const bool isAtLeastT = (device_api_level >= __ANDROID_API_T__);
     const bool isAtLeastU = (device_api_level >= __ANDROID_API_U__);
@@ -456,17 +456,25 @@
         return 1;
     }
 
-    if (isAtLeastV) {
-        ALOGI("done, transferring control to platform bpfloader.");
+    // leave a flag that we're done
+    if (createSysFsBpfSubDir("netd_shared/mainline_done")) return 1;
 
-        const char * args[] = { platformBpfLoader, NULL, };
-        execve(args[0], (char**)args, envp);
-        ALOGE("FATAL: execve('%s'): %d[%s]", platformBpfLoader, errno, strerror(errno));
-        return 1;
+    // platform bpfloader will only succeed when run as root
+    if (!runningAsRoot) {
+        // unreachable on U QPR3+ which always runs netbpfload as root
+
+        ALOGI("mainline done, no need to transfer control to platform bpf loader.");
+        return 0;
     }
 
-    ALOGI("mainline done!");
-    return 0;
+    // unreachable before U QPR3
+    ALOGI("done, transferring control to platform bpfloader.");
+
+    // platform BpfLoader *needs* to run as root
+    const char * args[] = { platformBpfLoader, NULL, };
+    execve(args[0], (char**)args, envp);
+    ALOGE("FATAL: execve('%s'): %d[%s]", platformBpfLoader, errno, strerror(errno));
+    return 1;
 }
 
 }  // namespace bpf