Merge "Add IPPrefix.contains()"
diff --git a/staticlibs/device/com/android/net/module/util/BpfMap.java b/staticlibs/device/com/android/net/module/util/BpfMap.java
index f1420c2..0ee862a 100644
--- a/staticlibs/device/com/android/net/module/util/BpfMap.java
+++ b/staticlibs/device/com/android/net/module/util/BpfMap.java
@@ -18,6 +18,7 @@
import static android.system.OsConstants.EEXIST;
import static android.system.OsConstants.ENOENT;
+import android.os.ParcelFileDescriptor;
import android.system.ErrnoException;
import androidx.annotation.NonNull;
@@ -26,6 +27,7 @@
import com.android.net.module.util.Struct;
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.util.NoSuchElementException;
@@ -57,7 +59,7 @@
private static final int BPF_NOEXIST = 1;
private static final int BPF_EXIST = 2;
- private final int mMapFd;
+ private final ParcelFileDescriptor mMapFd;
private final Class<K> mKeyClass;
private final Class<V> mValueClass;
private final int mKeySize;
@@ -72,8 +74,7 @@
*/
public BpfMap(@NonNull final String path, final int flag, final Class<K> key,
final Class<V> value) throws ErrnoException, NullPointerException {
- mMapFd = bpfFdGet(path, flag);
-
+ mMapFd = ParcelFileDescriptor.adoptFd(bpfFdGet(path, flag));
mKeyClass = key;
mValueClass = value;
mKeySize = Struct.getSize(key);
@@ -85,10 +86,11 @@
* The derived class implements an internal mocked map. It need to implement all functions
* which are related with the native BPF map because the BPF map handler is not initialized.
* See BpfCoordinatorTest#TestBpfMap.
+ * TODO: remove once TestBpfMap derive from IBpfMap.
*/
@VisibleForTesting
protected BpfMap(final Class<K> key, final Class<V> value) {
- mMapFd = -1;
+ mMapFd = ParcelFileDescriptor.adoptFd(-1 /*invalid*/); // unused
mKeyClass = key;
mValueClass = value;
mKeySize = Struct.getSize(key);
@@ -101,7 +103,7 @@
*/
@Override
public void updateEntry(K key, V value) throws ErrnoException {
- writeToMapEntry(mMapFd, key.writeToBytes(), value.writeToBytes(), BPF_ANY);
+ writeToMapEntry(mMapFd.getFd(), key.writeToBytes(), value.writeToBytes(), BPF_ANY);
}
/**
@@ -112,7 +114,7 @@
public void insertEntry(K key, V value)
throws ErrnoException, IllegalStateException {
try {
- writeToMapEntry(mMapFd, key.writeToBytes(), value.writeToBytes(), BPF_NOEXIST);
+ writeToMapEntry(mMapFd.getFd(), key.writeToBytes(), value.writeToBytes(), BPF_NOEXIST);
} catch (ErrnoException e) {
if (e.errno == EEXIST) throw new IllegalStateException(key + " already exists");
@@ -128,7 +130,7 @@
public void replaceEntry(K key, V value)
throws ErrnoException, NoSuchElementException {
try {
- writeToMapEntry(mMapFd, key.writeToBytes(), value.writeToBytes(), BPF_EXIST);
+ writeToMapEntry(mMapFd.getFd(), key.writeToBytes(), value.writeToBytes(), BPF_EXIST);
} catch (ErrnoException e) {
if (e.errno == ENOENT) throw new NoSuchElementException(key + " not found");
@@ -146,13 +148,13 @@
public boolean insertOrReplaceEntry(K key, V value)
throws ErrnoException {
try {
- writeToMapEntry(mMapFd, key.writeToBytes(), value.writeToBytes(), BPF_NOEXIST);
+ writeToMapEntry(mMapFd.getFd(), key.writeToBytes(), value.writeToBytes(), BPF_NOEXIST);
return true; /* insert succeeded */
} catch (ErrnoException e) {
if (e.errno != EEXIST) throw e;
}
try {
- writeToMapEntry(mMapFd, key.writeToBytes(), value.writeToBytes(), BPF_EXIST);
+ writeToMapEntry(mMapFd.getFd(), key.writeToBytes(), value.writeToBytes(), BPF_EXIST);
return false; /* replace succeeded */
} catch (ErrnoException e) {
if (e.errno != ENOENT) throw e;
@@ -169,7 +171,7 @@
/** Remove existing key from eBpf map. Return false if map was not modified. */
@Override
public boolean deleteEntry(K key) throws ErrnoException {
- return deleteMapEntry(mMapFd, key.writeToBytes());
+ return deleteMapEntry(mMapFd.getFd(), key.writeToBytes());
}
/** Returns {@code true} if this map contains no elements. */
@@ -202,7 +204,7 @@
private byte[] getNextRawKey(@Nullable final byte[] key) throws ErrnoException {
byte[] nextKey = new byte[mKeySize];
- if (getNextMapKey(mMapFd, key, nextKey)) return nextKey;
+ if (getNextMapKey(mMapFd.getFd(), key, nextKey)) return nextKey;
return null;
}
@@ -237,7 +239,7 @@
private byte[] getRawValue(final byte[] key) throws ErrnoException {
byte[] value = new byte[mValueSize];
- if (findMapEntry(mMapFd, key, value)) return value;
+ if (findMapEntry(mMapFd.getFd(), key, value)) return value;
return null;
}
@@ -262,8 +264,8 @@
}
@Override
- public void close() throws ErrnoException {
- closeMap(mMapFd);
+ public void close() throws IOException {
+ mMapFd.close();
}
/**
@@ -281,8 +283,6 @@
}
}
- private static native int closeMap(int fd) throws ErrnoException;
-
private native int bpfFdGet(String path, int mode) throws ErrnoException, NullPointerException;
private native void writeToMapEntry(int fd, byte[] key, byte[] value, int flags)
diff --git a/staticlibs/framework/com/android/net/module/util/PerUidCounter.java b/staticlibs/framework/com/android/net/module/util/PerUidCounter.java
new file mode 100644
index 0000000..7e0526d
--- /dev/null
+++ b/staticlibs/framework/com/android/net/module/util/PerUidCounter.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.net.module.util;
+
+import android.util.SparseIntArray;
+
+import com.android.internal.annotations.GuardedBy;
+import com.android.internal.annotations.VisibleForTesting;
+
+/**
+ * Keeps track of the counters under different uid, fire exception if the counter
+ * exceeded the specified maximum value.
+ *
+ * @hide
+ */
+public class PerUidCounter {
+ private final int mMaxCountPerUid;
+
+ // Map from UID to count that UID has filed.
+ @VisibleForTesting
+ @GuardedBy("mUidToCount")
+ final SparseIntArray mUidToCount = new SparseIntArray();
+
+ /**
+ * Constructor
+ *
+ * @param maxCountPerUid the maximum count per uid allowed
+ */
+ public PerUidCounter(final int maxCountPerUid) {
+ if (maxCountPerUid < 0) {
+ throw new IllegalArgumentException("Maximum counter value cannot be negative");
+ }
+ mMaxCountPerUid = maxCountPerUid;
+ }
+
+ /**
+ * Increments the count of the given uid. Throws an exception if the number
+ * of the counter for the uid exceeds the value of maxCounterPerUid which is the value
+ * passed into the constructor. see: {@link #PerUidCounter(int)}.
+ *
+ * @throws IllegalStateException if the number of counter for the uid exceed
+ * the allowed number.
+ *
+ * @param uid the uid that the counter was made under
+ */
+ public void incrementCountOrThrow(final int uid) {
+ synchronized (mUidToCount) {
+ incrementCountOrThrow(uid, 1 /* numToIncrement */);
+ }
+ }
+
+ public void incrementCountOrThrow(final int uid, final int numToIncrement) {
+ if (numToIncrement <= 0) {
+ throw new IllegalArgumentException("Increment count must be positive");
+ }
+ final long newCount = ((long) mUidToCount.get(uid, 0)) + numToIncrement;
+ if (newCount > mMaxCountPerUid) {
+ throw new IllegalStateException("Uid " + uid + " exceeded its allowed limit");
+ }
+ // Since the count cannot be greater than Integer.MAX_VALUE here,
+ // it is safe to cast to int.
+ mUidToCount.put(uid, (int) newCount);
+ }
+
+ /**
+ * Decrements the count of the given uid. Throws an exception if the number
+ * of the counter goes below zero.
+ *
+ * @throws IllegalStateException if the number of counter for the uid goes below
+ * zero.
+ *
+ * @param uid the uid that the count was made under
+ */
+ public void decrementCountOrThrow(final int uid) {
+ synchronized (mUidToCount) {
+ decrementCountOrThrow(uid, 1 /* numToDecrement */);
+ }
+ }
+
+ public void decrementCountOrThrow(final int uid, final int numToDecrement) {
+ if (numToDecrement <= 0) {
+ throw new IllegalArgumentException("Decrement count must be positive");
+ }
+ final int newCount = mUidToCount.get(uid, 0) - numToDecrement;
+ if (newCount < 0) {
+ throw new IllegalStateException("BUG: too small count " + newCount + " for UID " + uid);
+ } else if (newCount == 0) {
+ mUidToCount.delete(uid);
+ } else {
+ mUidToCount.put(uid, newCount);
+ }
+ }
+}
diff --git a/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp b/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
index e25e17d..e3f48e5 100644
--- a/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
+++ b/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
@@ -27,15 +27,6 @@
namespace android {
-static jint com_android_net_module_util_BpfMap_closeMap(JNIEnv *env, jobject clazz,
- jint fd) {
- int ret = close(fd);
-
- if (ret) jniThrowErrnoException(env, "closeMap", errno);
-
- return ret;
-}
-
static jint com_android_net_module_util_BpfMap_bpfFdGet(JNIEnv *env, jobject clazz,
jstring path, jint mode) {
ScopedUtfChars pathname(env, path);
@@ -112,8 +103,6 @@
*/
static const JNINativeMethod gMethods[] = {
/* name, signature, funcPtr */
- { "closeMap", "(I)I",
- (void*) com_android_net_module_util_BpfMap_closeMap },
{ "bpfFdGet", "(Ljava/lang/String;I)I",
(void*) com_android_net_module_util_BpfMap_bpfFdGet },
{ "writeToMapEntry", "(I[B[BI)V",
diff --git a/staticlibs/tests/unit/src/com/android/net/module/util/PerUidCounterTest.kt b/staticlibs/tests/unit/src/com/android/net/module/util/PerUidCounterTest.kt
new file mode 100644
index 0000000..c479d81
--- /dev/null
+++ b/staticlibs/tests/unit/src/com/android/net/module/util/PerUidCounterTest.kt
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.net.module.util
+
+import androidx.test.filters.SmallTest
+import androidx.test.runner.AndroidJUnit4
+import org.junit.Test
+import org.junit.runner.RunWith
+import kotlin.test.assertFailsWith
+
+@RunWith(AndroidJUnit4::class)
+@SmallTest
+class PerUidCounterTest {
+ private val UID_A = 1000
+ private val UID_B = 1001
+
+ @Test
+ fun testCounterMaximum() {
+ assertFailsWith<IllegalArgumentException> {
+ PerUidCounter(-1)
+ }
+
+ val uselessCounter = PerUidCounter(0)
+ assertFailsWith<IllegalStateException> {
+ uselessCounter.incrementCountOrThrow(UID_A)
+ }
+ assertFailsWith<IllegalStateException> {
+ uselessCounter.decrementCountOrThrow(UID_A)
+ }
+
+ val largeMaxCounter = PerUidCounter(Integer.MAX_VALUE)
+ largeMaxCounter.incrementCountOrThrow(UID_A, Integer.MAX_VALUE)
+ assertFailsWith<IllegalStateException> {
+ largeMaxCounter.incrementCountOrThrow(UID_A)
+ }
+ }
+
+ @Test
+ fun testIncrementCountOrThrow() {
+ val counter = PerUidCounter(3)
+
+ // Verify the increment count cannot be zero.
+ assertFailsWith<IllegalArgumentException> {
+ counter.incrementCountOrThrow(UID_A, 0)
+ }
+
+ // Verify the counters work independently.
+ counter.incrementCountOrThrow(UID_A)
+ counter.incrementCountOrThrow(UID_B, 2)
+ counter.incrementCountOrThrow(UID_B)
+ counter.incrementCountOrThrow(UID_A)
+ counter.incrementCountOrThrow(UID_A)
+ assertFailsWith<IllegalStateException> {
+ counter.incrementCountOrThrow(UID_A)
+ }
+ assertFailsWith<IllegalStateException> {
+ counter.incrementCountOrThrow(UID_B)
+ }
+
+ // Verify exception can be triggered again.
+ assertFailsWith<IllegalStateException> {
+ counter.incrementCountOrThrow(UID_A)
+ }
+ assertFailsWith<IllegalStateException> {
+ counter.incrementCountOrThrow(UID_A, 3)
+ }
+ }
+
+ @Test
+ fun testDecrementCountOrThrow() {
+ val counter = PerUidCounter(3)
+
+ // Verify the decrement count cannot be zero.
+ assertFailsWith<IllegalArgumentException> {
+ counter.decrementCountOrThrow(UID_A, 0)
+ }
+
+ // Verify the count cannot go below zero.
+ assertFailsWith<IllegalStateException> {
+ counter.decrementCountOrThrow(UID_A)
+ }
+ assertFailsWith<IllegalStateException> {
+ counter.decrementCountOrThrow(UID_A, 5)
+ }
+ assertFailsWith<IllegalStateException> {
+ counter.decrementCountOrThrow(UID_A, Integer.MAX_VALUE)
+ }
+
+ // Verify the counters work independently.
+ counter.incrementCountOrThrow(UID_A)
+ counter.incrementCountOrThrow(UID_B)
+ assertFailsWith<IllegalStateException> {
+ counter.decrementCountOrThrow(UID_A, 3)
+ }
+ counter.decrementCountOrThrow(UID_A)
+ assertFailsWith<IllegalStateException> {
+ counter.decrementCountOrThrow(UID_A)
+ }
+ }
+}
\ No newline at end of file