Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 381ad9e54fcdb7567378f8f83ed230dc77d7d74d^! / .
commit381ad9e54fcdb7567378f8f83ed230dc77d7d74d[log] [tgz]
authorMotomu Utsumi <motomuman@google.com>Wed Aug 03 06:42:47 2022 +0000
committerMotomu Utsumi <motomuman@google.com>Tue Aug 09 04:01:47 2022 +0000
treebd7de9f5fd994b5f92cd339587476e27696df3c0
parent7dc657d4aafee4b5655c5eccb612c38bba963902 [diff]
Switch previous and new code path in setUidRule

setUidRule was updated to use Java BpfMap class instead of native JNI
functions in aosp/2145583.
But it is better to verify this refactoring by the experiment.
So this commit update setUidRule to switch previous code path(JNI)
and new code path(Java) based on the flag.

Also this commit removes @GuardedBy("sUidOwnerMap") from
native_setUidRule.
This was needed to avoid JNI and Java code modify the UidOwnerMap
concurrently when some API uses previous code path (JNI) and other APIs
use new code path (Java BpfMap class).
But, after this topic, it will not be needed because all the APIs will use JNI
"or" all the APIs will use Java BpfMap class to update UidOwnerMap.

Bug: 217624062
Test: atest BpfNetMapsTest
android.net.cts.ConnectivityManagerTest#testFirewallBlocking

Change-Id: I0d293c3eb89649c969f09578639dc4cb0233501b

diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index fc576f3..a7d9918 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java

@@ -532,15 +532,20 @@
     public void setUidRule(final int childChain, final int uid, final int firewallRule) {
         throwIfPreT("setUidRule is not available on pre-T devices");
 
-        final long match = getMatchByFirewallChain(childChain);
-        final boolean isAllowList = isFirewallAllowList(childChain);
-        final boolean add = (firewallRule == FIREWALL_RULE_ALLOW && isAllowList)
-                || (firewallRule == FIREWALL_RULE_DENY && !isAllowList);
+        if (sEnableJavaBpfMap) {
+            final long match = getMatchByFirewallChain(childChain);
+            final boolean isAllowList = isFirewallAllowList(childChain);
+            final boolean add = (firewallRule == FIREWALL_RULE_ALLOW && isAllowList)
+                    || (firewallRule == FIREWALL_RULE_DENY && !isAllowList);
 
-        if (add) {
-            addRule(uid, match, "setUidRule");
+            if (add) {
+                addRule(uid, match, "setUidRule");
+            } else {
+                removeRule(uid, match, "setUidRule");
+            }
         } else {
-            removeRule(uid, match, "setUidRule");
+            final int err = native_setUidRule(childChain, uid, firewallRule);
+            maybeThrow(err, "Unable to set uid rule");
         }
     }
 
@@ -701,7 +706,6 @@
     private native int native_setChildChain(int childChain, boolean enable);
     @GuardedBy("sUidOwnerMap")
     private native int native_replaceUidChain(String name, boolean isAllowlist, int[] uids);
-    @GuardedBy("sUidOwnerMap")
     private native int native_setUidRule(int childChain, int uid, int firewallRule);
     private native int native_addUidInterfaceRules(String ifName, int[] uids);
     private native int native_removeUidInterfaceRules(int[] uids);