Merge "clat permission verification - log all errors before aborting." am: 228a2b6990
Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2528042
Change-Id: I9244115a6ec32a0a50834115911e843f01fb9b31
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
index 438963e..059b716 100644
--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
@@ -51,7 +51,9 @@
namespace android {
-#define ALOGF(s ...) do { ALOGE(s); abort(); } while(0)
+static bool fatal = false;
+
+#define ALOGF(s ...) do { ALOGE(s); fatal = true; } while(0)
enum verify { VERIFY_DIR, VERIFY_BIN, VERIFY_PROG, VERIFY_MAP_RO, VERIFY_MAP_RW };
@@ -115,11 +117,6 @@
// Clat BPF was only mainlined during T.
if (!modules::sdklevel::IsAtLeastT()) return;
- // HACK: some old vendor kernels lack ~5.10 backport of 'bpffs selinux genfscon' support.
- // This is *NOT* supported, but let's allow, at least for now, U+ GSI to boot on them.
- // (without this hack pixel5 R vendor + U gsi breaks)
- if (isGsiImage() && !bpf::isAtLeastKernelVersion(5, 10, 0)) return;
-
V("/sys/fs/bpf", S_IFDIR|S_ISVTX|0777, ROOT, ROOT, "fs_bpf", DIR);
V("/sys/fs/bpf/net_shared", S_IFDIR|S_ISVTX|0777, ROOT, ROOT, "fs_bpf_net_shared", DIR);
@@ -138,6 +135,15 @@
#undef V2
+ // HACK: Some old vendor kernels lack ~5.10 backport of 'bpffs selinux genfscon' support.
+ // This is *NOT* supported, but let's allow, at least for now, U+ GSI to boot on them.
+ // (without this hack pixel5 R vendor + U gsi breaks)
+ if (isGsiImage() && !bpf::isAtLeastKernelVersion(5, 10, 0)) {
+ ALOGE("GSI with *BAD* pre-5.10 kernel lacking bpffs selinux genfscon support.");
+ return;
+ }
+
+ if (fatal) abort();
}
#undef V