Merge changes I52fcfd3f,I6de4abdc,I1e8944de,I9525bfe0,Ife09fef8, ... into main
* changes:
Use carrier service changed callbacks when flag is on
Delete slots as the listeners are unregistered.
Have a full class (not inline) for privilege listener
Update the carrier service UID when onCarrierServiceChanged
Pass the modem count to registerCarrierPrivilegeListeners
Reorder add/remove/register/unregister carrier listeners
diff --git a/TEST_MAPPING b/TEST_MAPPING
index d33453c..fafd3bb 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -1,7 +1,12 @@
{
"presubmit": [
{
- "name": "ConnectivityCoverageTests"
+ "name": "ConnectivityCoverageTests",
+ "options": [
+ {
+ "exclude-annotation": "com.android.testutils.NetworkStackModuleTest"
+ }
+ ]
},
{
// In addition to ConnectivityCoverageTests, runs non-connectivity-module tests
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index f86d8fd..256dd6a 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -104,14 +104,13 @@
DEFINE_BPF_MAP_EXT(packet_trace_enabled_map, ARRAY, uint32_t, bool, 1,
AID_ROOT, AID_SYSTEM, 0060, "fs_bpf_net_shared", "", false,
BPFLOADER_IGNORED_ON_VERSION, BPFLOADER_MAX_VER, LOAD_ON_ENG,
- IGNORE_ON_USER, LOAD_ON_USERDEBUG)
+ LOAD_ON_USER, LOAD_ON_USERDEBUG)
-// A ring buffer on which packet information is pushed. This map will only be loaded
-// on eng and userdebug devices. User devices won't load this to save memory.
+// A ring buffer on which packet information is pushed.
DEFINE_BPF_RINGBUF_EXT(packet_trace_ringbuf, PacketTrace, PACKET_TRACE_BUF_SIZE,
AID_ROOT, AID_SYSTEM, 0060, "fs_bpf_net_shared", "", false,
BPFLOADER_IGNORED_ON_VERSION, BPFLOADER_MAX_VER, LOAD_ON_ENG,
- IGNORE_ON_USER, LOAD_ON_USERDEBUG);
+ LOAD_ON_USER, LOAD_ON_USERDEBUG);
// iptables xt_bpf programs need to be usable by both netd and netutils_wrappers
// selinux contexts, because even non-xt_bpf iptables mutations are implemented as
@@ -504,6 +503,16 @@
return match;
}
+// This program is optional, and enables tracing on Android U+, 5.8+ on user builds.
+DEFINE_BPF_PROG_EXT("cgroupskb/ingress/stats$trace_user", AID_ROOT, AID_SYSTEM,
+ bpf_cgroup_ingress_trace_user, KVER(5, 8, 0), KVER_INF,
+ BPFLOADER_IGNORED_ON_VERSION, BPFLOADER_MAX_VER, true,
+ "fs_bpf_netd_readonly", "", true, false, true)
+(struct __sk_buff* skb) {
+ return bpf_traffic_account(skb, INGRESS, TRACE_ON, KVER(5, 8, 0));
+}
+
+// This program is required, and enables tracing on Android U+, 5.8+, userdebug/eng.
DEFINE_BPF_PROG_EXT("cgroupskb/ingress/stats$trace", AID_ROOT, AID_SYSTEM,
bpf_cgroup_ingress_trace, KVER(5, 8, 0), KVER_INF,
BPFLOADER_IGNORED_ON_VERSION, BPFLOADER_MAX_VER, false,
@@ -524,6 +533,16 @@
return bpf_traffic_account(skb, INGRESS, TRACE_OFF, KVER_NONE);
}
+// This program is optional, and enables tracing on Android U+, 5.8+ on user builds.
+DEFINE_BPF_PROG_EXT("cgroupskb/egress/stats$trace_user", AID_ROOT, AID_SYSTEM,
+ bpf_cgroup_egress_trace_user, KVER(5, 8, 0), KVER_INF,
+ BPFLOADER_IGNORED_ON_VERSION, BPFLOADER_MAX_VER, true,
+ "fs_bpf_netd_readonly", "", true, false, true)
+(struct __sk_buff* skb) {
+ return bpf_traffic_account(skb, EGRESS, TRACE_ON, KVER(5, 8, 0));
+}
+
+// This program is required, and enables tracing on Android U+, 5.8+, userdebug/eng.
DEFINE_BPF_PROG_EXT("cgroupskb/egress/stats$trace", AID_ROOT, AID_SYSTEM,
bpf_cgroup_egress_trace, KVER(5, 8, 0), KVER_INF,
BPFLOADER_IGNORED_ON_VERSION, BPFLOADER_MAX_VER, false,
diff --git a/netd/BpfHandler.cpp b/netd/BpfHandler.cpp
index fb6d5b8..a090a54 100644
--- a/netd/BpfHandler.cpp
+++ b/netd/BpfHandler.cpp
@@ -85,8 +85,24 @@
// U bumps the kernel requirement up to 4.14
if (modules::sdklevel::IsAtLeastU() && !bpf::isAtLeastKernelVersion(4, 14, 0)) abort();
- // V bumps the kernel requirement up to 4.19
- if (modules::sdklevel::IsAtLeastV() && !bpf::isAtLeastKernelVersion(4, 19, 0)) abort();
+ if (modules::sdklevel::IsAtLeastV()) {
+ // V bumps the kernel requirement up to 4.19
+ // see also: //system/netd/tests/kernel_test.cpp TestKernel419
+ if (!bpf::isAtLeastKernelVersion(4, 19, 0)) abort();
+
+ // Technically already required by U, but only enforce on V+
+ // see also: //system/netd/tests/kernel_test.cpp TestKernel64Bit
+ if (bpf::isKernel32Bit() && bpf::isAtLeastKernelVersion(5, 16, 0)) abort();
+ }
+
+ // Linux 6.1 is highest version supported by U, starting with V new kernels,
+ // ie. 6.2+ we are dropping various kernel/system userspace 32-on-64 hacks
+ // (for example "ANDROID: xfrm: remove in_compat_syscall() checks").
+ // Note: this check/enforcement only applies to *system* userspace code,
+ // it does not affect unprivileged apps, the 32-on-64 compatibility
+ // problems are AFAIK limited to various CAP_NET_ADMIN protected interfaces.
+ // see also: //system/bpf/bpfloader/BpfLoader.cpp main()
+ if (bpf::isUserspace32bit() && bpf::isAtLeastKernelVersion(6, 2, 0)) abort();
// U mandates this mount point (though it should also be the case on T)
if (modules::sdklevel::IsAtLeastU() && !!strcmp(cg2_path, "/sys/fs/cgroup")) abort();
diff --git a/service-t/src/com/android/server/NetworkStatsServiceInitializer.java b/service-t/src/com/android/server/NetworkStatsServiceInitializer.java
index 82a4fbd..675e5a1 100644
--- a/service-t/src/com/android/server/NetworkStatsServiceInitializer.java
+++ b/service-t/src/com/android/server/NetworkStatsServiceInitializer.java
@@ -22,6 +22,7 @@
import android.util.Log;
import com.android.modules.utils.build.SdkLevel;
+import com.android.net.module.util.DeviceConfigUtils;
import com.android.server.net.NetworkStatsService;
/**
@@ -30,6 +31,8 @@
*/
public final class NetworkStatsServiceInitializer extends SystemService {
private static final String TAG = NetworkStatsServiceInitializer.class.getSimpleName();
+ private static final String ENABLE_NETWORK_TRACING = "enable_network_tracing";
+ private final boolean mNetworkTracingFlagEnabled;
private final NetworkStatsService mStatsService;
public NetworkStatsServiceInitializer(Context context) {
@@ -37,6 +40,8 @@
// Load JNI libraries used by NetworkStatsService and its dependencies
System.loadLibrary("service-connectivity");
mStatsService = maybeCreateNetworkStatsService(context);
+ mNetworkTracingFlagEnabled = DeviceConfigUtils.isTetheringFeatureEnabled(
+ context, ENABLE_NETWORK_TRACING);
}
@Override
@@ -48,11 +53,10 @@
TrafficStats.init(getContext());
}
- // The following code registers the Perfetto Network Trace Handler on non-user builds.
- // The enhanced tracing is intended to be used for debugging and diagnosing issues. This
- // is conditional on the build type rather than `isDebuggable` to match the system_server
- // selinux rules which only allow the Perfetto connection under the same circumstances.
- if (SdkLevel.isAtLeastU() && !Build.TYPE.equals("user")) {
+ // The following code registers the Perfetto Network Trace Handler. The enhanced tracing
+ // is intended to be used for debugging and diagnosing issues. This is enabled by default
+ // on userdebug/eng builds and flag protected in user builds.
+ if (SdkLevel.isAtLeastU() && (mNetworkTracingFlagEnabled || !Build.TYPE.equals("user"))) {
Log.i(TAG, "Initializing network tracing hooks");
NetworkStatsService.nativeInitNetworkTracing();
}
diff --git a/tests/mts/bpf_existence_test.cpp b/tests/mts/bpf_existence_test.cpp
index 15263cc..0c424e9 100644
--- a/tests/mts/bpf_existence_test.cpp
+++ b/tests/mts/bpf_existence_test.cpp
@@ -129,6 +129,16 @@
SHARED "prog_dscpPolicy_schedcls_set_dscp_ether",
};
+// Provided by *current* mainline module for U+ devices
+static const set<string> MAINLINE_FOR_U_PLUS = {
+ NETD "map_netd_packet_trace_enabled_map",
+};
+
+// Provided by *current* mainline module for U+ devices with 5.10+ kernels
+static const set<string> MAINLINE_FOR_U_5_10_PLUS = {
+ NETD "map_netd_packet_trace_ringbuf",
+};
+
static void addAll(set<string>& a, const set<string>& b) {
a.insert(b.begin(), b.end());
}
@@ -171,6 +181,8 @@
// U requires Linux Kernel 4.14+, but nothing (as yet) added or removed in U.
if (IsAtLeastU()) ASSERT_TRUE(isAtLeastKernelVersion(4, 14, 0));
+ DO_EXPECT(IsAtLeastU(), MAINLINE_FOR_U_PLUS);
+ DO_EXPECT(IsAtLeastU() && isAtLeastKernelVersion(5, 10, 0), MAINLINE_FOR_U_5_10_PLUS);
// V requires Linux Kernel 4.19+, but nothing (as yet) added or removed in V.
if (IsAtLeastV()) ASSERT_TRUE(isAtLeastKernelVersion(4, 19, 0));