clat permission verification - log all errors before aborting.
This allows us to log all bad permissions instead of
having to fix one at a time.
Additionally this allows logging GSI perm failures.
It also makes the abort only trigger on U+ which is safer
for mainline rollout.
Bug: 277646103
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id340524b7161ff5e5af64c831035090b67201ed9
diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
index dbb12ee..2e3a3e5 100644
--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
@@ -51,7 +51,9 @@
namespace android {
-#define ALOGF(s ...) do { ALOGE(s); abort(); } while(0)
+static bool fatal = false;
+
+#define ALOGF(s ...) do { ALOGE(s); fatal = true; } while(0)
enum verify { VERIFY_DIR, VERIFY_BIN, VERIFY_PROG, VERIFY_MAP_RO, VERIFY_MAP_RW };
@@ -115,11 +117,6 @@
// Clat BPF was only mainlined during T.
if (!modules::sdklevel::IsAtLeastT()) return;
- // HACK: some old vendor kernels lack ~5.10 backport of 'bpffs selinux genfscon' support.
- // This is *NOT* supported, but let's allow, at least for now, U+ GSI to boot on them.
- // (without this hack pixel5 R vendor + U gsi breaks)
- if (isGsiImage() && !bpf::isAtLeastKernelVersion(5, 10, 0)) return;
-
V("/sys/fs/bpf", S_IFDIR|S_ISVTX|0777, ROOT, ROOT, "fs_bpf", DIR);
V("/sys/fs/bpf/net_shared", S_IFDIR|S_ISVTX|0777, ROOT, ROOT, "fs_bpf_net_shared", DIR);
@@ -138,6 +135,15 @@
#undef V2
+ // HACK: Some old vendor kernels lack ~5.10 backport of 'bpffs selinux genfscon' support.
+ // This is *NOT* supported, but let's allow, at least for now, U+ GSI to boot on them.
+ // (without this hack pixel5 R vendor + U gsi breaks)
+ if (isGsiImage() && !bpf::isAtLeastKernelVersion(5, 10, 0)) {
+ ALOGE("GSI with *BAD* pre-5.10 kernel lacking bpffs selinux genfscon support.");
+ return;
+ }
+
+ if (fatal) abort();
}
#undef V