Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / b2d32b74710f3f523fc1b008e4a18d6c24260044^! / .
commitb2d32b74710f3f523fc1b008e4a18d6c24260044[log] [tgz]
authorMotomu Utsumi <motomuman@google.com>Wed Aug 03 06:31:58 2022 +0000
committerMotomu Utsumi <motomuman@google.com>Tue Aug 09 03:59:06 2022 +0000
tree167c3dfff79079abf4e4315121738ec7950e3b20
parent7f19df92e643807a2509096b366278889e743740 [diff]
Switch previous and new code path in updateUidLockdownRule

updateUidLockdownRule was updated to use Java BpfMap class instead
of native JNI functions in aosp/2141537.
But it is better to verify this refactoring by the experiment.
So this commit update updateUidLockdownRule to switch previous code
path(JNI) and new code path(Java) based on the flag.

Also this commit removes @GuardedBy("sUidOwnerMap") from
native_updateUidLockdownRule.
This was needed to avoid JNI and Java code modify the UidOwnerMap
concurrently when some API uses previous code path (JNI) and other APIs
use new code path (Java BpfMap class).
But, after this topic, it will not be needed because all the APIs will use JNI
"or" all the APIs will use Java BpfMap class to update UidOwnerMap.

Bug: 217624062
Test: atest BpfNetMapsTest HostsideVpnTests#testBlockIncomingPacket
Change-Id: Ifd17d8a5c3a10a92c63010e5d329f9f541b3bfbf

diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index 531b511..6d1d3cd 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java

@@ -622,10 +622,16 @@
      */
     public void updateUidLockdownRule(final int uid, final boolean add) {
         throwIfPreT("updateUidLockdownRule is not available on pre-T devices");
-        if (add) {
-            addRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+
+        if (sEnableJavaBpfMap) {
+            if (add) {
+                addRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+            } else {
+                removeRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+            }
         } else {
-            removeRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+            final int err = native_updateUidLockdownRule(uid, add);
+            maybeThrow(err, "Unable to update lockdown rule");
         }
     }
 
@@ -689,7 +695,6 @@
     private native int native_addUidInterfaceRules(String ifName, int[] uids);
     @GuardedBy("sUidOwnerMap")
     private native int native_removeUidInterfaceRules(int[] uids);
-    @GuardedBy("sUidOwnerMap")
     private native int native_updateUidLockdownRule(int uid, boolean add);
     private native int native_swapActiveStatsMap();
     private native void native_setPermissionForUids(int permissions, int[] uids);