commit d54374fe4d6fcf86a484f06d89defd0958868e91
author Maciej Żenczykowski <maze@google.com> Thu Feb 08 00:24:26 2024 +0000
committer Maciej Żenczykowski <maze@google.com> Thu Feb 08 00:26:16 2024 +0000
tree b68592fa974f97b97e53dfbac54efb27bffca0b5
parent 901db13423b8d260d12e2f40fa15e0878af4e4f6

netd.c: allow data saver egress from timewait sockets

This is a follow up to:
  https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2954728
as a result of taking a close look at all netd.c bpf_get_socket_uid() calls.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I59b08a531a344bdab33a6c35aed210ef9356530c

bpf_progs/netd.c

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 1c84d63..c4b27b8 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -626,12 +626,13 @@
     uint32_t sock_uid = bpf_get_socket_uid(skb);
     if (is_system_uid(sock_uid)) return BPF_MATCH;
 
-    // 65534 is the overflow 'nobody' uid, usually this being returned means
-    // that skb->sk is NULL during RX (early decap socket lookup failure),
-    // which commonly happens for incoming packets to an unconnected udp socket.
-    // Additionally bpf_get_socket_cookie() returns 0 if skb->sk is NULL
-    if ((sock_uid == 65534) && !bpf_get_socket_cookie(skb) && is_received_skb(skb))
-        return BPF_MATCH;
+    // kernel's DEFAULT_OVERFLOWUID is 65534, this is the overflow 'nobody' uid,
+    // usually this being returned means that skb->sk is NULL during RX
+    // (early decap socket lookup failure), which commonly happens for incoming
+    // packets to an unconnected udp socket.
+    // But it can also happen for egress from a timewait socket.
+    // Let's treat such cases as 'root' which is_system_uid()
+    if (sock_uid == 65534) return BPF_MATCH;
 
     UidOwnerValue* allowlistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
     if (allowlistMatch) return allowlistMatch->rule & HAPPY_BOX_MATCH ? BPF_MATCH : BPF_NOMATCH;