bpf/dns_helper/DnsBpfHelper.cpp

/*
 * Copyright (C) 2023 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#define LOG_TAG "DnsBpfHelper"

#include "DnsBpfHelper.h"

#include <android-base/logging.h>
#include <android-modules-utils/sdk_level.h>

namespace android {
namespace net {

#define RETURN_IF_RESULT_NOT_OK(result)                                                            \
  do {                                                                                             \
    if (!result.ok()) {                                                                            \
      LOG(ERROR) << "L" << __LINE__ << " " << __func__ << ": " << strerror(result.error().code()); \
      return result.error();                                                                       \
    }                                                                                              \
  } while (0)

base::Result<void> DnsBpfHelper::init() {
  if (!android::modules::sdklevel::IsAtLeastT()) {
    LOG(ERROR) << __func__ << ": Unsupported before Android T.";
    return base::Error(EOPNOTSUPP);
  }

  RETURN_IF_RESULT_NOT_OK(mConfigurationMap.init(CONFIGURATION_MAP_PATH));
  RETURN_IF_RESULT_NOT_OK(mUidOwnerMap.init(UID_OWNER_MAP_PATH));
  RETURN_IF_RESULT_NOT_OK(mDataSaverEnabledMap.init(DATA_SAVER_ENABLED_MAP_PATH));
  return {};
}

base::Result<bool> DnsBpfHelper::isUidNetworkingBlocked(uid_t uid, bool metered) {
  if (is_system_uid(uid)) return false;
  if (!mConfigurationMap.isValid() || !mUidOwnerMap.isValid()) {
    LOG(ERROR) << __func__
               << ": BPF maps are not ready. Forgot to call ADnsHelper_init?";
    return base::Error(EUNATCH);
  }

  auto enabledRules = mConfigurationMap.readValue(UID_RULES_CONFIGURATION_KEY);
  RETURN_IF_RESULT_NOT_OK(enabledRules);

  auto value = mUidOwnerMap.readValue(uid);
  uint32_t uidRules = value.ok() ? value.value().rule : 0;

  // For doze mode, battery saver, low power standby.
  if (isBlockedByUidRules(enabledRules.value(), uidRules)) return true;

  // For data saver.
  // DataSaverEnabled map on V+ platforms is the only reliable source of information about the
  // current data saver status. While ConnectivityService offers two ways to update this map for U
  // and V+, the U- platform implementation can have delays, potentially leading to inaccurate
  // results. Conversely, the V+ platform implementation is synchronized with the actual data saver
  // state, making it a trustworthy source. Since this library primarily serves DNS resolvers,
  // relying solely on V+ data prevents erroneous blocking of DNS queries.
  if (android::modules::sdklevel::IsAtLeastV() && metered) {
    // The background data setting (PENALTY_BOX_USER_MATCH, PENALTY_BOX_ADMIN_MATCH) and
    // unrestricted data usage setting (HAPPY_BOX_MATCH) for individual apps override the system
    // wide Data Saver setting.
    if (uidRules & (PENALTY_BOX_USER_MATCH | PENALTY_BOX_ADMIN_MATCH)) return true;
    if (uidRules & HAPPY_BOX_MATCH) return false;

    auto dataSaverSetting = mDataSaverEnabledMap.readValue(DATA_SAVER_ENABLED_KEY);
    RETURN_IF_RESULT_NOT_OK(dataSaverSetting);
    return dataSaverSetting.value();
  }

  return false;
}

}  // namespace net
}  // namespace android