| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 1 | /* | 
|  | 2 | * Copyright (C) 2023 The Android Open Source Project | 
|  | 3 | * | 
|  | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); | 
|  | 5 | * you may not use this file except in compliance with the License. | 
|  | 6 | * You may obtain a copy of the License at | 
|  | 7 | * | 
|  | 8 | *      http://www.apache.org/licenses/LICENSE-2.0 | 
|  | 9 | * | 
|  | 10 | * Unless required by applicable law or agreed to in writing, software | 
|  | 11 | * distributed under the License is distributed on an "AS IS" BASIS, | 
|  | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | 13 | * See the License for the specific language governing permissions and | 
|  | 14 | * limitations under the License. | 
|  | 15 | */ | 
|  | 16 |  | 
|  | 17 | #define LOG_TAG "DnsBpfHelper" | 
|  | 18 |  | 
|  | 19 | #include "DnsBpfHelper.h" | 
|  | 20 |  | 
|  | 21 | #include <android-base/logging.h> | 
|  | 22 | #include <android-modules-utils/sdk_level.h> | 
|  | 23 |  | 
|  | 24 | namespace android { | 
|  | 25 | namespace net { | 
|  | 26 |  | 
| Ken Chen | 006a3f1 | 2023-10-26 09:25:55 +0800 | [diff] [blame] | 27 | #define RETURN_IF_RESULT_NOT_OK(result)                                                            \ | 
|  | 28 | do {                                                                                             \ | 
|  | 29 | if (!result.ok()) {                                                                            \ | 
|  | 30 | LOG(ERROR) << "L" << __LINE__ << " " << __func__ << ": " << strerror(result.error().code()); \ | 
|  | 31 | return result.error();                                                                       \ | 
|  | 32 | }                                                                                              \ | 
|  | 33 | } while (0) | 
|  | 34 |  | 
| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 35 | base::Result<void> DnsBpfHelper::init() { | 
|  | 36 | if (!android::modules::sdklevel::IsAtLeastT()) { | 
|  | 37 | LOG(ERROR) << __func__ << ": Unsupported before Android T."; | 
|  | 38 | return base::Error(EOPNOTSUPP); | 
|  | 39 | } | 
|  | 40 |  | 
| Ken Chen | 006a3f1 | 2023-10-26 09:25:55 +0800 | [diff] [blame] | 41 | RETURN_IF_RESULT_NOT_OK(mConfigurationMap.init(CONFIGURATION_MAP_PATH)); | 
|  | 42 | RETURN_IF_RESULT_NOT_OK(mUidOwnerMap.init(UID_OWNER_MAP_PATH)); | 
|  | 43 | RETURN_IF_RESULT_NOT_OK(mDataSaverEnabledMap.init(DATA_SAVER_ENABLED_MAP_PATH)); | 
|  | 44 | return {}; | 
| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 45 | } | 
|  | 46 |  | 
| Ken Chen | 006a3f1 | 2023-10-26 09:25:55 +0800 | [diff] [blame] | 47 | base::Result<bool> DnsBpfHelper::isUidNetworkingBlocked(uid_t uid, bool metered) { | 
| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 48 | if (is_system_uid(uid)) return false; | 
|  | 49 | if (!mConfigurationMap.isValid() || !mUidOwnerMap.isValid()) { | 
|  | 50 | LOG(ERROR) << __func__ | 
|  | 51 | << ": BPF maps are not ready. Forgot to call ADnsHelper_init?"; | 
|  | 52 | return base::Error(EUNATCH); | 
|  | 53 | } | 
|  | 54 |  | 
|  | 55 | auto enabledRules = mConfigurationMap.readValue(UID_RULES_CONFIGURATION_KEY); | 
| Ken Chen | 006a3f1 | 2023-10-26 09:25:55 +0800 | [diff] [blame] | 56 | RETURN_IF_RESULT_NOT_OK(enabledRules); | 
| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 57 |  | 
|  | 58 | auto value = mUidOwnerMap.readValue(uid); | 
|  | 59 | uint32_t uidRules = value.ok() ? value.value().rule : 0; | 
|  | 60 |  | 
| Ken Chen | 006a3f1 | 2023-10-26 09:25:55 +0800 | [diff] [blame] | 61 | // For doze mode, battery saver, low power standby. | 
| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 62 | if (isBlockedByUidRules(enabledRules.value(), uidRules)) return true; | 
|  | 63 |  | 
| Ken Chen | 006a3f1 | 2023-10-26 09:25:55 +0800 | [diff] [blame] | 64 | // For data saver. | 
| Ken Chen | 9e1865e | 2023-12-06 17:30:07 +0800 | [diff] [blame] | 65 | // DataSaverEnabled map on V+ platforms is the only reliable source of information about the | 
|  | 66 | // current data saver status. While ConnectivityService offers two ways to update this map for U | 
|  | 67 | // and V+, the U- platform implementation can have delays, potentially leading to inaccurate | 
|  | 68 | // results. Conversely, the V+ platform implementation is synchronized with the actual data saver | 
|  | 69 | // state, making it a trustworthy source. Since this library primarily serves DNS resolvers, | 
|  | 70 | // relying solely on V+ data prevents erroneous blocking of DNS queries. | 
|  | 71 | if (android::modules::sdklevel::IsAtLeastV() && metered) { | 
| Motomu Utsumi | 11d3345 | 2024-04-02 18:29:08 +0900 | [diff] [blame] | 72 | // The background data setting (PENALTY_BOX_USER_MATCH, PENALTY_BOX_ADMIN_MATCH) and | 
|  | 73 | // unrestricted data usage setting (HAPPY_BOX_MATCH) for individual apps override the system | 
|  | 74 | // wide Data Saver setting. | 
|  | 75 | if (uidRules & (PENALTY_BOX_USER_MATCH | PENALTY_BOX_ADMIN_MATCH)) return true; | 
| Ken Chen | 9e1865e | 2023-12-06 17:30:07 +0800 | [diff] [blame] | 76 | if (uidRules & HAPPY_BOX_MATCH) return false; | 
| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 77 |  | 
| Ken Chen | 9e1865e | 2023-12-06 17:30:07 +0800 | [diff] [blame] | 78 | auto dataSaverSetting = mDataSaverEnabledMap.readValue(DATA_SAVER_ENABLED_KEY); | 
|  | 79 | RETURN_IF_RESULT_NOT_OK(dataSaverSetting); | 
|  | 80 | return dataSaverSetting.value(); | 
|  | 81 | } | 
| Ken Chen | 006a3f1 | 2023-10-26 09:25:55 +0800 | [diff] [blame] | 82 |  | 
| Ken Chen | 9e1865e | 2023-12-06 17:30:07 +0800 | [diff] [blame] | 83 | return false; | 
| Ken Chen | ec0f7ac | 2023-09-08 14:14:55 +0800 | [diff] [blame] | 84 | } | 
|  | 85 |  | 
|  | 86 | }  // namespace net | 
|  | 87 | }  // namespace android |