New commands for replacing qtaguid native API

Added four new commands in FWmark server client module to realize the functionality of the native qtaguid code inside libcutils. These commands allows processes to tag/untag a specific socket. Change counter set of a specific uid and delete the statistics of a uid tag pair Test: netd_integration_test: all tests pass netd_unit_test: 71 tests passed, test program ended with segmentation fault. netd_benchmark_test: Benchmark Time CPU Iterations ----------------------------------------------------------------------------------------------------------- ipv4_metrics_reporting_no_fwmark/min_time:0.500/manual_time 490311 ns 1321836 ns 1523 734166 ipv4_metrics_reporting_no_load/min_time:0.500/manual_time 971644 ns 1754024 ns 677 1498332 ipv4_full_reporting_no_load/min_time:0.500/manual_time 1668522 ns 1905846 ns 330 2428333 ipv4_metrics_reporting_high_load/min_time:0.500/real_time/threads:1 1563602 ns 1152833 ns 329 ipv4_full_reporting_high_load/min_time:0.500/real_time/threads:1 2186832 ns 1446244 ns 337 ipv6_metrics_reporting_no_fwmark/min_time:0.500/manual_time 518447 ns 1402849 ns 1194 766667 ipv6_metrics_reporting_no_load/min_time:0.500/manual_time 1124998 ns 1872343 ns 551 1585000 ipv6_full_reporting_no_load/min_time:0.500/manual_time 1707226 ns 1999032 ns 503 2586667 ipv6_metrics_reporting_high_load/min_time:0.500/real_time/threads:1 1790899 ns 1311401 ns 447 ipv6_full_reporting_high_load/min_time:0.500/real_time/threads:1 2224263 ns 1443308 ns 311 DnsFixture/getaddrinfo_log_nothing/real_time/threads:1 8738083 ns 1648450 ns 100 DnsFixture/getaddrinfo_log_nothing/real_time/threads:2 4154537 ns 989402 ns 136 DnsFixture/getaddrinfo_log_nothing/real_time/threads:4 3849070 ns 988386 ns 232 DnsFixture/getaddrinfo_log_nothing/real_time/threads:8 1867350 ns 603123 ns 552 DnsFixture/getaddrinfo_log_nothing/real_time/threads:16 4677366 ns 809034 ns 160 DnsFixture/getaddrinfo_log_nothing/real_time/threads:32 2932518 ns 680202 ns 320 DnsFixture/getaddrinfo_log_metrics/real_time/threads:1 6851425 ns 1285477 ns 100 DnsFixture/getaddrinfo_log_metrics/real_time/threads:2 4348378 ns 973831 ns 122 DnsFixture/getaddrinfo_log_metrics/real_time/threads:4 3850877 ns 900753 ns 204 DnsFixture/getaddrinfo_log_metrics/real_time/threads:8 1492482 ns 593676 ns 536 DnsFixture/getaddrinfo_log_metrics/real_time/threads:16 2170729 ns 598599 ns 304 DnsFixture/getaddrinfo_log_metrics/real_time/threads:32 2159187 ns 600411 ns 320 DnsFixture/getaddrinfo_log_everything/real_time/threads:1 5321642 ns 906195 ns 101 DnsFixture/getaddrinfo_log_everything/real_time/threads:2 3689002 ns 887944 ns 266 DnsFixture/getaddrinfo_log_everything/real_time/threads:4 2879940 ns 789382 ns 440 DnsFixture/getaddrinfo_log_everything/real_time/threads:8 2578146 ns 696420 ns 408 DnsFixture/getaddrinfo_log_everything/real_time/threads:16 1857378 ns 593976 ns 544 DnsFixture/getaddrinfo_log_everything/real_time/threads:32 2395951 ns 617320 ns 640 Bug: 30950746 Change-Id: I3a20f4dc523097d46fc1f7a9117b59f083d5c23d
author: Chenbo Feng <fengc@google.com> 2017-10-10 17:33:20 -0700
committer: Chenbo Feng <fengc@google.com> 2017-11-09 17:59:09 -0800
commit: 9944ba87ad061fd6add45521044c3503771e43c2 (patch)
tree: de037dd6a27e586f374ba31dfb0649d65e72db88 /server/FwmarkServer.cpp
parent: f275968b1b3499a6095d64648d16fe0dc5168c80 (diff)
download: platform_system_netd-9944ba87ad061fd6add45521044c3503771e43c2.tar.gz
platform_system_netd-9944ba87ad061fd6add45521044c3503771e43c2.tar.bz2
platform_system_netd-9944ba87ad061fd6add45521044c3503771e43c2.zip
1 files changed, 48 insertions, 3 deletions
diff --git a/server/FwmarkServer.cpp b/server/FwmarkServer.cpp
index 480086490..5fe4cbec7 100644
--- a/server/FwmarkServer.cpp
+++ b/server/FwmarkServer.cpp
@@ -20,6 +20,7 @@
 #include "FwmarkCommand.h"
 #include "NetdConstants.h"
 #include "NetworkController.h"
+#include "TrafficController.h"
 #include "resolv_netid.h"
 
 #include <netinet/in.h>
@@ -27,17 +28,27 @@
 #include <unistd.h>
 #include <utils/String16.h>
 
+#include <binder/IServiceManager.h>
+
 using android::String16;
 using android::net::metrics::INetdEventListener;
 
 namespace android {
 namespace net {
 
-FwmarkServer::FwmarkServer(NetworkController* networkController, EventReporter* eventReporter) :
-        SocketListener(SOCKET_NAME, true), mNetworkController(networkController),
-        mEventReporter(eventReporter) {
+const char UPDATE_DEVICE_STATS[] = "android.permission.UPDATE_DEVICE_STATS";
+
+bool hasUpdateDeviceStatsPermission(SocketClient* client) {
+    return checkPermission(String16(UPDATE_DEVICE_STATS), client->getPid(), client->getUid());
 }
 
+FwmarkServer::FwmarkServer(NetworkController* networkController, EventReporter* eventReporter,
+                           TrafficController* trafficCtrl)
+    : SocketListener(SOCKET_NAME, true),
+      mNetworkController(networkController),
+      mEventReporter(eventReporter),
+      mTrafficCtrl(trafficCtrl) {}
+
 bool FwmarkServer::onDataAvailable(SocketClient* client) {
     int socketFd = -1;
     int error = processClient(client, &socketFd);
@@ -97,6 +108,20 @@ int FwmarkServer::processClient(SocketClient* client, int* socketFd) {
         return mNetworkController->checkUserNetworkAccess(command.uid, command.netId);
     }
 
+    if (command.cmdId == FwmarkCommand::SET_COUNTERSET) {
+        if (!hasUpdateDeviceStatsPermission(client)) {
+            return -EPERM;
+        }
+        return mTrafficCtrl->setCounterSet(command.trafficCtrlInfo, command.uid);
+    }
+
+    if (command.cmdId == FwmarkCommand::DELETE_TAGDATA) {
+        if (!hasUpdateDeviceStatsPermission(client)) {
+            return -EPERM;
+        }
+        return mTrafficCtrl->deleteTagData(command.trafficCtrlInfo, command.uid);
+    }
+
     cmsghdr* const cmsgh = CMSG_FIRSTHDR(&message);
     if (cmsgh && cmsgh->cmsg_level == SOL_SOCKET && cmsgh->cmsg_type == SCM_RIGHTS &&
         cmsgh->cmsg_len == CMSG_LEN(sizeof(*socketFd))) {
@@ -240,6 +265,26 @@ int FwmarkServer::processClient(SocketClient* client, int* socketFd) {
             break;
         }
 
+        case FwmarkCommand::TAG_SOCKET: {
+            // If the UID is -1, tag as the caller's UID:
+            //  - TrafficStats and NetworkManagementSocketTagger use -1 to indicate "use the
+            //    caller's UID".
+            //  - xt_qtaguid will see -1 on the command line, fail to parse it as a uint32_t, and
+            //    fall back to current_fsuid().
+            if (static_cast<int>(command.uid) == -1) {
+                command.uid = client->getUid();
+            }
+            if (command.uid != client->getUid() && !hasUpdateDeviceStatsPermission(client)) {
+                return -EPERM;
+            }
+            return mTrafficCtrl->tagSocket(*socketFd, command.trafficCtrlInfo, command.uid);
+        }
+
+        case FwmarkCommand::UNTAG_SOCKET: {
+            // Any process can untag a socket it has an fd for.
+            return mTrafficCtrl->untagSocket(*socketFd);
+        }
+
         default: {
             // unknown command
             return -EPROTO;
author	Chenbo Feng <fengc@google.com>	2017-10-10 17:33:20 -0700
committer	Chenbo Feng <fengc@google.com>	2017-11-09 17:59:09 -0800
commit	9944ba87ad061fd6add45521044c3503771e43c2 (patch)
tree	de037dd6a27e586f374ba31dfb0649d65e72db88 /server/FwmarkServer.cpp
parent	f275968b1b3499a6095d64648d16fe0dc5168c80 (diff)
download	platform_system_netd-9944ba87ad061fd6add45521044c3503771e43c2.tar.gz platform_system_netd-9944ba87ad061fd6add45521044c3503771e43c2.tar.bz2 platform_system_netd-9944ba87ad061fd6add45521044c3503771e43c2.zip