eliminate TrafficController's mBpfEnabled & friends

Test: builds, atest, TreeHugger
Bug: 167500195
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9145cd24c8be86d4a57a43c812ccd27b5fc14c67

1 files changed, 10 insertions, 67 deletions

diff --git a/server/TrafficController.cpp b/server/TrafficController.cpp
index 29d04a393..1f678cbfd 100644
--- a/server/TrafficController.cpp
+++ b/server/TrafficController.cpp
@@ -52,13 +52,16 @@
 #include "netdutils/DumpWriter.h"
 #include "qtaguid/qtaguid.h"
 
-using namespace android::bpf;  // NOLINT(google-build-using-namespace): grandfathered
-
 namespace android {
 namespace net {
 
 using base::StringPrintf;
 using base::unique_fd;
+using bpf::getSocketCookie;
+using bpf::NONEXISTENT_COOKIE;
+using bpf::OVERFLOW_COUNTERSET;
+using bpf::retrieveProgram;
+using bpf::synchronizeKernelRCU;
 using netdutils::DumpWriter;
 using netdutils::extract;
 using netdutils::ScopedIndent;
@@ -168,14 +171,11 @@ StatusOr<std::unique_ptr<NetlinkListenerInterface>> TrafficController::makeSkDes
 }
 
 TrafficController::TrafficController()
-    : mBpfEnabled(isBpfSupported()),
-      mPerUidStatsEntriesLimit(PER_UID_STATS_ENTRIES_LIMIT),
+    : mPerUidStatsEntriesLimit(PER_UID_STATS_ENTRIES_LIMIT),
       mTotalUidStatsEntriesLimit(TOTAL_UID_STATS_ENTRIES_LIMIT) {}
 
 TrafficController::TrafficController(uint32_t perUidLimit, uint32_t totalLimit)
-    : mBpfEnabled(isBpfSupported()),
-      mPerUidStatsEntriesLimit(perUidLimit),
-      mTotalUidStatsEntriesLimit(totalLimit) {}
+    : mPerUidStatsEntriesLimit(perUidLimit), mTotalUidStatsEntriesLimit(totalLimit) {}
 
 Status TrafficController::initMaps() {
     std::lock_guard guard(mMutex);
@@ -248,10 +248,6 @@ static Status initPrograms() {
 }
 
 Status TrafficController::start() {
-    if (!mBpfEnabled) {
-        return netdutils::status::ok;
-    }
-
     /* When netd restarts from a crash without total system reboot, the program
      * is still attached to the cgroup, detach it so the program can be freed
      * and we can load and attach new program into the target cgroup.
@@ -315,11 +311,6 @@ int TrafficController::tagSocket(int sockFd, uint32_t tag, uid_t uid, uid_t call
         return -EPERM;
     }
 
-    if (!mBpfEnabled) {
-        if (legacy_tagSocket(sockFd, tag, uid)) return -errno;
-        return 0;
-    }
-
     uint64_t sock_cookie = getSocketCookie(sockFd);
     if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
     UidTagValue newKey = {.uid = (uint32_t)uid, .tag = tag};
@@ -383,10 +374,6 @@ int TrafficController::tagSocket(int sockFd, uint32_t tag, uid_t uid, uid_t call
 
 int TrafficController::untagSocket(int sockFd) {
     std::lock_guard guard(mMutex);
-    if (!mBpfEnabled) {
-        if (legacy_untagSocket(sockFd)) return -errno;
-        return 0;
-    }
     uint64_t sock_cookie = getSocketCookie(sockFd);
 
     if (sock_cookie == NONEXISTENT_COOKIE) return -errno;
@@ -404,11 +391,6 @@ int TrafficController::setCounterSet(int counterSetNum, uid_t uid, uid_t calling
     std::lock_guard guard(mMutex);
     if (!hasUpdateDeviceStatsPermission(callingUid)) return -EPERM;
 
-    if (!mBpfEnabled) {
-        if (legacy_setCounterSet(counterSetNum, uid)) return -errno;
-        return 0;
-    }
-
     // The default counter set for all uid is 0, so deleting the current counterset for that uid
     // will automatically set it to 0.
     if (counterSetNum == 0) {
@@ -437,11 +419,6 @@ int TrafficController::deleteTagData(uint32_t tag, uid_t uid, uid_t callingUid)
     std::lock_guard guard(mMutex);
     if (!hasUpdateDeviceStatsPermission(callingUid)) return -EPERM;
 
-    if (!mBpfEnabled) {
-        if (legacy_deleteTagData(tag, uid)) return -errno;
-        return 0;
-    }
-
     // First we go through the cookieTagMap to delete the target uid tag combination. Or delete all
     // the tags related to the uid if the tag is 0.
     const auto deleteMatchedCookieEntries = [uid, tag](const uint64_t& key,
@@ -502,8 +479,6 @@ int TrafficController::deleteTagData(uint32_t tag, uid_t uid, uid_t callingUid)
 }
 
 int TrafficController::addInterface(const char* name, uint32_t ifaceIndex) {
-    if (!mBpfEnabled) return 0;
-
     IfaceValue iface;
     if (ifaceIndex == 0) {
         ALOGE("Unknown interface %s(%d)", name, ifaceIndex);
@@ -594,10 +569,6 @@ Status TrafficController::updateUidOwnerMap(const std::vector<uint32_t>& appUids
 
 int TrafficController::changeUidOwnerRule(ChildChain chain, uid_t uid, FirewallRule rule,
                                           FirewallType type) {
-    if (!mBpfEnabled) {
-        ALOGE("bpf is not set up, should use iptables rule");
-        return -ENOSYS;
-    }
     Status res;
     switch (chain) {
         case DOZABLE:
@@ -650,10 +621,6 @@ Status TrafficController::replaceRulesInMap(const UidOwnerMatchType match,
 
 Status TrafficController::addUidInterfaceRules(const int iif,
                                                const std::vector<int32_t>& uidsToAdd) {
-    if (!mBpfEnabled) {
-        ALOGW("UID ingress interface filtering not possible without BPF owner match");
-        return statusFromErrno(EOPNOTSUPP, "eBPF not supported");
-    }
     if (!iif) {
         return statusFromErrno(EINVAL, "Interface rule must specify interface");
     }
@@ -669,10 +636,6 @@ Status TrafficController::addUidInterfaceRules(const int iif,
 }
 
 Status TrafficController::removeUidInterfaceRules(const std::vector<int32_t>& uidsToDelete) {
-    if (!mBpfEnabled) {
-        ALOGW("UID ingress interface filtering not possible without BPF owner match");
-        return statusFromErrno(EOPNOTSUPP, "eBPF not supported");
-    }
     std::lock_guard guard(mMutex);
 
     for (auto uid : uidsToDelete) {
@@ -745,17 +708,9 @@ int TrafficController::toggleUidOwnerMap(ChildChain chain, bool enable) {
     return -res.code();
 }
 
-bool TrafficController::getBpfEnabled() {
-    return mBpfEnabled;
-}
-
 Status TrafficController::swapActiveStatsMap() {
     std::lock_guard guard(mMutex);
 
-    if (!mBpfEnabled) {
-        return statusFromErrno(EOPNOTSUPP, "This device doesn't have eBPF support");
-    }
-
     uint32_t key = CURRENT_STATS_MAP_CONFIGURATION_KEY;
     auto oldConfiguration = mConfigurationMap.readValue(key);
     if (!oldConfiguration.ok()) {
@@ -798,12 +753,9 @@ void TrafficController::setPermissionForUids(int permission, const std::vector<u
             // Clean up all permission information for the related uid if all the
             // packages related to it are uninstalled.
             mPrivilegedUser.erase(uid);
-            if (mBpfEnabled) {
-                Status ret = mUidPermissionMap.deleteValue(uid);
-                if (!isOk(ret) && ret.code() != ENOENT) {
-                    ALOGE("Failed to clean up the permission for %u: %s", uid,
-                          strerror(ret.code()));
-                }
+            Status ret = mUidPermissionMap.deleteValue(uid);
+            if (!isOk(ret) && ret.code() != ENOENT) {
+                ALOGE("Failed to clean up the permission for %u: %s", uid, strerror(ret.code()));
             }
         }
         return;
@@ -818,10 +770,6 @@ void TrafficController::setPermissionForUids(int permission, const std::vector<u
             mPrivilegedUser.erase(uid);
         }
 
-        // Skip the bpf map operation if not supported.
-        if (!mBpfEnabled) {
-            continue;
-        }
         // The map stores all the permissions that the UID has, except if the only permission
         // the UID has is the INTERNET permission, then the UID should not appear in the map.
         if (permission != INetd::PERMISSION_INTERNET) {
@@ -877,11 +825,6 @@ void TrafficController::dump(DumpWriter& dw, bool verbose) {
     dw.println("TrafficController");
 
     ScopedIndent indentPreBpfModule(dw);
-    dw.println("BPF module status: %s", mBpfEnabled ? "enabled" : "disabled");
-
-    if (!mBpfEnabled) {
-        return;
-    }
 
     dw.blankline();
     dw.println("mCookieTagMap status: %s",