Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 4db98b94798ea8ca29a89aac579d216239740e0f^2..4db98b94798ea8ca29a89aac579d216239740e0f / .
commit4db98b94798ea8ca29a89aac579d216239740e0f[log] [tgz]
authorAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Dec 03 20:27:55 2019 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Dec 03 20:27:55 2019 +0000
tree1c301470a59cdfed56bf6dc39f36476eca9ec46b
parent1e6f94d339941fbe5c4ca66c18f7114d3a98ef01 [diff]
parent3eafc6a87b620a893016d4565cc2a96a2b72e0d4 [diff]
Make the Q dnsresolver tests pass on 2020-01 or later modules. am: 3f47223fe9 am: 3eafc6a87b

Change-Id: I384d512892163c3010b3b3ea2a8b737f5971462d

diff --git a/apex/manifest.json b/apex/manifest.json
index 6739a4d..f3f5b02 100644
--- a/apex/manifest.json
+++ b/apex/manifest.json

@@ -1,4 +1,4 @@
 {
   "name": "com.android.resolv",
-  "version": 290000000
+  "version": 299900000
 }

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 8f2863e..1362be2 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c

@@ -16,6 +16,7 @@
 
 #include "netd.h"
 #include <linux/bpf.h>
+#include <linux/if_packet.h>
 
 SEC("cgroupskb/ingress/stats")
 int bpf_cgroup_ingress(struct __sk_buff* skb) {
@@ -45,8 +46,18 @@
 int xt_bpf_whitelist_prog(struct __sk_buff* skb) {
     uint32_t sock_uid = bpf_get_socket_uid(skb);
     if (is_system_uid(sock_uid)) return BPF_MATCH;
+
+    // 65534 is the overflow 'nobody' uid, usually this being returned means
+    // that skb->sk is NULL during RX (early decap socket lookup failure),
+    // which commonly happens for incoming packets to an unconnected udp socket.
+    // Additionally bpf_get_socket_cookie() returns 0 if skb->sk is NULL
+    if ((sock_uid == 65534) && !bpf_get_socket_cookie(skb) &&
+        (skb->pkt_type == PACKET_HOST || skb->pkt_type == PACKET_BROADCAST ||
+         skb->pkt_type == PACKET_MULTICAST))
+        return BPF_MATCH;
+
     UidOwnerValue* whitelistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
-    if (whitelistMatch) return whitelistMatch->rule & HAPPY_BOX_MATCH;
+    if (whitelistMatch) return whitelistMatch->rule & HAPPY_BOX_MATCH ? BPF_MATCH : BPF_NOMATCH;
     return BPF_NOMATCH;
 }
 
@@ -54,7 +65,7 @@
 int xt_bpf_blacklist_prog(struct __sk_buff* skb) {
     uint32_t sock_uid = bpf_get_socket_uid(skb);
     UidOwnerValue* blacklistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
-    if (blacklistMatch) return blacklistMatch->rule & PENALTY_BOX_MATCH;
+    if (blacklistMatch) return blacklistMatch->rule & PENALTY_BOX_MATCH ? BPF_MATCH : BPF_NOMATCH;
     return BPF_NOMATCH;
 }
 

diff --git a/server/ResolvStub.cpp b/server/ResolvStub.cpp
index d84572f..5928790 100644
--- a/server/ResolvStub.cpp
+++ b/server/ResolvStub.cpp

@@ -64,7 +64,7 @@
             ALOGI("Loaded resolver library from %s", path.c_str());
             break;
         }
-        ALOGW("dlopen(%s) failed: %s", path.c_str(), strerror(errno));
+        ALOGW("dlopen(%s) failed: %s", path.c_str(), dlerror());
     }
 
     if (netdResolvHandle == nullptr) {