Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / bed1c4882984b587879229066a400be06e28e67c^! / . / client / FwmarkClient.cpp
commitbed1c4882984b587879229066a400be06e28e67c[log] [tgz]
authormarkchien <markchien@google.com>Tue Jul 02 16:20:08 2019 +0800
committermarkchien <markchien@google.com>Tue Jul 09 21:22:13 2019 +0800
tree100ff4fb66603cc11fa235a75767021ae03d6ab0
parente3af6daea8d1e87978522389bd13571493114c66 [diff] [blame]
Fix kernel net tests fail in user build

Before this change, system routing only can be bypassed by
the debug build process. This change let the process running
as root can bypass system routing if this process have
specific env flag. In other word, the other processes own by
root would not be affected if they don't set the specific env
flag.

Bug: 135422468
Test: run vts -m VtsKernelNetTest in both user and eng build
Change-Id: I39d0b0141ef51c6f16052ffc785d1d2f523cf11f

diff --git a/client/FwmarkClient.cpp b/client/FwmarkClient.cpp
index cc4893d..592fe31 100644
--- a/client/FwmarkClient.cpp
+++ b/client/FwmarkClient.cpp

@@ -31,21 +31,11 @@
 namespace {
 
 // Env flag to control whether FwmarkClient sends sockets to netd for marking.
-// This can only be disabled in debuggable builds and is meant for kernel testing.
+// This can only be disabled when the process running as root and is meant for kernel testing.
 inline constexpr char ANDROID_NO_USE_FWMARK_CLIENT[] = "ANDROID_NO_USE_FWMARK_CLIENT";
 
 const sockaddr_un FWMARK_SERVER_PATH = {AF_UNIX, "/dev/socket/fwmarkd"};
 
-#if defined(NETD_CLIENT_DEBUGGABLE_BUILD)
-constexpr bool isBuildDebuggable = true;
-#else
-constexpr bool isBuildDebuggable = false;
-#endif
-
-bool isOverriddenBy(const char *name) {
-    return isBuildDebuggable && getenv(name);
-}
-
 bool commandHasFd(int cmdId) {
     return (cmdId != FwmarkCommand::QUERY_USER_ACCESS) &&
         (cmdId != FwmarkCommand::SET_COUNTERSET) &&
@@ -55,13 +45,20 @@
 }  // namespace
 
 bool FwmarkClient::shouldSetFwmark(int family) {
-    if (isOverriddenBy(ANDROID_NO_USE_FWMARK_CLIENT)) return false;
-    return FwmarkCommand::isSupportedFamily(family);
-}
+    // Checking whether family is supported before checking whether this can be
+    // disabled. Because there are existing processes using AF_LOCAL socket but it
+    // doesn't have permission to call geteuid(). Reference b/135422468.
+    if (!FwmarkCommand::isSupportedFamily(family)) {
+        return false;
+    }
 
-bool FwmarkClient::shouldReportConnectComplete(int family) {
-    if (isOverriddenBy(ANDROID_NO_USE_FWMARK_CLIENT)) return false;
-    return shouldSetFwmark(family);
+    // Permit processes running as root to disable marking. This is required, for
+    // example, to run the kernel networking tests.
+    if (getenv(ANDROID_NO_USE_FWMARK_CLIENT) && geteuid() == 0) {
+        return false;
+    }
+
+    return true;
 }
 
 FwmarkClient::FwmarkClient() : mChannel(-1) {