Fix kernel net tests fail in user build
Before this change, system routing only can be bypassed by
the debug build process. This change let the process running
as root can bypass system routing if this process have
specific env flag. In other word, the other processes own by
root would not be affected if they don't set the specific env
flag.
Bug: 135422468
Test: run vts -m VtsKernelNetTest in both user and eng build
Change-Id: I39d0b0141ef51c6f16052ffc785d1d2f523cf11f
Merged-In: I39d0b0141ef51c6f16052ffc785d1d2f523cf11f
diff --git a/client/Android.bp b/client/Android.bp
index 3dae6f0..7b51322 100644
--- a/client/Android.bp
+++ b/client/Android.bp
@@ -28,11 +28,6 @@
"system/netd/libnetdutils/include",
],
defaults: ["netd_defaults"],
- product_variables: {
- debuggable: {
- cflags: ["-DNETD_CLIENT_DEBUGGABLE_BUILD"],
- }
- }
}
cc_test {
diff --git a/client/FwmarkClient.cpp b/client/FwmarkClient.cpp
index cc4893d..592fe31 100644
--- a/client/FwmarkClient.cpp
+++ b/client/FwmarkClient.cpp
@@ -31,21 +31,11 @@
namespace {
// Env flag to control whether FwmarkClient sends sockets to netd for marking.
-// This can only be disabled in debuggable builds and is meant for kernel testing.
+// This can only be disabled when the process running as root and is meant for kernel testing.
inline constexpr char ANDROID_NO_USE_FWMARK_CLIENT[] = "ANDROID_NO_USE_FWMARK_CLIENT";
const sockaddr_un FWMARK_SERVER_PATH = {AF_UNIX, "/dev/socket/fwmarkd"};
-#if defined(NETD_CLIENT_DEBUGGABLE_BUILD)
-constexpr bool isBuildDebuggable = true;
-#else
-constexpr bool isBuildDebuggable = false;
-#endif
-
-bool isOverriddenBy(const char *name) {
- return isBuildDebuggable && getenv(name);
-}
-
bool commandHasFd(int cmdId) {
return (cmdId != FwmarkCommand::QUERY_USER_ACCESS) &&
(cmdId != FwmarkCommand::SET_COUNTERSET) &&
@@ -55,13 +45,20 @@
} // namespace
bool FwmarkClient::shouldSetFwmark(int family) {
- if (isOverriddenBy(ANDROID_NO_USE_FWMARK_CLIENT)) return false;
- return FwmarkCommand::isSupportedFamily(family);
-}
+ // Checking whether family is supported before checking whether this can be
+ // disabled. Because there are existing processes using AF_LOCAL socket but it
+ // doesn't have permission to call geteuid(). Reference b/135422468.
+ if (!FwmarkCommand::isSupportedFamily(family)) {
+ return false;
+ }
-bool FwmarkClient::shouldReportConnectComplete(int family) {
- if (isOverriddenBy(ANDROID_NO_USE_FWMARK_CLIENT)) return false;
- return shouldSetFwmark(family);
+ // Permit processes running as root to disable marking. This is required, for
+ // example, to run the kernel networking tests.
+ if (getenv(ANDROID_NO_USE_FWMARK_CLIENT) && geteuid() == 0) {
+ return false;
+ }
+
+ return true;
}
FwmarkClient::FwmarkClient() : mChannel(-1) {
diff --git a/client/FwmarkClient.h b/client/FwmarkClient.h
index 31fcbc4..c51688f 100644
--- a/client/FwmarkClient.h
+++ b/client/FwmarkClient.h
@@ -28,10 +28,6 @@
// its SO_MARK set.
static bool shouldSetFwmark(int family);
- // Returns true if an additional call should be made after ON_CONNECT calls, to log extra
- // information like latency and source IP.
- static bool shouldReportConnectComplete(int family);
-
FwmarkClient();
~FwmarkClient();
diff --git a/client/NetdClient.cpp b/client/NetdClient.cpp
index f6fa886..d5945d0 100644
--- a/client/NetdClient.cpp
+++ b/client/NetdClient.cpp
@@ -132,7 +132,7 @@
const int connectErrno = errno;
const auto latencyMs = static_cast<unsigned>(s.timeTakenUs() / 1000);
// Send an ON_CONNECT_COMPLETE command that includes sockaddr and connect latency for reporting
- if (shouldSetFwmark && FwmarkClient::shouldReportConnectComplete(addr->sa_family)) {
+ if (shouldSetFwmark) {
FwmarkConnectInfo connectInfo(ret == 0 ? 0 : connectErrno, latencyMs, addr);
// TODO: get the netId from the socket mark once we have continuous benchmark runs
FwmarkCommand command = {FwmarkCommand::ON_CONNECT_COMPLETE, /* netId (ignored) */ 0,
