From b43b14acdfcecfd274037ef483d1ea7fc448f3b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com>
Date: Thu, 1 Jun 2023 23:09:14 +0000
Subject: [PATCH] BpfHandler: abort on U+ if unexpected cgroup mount path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is defined here:
http://cs/h/android/platform/superproject/+/master:system/core/libprocessgroup/profiles/cgroups.json?l=27
and has been a constant since
  https://android-review.googlesource.com/c/platform/system/core/+/1324649
was merged back on August 21, 2020 (ie. Android S)

But currently there's no easy way to get at this constant
from mainline code... which means it's very difficult
to do any bpf cgroup attach/detach from mainline.

btw. this appears to also be already hardcoded in:
http://cs/h/android/platform/superproject/+/master:packages/modules/Connectivity/service/src/com/android/server/connectivity/ConnectivityNativeService.java?l=48
as well

Fix: 285432857
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:65075bb8f8290125fbd0ce8ffc5aaab6bdb3284e)
Merged-In: I99f4a5a26dd10f6ea70bf73114af0d18098de630
Change-Id: I99f4a5a26dd10f6ea70bf73114af0d18098de630

Former-commit-id: ad9ff691c469bee83b336e8a1cc30e369f374b51
---
 netd/Android.bp     | 3 +++
 netd/BpfHandler.cpp | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/netd/Android.bp b/netd/Android.bp
index 473460d173..4325d89aeb 100644
--- a/netd/Android.bp
+++ b/netd/Android.bp
@@ -35,6 +35,9 @@ cc_library {
         "BpfHandler.cpp",
         "NetdUpdatable.cpp",
     ],
+    static_libs: [
+        "libmodules-utils-build",
+    ],
     shared_libs: [
         "libbase",
         "liblog",
diff --git a/netd/BpfHandler.cpp b/netd/BpfHandler.cpp
index 8081d12947..64093743f8 100644
--- a/netd/BpfHandler.cpp
+++ b/netd/BpfHandler.cpp
@@ -21,6 +21,7 @@
 #include <linux/bpf.h>
 
 #include <android-base/unique_fd.h>
+#include <android-modules-utils/sdk_level.h>
 #include <bpf/WaitForProgsLoaded.h>
 #include <log/log.h>
 #include <netdutils/UidConstants.h>
@@ -74,9 +75,11 @@ static Status checkProgramAccessible(const char* programPath) {
 }
 
 static Status initPrograms(const char* cg2_path) {
+    if (modules::sdklevel::IsAtLeastU() && !!strcmp(cg2_path, "/sys/fs/cgroup")) abort();
+
     unique_fd cg_fd(open(cg2_path, O_DIRECTORY | O_RDONLY | O_CLOEXEC));
     if (cg_fd == -1) {
-        int ret = errno;
+        const int ret = errno;
         ALOGE("Failed to open the cgroup directory: %s", strerror(ret));
         return statusFromErrno(ret, "Open the cgroup directory failed");
     }