netd.c - only check clat uid on egress
On ingress:
(a) the socket is not a normal socket (it's AF_PACKET)
and thus (likely) doesn't hit this code path
[if it did... we'd have double or more accounting
of any traffic captured by AF_PACKET sockets,
I haven't checked - but I assume that doesn't happen]
(b) is created by the system server (so not AID_CLAT)
(c) is not tagged by the system server (so not AID_CLAT)
So this is a no-op, but it simplifies the bpf program,
since 'egress' is a compile time evaluated constant.
Test: TreeHugger
Signed-off-by: 
Maciej Żenczykowski <maze@google.com>
Change-Id: Iec693548789eb2752f9f30038e72e35c876f986c
Loading
Please register or sign in to comment