bpf netd: block local network calls if permission is not allowed. Adding map local_net_blocked_uid_map, which will store uid for the applications that have opted in but do not have the required permission. The entry would be absent or the value would be false if the application is allowed to access local network. Test: Manually populating the values and checking EPERM error. Bug: 390168818 Change-Id: Idf6caff204295a3f0aa7f552ea4af50bfd2df78c

commit: 1aca8ee36a66eebeb471c2ad3cbc949918260b39 [log] [tgz]
author: Sarup Dalwani <sarup@google.com> Tue Jan 21 19:24:31 2025 +0000
committer: Maciej Żenczykowski <maze@google.com> Wed Jan 22 17:14:10 2025 -0800
tree: 5573400f71099eb5dc5172e2dd5058b3ec2b8797
parent: 77e337282ebb5b1eef8e25bfc536f3773f3caf9e [diff] [blame]
diff --git a/bpf/progs/netd.h b/bpf/progs/netd.h
index 6561311..8400679 100644
--- a/bpf/progs/netd.h
+++ b/bpf/progs/netd.h

@@ -186,6 +186,7 @@
 #define PACKET_TRACE_ENABLED_MAP_PATH BPF_NETD_PATH "map_netd_packet_trace_enabled_map"
 #define DATA_SAVER_ENABLED_MAP_PATH BPF_NETD_PATH "map_netd_data_saver_enabled_map"
 #define LOCAL_NET_ACCESS_MAP_PATH BPF_NETD_PATH "map_netd_local_net_access_map"
+#define LOCAL_NET_BLOCKED_UID_MAP_PATH BPF_NETD_PATH "map_netd_local_net_blocked_uid_map"
 
 #endif // __cplusplus
commit	1aca8ee36a66eebeb471c2ad3cbc949918260b39	[log] [tgz]
author	Sarup Dalwani <sarup@google.com>	Tue Jan 21 19:24:31 2025 +0000
committer	Maciej Żenczykowski <maze@google.com>	Wed Jan 22 17:14:10 2025 -0800
tree	5573400f71099eb5dc5172e2dd5058b3ec2b8797
parent	77e337282ebb5b1eef8e25bfc536f3773f3caf9e [diff] [blame]