Merge changes I24816b66,I84ddec9a,Iae64b900,I3bd83e19,Idc910478 into main am: 9734ebfcc7

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/3243846

Change-Id: Ic422dcac76b24ca6b0f842f14903cbef2033142c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/bpf/loader/NetBpfLoad.cpp b/bpf/loader/NetBpfLoad.cpp
index 22f12d1..59712b1 100644
--- a/bpf/loader/NetBpfLoad.cpp
+++ b/bpf/loader/NetBpfLoad.cpp
@@ -17,7 +17,6 @@
 #define LOG_TAG "NetBpfLoad"
 
 #include <arpa/inet.h>
-#include <cstdlib>
 #include <dirent.h>
 #include <elf.h>
 #include <errno.h>
@@ -26,8 +25,6 @@
 #include <fstream>
 #include <inttypes.h>
 #include <iostream>
-#include <linux/bpf.h>
-#include <linux/elf.h>
 #include <linux/unistd.h>
 #include <log/log.h>
 #include <net/if.h>
@@ -993,13 +990,13 @@
 
             union bpf_attr req = {
               .prog_type = cs[i].type,
-              .kern_version = kvers,
-              .license = ptr_to_u64(license.c_str()),
-              .insns = ptr_to_u64(cs[i].data.data()),
               .insn_cnt = static_cast<__u32>(cs[i].data.size() / sizeof(struct bpf_insn)),
+              .insns = ptr_to_u64(cs[i].data.data()),
+              .license = ptr_to_u64(license.c_str()),
               .log_level = 1,
-              .log_buf = ptr_to_u64(log_buf.data()),
               .log_size = static_cast<__u32>(log_buf.size()),
+              .log_buf = ptr_to_u64(log_buf.data()),
+              .kern_version = kvers,
               .expected_attach_type = cs[i].attach_type,
             };
             if (isAtLeastKernelVersion(4, 15, 0))
@@ -1155,33 +1152,35 @@
     abort();  // can only hit this if permissions (likely selinux) are screwed up
 }
 
+#define APEXROOT "/apex/com.android.tethering"
+#define BPFROOT APEXROOT "/etc/bpf"
 
 const Location locations[] = {
         // S+ Tethering mainline module (network_stack): tether offload
         {
-                .dir = "/apex/com.android.tethering/etc/bpf/",
+                .dir = BPFROOT "/",
                 .prefix = "tethering/",
         },
         // T+ Tethering mainline module (shared with netd & system server)
         // netutils_wrapper (for iptables xt_bpf) has access to programs
         {
-                .dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
+                .dir = BPFROOT "/netd_shared/",
                 .prefix = "netd_shared/",
         },
         // T+ Tethering mainline module (shared with netd & system server)
         // netutils_wrapper has no access, netd has read only access
         {
-                .dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",
+                .dir = BPFROOT "/netd_readonly/",
                 .prefix = "netd_readonly/",
         },
         // T+ Tethering mainline module (shared with system server)
         {
-                .dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
+                .dir = BPFROOT "/net_shared/",
                 .prefix = "net_shared/",
         },
         // T+ Tethering mainline module (not shared, just network_stack)
         {
-                .dir = "/apex/com.android.tethering/etc/bpf/net_private/",
+                .dir = BPFROOT "/net_private/",
                 .prefix = "net_private/",
         },
 };
diff --git a/bpf/progs/dscpPolicy.c b/bpf/progs/dscpPolicy.c
index 4bdd3ed..baabb02 100644
--- a/bpf/progs/dscpPolicy.c
+++ b/bpf/progs/dscpPolicy.c
@@ -155,19 +155,19 @@
 
         int score = 0;
 
-        if (policy->present_fields & PROTO_MASK_FLAG) {
+        if (policy->match_proto) {
             if (protocol != policy->proto) continue;
             score += 0xFFFF;
         }
-        if (policy->present_fields & SRC_IP_MASK_FLAG) {
+        if (policy->match_src_ip) {
             if (v6_not_equal(src_ip, policy->src_ip)) continue;
             score += 0xFFFF;
         }
-        if (policy->present_fields & DST_IP_MASK_FLAG) {
+        if (policy->match_dst_ip) {
             if (v6_not_equal(dst_ip, policy->dst_ip)) continue;
             score += 0xFFFF;
         }
-        if (policy->present_fields & SRC_PORT_MASK_FLAG) {
+        if (policy->match_src_port) {
             if (sport != policy->src_port) continue;
             score += 0xFFFF;
         }
diff --git a/bpf/progs/dscpPolicy.h b/bpf/progs/dscpPolicy.h
index ea84655..dc431a7 100644
--- a/bpf/progs/dscpPolicy.h
+++ b/bpf/progs/dscpPolicy.h
@@ -17,11 +17,6 @@
 #define CACHE_MAP_SIZE 1024
 #define MAX_POLICIES 16
 
-#define SRC_IP_MASK_FLAG     1
-#define DST_IP_MASK_FLAG     2
-#define SRC_PORT_MASK_FLAG   4
-#define PROTO_MASK_FLAG      8
-
 #define STRUCT_SIZE(name, size) _Static_assert(sizeof(name) == (size), "Incorrect struct size.")
 
 // Retrieve the first (ie. high) 64 bits of an IPv6 address (in network order)
@@ -46,10 +41,12 @@
     uint16_t dst_port_end;
     uint8_t proto;
     int8_t dscp_val;  // -1 none, or 0..63 DSCP value
-    uint8_t present_fields;
-    uint8_t pad[3];
+    bool match_src_ip;
+    bool match_dst_ip;
+    bool match_src_port;
+    bool match_proto;
 } DscpPolicy;
-STRUCT_SIZE(DscpPolicy, 2 * 16 + 4 + 3 * 2 + 3 * 1 + 3);  // 48
+STRUCT_SIZE(DscpPolicy, 2 * 16 + 4 + 3 * 2 + 6 * 1);  // 48
 
 typedef struct {
     struct in6_addr src_ip;
@@ -61,4 +58,4 @@
     int8_t dscp_val;  // -1 none, or 0..63 DSCP value
     uint8_t pad[2];
 } RuleEntry;
-STRUCT_SIZE(RuleEntry, 2 * 16 + 1 * 4 + 2 * 2 + 2 * 1 + 2);  // 44
+STRUCT_SIZE(RuleEntry, 2 * 16 + 4 + 2 * 2 + 4 * 1);  // 44
diff --git a/tests/mts/Android.bp b/bpf/tests/mts/Android.bp
similarity index 100%
rename from tests/mts/Android.bp
rename to bpf/tests/mts/Android.bp
diff --git a/tests/mts/OWNERS b/bpf/tests/mts/OWNERS
similarity index 100%
rename from tests/mts/OWNERS
rename to bpf/tests/mts/OWNERS
diff --git a/tests/mts/bpf_existence_test.cpp b/bpf/tests/mts/bpf_existence_test.cpp
similarity index 100%
rename from tests/mts/bpf_existence_test.cpp
rename to bpf/tests/mts/bpf_existence_test.cpp
diff --git a/service/src/com/android/server/connectivity/DscpPolicyValue.java b/service/src/com/android/server/connectivity/DscpPolicyValue.java
index 7b11eda..7162a4a 100644
--- a/service/src/com/android/server/connectivity/DscpPolicyValue.java
+++ b/service/src/com/android/server/connectivity/DscpPolicyValue.java
@@ -55,13 +55,17 @@
     @Field(order = 7, type = Type.S8)
     public final byte dscp;
 
-    @Field(order = 8, type = Type.U8, padding = 3)
-    public final short mask;
+    @Field(order = 8, type = Type.Bool)
+    public final boolean match_src_ip;
 
-    private static final int SRC_IP_MASK = 0x1;
-    private static final int DST_IP_MASK = 0x02;
-    private static final int SRC_PORT_MASK = 0x4;
-    private static final int PROTO_MASK = 0x8;
+    @Field(order = 9, type = Type.Bool)
+    public final boolean match_dst_ip;
+
+    @Field(order = 10, type = Type.Bool)
+    public final boolean match_src_port;
+
+    @Field(order = 11, type = Type.Bool)
+    public final boolean match_proto;
 
     private boolean ipEmpty(final byte[] ip) {
         for (int i = 0; i < ip.length; i++) {
@@ -98,24 +102,6 @@
     private static final byte[] EMPTY_ADDRESS_FIELD =
             InetAddress.parseNumericAddress("::").getAddress();
 
-    private short makeMask(final byte[] src46, final byte[] dst46, final int srcPort,
-            final int dstPortStart, final short proto, final byte dscp) {
-        short mask = 0;
-        if (src46 != EMPTY_ADDRESS_FIELD) {
-            mask |= SRC_IP_MASK;
-        }
-        if (dst46 != EMPTY_ADDRESS_FIELD) {
-            mask |=  DST_IP_MASK;
-        }
-        if (srcPort != -1) {
-            mask |=  SRC_PORT_MASK;
-        }
-        if (proto != -1) {
-            mask |=  PROTO_MASK;
-        }
-        return mask;
-    }
-
     private DscpPolicyValue(final InetAddress src46, final InetAddress dst46, final int ifIndex,
             final int srcPort, final int dstPortStart, final int dstPortEnd, final short proto,
             final byte dscp) {
@@ -131,9 +117,10 @@
         this.proto = proto != -1 ? proto : 0;
 
         this.dscp = dscp;
-        // Use member variables for IP since byte[] is needed and api variables for everything else
-        // so -1 is passed into mask if parameter is not present.
-        this.mask = makeMask(this.src46, this.dst46, srcPort, dstPortStart, proto, dscp);
+        this.match_src_ip = (this.src46 != EMPTY_ADDRESS_FIELD);
+        this.match_dst_ip = (this.dst46 != EMPTY_ADDRESS_FIELD);
+        this.match_src_port = (srcPort != -1);
+        this.match_proto = (proto != -1);
     }
 
     public DscpPolicyValue(final InetAddress src46, final InetAddress dst46, final int ifIndex,