Add cgroup socket bpf kernel program support
Add support for cgroup socket filter program loading in bpfloader,
and create a uid permission map to store the uids that have INTERNET
permission.
Bug: 111560570
Bug: 111560739
Test: dumpsys netd trafficcontroller
Change-Id: I658f533d302cb594d7b36d4a3a2a70e394874c33
diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index d8771c1..7687cb1 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@@ -63,14 +63,15 @@
* is the name of the program, and tracepoint is the type.
*/
sectionType sectionNameTypes[] = {
- { "kprobe", BPF_PROG_TYPE_KPROBE },
- { "tracepoint", BPF_PROG_TYPE_TRACEPOINT },
- { "skfilter", BPF_PROG_TYPE_SOCKET_FILTER },
- { "cgroupskb", BPF_PROG_TYPE_CGROUP_SKB },
- { "schedcls", BPF_PROG_TYPE_SCHED_CLS },
+ {"kprobe", BPF_PROG_TYPE_KPROBE},
+ {"tracepoint", BPF_PROG_TYPE_TRACEPOINT},
+ {"skfilter", BPF_PROG_TYPE_SOCKET_FILTER},
+ {"cgroupskb", BPF_PROG_TYPE_CGROUP_SKB},
+ {"schedcls", BPF_PROG_TYPE_SCHED_CLS},
+ {"cgroupsock", BPF_PROG_TYPE_CGROUP_SOCK},
/* End of table */
- { "END", BPF_PROG_TYPE_UNSPEC },
+ {"END", BPF_PROG_TYPE_UNSPEC},
};
typedef struct {
diff --git a/progs/Android.bp b/progs/Android.bp
index 35ba797..4302129 100644
--- a/progs/Android.bp
+++ b/progs/Android.bp
@@ -24,5 +24,8 @@
"-Wall",
"-Werror",
],
- include_dirs: ["system/netd/libnetdbpf/include"],
+ include_dirs: [
+ "system/netd/libnetdbpf/include",
+ "system/netd/libnetdutils/include",
+ ],
}
diff --git a/progs/netd.c b/progs/netd.c
index 0ea51a9..5f89839 100644
--- a/progs/netd.c
+++ b/progs/netd.c
@@ -58,4 +58,11 @@
return BPF_NOMATCH;
}
+struct bpf_map_def SEC("maps") uid_permission_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(uint8_t),
+ .max_entries = UID_OWNER_MAP_SIZE,
+};
+
char _license[] SEC("license") = "Apache 2.0";