commit 75b410bdf186263fa4e05e079bfba44578622c33
author Chenbo Feng <fengc@google.com> Wed Oct 10 15:01:19 2018 -0700
committer Chenbo Feng <fengc@google.com> Tue Oct 16 20:38:03 2018 -0700
tree ae9c3059dc0fc49394b2c756ae6f2230a0f8ff97
parent 3d00fed6eb65efc737b6894e9d794660b9bbb9d7

Initial checkin for bpf project

Copied the files from system/netd into system/bpf. No modification is
made to the files.

Test: this doesn't build since the Android.bp file is missing
Bug: 112334572

Change-Id: Ia090a429dd416e07c46766784fb3dd2037201525

bpfloader/bpf_kern.c

diff --git a/bpfloader/bpf_kern.c b/bpfloader/bpf_kern.c
new file mode 100644
index 0000000..4fe8140
--- /dev/null
+++ b/bpfloader/bpf_kern.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <linux/bpf.h>
+#include "bpf_kern.h"
+
+
+ELF_SEC(BPF_CGROUP_INGRESS_PROG_NAME)
+int bpf_cgroup_ingress(struct __sk_buff* skb) {
+    return bpf_traffic_account(skb, BPF_INGRESS);
+}
+
+ELF_SEC(BPF_CGROUP_EGRESS_PROG_NAME)
+int bpf_cgroup_egress(struct __sk_buff* skb) {
+    return bpf_traffic_account(skb, BPF_EGRESS);
+}
+
+ELF_SEC(XT_BPF_EGRESS_PROG_NAME)
+int xt_bpf_egress_prog(struct __sk_buff* skb) {
+    uint32_t key = skb->ifindex;
+    bpf_update_stats(skb, IFACE_STATS_MAP, BPF_EGRESS, &key);
+    return BPF_MATCH;
+}
+
+ELF_SEC(XT_BPF_INGRESS_PROG_NAME)
+int xt_bpf_ingress_prog(struct __sk_buff* skb) {
+    uint32_t key = skb->ifindex;
+    bpf_update_stats(skb, IFACE_STATS_MAP, BPF_INGRESS, &key);
+    return BPF_MATCH;
+}
+
+ELF_SEC(XT_BPF_WHITELIST_PROG_NAME)
+int xt_bpf_whitelist_prog(struct __sk_buff* skb) {
+    uint32_t sock_uid = get_socket_uid(skb);
+    if (is_system_uid(sock_uid)) return BPF_MATCH;
+    uint8_t* whitelistMatch = find_map_entry(UID_OWNER_MAP, &sock_uid);
+    if (whitelistMatch) return *whitelistMatch & HAPPY_BOX_MATCH;
+    return BPF_NOMATCH;
+}
+
+ELF_SEC(XT_BPF_BLACKLIST_PROG_NAME)
+int xt_bpf_blacklist_prog(struct __sk_buff* skb) {
+    uint32_t sock_uid = get_socket_uid(skb);
+    uint8_t* blacklistMatch = find_map_entry(UID_OWNER_MAP, &sock_uid);
+    if (blacklistMatch) return *blacklistMatch & PENALTY_BOX_MATCH;
+    return BPF_NOMATCH;
+}