Add cgroup socket bpf kernel program support

Add support for cgroup socket filter program loading in bpfloader,
and create a uid permission map to store the uids that have INTERNET
permission.

Bug: 111560570
Bug: 111560739
Test: dumpsys netd trafficcontroller

Change-Id: I658f533d302cb594d7b36d4a3a2a70e394874c33

2 files changed, 11 insertions, 1 deletions

diff --git a/progs/Android.bp b/progs/Android.bp
index 35ba797..4302129 100644
--- a/progs/Android.bp
+++ b/progs/Android.bp
@@ -24,5 +24,8 @@ bpf {
         "-Wall",
         "-Werror",
     ],
-    include_dirs: ["system/netd/libnetdbpf/include"],
+    include_dirs: [
+        "system/netd/libnetdbpf/include",
+        "system/netd/libnetdutils/include",
+    ],
 }
diff --git a/progs/netd.c b/progs/netd.c
index 0ea51a9..5f89839 100644
--- a/progs/netd.c
+++ b/progs/netd.c
@@ -58,4 +58,11 @@ int xt_bpf_blacklist_prog(struct __sk_buff* skb) {
     return BPF_NOMATCH;
 }
 
+struct bpf_map_def SEC("maps") uid_permission_map = {
+    .type = BPF_MAP_TYPE_HASH,
+    .key_size = sizeof(uint32_t),
+    .value_size = sizeof(uint8_t),
+    .max_entries = UID_OWNER_MAP_SIZE,
+};
+
 char _license[] SEC("license") = "Apache 2.0";