diff options
author | Chenbo Feng <fengc@google.com> | 2018-12-26 16:14:05 -0800 |
---|---|---|
committer | Chenbo Feng <fengc@google.com> | 2019-01-28 15:21:59 -0800 |
commit | 5aee2f14a5c69a4748440c15c14b9b15e8609185 (patch) | |
tree | 97d1973c2c7e72da5732b9b8e16d7537ae003bc8 /progs | |
parent | b78998c4477c0a16795a89e4af4d3b2270ce8ad2 (diff) | |
download | bpf-5aee2f14a5c69a4748440c15c14b9b15e8609185.tar.gz |
Add cgroup socket bpf kernel program support
Add support for cgroup socket filter program loading in bpfloader,
and create a uid permission map to store the uids that have INTERNET
permission.
Bug: 111560570
Bug: 111560739
Test: dumpsys netd trafficcontroller
Change-Id: I658f533d302cb594d7b36d4a3a2a70e394874c33
Diffstat (limited to 'progs')
-rw-r--r-- | progs/Android.bp | 5 | ||||
-rw-r--r-- | progs/netd.c | 7 |
2 files changed, 11 insertions, 1 deletions
diff --git a/progs/Android.bp b/progs/Android.bp index 35ba797..4302129 100644 --- a/progs/Android.bp +++ b/progs/Android.bp @@ -24,5 +24,8 @@ bpf { "-Wall", "-Werror", ], - include_dirs: ["system/netd/libnetdbpf/include"], + include_dirs: [ + "system/netd/libnetdbpf/include", + "system/netd/libnetdutils/include", + ], } diff --git a/progs/netd.c b/progs/netd.c index 0ea51a9..5f89839 100644 --- a/progs/netd.c +++ b/progs/netd.c @@ -58,4 +58,11 @@ int xt_bpf_blacklist_prog(struct __sk_buff* skb) { return BPF_NOMATCH; } +struct bpf_map_def SEC("maps") uid_permission_map = { + .type = BPF_MAP_TYPE_HASH, + .key_size = sizeof(uint32_t), + .value_size = sizeof(uint8_t), + .max_entries = UID_OWNER_MAP_SIZE, +}; + char _license[] SEC("license") = "Apache 2.0"; |