FirewallController - make mUseBpfOwnerMatch a bool
Test: builds, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I422a74e7a6f44259bb5f0c7a88222328e432c35b
diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp
index 7512c09..85a054a 100644
--- a/server/FirewallController.cpp
+++ b/server/FirewallController.cpp
@@ -54,8 +54,8 @@
// Proc file containing the uid mapping for the user namespace of the current process.
const char kUidMapProcFile[] = "/proc/self/uid_map";
-android::bpf::BpfLevel getBpfOwnerStatus() {
- return gCtls->trafficCtrl.getBpfLevel();
+bool getBpfOwnerStatus() {
+ return gCtls->trafficCtrl.getBpfLevel() != BpfLevel::NONE;
}
} // namespace
@@ -96,7 +96,7 @@
int FirewallController::setupIptablesHooks(void) {
int res = 0;
mUseBpfOwnerMatch = getBpfOwnerStatus();
- if (mUseBpfOwnerMatch != BpfLevel::NONE) {
+ if (mUseBpfOwnerMatch) {
return res;
}
res |= createChain(LOCAL_DOZABLE, getFirewallType(DOZABLE));
@@ -160,7 +160,7 @@
return res;
}
- if (mUseBpfOwnerMatch != BpfLevel::NONE) {
+ if (mUseBpfOwnerMatch) {
return gCtls->trafficCtrl.toggleUidOwnerMap(chain, enable);
}
@@ -259,7 +259,7 @@
ALOGW("Unknown child chain: %d", chain);
return -EINVAL;
}
- if (mUseBpfOwnerMatch != BpfLevel::NONE) {
+ if (mUseBpfOwnerMatch) {
return gCtls->trafficCtrl.changeUidOwnerRule(chain, uid, rule, firewallType);
}
@@ -347,12 +347,12 @@
int FirewallController::replaceUidChain(
const std::string &name, bool isWhitelist, const std::vector<int32_t>& uids) {
- if (mUseBpfOwnerMatch != BpfLevel::NONE) {
+ if (mUseBpfOwnerMatch) {
return gCtls->trafficCtrl.replaceUidOwnerMap(name, isWhitelist, uids);
- }
- std::string commands4 = makeUidRules(V4, name.c_str(), isWhitelist, uids);
- std::string commands6 = makeUidRules(V6, name.c_str(), isWhitelist, uids);
- return execIptablesRestore(V4, commands4.c_str()) | execIptablesRestore(V6, commands6.c_str());
+ }
+ std::string commands4 = makeUidRules(V4, name.c_str(), isWhitelist, uids);
+ std::string commands6 = makeUidRules(V6, name.c_str(), isWhitelist, uids);
+ return execIptablesRestore(V4, commands4.c_str()) | execIptablesRestore(V6, commands6.c_str());
}
/* static */
diff --git a/server/FirewallController.h b/server/FirewallController.h
index 43da322..620f196 100644
--- a/server/FirewallController.h
+++ b/server/FirewallController.h
@@ -104,7 +104,7 @@
// fails with EPERM. Netd can therefore assumes the max valid uid to be const.
const uid_t mMaxUid;
FirewallType mFirewallType;
- android::bpf::BpfLevel mUseBpfOwnerMatch;
+ bool mUseBpfOwnerMatch;
std::set<std::string> mIfaceRules;
int attachChain(const char*, const char*);
int detachChain(const char*, const char*);
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index bd933b4..1b53fb8 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -42,7 +42,7 @@
// This unit test currently doesn't cover the eBPF owner match case so
// we have to manually turn eBPF support off.
// TODO: find a way to unit test the eBPF code path.
- mFw.mUseBpfOwnerMatch = android::bpf::BpfLevel::NONE;
+ mFw.mUseBpfOwnerMatch = false;
}
FirewallController mFw;