Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 47dd073ca85df9fa7dc611f7b6fafcb0f7fccefa^! / . / server / FirewallController.cpp
commit47dd073ca85df9fa7dc611f7b6fafcb0f7fccefa[log] [tgz]
authorChenbo Feng <fengc@google.com>Tue Dec 11 12:23:24 2018 -0800
committerChenbo Feng <fengc@google.com>Fri Feb 15 04:33:30 2019 +0000
tree2819bfe21613d72a1e7f89f3c71b5d77ff6f9d83
parentabdb0bde3a39717c5b8c2e1f8b2b5687880bf85e [diff] [blame]
Get bpf level when check bpf support

Instead of return boolean, bpf support check now returns a integer
represent the current bpf level on device. This level is used to decide
if the device support some advanced bpf feature such as map_in_map and
bpf cgroup socket filter. Delete the binder call for bpf status check
since no one is using it.

Bug: 111441138
Test: libnetdbpf_test, netd_integration_test
Change-Id: Ib70c07647ffe491d493b4582b4b4b0eba7caf3a9

diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp
index 890ab5b..7512c09 100644
--- a/server/FirewallController.cpp
+++ b/server/FirewallController.cpp

@@ -41,6 +41,7 @@
 using android::base::Split;
 using android::base::StringAppendF;
 using android::base::StringPrintf;
+using android::bpf::BpfLevel;
 using android::net::gCtls;
 
 namespace {
@@ -53,8 +54,8 @@
 // Proc file containing the uid mapping for the user namespace of the current process.
 const char kUidMapProcFile[] = "/proc/self/uid_map";
 
-bool getBpfOwnerStatus() {
-    return gCtls->trafficCtrl.checkBpfStatsEnable();
+android::bpf::BpfLevel getBpfOwnerStatus() {
+    return gCtls->trafficCtrl.getBpfLevel();
 }
 
 }  // namespace
@@ -95,7 +96,7 @@
 int FirewallController::setupIptablesHooks(void) {
     int res = 0;
     mUseBpfOwnerMatch = getBpfOwnerStatus();
-    if (mUseBpfOwnerMatch) {
+    if (mUseBpfOwnerMatch != BpfLevel::NONE) {
         return res;
     }
     res |= createChain(LOCAL_DOZABLE, getFirewallType(DOZABLE));
@@ -159,7 +160,7 @@
             return res;
     }
 
-    if (mUseBpfOwnerMatch) {
+    if (mUseBpfOwnerMatch != BpfLevel::NONE) {
         return gCtls->trafficCtrl.toggleUidOwnerMap(chain, enable);
     }
 
@@ -258,7 +259,7 @@
             ALOGW("Unknown child chain: %d", chain);
             return -EINVAL;
     }
-    if (mUseBpfOwnerMatch) {
+    if (mUseBpfOwnerMatch != BpfLevel::NONE) {
         return gCtls->trafficCtrl.changeUidOwnerRule(chain, uid, rule, firewallType);
     }
 
@@ -346,8 +347,8 @@
 
 int FirewallController::replaceUidChain(
         const std::string &name, bool isWhitelist, const std::vector<int32_t>& uids) {
-   if (mUseBpfOwnerMatch) {
-       return gCtls->trafficCtrl.replaceUidOwnerMap(name, isWhitelist, uids);
+    if (mUseBpfOwnerMatch != BpfLevel::NONE) {
+        return gCtls->trafficCtrl.replaceUidOwnerMap(name, isWhitelist, uids);
    }
    std::string commands4 = makeUidRules(V4, name.c_str(), isWhitelist, uids);
    std::string commands6 = makeUidRules(V6, name.c_str(), isWhitelist, uids);