commit 47dd073ca85df9fa7dc611f7b6fafcb0f7fccefa
author Chenbo Feng <fengc@google.com> Tue Dec 11 12:23:24 2018 -0800
committer Chenbo Feng <fengc@google.com> Fri Feb 15 04:33:30 2019 +0000
tree 2819bfe21613d72a1e7f89f3c71b5d77ff6f9d83
parent abdb0bde3a39717c5b8c2e1f8b2b5687880bf85e

Get bpf level when check bpf support

Instead of return boolean, bpf support check now returns a integer
represent the current bpf level on device. This level is used to decide
if the device support some advanced bpf feature such as map_in_map and
bpf cgroup socket filter. Delete the binder call for bpf status check
since no one is using it.

Bug: 111441138
Test: libnetdbpf_test, netd_integration_test
Change-Id: Ib70c07647ffe491d493b4582b4b4b0eba7caf3a9

server/FirewallController.h

diff --git a/server/FirewallController.h b/server/FirewallController.h
index a7082da..43da322 100644
--- a/server/FirewallController.h
+++ b/server/FirewallController.h
@@ -26,6 +26,7 @@
 #include "android/net/INetd.h"
 
 #include "NetdConstants.h"
+#include "bpf/BpfUtils.h"
 
 namespace android {
 namespace net {
@@ -103,7 +104,7 @@
   //    fails with EPERM. Netd can therefore assumes the max valid uid to be const.
   const uid_t mMaxUid;
   FirewallType mFirewallType;
-  bool mUseBpfOwnerMatch;
+  android::bpf::BpfLevel mUseBpfOwnerMatch;
   std::set<std::string> mIfaceRules;
   int attachChain(const char*, const char*);
   int detachChain(const char*, const char*);