commit 89c12f13e3fb31f1a46f3ea5aeef331b0c9eda45
author Chenbo Feng <fengc@google.com> Wed Mar 21 10:29:18 2018 -0700
committer Chenbo Feng <fengc@google.com> Thu Apr 12 11:58:26 2018 -0700
tree 5375cbf5849db5a9c4022c5473c93bebf1092ae4
parent 05827de37e5413d165bf655bdfd13e3d49c906d1

Add xt_owner module support in trafficController

Add bpf maps for recording rules about socket owner uid filtering.
Modified the bpf program so that packets with uid listed in the
the uidOwnerMap will get handled according to userspace settings

Test: bpf program can be loaded and attached when boot
Bug: 72381727 30950746
Change-Id: I39497334fcb5e200dbf07a0046b85c227d59e2d7

server/TrafficController.h

diff --git a/server/TrafficController.h b/server/TrafficController.h
index 0991288..bc16d39 100644
--- a/server/TrafficController.h
+++ b/server/TrafficController.h
@@ -20,8 +20,10 @@
 #include <linux/bpf.h>
 
 #include <netdutils/StatusOr.h>
+#include "FirewallController.h"
 #include "NetlinkListener.h"
 #include "Network.h"
+#include "android-base/thread_annotations.h"
 #include "android-base/unique_fd.h"
 
 // Since we cannot garbage collect the stats map since device boot, we need to make these maps as
@@ -51,6 +53,7 @@
 
 class TrafficController {
   public:
+    TrafficController();
     /*
      * Initialize the whole controller
      */
@@ -100,6 +103,21 @@
      */
     int addInterface(const char* name, uint32_t ifaceIndex);
 
+    int changeUidOwnerRule(ChildChain chain, const uid_t uid, FirewallRule rule, FirewallType type);
+
+    int removeUidOwnerRule(const uid_t uid);
+
+    int replaceUidOwnerMap(const std::string& name, bool isWhitelist,
+                           const std::vector<int32_t>& uids);
+
+    int updateOwnerMapEntry(const base::unique_fd& map_fd, uid_t uid, FirewallRule rule,
+                            FirewallType type);
+
+    int replaceUidsInMap(const base::unique_fd& map_fd, const std::vector<int32_t> &uids,
+                         FirewallRule rule, FirewallType type);
+
+    int toggleUidOwnerMap(ChildChain chain, bool enable);
+
   private:
     /*
      * mCookieTagMap: Store the corresponding tag and uid for a specific socket.
@@ -152,13 +170,34 @@
      */
     base::unique_fd mIfaceStatsMap;
 
+    /*
+     * mDozableUidMap: Store uids that have related rules in dozable mode owner match
+     * chain.
+     */
+    base::unique_fd mDozableUidMap GUARDED_BY(mOwnerMatchMutex);
+
+    /*
+     * mStandbyUidMap: Store uids that have related rules in standby mode owner match
+     * chain.
+     */
+    base::unique_fd mStandbyUidMap GUARDED_BY(mOwnerMatchMutex);
+
+    /*
+     * mPowerSaveUidMap: Store uids that have related rules in power save mode owner match
+     * chain.
+     */
+    base::unique_fd mPowerSaveUidMap GUARDED_BY(mOwnerMatchMutex);
+
     std::unique_ptr<NetlinkListenerInterface> mSkDestroyListener;
 
     bool ebpfSupported;
 
+    std::mutex mOwnerMatchMutex;
+
     netdutils::Status loadAndAttachProgram(bpf_attach_type type, const char* path, const char* name,
                                            base::unique_fd& cg_fd);
 
+    netdutils::Status initMaps();
     // For testing
     friend class TrafficControllerTest;
 };