commit 54423027fad53470f5b6a5870b8364a1f2c87743
author Robert Horvath <robhor@google.com> Thu Jan 27 19:53:27 2022 +0100
committer Robert Horvath <robhor@google.com> Wed Feb 02 22:54:21 2022 +0100
tree 27b8d1b634ad7c99439b5bcc2d6c132539c3df1d
parent c22652401d371c768b496eb16ac588a7d5951c7e

Implement Low Power Standby packet filtering in BPF program

Bug: 190822356
Test: atest NetworkManagementServiceTest
Change-Id: I664414fbb744a118d4d0fea4ed91680bb38efe07

bpf_progs/bpf_shared.h

diff --git a/bpf_progs/bpf_shared.h b/bpf_progs/bpf_shared.h
index f0df97b..2ddc7b8 100644
--- a/bpf_progs/bpf_shared.h
+++ b/bpf_progs/bpf_shared.h
@@ -130,7 +130,8 @@
     STANDBY_MATCH = (1 << 3),
     POWERSAVE_MATCH = (1 << 4),
     RESTRICTED_MATCH = (1 << 5),
-    IIF_MATCH = (1 << 6),
+    LOW_POWER_STANDBY_MATCH = (1 << 6),
+    IIF_MATCH = (1 << 7),
 };
 
 enum BpfPermissionMatch {

bpf_progs/netd.c

diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index f0af8b4..c1a74e7 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -210,6 +210,9 @@
         if ((enabledRules & RESTRICTED_MATCH) && !(uidRules & RESTRICTED_MATCH)) {
             return BPF_DROP;
         }
+        if ((enabledRules & LOW_POWER_STANDBY_MATCH) && !(uidRules & LOW_POWER_STANDBY_MATCH)) {
+            return BPF_DROP;
+        }
     }
     if (direction == BPF_INGRESS && (uidRules & IIF_MATCH)) {
         // Drops packets not coming from lo nor the allowlisted interface