1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <stdint.h>
20 #include <sys/cdefs.h>
21 #include <sys/types.h>
22 
23 __BEGIN_DECLS
24 
25 /*
26  * Initial function for libnetd_updatable library.
27  *
28  * The function uses |cg2_path| as cgroup v2 mount location to attach BPF programs so that the
29  * kernel can record packet number, size, etc. in BPF maps when packets pass through, and let user
30  * space retrieve statistics.
31  *
32  * Returns 0 on success, or a negative POSIX error code (see errno.h) on
33  * failure.
34  */
35 int libnetd_updatable_init(const char* cg2_path);
36 
37 /*
38  * Set the socket tag and owning UID for traffic statistics on the specified socket. Permission
39  * check is performed based on the |realUid| before socket tagging.
40  *
41  * The |sockFd| is a file descriptor of the socket that needs to tag. The |tag| is the mark to tag.
42  * It can be an arbitrary value in uint32_t range. The |chargeUid| is owning uid which will be
43  * tagged along with the |tag|. The |realUid| is an effective uid of the calling process, which is
44  * used for permission check before socket tagging.
45  *
46  * Returns 0 on success, or a negative POSIX error code (see errno.h) on failure.
47  */
48 int libnetd_updatable_tagSocket(int sockFd, uint32_t tag, uid_t chargeUid,
49                                                        uid_t realUid);
50 
51 /*
52  * Untag a network socket. Future traffic on this socket will no longer be associated with any
53  * previously configured tag and uid.
54  *
55  * The |sockFd| is a file descriptor of the socket that wants to untag.
56  *
57  * Returns 0 on success, or a negative POSIX error code (see errno.h) on failure.
58  */
59 int libnetd_updatable_untagSocket(int sockFd);
60 
61 __END_DECLS