ANDROID: Turn xt_owner module on

Once xt_qtaguid module is deprecated, the netd strictController which
uses owner match to filter egress traffic will not work because
xt_qtaguid masquerades as (and implements/extends) the "owner" module on
android devices. It can be resolved by turning upstream xt_owner module
back on since strictController only targets egress traffic and the
upstream xt_owner module works fine in this case.

Signed-off-by: Chenbo Feng <fengc@google.com>
Bug: 79938294
Test: manual cherry-pick and compile
Change-Id: Ia099db025f17f6042384c9f0caf7b941a40b8b84

2 files changed, 2 insertions, 0 deletions

diff --git a/arch/arm64/configs/cuttlefish_defconfig b/arch/arm64/configs/cuttlefish_defconfig
index 6d833e9b5d1c..b724b5fa635f 100644
--- a/arch/arm64/configs/cuttlefish_defconfig
+++ b/arch/arm64/configs/cuttlefish_defconfig
@@ -141,6 +141,7 @@ CONFIG_NETFILTER_XT_MATCH_LENGTH=y
 CONFIG_NETFILTER_XT_MATCH_LIMIT=y
 CONFIG_NETFILTER_XT_MATCH_MAC=y
 CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_OWNER=y
 CONFIG_NETFILTER_XT_MATCH_POLICY=y
 CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
 CONFIG_NETFILTER_XT_MATCH_QUOTA=y
diff --git a/arch/x86/configs/x86_64_cuttlefish_defconfig b/arch/x86/configs/x86_64_cuttlefish_defconfig
index e8bc98bbb0db..42bff352e0fa 100644
--- a/arch/x86/configs/x86_64_cuttlefish_defconfig
+++ b/arch/x86/configs/x86_64_cuttlefish_defconfig
@@ -147,6 +147,7 @@ CONFIG_NETFILTER_XT_MATCH_LENGTH=y
 CONFIG_NETFILTER_XT_MATCH_LIMIT=y
 CONFIG_NETFILTER_XT_MATCH_MAC=y
 CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_OWNER=y
 CONFIG_NETFILTER_XT_MATCH_POLICY=y
 CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
 CONFIG_NETFILTER_XT_MATCH_QUOTA=y