ANDROID: syscall_check: add vendor hook for bpf syscall

Through this vendor hook, we can get the timing to check
current running task for the validation of its credential
and bpf operations.

Bug: 191291287

Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: Ie4ed8df7ad66df2486fc7e52a26d9191fc0c176e

include/trace/hooks/syscall_check.h

@@ -12,6 +12,7 @@
  * mechanism for vendor modules to hook and extend functionality
  */
 struct file;
+union bpf_attr;
 DECLARE_HOOK(android_vh_check_mmap_file,
 	TP_PROTO(const struct file *file, unsigned long prot,
 		unsigned long flag, unsigned long ret),
@@ -21,6 +22,10 @@ DECLARE_HOOK(android_vh_check_file_open,
 	TP_PROTO(const struct file *file),
 	TP_ARGS(file));
 
+DECLARE_HOOK(android_vh_check_bpf_syscall,
+	TP_PROTO(int cmd, const union bpf_attr *attr, unsigned int size),
+	TP_ARGS(cmd, attr, size));
+
 #endif /* _TRACE_HOOK_SYSCALL_CHECK_H */
 /* This part must be outside protection */
 #include <trace/define_trace.h>