diff options
author | Maciej Żenczykowski <maze@google.com> | 2022-06-16 18:58:22 -0700 |
---|---|---|
committer | Maciej Żenczykowski <maze@google.com> | 2022-06-20 16:32:18 +0000 |
commit | 14fdd0a4a970ac2b90aaf8972cbc2f5d76a52dad (patch) | |
tree | 52eb7d5a4ed62dae0befda86d603b942046bac10 | |
parent | 72c3298572b0112ac10a54425cdcb5cdff250231 (diff) | |
download | bpf-14fdd0a4a970ac2b90aaf8972cbc2f5d76a52dad.tar.gz |
add support for 'netd_readonly'
For use by:
- maps netd should have read but not write access to
(needed due to netd being root with DAC_OVERRIDE,
and thus not obeying standard unix permissions)
- programs that netd should have access to but
not netutils_wrappers (which due to being able to
run iptables, needs access to xt_bpf programs)
Bug: 218408035
Test: booted on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I72b106692a25077ff54252fd93db81f46b52125d
(cherry picked from commit 32c0b8f46ede0878a06b9a72b7bf547a49cefbd4)
Merged-In: I72b106692a25077ff54252fd93db81f46b52125d
-rw-r--r-- | bpfloader/BpfLoader.cpp | 15 | ||||
-rw-r--r-- | libbpf_android/Loader.cpp | 4 |
2 files changed, 13 insertions, 6 deletions
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp index 739932d..4e5a6ce 100644 --- a/bpfloader/BpfLoader.cpp +++ b/bpfloader/BpfLoader.cpp @@ -69,22 +69,29 @@ struct Location { }; const Location locations[] = { - // Tethering mainline module: tether offload + // S+ Tethering mainline module (network_stack): tether offload { .dir = "/apex/com.android.tethering/etc/bpf/", .prefix = "tethering/", }, - // Tethering mainline module (shared with netd & system server) + // T+ Tethering mainline module (shared with netd & system server) + // netutils_wrapper (for iptables xt_bpf) has access to programs { .dir = "/apex/com.android.tethering/etc/bpf/netd_shared/", .prefix = "netd_shared/", }, - // Tethering mainline module (shared with system server) + // T+ Tethering mainline module (shared with netd & system server) + // netutils_wrapper has no access, netd has read only access + { + .dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/", + .prefix = "netd_readonly/", + }, + // T+ Tethering mainline module (shared with system server) { .dir = "/apex/com.android.tethering/etc/bpf/net_shared/", .prefix = "net_shared/", }, - // Tethering mainline module (not shared) + // T+ Tethering mainline module (not shared, just network_stack) { .dir = "/apex/com.android.tethering/etc/bpf/net_private/", .prefix = "net_private/", diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp index 37a764a..b3f0330 100644 --- a/libbpf_android/Loader.cpp +++ b/libbpf_android/Loader.cpp @@ -30,9 +30,9 @@ #include <sys/wait.h> #include <unistd.h> -// This is BpfLoader v0.15 +// This is BpfLoader v0.16 #define BPFLOADER_VERSION_MAJOR 0u -#define BPFLOADER_VERSION_MINOR 15u +#define BPFLOADER_VERSION_MINOR 16u #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR) #include "bpf/BpfUtils.h" |