add support for 'netd_readonly'

For use by: - maps netd should have read but not write access to (needed due to netd being root with DAC_OVERRIDE, and thus not obeying standard unix permissions) - programs that netd should have access to but not netutils_wrappers (which due to being able to run iptables, needs access to xt_bpf programs) Bug: 218408035 Test: booted on cuttlefish Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I72b106692a25077ff54252fd93db81f46b52125d (cherry picked from commit 32c0b8f46ede0878a06b9a72b7bf547a49cefbd4) Merged-In: I72b106692a25077ff54252fd93db81f46b52125d
author: Maciej Żenczykowski <maze@google.com> 2022-06-16 18:58:22 -0700
committer: Maciej Żenczykowski <maze@google.com> 2022-06-20 16:32:18 +0000
commit: 14fdd0a4a970ac2b90aaf8972cbc2f5d76a52dad (patch)
tree: 52eb7d5a4ed62dae0befda86d603b942046bac10
parent: 72c3298572b0112ac10a54425cdcb5cdff250231 (diff)
download: bpf-14fdd0a4a970ac2b90aaf8972cbc2f5d76a52dad.tar.gz
2 files changed, 13 insertions, 6 deletions
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index 739932d..4e5a6ce 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp
@@ -69,22 +69,29 @@ struct Location {
 };
 
 const Location locations[] = {
-        // Tethering mainline module: tether offload
+        // S+ Tethering mainline module (network_stack): tether offload
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/",
                 .prefix = "tethering/",
         },
-        // Tethering mainline module (shared with netd & system server)
+        // T+ Tethering mainline module (shared with netd & system server)
+        // netutils_wrapper (for iptables xt_bpf) has access to programs
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
                 .prefix = "netd_shared/",
         },
-        // Tethering mainline module (shared with system server)
+        // T+ Tethering mainline module (shared with netd & system server)
+        // netutils_wrapper has no access, netd has read only access
+        {
+                .dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",
+                .prefix = "netd_readonly/",
+        },
+        // T+ Tethering mainline module (shared with system server)
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
                 .prefix = "net_shared/",
         },
-        // Tethering mainline module (not shared)
+        // T+ Tethering mainline module (not shared, just network_stack)
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/net_private/",
                 .prefix = "net_private/",
diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index 37a764a..b3f0330 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@@ -30,9 +30,9 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
-// This is BpfLoader v0.15
+// This is BpfLoader v0.16
 #define BPFLOADER_VERSION_MAJOR 0u
-#define BPFLOADER_VERSION_MINOR 15u
+#define BPFLOADER_VERSION_MINOR 16u
 #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)
 
 #include "bpf/BpfUtils.h"
author	Maciej Żenczykowski <maze@google.com>	2022-06-16 18:58:22 -0700
committer	Maciej Żenczykowski <maze@google.com>	2022-06-20 16:32:18 +0000
commit	14fdd0a4a970ac2b90aaf8972cbc2f5d76a52dad (patch)
tree	52eb7d5a4ed62dae0befda86d603b942046bac10
parent	72c3298572b0112ac10a54425cdcb5cdff250231 (diff)
download	bpf-14fdd0a4a970ac2b90aaf8972cbc2f5d76a52dad.tar.gz