diff options
author | Stephane Lee <stayfan@google.com> | 2022-03-08 17:27:09 -0800 |
---|---|---|
committer | Stephane Lee <stayfan@google.com> | 2022-03-11 00:43:06 +0000 |
commit | 16c9360b1fd39991eec3da9f4f534e5f96c6bd00 (patch) | |
tree | cb844af98aacdefbf9128afacaeaaccd60e52e30 | |
parent | 2861e3d0f4da5061c99448ec7fdfb5876c411b4c (diff) | |
download | bpf-16c9360b1fd39991eec3da9f4f534e5f96c6bd00.tar.gz |
Add socket filter to allowed programs for vendor and remove tracepoint
This also fixes a permissions issue if a non-root user is set. The read
permissions should be set before the file is set as non-root to ensure
that the permissions can be set without error.
Bump the BPF loader version.
Bug: 203462310
Test: Ensure that vendor skfilter bpf programs can load
Change-Id: Ib6b9a64d8652ff464c9d4d734bb8ae351673b6ce
-rw-r--r-- | bpfloader/BpfLoader.cpp | 2 | ||||
-rw-r--r-- | libbpf_android/Loader.cpp | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp index 5c24f0a..74ecfbc 100644 --- a/bpfloader/BpfLoader.cpp +++ b/bpfloader/BpfLoader.cpp @@ -58,7 +58,7 @@ using std::string; // attachment of programs to shared resources (or to detect when a shared resource // has one BPF program replace another that is attached there) constexpr bpf_prog_type kVendorAllowedProgTypes[] = { - BPF_PROG_TYPE_TRACEPOINT, + BPF_PROG_TYPE_SOCKET_FILTER, }; struct Location { diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp index eab8e96..108c76e 100644 --- a/libbpf_android/Loader.cpp +++ b/libbpf_android/Loader.cpp @@ -32,7 +32,7 @@ // This is BpfLoader v0.10 #define BPFLOADER_VERSION_MAJOR 0u -#define BPFLOADER_VERSION_MINOR 10u +#define BPFLOADER_VERSION_MINOR 11u #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR) #include "bpf/BpfUtils.h" @@ -881,13 +881,13 @@ static int loadCodeSections(const char* elfPath, vector<codeSection>& cs, const if (!reuse) { ret = bpf_obj_pin(fd, progPinLoc.c_str()); if (ret) return -errno; + if (chmod(progPinLoc.c_str(), 0440)) return -errno; if (cs[i].prog_def.has_value()) { if (chown(progPinLoc.c_str(), (uid_t)cs[i].prog_def->uid, (gid_t)cs[i].prog_def->gid)) { return -errno; } } - if (chmod(progPinLoc.c_str(), 0440)) return -errno; } cs[i].prog_fd.reset(fd); |