Add socket filter to allowed programs for vendor and remove tracepoint

This also fixes a permissions issue if a non-root user is set. The read
permissions should be set before the file is set as non-root to ensure
that the permissions can be set without error.

Bump the BPF loader version.

Bug: 203462310
Test: Ensure that vendor skfilter bpf programs can load
Change-Id: Ib6b9a64d8652ff464c9d4d734bb8ae351673b6ce

2 files changed, 3 insertions, 3 deletions

diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index 5c24f0a..74ecfbc 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp
@@ -58,7 +58,7 @@ using std::string;
 // attachment of programs to shared resources (or to detect when a shared resource
 // has one BPF program replace another that is attached there)
 constexpr bpf_prog_type kVendorAllowedProgTypes[] = {
-        BPF_PROG_TYPE_TRACEPOINT,
+        BPF_PROG_TYPE_SOCKET_FILTER,
 };
 
 struct Location {
diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index eab8e96..108c76e 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@@ -32,7 +32,7 @@
 
 // This is BpfLoader v0.10
 #define BPFLOADER_VERSION_MAJOR 0u
-#define BPFLOADER_VERSION_MINOR 10u
+#define BPFLOADER_VERSION_MINOR 11u
 #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)
 
 #include "bpf/BpfUtils.h"
@@ -881,13 +881,13 @@ static int loadCodeSections(const char* elfPath, vector<codeSection>& cs, const
         if (!reuse) {
             ret = bpf_obj_pin(fd, progPinLoc.c_str());
             if (ret) return -errno;
+            if (chmod(progPinLoc.c_str(), 0440)) return -errno;
             if (cs[i].prog_def.has_value()) {
                 if (chown(progPinLoc.c_str(), (uid_t)cs[i].prog_def->uid,
                           (gid_t)cs[i].prog_def->gid)) {
                     return -errno;
                 }
             }
-            if (chmod(progPinLoc.c_str(), 0440)) return -errno;
         }
 
         cs[i].prog_fd.reset(fd);