From 16c9360b1fd39991eec3da9f4f534e5f96c6bd00 Mon Sep 17 00:00:00 2001 From: Stephane Lee Date: Tue, 8 Mar 2022 17:27:09 -0800 Subject: Add socket filter to allowed programs for vendor and remove tracepoint This also fixes a permissions issue if a non-root user is set. The read permissions should be set before the file is set as non-root to ensure that the permissions can be set without error. Bump the BPF loader version. Bug: 203462310 Test: Ensure that vendor skfilter bpf programs can load Change-Id: Ib6b9a64d8652ff464c9d4d734bb8ae351673b6ce --- bpfloader/BpfLoader.cpp | 2 +- libbpf_android/Loader.cpp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp index 5c24f0a..74ecfbc 100644 --- a/bpfloader/BpfLoader.cpp +++ b/bpfloader/BpfLoader.cpp @@ -58,7 +58,7 @@ using std::string; // attachment of programs to shared resources (or to detect when a shared resource // has one BPF program replace another that is attached there) constexpr bpf_prog_type kVendorAllowedProgTypes[] = { - BPF_PROG_TYPE_TRACEPOINT, + BPF_PROG_TYPE_SOCKET_FILTER, }; struct Location { diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp index eab8e96..108c76e 100644 --- a/libbpf_android/Loader.cpp +++ b/libbpf_android/Loader.cpp @@ -32,7 +32,7 @@ // This is BpfLoader v0.10 #define BPFLOADER_VERSION_MAJOR 0u -#define BPFLOADER_VERSION_MINOR 10u +#define BPFLOADER_VERSION_MINOR 11u #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR) #include "bpf/BpfUtils.h" @@ -881,13 +881,13 @@ static int loadCodeSections(const char* elfPath, vector& cs, const if (!reuse) { ret = bpf_obj_pin(fd, progPinLoc.c_str()); if (ret) return -errno; + if (chmod(progPinLoc.c_str(), 0440)) return -errno; if (cs[i].prog_def.has_value()) { if (chown(progPinLoc.c_str(), (uid_t)cs[i].prog_def->uid, (gid_t)cs[i].prog_def->gid)) { return -errno; } } - if (chmod(progPinLoc.c_str(), 0440)) return -errno; } cs[i].prog_fd.reset(fd); -- cgit v1.2.3