From 16c9360b1fd39991eec3da9f4f534e5f96c6bd00 Mon Sep 17 00:00:00 2001
From: Stephane Lee <stayfan@google.com>
Date: Tue, 8 Mar 2022 17:27:09 -0800
Subject: Add socket filter to allowed programs for vendor and remove
 tracepoint

This also fixes a permissions issue if a non-root user is set. The read
permissions should be set before the file is set as non-root to ensure
that the permissions can be set without error.

Bump the BPF loader version.

Bug: 203462310
Test: Ensure that vendor skfilter bpf programs can load
Change-Id: Ib6b9a64d8652ff464c9d4d734bb8ae351673b6ce
---
 bpfloader/BpfLoader.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'bpfloader')

diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index 5c24f0a..74ecfbc 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp
@@ -58,7 +58,7 @@ using std::string;
 // attachment of programs to shared resources (or to detect when a shared resource
 // has one BPF program replace another that is attached there)
 constexpr bpf_prog_type kVendorAllowedProgTypes[] = {
-        BPF_PROG_TYPE_TRACEPOINT,
+        BPF_PROG_TYPE_SOCKET_FILTER,
 };
 
 struct Location {
-- 
cgit v1.2.3