From 3278a1634ba320b9760804451f333e3dd61a2fe3 Mon Sep 17 00:00:00 2001 From: Connor O'Brien Date: Thu, 13 Feb 2020 21:45:22 -0800 Subject: bpfloader: add option to set owner & group for pinned programs Unlike maps, BPF programs currently have no natural place to declare metadata like their desired owner & group. Add a bpf_prog_def struct to allow setting these, located in a new "progs" section, and update bpfloader to chown pinned programs appropriately based on this information. Add a #DEFINE_BPF_PROG macro to simplify adding this data for programs. The struct name is the name of the corresponding function with "_def" appended, which bpfloader uses to correlate a bpf_map_def with the correct program. Also have bpfloader set mode to 0440 for all programs, since only read access should ever be needed Bug: 149434314 Test: load a program that uses DEFINE_BPF_PROG and check that owner & group are set as expected Change-Id: I914c355f114368fe53de2c7f272d877463cba461 Signed-off-by: Connor O'Brien --- progs/include/bpf_map_def.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'progs/include/bpf_map_def.h') diff --git a/progs/include/bpf_map_def.h b/progs/include/bpf_map_def.h index b233dc9..3aee332 100644 --- a/progs/include/bpf_map_def.h +++ b/progs/include/bpf_map_def.h @@ -67,3 +67,8 @@ struct bpf_map_def { unsigned int gid; // gid_t unsigned int mode; // mode_t }; + +struct bpf_prog_def { + unsigned int uid; + unsigned int gid; +}; -- cgit v1.2.3