Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 1ec8d7df583aff4a32fc7a5aa4b938da96546f17^! / . / bpf / progs / dscpPolicy.c
commit1ec8d7df583aff4a32fc7a5aa4b938da96546f17[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Wed Sep 04 16:44:04 2024 -0700
committerMaciej Żenczykowski <maze@google.com>Wed Sep 04 17:41:47 2024 -0700
tree9e2e453ae4d39c03816fb8897b051da207d0a6b3
parent5e7247d92236a4ef078a1469eff261e824e3edf5 [diff] [blame]
dscpPolicy: lock down bpf cache map

(since this map relies on percpu access semantics,
 and we don't even have userspace helpers to access PERCPU_ maps)

This will also be used by the upcoming satellite egress limiting logic.
See aosp/3235142

With this change we see:
  $ adbz shell ls -lZ /sys/fs/bpf/net_shared/*_dscpPolicy_*
  -rw-rw---- 1 root system u:object_r:fs_bpf_net_shared:s0  0 2024-09-04 17:01 /sys/fs/bpf/net_shared/map_dscpPolicy_ipv4_dscp_policies_map
  -rw-rw---- 1 root system u:object_r:fs_bpf_net_shared:s0  0 2024-09-04 17:01 /sys/fs/bpf/net_shared/map_dscpPolicy_ipv6_dscp_policies_map
  ---------- 1 root root   u:object_r:fs_bpf_loader:s0      0 2024-09-04 17:01 /sys/fs/bpf/net_shared/map_dscpPolicy_socket_policy_cache_map
  -r--r----- 1 root system u:object_r:fs_bpf_net_shared:s0  0 2024-09-04 17:01 /sys/fs/bpf/net_shared/prog_dscpPolicy_schedcls_set_dscp_ether

Test: TreeHugger, atest CtsNetTestCases:android.net.cts.DscpPolicyTest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I50a12ca4cd5587342f8aaf9df8cb28917f555252

diff --git a/bpf/progs/dscpPolicy.c b/bpf/progs/dscpPolicy.c
index 39f2961..0842aaa 100644
--- a/bpf/progs/dscpPolicy.c
+++ b/bpf/progs/dscpPolicy.c

@@ -25,8 +25,8 @@
 
 // The cache is never read nor written by userspace and is indexed by socket cookie % CACHE_MAP_SIZE
 #define CACHE_MAP_SIZE 32  // should be a power of two so we can % cheaply
-DEFINE_BPF_MAP_GRO(socket_policy_cache_map, PERCPU_ARRAY, uint32_t, RuleEntry, CACHE_MAP_SIZE,
-                   AID_SYSTEM)
+DEFINE_BPF_MAP_KERNEL_INTERNAL(socket_policy_cache_map, PERCPU_ARRAY, uint32_t, RuleEntry,
+                               CACHE_MAP_SIZE)
 
 DEFINE_BPF_MAP_GRW(ipv4_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)
 DEFINE_BPF_MAP_GRW(ipv6_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)