Add socket filter to allowed programs for vendor and remove tracepoint
This also fixes a permissions issue if a non-root user is set. The read
permissions should be set before the file is set as non-root to ensure
that the permissions can be set without error.
Bump the BPF loader version.
Bug: 203462310
Test: Ensure that vendor skfilter bpf programs can load
Change-Id: Ib6b9a64d8652ff464c9d4d734bb8ae351673b6ce
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index 5c24f0a..74ecfbc 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp
@@ -58,7 +58,7 @@
// attachment of programs to shared resources (or to detect when a shared resource
// has one BPF program replace another that is attached there)
constexpr bpf_prog_type kVendorAllowedProgTypes[] = {
- BPF_PROG_TYPE_TRACEPOINT,
+ BPF_PROG_TYPE_SOCKET_FILTER,
};
struct Location {
diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index eab8e96..108c76e 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@@ -32,7 +32,7 @@
// This is BpfLoader v0.10
#define BPFLOADER_VERSION_MAJOR 0u
-#define BPFLOADER_VERSION_MINOR 10u
+#define BPFLOADER_VERSION_MINOR 11u
#define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)
#include "bpf/BpfUtils.h"
@@ -881,13 +881,13 @@
if (!reuse) {
ret = bpf_obj_pin(fd, progPinLoc.c_str());
if (ret) return -errno;
+ if (chmod(progPinLoc.c_str(), 0440)) return -errno;
if (cs[i].prog_def.has_value()) {
if (chown(progPinLoc.c_str(), (uid_t)cs[i].prog_def->uid,
(gid_t)cs[i].prog_def->gid)) {
return -errno;
}
}
- if (chmod(progPinLoc.c_str(), 0440)) return -errno;
}
cs[i].prog_fd.reset(fd);