Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_bpf / 32c0b8f46ede0878a06b9a72b7bf547a49cefbd4^! / .
commit32c0b8f46ede0878a06b9a72b7bf547a49cefbd4[log] [tgz]
authorMaciej Żenczykowski <maze@google.com>Thu Jun 16 18:58:22 2022 -0700
committerMaciej Żenczykowski <maze@google.com>Fri Jun 17 18:08:00 2022 -0700
treeb46d685979e628610c6810c36dd08643df179300
parente626a95e2f2b001fea79b68abbe387494d3d6792 [diff]
add support for 'netd_readonly'

For use by:
- maps netd should have read but not write access to
  (needed due to netd being root with DAC_OVERRIDE,
   and thus not obeying standard unix permissions)
- programs that netd should have access to but
  not netutils_wrappers (which due to being able to
  run iptables, needs access to xt_bpf programs)

Bug: 218408035
Test: booted on cuttlefish
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I72b106692a25077ff54252fd93db81f46b52125d

diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index 739932d..4e5a6ce 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp

@@ -69,22 +69,29 @@
 };
 
 const Location locations[] = {
-        // Tethering mainline module: tether offload
+        // S+ Tethering mainline module (network_stack): tether offload
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/",
                 .prefix = "tethering/",
         },
-        // Tethering mainline module (shared with netd & system server)
+        // T+ Tethering mainline module (shared with netd & system server)
+        // netutils_wrapper (for iptables xt_bpf) has access to programs
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
                 .prefix = "netd_shared/",
         },
-        // Tethering mainline module (shared with system server)
+        // T+ Tethering mainline module (shared with netd & system server)
+        // netutils_wrapper has no access, netd has read only access
+        {
+                .dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",
+                .prefix = "netd_readonly/",
+        },
+        // T+ Tethering mainline module (shared with system server)
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
                 .prefix = "net_shared/",
         },
-        // Tethering mainline module (not shared)
+        // T+ Tethering mainline module (not shared, just network_stack)
         {
                 .dir = "/apex/com.android.tethering/etc/bpf/net_private/",
                 .prefix = "net_private/",

diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index 37a764a..b3f0330 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp

@@ -30,9 +30,9 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
-// This is BpfLoader v0.15
+// This is BpfLoader v0.16
 #define BPFLOADER_VERSION_MAJOR 0u
-#define BPFLOADER_VERSION_MINOR 15u
+#define BPFLOADER_VERSION_MINOR 16u
 #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)
 
 #include "bpf/BpfUtils.h"