Revert "Grant IPC_LOCK capability to bpfloader"

This reverts commit 77494d2b70f8cc8b08307f0dfe13d6b79b18e0f1.

This doesn't apparently work...

Kernel doesn't actually test capabilities, just blindly charges
against user's memlock limit:

//kernel/bpf/syscall.c:

static int bpf_charge_memlock(struct user_struct *user, u32 pages) {
  unsigned long memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;

  if (atomic_long_add_return(pages, &user->locked_vm) > memlock_limit) {
    atomic_long_sub(pages, &user->locked_vm);
    return -EPERM;
  }
  return 0;
}

Test: N/A, revert
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Icf6d6e8a36e4b9f3771a5ce80e25ef3644ff4e83
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index 924112e..31747fb 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@@ -1,4 +1,9 @@
 service bpfloader /system/bin/bpfloader
     class main
-    capabilities SYS_ADMIN IPC_LOCK
+    capabilities SYS_ADMIN
+    # Set RLIMIT_MEMLOCK to 64MB for bpfloader
+    # Actually only 8MB is needed, but since bpfloader runs as root, it shares
+    # the global rlimit. Once bpfloader is running as its own user in the
+    # future, it will have dedicated rlimit to itself and this can be 8MB.
+    rlimit memlock 67108864 67108864
     oneshot