Grant IPC_LOCK capability to bpfloader

(instead of explicit memlock limit)

This reduces chance for memory allocation failures.

Any bpfloader failure is a critical boot time failure
(since without eBPF initializing properly netd will crash and
device will enter crash loop).

Test: builds, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5ed0118d63c53100e7431324914bf22e9870abfe
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index 31747fb..924112e 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@@ -1,9 +1,4 @@
 service bpfloader /system/bin/bpfloader
     class main
-    capabilities SYS_ADMIN
-    # Set RLIMIT_MEMLOCK to 64MB for bpfloader
-    # Actually only 8MB is needed, but since bpfloader runs as root, it shares
-    # the global rlimit. Once bpfloader is running as its own user in the
-    # future, it will have dedicated rlimit to itself and this can be 8MB.
-    rlimit memlock 67108864 67108864
+    capabilities SYS_ADMIN IPC_LOCK
     oneshot