Grant IPC_LOCK capability to bpfloader (instead of explicit memlock limit) This reduces chance for memory allocation failures. Any bpfloader failure is a critical boot time failure (since without eBPF initializing properly netd will crash and device will enter crash loop). Test: builds, atest Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I5ed0118d63c53100e7431324914bf22e9870abfe

commit: 77494d2b70f8cc8b08307f0dfe13d6b79b18e0f1 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Mon Jan 27 01:08:02 2020 -0800
committer: Maciej Żenczykowski <maze@google.com> Mon Jan 27 01:08:03 2020 -0800
tree: f6b5dbec36e9028e8d5ca99253a286dcc4e8b00d
parent: 0bfbf665b91e30b2683b71b178aaed6831e5fa7e [diff]
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index 31747fb..924112e 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc

@@ -1,9 +1,4 @@
 service bpfloader /system/bin/bpfloader
     class main
-    capabilities SYS_ADMIN
-    # Set RLIMIT_MEMLOCK to 64MB for bpfloader
-    # Actually only 8MB is needed, but since bpfloader runs as root, it shares
-    # the global rlimit. Once bpfloader is running as its own user in the
-    # future, it will have dedicated rlimit to itself and this can be 8MB.
-    rlimit memlock 67108864 67108864
+    capabilities SYS_ADMIN IPC_LOCK
     oneshot
commit	77494d2b70f8cc8b08307f0dfe13d6b79b18e0f1	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Mon Jan 27 01:08:02 2020 -0800
committer	Maciej Żenczykowski <maze@google.com>	Mon Jan 27 01:08:03 2020 -0800
tree	f6b5dbec36e9028e8d5ca99253a286dcc4e8b00d
parent	0bfbf665b91e30b2683b71b178aaed6831e5fa7e [diff]