disable bpfloader selinux_context support
(it requires bpfloader to be granted rename priv by selinux)
Bug: 218408035
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic27d0e5f3c6b78db39c6742fe9e1955f65d2b1f5
diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index db00634..e5eb29a 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@@ -792,6 +792,8 @@
ALOGI("map %s selinux_context [%32s] -> %d -> '%s' (%s)", mapNames[i].c_str(),
md[i].selinux_context, selinux_context, lookupSelinuxContext(selinux_context),
lookupPinSubdir(selinux_context));
+ // temp disable until selinux grants bpfloader 'rename' priv
+ selinux_context = domain::unspecified;
}
domain pin_subdir = getDomainFromPinSubdir(md[i].pin_subdir);
@@ -1018,6 +1020,8 @@
ALOGI("prog %s selinux_context [%32s] -> %d -> '%s' (%s)", name.c_str(),
cs[i].prog_def->selinux_context, selinux_context,
lookupSelinuxContext(selinux_context), lookupPinSubdir(selinux_context));
+ // temp disable until selinux grants bpfloader 'rename' priv
+ selinux_context = domain::unspecified;
}
if (specified(pin_subdir)) {