Blame - bpfloader/BpfLoader.cpp - android_system_bpf

2018-10-10 15:01:19 -0700

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

*/

#ifndef LOG_TAG

#define LOG_TAG "bpfloader"

19

#endif

20

21

#include <arpa/inet.h>

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

22

#include <dirent.h>

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

#include <elf.h>

#include <error.h>

#include <fcntl.h>

#include <inttypes.h>

27

#include <linux/bpf.h>

28

#include <linux/unistd.h>

#include <net/if.h>

#include <stdint.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <sys/mman.h>

37

#include <sys/socket.h>

38

#include <sys/stat.h>

39

#include <sys/types.h>

40

Steven Moreland

a48639e

2022-02-07 23:15:48 +0000

[diff] [blame]

41

#include <android-base/logging.h>

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

42

#include <android-base/macros.h>

Joel Fernandes

d3ec871

2019-01-11 06:22:05 -0500

[diff] [blame]

43

#include <android-base/properties.h>

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

44

#include <android-base/stringprintf.h>

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

45

#include <android-base/strings.h>

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

46

#include <android-base/unique_fd.h>

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

47

#include <libbpf_android.h>

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

48

#include <log/log.h>

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

49

#include <netdutils/Misc.h>

50

#include <netdutils/Slice.h>

51

#include "bpf/BpfUtils.h"

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

52

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

53

using android::base::EndsWith;

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

54

using android::bpf::domain;

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

55

using std::string;

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

56

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

57

constexpr unsigned long long kTetheringApexDomainBitmask =

58

domainToBitmask(domain::tethering) |

59

domainToBitmask(domain::net_private) |

60

domainToBitmask(domain::net_shared) |

61

domainToBitmask(domain::netd_readonly) |

62

domainToBitmask(domain::netd_shared);

63

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

64

// see b/162057235. For arbitrary program types, the concern is that due to the lack of

65

// SELinux access controls over BPF program attachpoints, we have no way to control the

66

// attachment of programs to shared resources (or to detect when a shared resource

67

// has one BPF program replace another that is attached there)

68

constexpr bpf_prog_type kVendorAllowedProgTypes[] = {

Stephane Lee

16c9360

2022-03-08 17:27:09 -0800

[diff] [blame]

69

BPF_PROG_TYPE_SOCKET_FILTER,

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

70

};

71

72

struct Location {

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

73

const char* const dir;

74

const char* const prefix;

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

75

unsigned long long allowedDomainBitmask;

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

76

const bpf_prog_type* allowedProgTypes = nullptr;

77

size_t allowedProgTypesLength = 0;

78

};

79

80

const Location locations[] = {

Maciej Żenczykowski

2022-06-16 18:58:22 -0700

[diff] [blame]

81

// S+ Tethering mainline module (network_stack): tether offload

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

82

{

83

.dir = "/apex/com.android.tethering/etc/bpf/",

84

.prefix = "tethering/",

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

85

.allowedDomainBitmask = kTetheringApexDomainBitmask,

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

86

},

Maciej Żenczykowski

2022-06-16 18:58:22 -0700

[diff] [blame]

87

// T+ Tethering mainline module (shared with netd & system server)

88

// netutils_wrapper (for iptables xt_bpf) has access to programs

Maciej Żenczykowski

2022-05-12 08:47:05 +0000

[diff] [blame]

89

{

90

.dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",

91

.prefix = "netd_shared/",

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

92

.allowedDomainBitmask = kTetheringApexDomainBitmask,

Maciej Żenczykowski

2022-05-12 08:47:05 +0000

[diff] [blame]

93

},

Maciej Żenczykowski

2022-06-16 18:58:22 -0700

[diff] [blame]

94

// T+ Tethering mainline module (shared with netd & system server)

95

// netutils_wrapper has no access, netd has read only access

96

{

97

.dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",

98

.prefix = "netd_readonly/",

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

99

.allowedDomainBitmask = kTetheringApexDomainBitmask,

Maciej Żenczykowski

2022-06-16 18:58:22 -0700

[diff] [blame]

100

},

101

// T+ Tethering mainline module (shared with system server)

Ken Chen

6d69784

2022-01-17 17:22:34 +0800

[diff] [blame]

102

{

103

.dir = "/apex/com.android.tethering/etc/bpf/net_shared/",

Maciej Żenczykowski

2a36ce4

2022-04-21 06:31:33 -0700

[diff] [blame]

104

.prefix = "net_shared/",

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

105

.allowedDomainBitmask = kTetheringApexDomainBitmask,

Ken Chen

6d69784

2022-01-17 17:22:34 +0800

[diff] [blame]

106

},

Maciej Żenczykowski

2022-06-16 18:58:22 -0700

[diff] [blame]

107

// T+ Tethering mainline module (not shared, just network_stack)

Maciej Żenczykowski

2022-05-12 08:47:05 +0000

[diff] [blame]

108

{

109

.dir = "/apex/com.android.tethering/etc/bpf/net_private/",

110

.prefix = "net_private/",

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

111

.allowedDomainBitmask = kTetheringApexDomainBitmask,

Maciej Żenczykowski

2022-05-12 08:47:05 +0000

[diff] [blame]

112

},

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

113

// Core operating system

114

{

115

.dir = "/system/etc/bpf/",

116

.prefix = "",

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

117

.allowedDomainBitmask = domainToBitmask(domain::platform),

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

118

},

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

119

// Vendor operating system

120

{

121

.dir = "/vendor/etc/bpf/",

122

.prefix = "vendor/",

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

123

.allowedDomainBitmask = domainToBitmask(domain::vendor),

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

124

.allowedProgTypes = kVendorAllowedProgTypes,

125

.allowedProgTypesLength = arraysize(kVendorAllowedProgTypes),

126

},

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

127

};

Chenbo Feng

2018-10-10 15:01:19 -0700

[diff] [blame]

128

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

129

int loadAllElfObjects(const Location& location) {

Maciej Żenczykowski

2020-06-14 19:27:33 -0700

[diff] [blame]

130

int retVal = 0;

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

DIR* dir;

struct dirent* ent;

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

134

if ((dir = opendir(location.dir)) != NULL) {

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

135

while ((ent = readdir(dir)) != NULL) {

136

string s = ent->d_name;

137

if (!EndsWith(s, ".o")) continue;

138

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

139

string progPath(location.dir);

Hungming Chen

4b8e982

2020-09-10 15:51:59 +0800

[diff] [blame]

140

progPath += s;

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

141

Maciej Żenczykowski

2020-06-14 19:27:33 -0700

[diff] [blame]

142

bool critical;

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

143

int ret = android::bpf::loadProg(progPath.c_str(), &critical,

144

location.prefix,

145

location.allowedDomainBitmask,

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

146

location.allowedProgTypes,

147

location.allowedProgTypesLength);

Maciej Żenczykowski

2020-06-14 19:27:33 -0700

[diff] [blame]

148

if (ret) {

149

if (critical) retVal = ret;

150

ALOGE("Failed to load object: %s, ret: %s", progPath.c_str(), std::strerror(-ret));

151

} else {

152

ALOGI("Loaded object: %s", progPath.c_str());

153

}

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

154

}

155

closedir(dir);

156

}

Maciej Żenczykowski

2020-06-14 19:27:33 -0700

[diff] [blame]

157

return retVal;

Joel Fernandes

2018-10-16 13:19:58 -0700

[diff] [blame]

158

}

159

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

160

void createSysFsBpfSubDir(const char* const prefix) {

161

if (*prefix) {

162

mode_t prevUmask = umask(0);

163

164

string s = "/sys/fs/bpf/";

s += prefix;

errno = 0;

int ret = mkdir(s.c_str(), S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO);

169

if (ret && errno != EEXIST) {

170

ALOGW("Failed to create directory: %s, ret: %s", s.c_str(), std::strerror(errno));

}

umask(prevUmask);

}

}

Steven Moreland

2022-02-07 23:15:48 +0000

[diff] [blame]

177

int main(int argc, char** argv) {

178

(void)argc;

179

android::base::InitLogging(argv, &android::base::KernelLogger);

180

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

181

// Create all the pin subdirectories

182

// (this must be done first to allow selinux_context and pin_subdir functionality,

183

// which could otherwise fail with ENOENT during object pinning or renaming,

184

// due to ordering issues)

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

185

for (const auto& location : locations) {

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

186

createSysFsBpfSubDir(location.prefix);

Maciej Żenczykowski

2022-06-03 08:41:04 -0700

[diff] [blame]

187

}

188

189

// Load all ELF objects, create programs and maps, and pin them

190

for (const auto& location : locations) {

Steven Moreland

2019-12-12 14:22:34 -0800

[diff] [blame]

191

if (loadAllElfObjects(location) != 0) {

Maciej Żenczykowski

2021-01-14 23:36:32 -0800

[diff] [blame]

192

ALOGE("=== CRITICAL FAILURE LOADING BPF PROGRAMS FROM %s ===", location.dir);

Hungming Chen

4b8e982

2020-09-10 15:51:59 +0800

[diff] [blame]

193

ALOGE("If this triggers reliably, you're probably missing kernel options or patches.");

194

ALOGE("If this triggers randomly, you might be hitting some memory allocation "

195

"problems or startup script race.");

196

ALOGE("--- DO NOT EXPECT SYSTEM TO BOOT SUCCESSFULLY ---");

197

sleep(20);

198

return 2;

199

}

Maciej Żenczykowski

2020-06-14 19:27:33 -0700

[diff] [blame]

200

}

Joel Fernandes

d3ec871

2019-01-11 06:22:05 -0500

[diff] [blame]

201

202

if (android::base::SetProperty("bpf.progs_loaded", "1") == false) {

Maciej Żenczykowski

2020-06-14 19:27:33 -0700

[diff] [blame]

203

ALOGE("Failed to set bpf.progs_loaded property");

Joel Fernandes

d3ec871

2019-01-11 06:22:05 -0500

[diff] [blame]

return 1;

}

return 0;

Chenbo Feng