bpfloader: stop loading networking bpf programs
(note: bpf.progs_loaded is set by the network bpf loader)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie1a906f31afacd656fcaa402ff348955c5f510b0
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index d476a48..e3fde1e 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp
@@ -64,33 +64,6 @@
abort(); // can only hit this if permissions (likely selinux) are screwed up
}
-constexpr unsigned long long kTetheringApexDomainBitmask =
- domainToBitmask(domain::tethering) |
- domainToBitmask(domain::net_private) |
- domainToBitmask(domain::net_shared) |
- domainToBitmask(domain::netd_readonly) |
- domainToBitmask(domain::netd_shared);
-
-// Programs shipped inside the tethering apex should be limited to networking stuff,
-// as KPROBE, PERF_EVENT, TRACEPOINT are dangerous to use from mainline updatable code,
-// since they are less stable abi/api and may conflict with platform uses of bpf.
-constexpr bpf_prog_type kTetheringApexAllowedProgTypes[] = {
- BPF_PROG_TYPE_CGROUP_SKB,
- BPF_PROG_TYPE_CGROUP_SOCK,
- BPF_PROG_TYPE_CGROUP_SOCKOPT,
- BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
- BPF_PROG_TYPE_CGROUP_SYSCTL,
- BPF_PROG_TYPE_LWT_IN,
- BPF_PROG_TYPE_LWT_OUT,
- BPF_PROG_TYPE_LWT_SEG6LOCAL,
- BPF_PROG_TYPE_LWT_XMIT,
- BPF_PROG_TYPE_SCHED_ACT,
- BPF_PROG_TYPE_SCHED_CLS,
- BPF_PROG_TYPE_SOCKET_FILTER,
- BPF_PROG_TYPE_SOCK_OPS,
- BPF_PROG_TYPE_XDP,
-};
-
// Networking-related program types are limited to the Tethering Apex
// to prevent things from breaking due to conflicts on mainline updates
// (exception made for socket filters, ie. xt_bpf for potential use in iptables,
@@ -113,48 +86,6 @@
const android::bpf::Location locations[] = {
- // S+ Tethering mainline module (network_stack): tether offload
- {
- .dir = "/apex/com.android.tethering/etc/bpf/",
- .prefix = "tethering/",
- .allowedDomainBitmask = kTetheringApexDomainBitmask,
- .allowedProgTypes = kTetheringApexAllowedProgTypes,
- .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
- },
- // T+ Tethering mainline module (shared with netd & system server)
- // netutils_wrapper (for iptables xt_bpf) has access to programs
- {
- .dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
- .prefix = "netd_shared/",
- .allowedDomainBitmask = kTetheringApexDomainBitmask,
- .allowedProgTypes = kTetheringApexAllowedProgTypes,
- .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
- },
- // T+ Tethering mainline module (shared with netd & system server)
- // netutils_wrapper has no access, netd has read only access
- {
- .dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",
- .prefix = "netd_readonly/",
- .allowedDomainBitmask = kTetheringApexDomainBitmask,
- .allowedProgTypes = kTetheringApexAllowedProgTypes,
- .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
- },
- // T+ Tethering mainline module (shared with system server)
- {
- .dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
- .prefix = "net_shared/",
- .allowedDomainBitmask = kTetheringApexDomainBitmask,
- .allowedProgTypes = kTetheringApexAllowedProgTypes,
- .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
- },
- // T+ Tethering mainline module (not shared, just network_stack)
- {
- .dir = "/apex/com.android.tethering/etc/bpf/net_private/",
- .prefix = "net_private/",
- .allowedDomainBitmask = kTetheringApexDomainBitmask,
- .allowedProgTypes = kTetheringApexAllowedProgTypes,
- .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
- },
// Core operating system
{
.dir = "/system/etc/bpf/",
@@ -341,10 +272,5 @@
return 1;
}
- if (android::base::SetProperty("bpf.progs_loaded", "1") == false) {
- ALOGE("Failed to set bpf.progs_loaded property");
- return 1;
- }
-
return 0;
}
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index fd6eaea..1f4016d 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@@ -18,13 +18,13 @@
exec_start bpfloader
service bpfloader /system/bin/bpfloader
- capabilities CHOWN SYS_ADMIN NET_ADMIN
+ capabilities CHOWN SYS_ADMIN
# The following group memberships are a workaround for lack of DAC_OVERRIDE
# and allow us to open (among other things) files that we created and are
# no longer root owned (due to CHOWN) but still have group read access to
# one of the following groups. This is not perfect, but a more correct
# solution requires significantly more effort to implement.
- group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system
+ group root graphics system
user root
#
# Set RLIMIT_MEMLOCK to 1GiB for bpfloader
@@ -36,9 +36,8 @@
# memlock data before bpfloader even gets a chance to run, it would fail
# if its memlock rlimit is only 8MiB - since there would be none left for it.
#
- # bpfloader succeeding is critical to system health, since a failure will
- # cause netd crashloop and thus system server crashloop... and the only
- # recovery is a full kernel reboot.
+ # bpfloader succeeding is critical to system health:
+ # the only way to recover is a full kernel reboot.
#
# We've had issues where devices would sometimes (rarely) boot into
# a crashloop because bpfloader would occasionally lose a boot time
diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index e817a59..b640118 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@@ -93,11 +93,6 @@
switch (d) {
case domain::unspecified: return unspecified;
case domain::platform: return "fs_bpf";
- case domain::tethering: return "fs_bpf_tethering";
- case domain::net_private: return "fs_bpf_net_private";
- case domain::net_shared: return "fs_bpf_net_shared";
- case domain::netd_readonly: return "fs_bpf_netd_readonly";
- case domain::netd_shared: return "fs_bpf_netd_shared";
case domain::vendor: return "fs_bpf_vendor";
case domain::loader: return "fs_bpf_loader";
default: return "(unrecognized)";
@@ -125,11 +120,6 @@
switch (d) {
case domain::unspecified: return unspecified;
case domain::platform: return "/";
- case domain::tethering: return "tethering/";
- case domain::net_private: return "net_private/";
- case domain::net_shared: return "net_shared/";
- case domain::netd_readonly: return "netd_readonly/";
- case domain::netd_shared: return "netd_shared/";
case domain::vendor: return "vendor/";
case domain::loader: return "loader/";
default: return "(unrecognized)";
diff --git a/libbpf_android/include/libbpf_android.h b/libbpf_android/include/libbpf_android.h
index cc8a942..46c7970 100644
--- a/libbpf_android/include/libbpf_android.h
+++ b/libbpf_android/include/libbpf_android.h
@@ -40,11 +40,6 @@
unrecognized = -1, // invalid for this version of the bpfloader
unspecified = 0, // means just use the default for that specific pin location
platform, // fs_bpf /sys/fs/bpf
- tethering, // (S+) fs_bpf_tethering /sys/fs/bpf/tethering
- net_private, // (T+) fs_bpf_net_private /sys/fs/bpf/net_private
- net_shared, // (T+) fs_bpf_net_shared /sys/fs/bpf/net_shared
- netd_readonly, // (T+) fs_bpf_netd_readonly /sys/fs/bpf/netd_readonly
- netd_shared, // (T+) fs_bpf_netd_shared /sys/fs/bpf/netd_shared
vendor, // (T+) fs_bpf_vendor /sys/fs/bpf/vendor
loader, // (U+) fs_bpf_loader /sys/fs/bpf/loader
};
@@ -53,11 +48,6 @@
static constexpr domain AllDomains[] = {
domain::unspecified,
domain::platform,
- domain::tethering,
- domain::net_private,
- domain::net_shared,
- domain::netd_readonly,
- domain::netd_shared,
domain::vendor,
domain::loader,
};