Merge "execute bpfloader via netbpfload" into main am: 6b21c10161 am: b1ec007a13
Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2798732
Change-Id: Ibf006fc3987c015d08095803f59a05d792423e4f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index 95f8a61..14181dc 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@@ -15,17 +15,17 @@
# considered to have booted successfully.
#
on load_bpf_programs
- exec_start netbpfload
exec_start bpfloader
-service bpfloader /system/bin/bpfloader
- capabilities CHOWN SYS_ADMIN
+service bpfloader /system/bin/netbpfload
+ # netbpfload will do network bpf loading, then execute /system/bin/bpfloader
+ capabilities CHOWN SYS_ADMIN NET_ADMIN
# The following group memberships are a workaround for lack of DAC_OVERRIDE
# and allow us to open (among other things) files that we created and are
# no longer root owned (due to CHOWN) but still have group read access to
# one of the following groups. This is not perfect, but a more correct
# solution requires significantly more effort to implement.
- group root graphics system
+ group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system
user root
#
# Set RLIMIT_MEMLOCK to 1GiB for bpfloader
@@ -37,8 +37,9 @@
# memlock data before bpfloader even gets a chance to run, it would fail
# if its memlock rlimit is only 8MiB - since there would be none left for it.
#
- # bpfloader succeeding is critical to system health:
- # the only way to recover is a full kernel reboot.
+ # bpfloader succeeding is critical to system health, since a failure will
+ # cause netd crashloop and thus system server crashloop... and the only
+ # recovery is a full kernel reboot.
#
# We've had issues where devices would sometimes (rarely) boot into
# a crashloop because bpfloader would occasionally lose a boot time
@@ -67,10 +68,10 @@
# 2. comment out 'reboot_on_failure reboot,bpfloader-failed' below
# 3. rebuild/reflash/reboot
# 4. as the device is booting up capture bpfloader logs via:
- # adb logcat -s 'bpfloader:*' 'LibBpfLoader:*'
+ # adb logcat -s 'bpfloader:*' 'LibBpfLoader:*' 'NetBpfLoad:*' 'NetBpfLoader:*'
#
# something like:
- # $ adb reboot; sleep 1; adb wait-for-device; adb root; sleep 1; adb wait-for-device; adb logcat -s 'bpfloader:*' 'LibBpfLoader:*'
+ # $ adb reboot; sleep 1; adb wait-for-device; adb root; sleep 1; adb wait-for-device; adb logcat -s 'bpfloader:*' 'LibBpfLoader:*' 'NetBpfLoad:*' 'NetBpfLoader:*'
# will take care of capturing logs as early as possible
#
# 5. look through the logs from the kernel's bpf verifier that bpfloader dumps out,
@@ -83,14 +84,3 @@
reboot_on_failure reboot,bpfloader-failed
# we're not really updatable, but want to be able to load bpf programs shipped in apexes
updatable
-
-# Note: comments for 'bpfloader' from up above also apply here.
-# Use: adb logcat -s 'NetBpfLoad:*' 'NetBpfLoader:*'
-service netbpfload /system/bin/netbpfload
- capabilities CHOWN SYS_ADMIN NET_ADMIN
- group root network_stack net_admin net_bw_acct net_bw_stats net_raw system
- user root
- rlimit memlock 1073741824 1073741824
- oneshot
- reboot_on_failure reboot,netbpfload-failed
- updatable