bpfloader: stop loading networking bpf programs am: 0e3a078884

Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2777981

Change-Id: I93867fcff4566a3be20cbe26b2e9d352cc3fc59a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/bpfloader/BpfLoader.cpp b/bpfloader/BpfLoader.cpp
index d476a48..e3fde1e 100644
--- a/bpfloader/BpfLoader.cpp
+++ b/bpfloader/BpfLoader.cpp
@@ -64,33 +64,6 @@
     abort();  // can only hit this if permissions (likely selinux) are screwed up
 }
 
-constexpr unsigned long long kTetheringApexDomainBitmask =
-        domainToBitmask(domain::tethering) |
-        domainToBitmask(domain::net_private) |
-        domainToBitmask(domain::net_shared) |
-        domainToBitmask(domain::netd_readonly) |
-        domainToBitmask(domain::netd_shared);
-
-// Programs shipped inside the tethering apex should be limited to networking stuff,
-// as KPROBE, PERF_EVENT, TRACEPOINT are dangerous to use from mainline updatable code,
-// since they are less stable abi/api and may conflict with platform uses of bpf.
-constexpr bpf_prog_type kTetheringApexAllowedProgTypes[] = {
-        BPF_PROG_TYPE_CGROUP_SKB,
-        BPF_PROG_TYPE_CGROUP_SOCK,
-        BPF_PROG_TYPE_CGROUP_SOCKOPT,
-        BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
-        BPF_PROG_TYPE_CGROUP_SYSCTL,
-        BPF_PROG_TYPE_LWT_IN,
-        BPF_PROG_TYPE_LWT_OUT,
-        BPF_PROG_TYPE_LWT_SEG6LOCAL,
-        BPF_PROG_TYPE_LWT_XMIT,
-        BPF_PROG_TYPE_SCHED_ACT,
-        BPF_PROG_TYPE_SCHED_CLS,
-        BPF_PROG_TYPE_SOCKET_FILTER,
-        BPF_PROG_TYPE_SOCK_OPS,
-        BPF_PROG_TYPE_XDP,
-};
-
 // Networking-related program types are limited to the Tethering Apex
 // to prevent things from breaking due to conflicts on mainline updates
 // (exception made for socket filters, ie. xt_bpf for potential use in iptables,
@@ -113,48 +86,6 @@
 
 
 const android::bpf::Location locations[] = {
-        // S+ Tethering mainline module (network_stack): tether offload
-        {
-                .dir = "/apex/com.android.tethering/etc/bpf/",
-                .prefix = "tethering/",
-                .allowedDomainBitmask = kTetheringApexDomainBitmask,
-                .allowedProgTypes = kTetheringApexAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
-        },
-        // T+ Tethering mainline module (shared with netd & system server)
-        // netutils_wrapper (for iptables xt_bpf) has access to programs
-        {
-                .dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
-                .prefix = "netd_shared/",
-                .allowedDomainBitmask = kTetheringApexDomainBitmask,
-                .allowedProgTypes = kTetheringApexAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
-        },
-        // T+ Tethering mainline module (shared with netd & system server)
-        // netutils_wrapper has no access, netd has read only access
-        {
-                .dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",
-                .prefix = "netd_readonly/",
-                .allowedDomainBitmask = kTetheringApexDomainBitmask,
-                .allowedProgTypes = kTetheringApexAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
-        },
-        // T+ Tethering mainline module (shared with system server)
-        {
-                .dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
-                .prefix = "net_shared/",
-                .allowedDomainBitmask = kTetheringApexDomainBitmask,
-                .allowedProgTypes = kTetheringApexAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
-        },
-        // T+ Tethering mainline module (not shared, just network_stack)
-        {
-                .dir = "/apex/com.android.tethering/etc/bpf/net_private/",
-                .prefix = "net_private/",
-                .allowedDomainBitmask = kTetheringApexDomainBitmask,
-                .allowedProgTypes = kTetheringApexAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
-        },
         // Core operating system
         {
                 .dir = "/system/etc/bpf/",
@@ -341,10 +272,5 @@
         return 1;
     }
 
-    if (android::base::SetProperty("bpf.progs_loaded", "1") == false) {
-        ALOGE("Failed to set bpf.progs_loaded property");
-        return 1;
-    }
-
     return 0;
 }
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc
index fd6eaea..1f4016d 100644
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@@ -18,13 +18,13 @@
     exec_start bpfloader
 
 service bpfloader /system/bin/bpfloader
-    capabilities CHOWN SYS_ADMIN NET_ADMIN
+    capabilities CHOWN SYS_ADMIN
     # The following group memberships are a workaround for lack of DAC_OVERRIDE
     # and allow us to open (among other things) files that we created and are
     # no longer root owned (due to CHOWN) but still have group read access to
     # one of the following groups.  This is not perfect, but a more correct
     # solution requires significantly more effort to implement.
-    group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system
+    group root graphics system
     user root
     #
     # Set RLIMIT_MEMLOCK to 1GiB for bpfloader
@@ -36,9 +36,8 @@
     # memlock data before bpfloader even gets a chance to run, it would fail
     # if its memlock rlimit is only 8MiB - since there would be none left for it.
     #
-    # bpfloader succeeding is critical to system health, since a failure will
-    # cause netd crashloop and thus system server crashloop... and the only
-    # recovery is a full kernel reboot.
+    # bpfloader succeeding is critical to system health:
+    # the only way to recover is a full kernel reboot.
     #
     # We've had issues where devices would sometimes (rarely) boot into
     # a crashloop because bpfloader would occasionally lose a boot time
diff --git a/libbpf_android/Loader.cpp b/libbpf_android/Loader.cpp
index e817a59..b640118 100644
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@@ -93,11 +93,6 @@
     switch (d) {
         case domain::unspecified:   return unspecified;
         case domain::platform:      return "fs_bpf";
-        case domain::tethering:     return "fs_bpf_tethering";
-        case domain::net_private:   return "fs_bpf_net_private";
-        case domain::net_shared:    return "fs_bpf_net_shared";
-        case domain::netd_readonly: return "fs_bpf_netd_readonly";
-        case domain::netd_shared:   return "fs_bpf_netd_shared";
         case domain::vendor:        return "fs_bpf_vendor";
         case domain::loader:        return "fs_bpf_loader";
         default:                    return "(unrecognized)";
@@ -125,11 +120,6 @@
     switch (d) {
         case domain::unspecified:   return unspecified;
         case domain::platform:      return "/";
-        case domain::tethering:     return "tethering/";
-        case domain::net_private:   return "net_private/";
-        case domain::net_shared:    return "net_shared/";
-        case domain::netd_readonly: return "netd_readonly/";
-        case domain::netd_shared:   return "netd_shared/";
         case domain::vendor:        return "vendor/";
         case domain::loader:        return "loader/";
         default:                    return "(unrecognized)";
diff --git a/libbpf_android/include/libbpf_android.h b/libbpf_android/include/libbpf_android.h
index cc8a942..46c7970 100644
--- a/libbpf_android/include/libbpf_android.h
+++ b/libbpf_android/include/libbpf_android.h
@@ -40,11 +40,6 @@
     unrecognized = -1,  // invalid for this version of the bpfloader
     unspecified = 0,    // means just use the default for that specific pin location
     platform,           //      fs_bpf               /sys/fs/bpf
-    tethering,          // (S+) fs_bpf_tethering     /sys/fs/bpf/tethering
-    net_private,        // (T+) fs_bpf_net_private   /sys/fs/bpf/net_private
-    net_shared,         // (T+) fs_bpf_net_shared    /sys/fs/bpf/net_shared
-    netd_readonly,      // (T+) fs_bpf_netd_readonly /sys/fs/bpf/netd_readonly
-    netd_shared,        // (T+) fs_bpf_netd_shared   /sys/fs/bpf/netd_shared
     vendor,             // (T+) fs_bpf_vendor        /sys/fs/bpf/vendor
     loader,             // (U+) fs_bpf_loader        /sys/fs/bpf/loader
 };
@@ -53,11 +48,6 @@
 static constexpr domain AllDomains[] = {
     domain::unspecified,
     domain::platform,
-    domain::tethering,
-    domain::net_private,
-    domain::net_shared,
-    domain::netd_readonly,
-    domain::netd_shared,
     domain::vendor,
     domain::loader,
 };