add support for 'netd_readonly'
For use by: - maps netd should have read but not write access to (needed due to netd being root with DAC_OVERRIDE, and thus not obeying standard unix permissions) - programs that netd should have access to but not netutils_wrappers (which due to being able to run iptables, needs access to xt_bpf programs) Bug: 218408035 Test: booted on cuttlefish Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I72b106692a25077ff54252fd93db81f46b52125d
This commit is contained in:
parent
e626a95e2f
commit
32c0b8f46e
2 changed files with 13 additions and 6 deletions
|
@ -69,22 +69,29 @@ struct Location {
|
||||||
};
|
};
|
||||||
|
|
||||||
const Location locations[] = {
|
const Location locations[] = {
|
||||||
// Tethering mainline module: tether offload
|
// S+ Tethering mainline module (network_stack): tether offload
|
||||||
{
|
{
|
||||||
.dir = "/apex/com.android.tethering/etc/bpf/",
|
.dir = "/apex/com.android.tethering/etc/bpf/",
|
||||||
.prefix = "tethering/",
|
.prefix = "tethering/",
|
||||||
},
|
},
|
||||||
// Tethering mainline module (shared with netd & system server)
|
// T+ Tethering mainline module (shared with netd & system server)
|
||||||
|
// netutils_wrapper (for iptables xt_bpf) has access to programs
|
||||||
{
|
{
|
||||||
.dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
|
.dir = "/apex/com.android.tethering/etc/bpf/netd_shared/",
|
||||||
.prefix = "netd_shared/",
|
.prefix = "netd_shared/",
|
||||||
},
|
},
|
||||||
// Tethering mainline module (shared with system server)
|
// T+ Tethering mainline module (shared with netd & system server)
|
||||||
|
// netutils_wrapper has no access, netd has read only access
|
||||||
|
{
|
||||||
|
.dir = "/apex/com.android.tethering/etc/bpf/netd_readonly/",
|
||||||
|
.prefix = "netd_readonly/",
|
||||||
|
},
|
||||||
|
// T+ Tethering mainline module (shared with system server)
|
||||||
{
|
{
|
||||||
.dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
|
.dir = "/apex/com.android.tethering/etc/bpf/net_shared/",
|
||||||
.prefix = "net_shared/",
|
.prefix = "net_shared/",
|
||||||
},
|
},
|
||||||
// Tethering mainline module (not shared)
|
// T+ Tethering mainline module (not shared, just network_stack)
|
||||||
{
|
{
|
||||||
.dir = "/apex/com.android.tethering/etc/bpf/net_private/",
|
.dir = "/apex/com.android.tethering/etc/bpf/net_private/",
|
||||||
.prefix = "net_private/",
|
.prefix = "net_private/",
|
||||||
|
|
|
@ -30,9 +30,9 @@
|
||||||
#include <sys/wait.h>
|
#include <sys/wait.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
// This is BpfLoader v0.15
|
// This is BpfLoader v0.16
|
||||||
#define BPFLOADER_VERSION_MAJOR 0u
|
#define BPFLOADER_VERSION_MAJOR 0u
|
||||||
#define BPFLOADER_VERSION_MINOR 15u
|
#define BPFLOADER_VERSION_MINOR 16u
|
||||||
#define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)
|
#define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)
|
||||||
|
|
||||||
#include "bpf/BpfUtils.h"
|
#include "bpf/BpfUtils.h"
|
||||||
|
|
Loading…
Reference in a new issue