grant bpfloader explicit membership in some groups am: bbf5ee3971 am: 9ecb84a4c7 am: 519d825150 am: eb01503849 am: c0e76f7ddf

Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2143199 Change-Id: I6cd3cbf326688dd3abc14478e8169cab1fb393e3 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-04 00:11:35 +00:00 · 2022-07-04 00:11:35 +00:00 · 7374542c55
commit 7374542c55
parent 6b9ed3a8d1 c0e76f7ddf
2 changed files with 8 additions and 2 deletions
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@ -27,6 +27,12 @@ on load_bpf_programs

 service bpfloader /system/bin/bpfloader
    capabilities CHOWN SYS_ADMIN NET_ADMIN
+    # The following group memberships are a workaround for lack of DAC_OVERRIDE
+    # and allow us to open (among other things) files that we created and are
+    # no longer root owned (due to CHOWN) but still have group read access to
+    # one of the following groups.  This is not perfect, but a more correct
+    # solution requires significantly more effort to implement.
+    group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system
    #
    # Set RLIMIT_MEMLOCK to 1GiB for bpfloader
    #
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@ -30,9 +30,9 @@
 #include <sys/wait.h>
 #include <unistd.h>

-// This is BpfLoader v0.22
+// This is BpfLoader v0.23
 #define BPFLOADER_VERSION_MAJOR 0u
-#define BPFLOADER_VERSION_MINOR 22u
+#define BPFLOADER_VERSION_MINOR 23u
 #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)

 #include "bpf/BpfUtils.h"