grant bpfloader explicit membership in some groups am: bbf5ee3971 am: 9ecb84a4c7 am: 519d825150 am: eb01503849

Original change: https://android-review.googlesource.com/c/platform/system/bpf/+/2143199 Change-Id: I8b6b4c4e550b999bba74ca324966bf56d8609531 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-03 23:55:02 +00:00 · 2022-07-03 23:55:02 +00:00 · c0e76f7ddf
commit c0e76f7ddf
parent e9584c67b1 eb01503849
2 changed files with 8 additions and 2 deletions
--- a/bpfloader/bpfloader.rc
+++ b/bpfloader/bpfloader.rc
@ -27,6 +27,12 @@ on load_bpf_programs

 service bpfloader /system/bin/bpfloader
    capabilities CHOWN SYS_ADMIN NET_ADMIN
+    # The following group memberships are a workaround for lack of DAC_OVERRIDE
+    # and allow us to open (among other things) files that we created and are
+    # no longer root owned (due to CHOWN) but still have group read access to
+    # one of the following groups.  This is not perfect, but a more correct
+    # solution requires significantly more effort to implement.
+    group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system
    #
    # Set RLIMIT_MEMLOCK to 1GiB for bpfloader
    #
--- a/libbpf_android/Loader.cpp
+++ b/libbpf_android/Loader.cpp
@ -30,9 +30,9 @@
 #include <sys/wait.h>
 #include <unistd.h>

-// This is BpfLoader v0.22
+// This is BpfLoader v0.23
 #define BPFLOADER_VERSION_MAJOR 0u
-#define BPFLOADER_VERSION_MINOR 22u
+#define BPFLOADER_VERSION_MINOR 23u
 #define BPFLOADER_VERSION ((BPFLOADER_VERSION_MAJOR << 16) | BPFLOADER_VERSION_MINOR)

 #include "bpf/BpfUtils.h"