tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
47508 commits 1 branch 0 tags 50 MiB
Commit graph

4 commits

Author SHA1 Message Date
Maciej Żenczykowski
60f4a34544 refactor: get_prop(bpfdomain, bpf_progs_loaded_prop) 
Based on:
  cs/p:aosp-master -file:prebuilts/ get_prop.*bpf_progs_loaded_prop

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If07026b1ea5753a82401a62349c494b4cbf699b6
 2023-01-06 10:09:33 +00:00
Maciej Żenczykowski
d5098f99a9 allow bpfloader to create symbolic links in /sys/fs/bpf 
(this is to allow /sys/fs/bpf/tethering -> net_shared/tethering
 for InProcessTethering, ie. Android Go devices)

Bug: 190523685
Bug: 236925089
Test: TreeHugger, manually on aosp_cf_x86_go_phone-userdebug
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ifa52429f958b0af80f91af6bfb064c1cdf9cd070
 2022-07-18 05:14:44 -07:00
Stephane Lee
b30e888b5c Add search in bpf directory for bpfdomains 
Bug: 203462310
Test: Ensure that associated BPFs can be loaded
Change-Id: I317a890abb518cf4ac47cd089e882315434342ce
 2022-03-21 17:31:17 -07:00
Steven Moreland
6598175e06 bpfdomain: attribute for domain which can use BPF 
Require all domains which can be used for BPF to be marked as
bpfdomain, and add a restriction for these domains to not
be able to use net_raw or net_admin. We want to make sure the
network stack has exclusive access to certain BPF attach
points.

Bug: 140330870
Bug: 162057235
Test: build (compile-time neverallows)
Change-Id: I29100e48a757fdcf600931d5eb42988101275325
 2022-02-10 00:34:50 +00:00