Merge changes I8f83d042,I3d6a6a07,If088188b,Ia0c1f55a into main

* changes:
  netbpfload: update date in copyright messages, LOG_TAGs, etc.
  netbpfload: remove support for 'loader'
  netbpfload: remove support for 'vendor'
  netbpfload: remove support for 'platform'

netbpfload/NetBpfLoad.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 The Android Open Source Project
+ * Copyright (C) 2017-2023 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
  */
 
 #ifndef LOG_TAG
-#define LOG_TAG "bpfloader"
+#define LOG_TAG "NetBpfLoad"
 #endif
 
 #include <arpa/inet.h>
@@ -93,26 +93,6 @@ constexpr bpf_prog_type kTetheringApexAllowedProgTypes[] = {
         BPF_PROG_TYPE_XDP,
 };
 
-// Networking-related program types are limited to the Tethering Apex
-// to prevent things from breaking due to conflicts on mainline updates
-// (exception made for socket filters, ie. xt_bpf for potential use in iptables,
-// or for attaching to sockets directly)
-constexpr bpf_prog_type kPlatformAllowedProgTypes[] = {
-        BPF_PROG_TYPE_KPROBE,
-        BPF_PROG_TYPE_PERF_EVENT,
-        BPF_PROG_TYPE_SOCKET_FILTER,
-        BPF_PROG_TYPE_TRACEPOINT,
-        BPF_PROG_TYPE_UNSPEC,  // Will be replaced with fuse bpf program type
-};
-
-// see b/162057235. For arbitrary program types, the concern is that due to the lack of
-// SELinux access controls over BPF program attachpoints, we have no way to control the
-// attachment of programs to shared resources (or to detect when a shared resource
-// has one BPF program replace another that is attached there)
-constexpr bpf_prog_type kVendorAllowedProgTypes[] = {
-        BPF_PROG_TYPE_SOCKET_FILTER,
-};
-
 
 const android::bpf::Location locations[] = {
         // S+ Tethering mainline module (network_stack): tether offload
@@ -157,22 +137,6 @@ const android::bpf::Location locations[] = {
                 .allowedProgTypes = kTetheringApexAllowedProgTypes,
                 .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
         },
-        // Core operating system
-        {
-                .dir = "/system/etc/bpf/",
-                .prefix = "",
-                .allowedDomainBitmask = domainToBitmask(domain::platform),
-                .allowedProgTypes = kPlatformAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kPlatformAllowedProgTypes),
-        },
-        // Vendor operating system
-        {
-                .dir = "/vendor/etc/bpf/",
-                .prefix = "vendor/",
-                .allowedDomainBitmask = domainToBitmask(domain::vendor),
-                .allowedProgTypes = kVendorAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kVendorAllowedProgTypes),
-        },
 };
 
 int loadAllElfObjects(const android::bpf::Location& location) {

netbpfload/loader.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018 The Android Open Source Project
+ * Copyright (C) 2018-2023 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-#define LOG_TAG "LibBpfLoader"
+#define LOG_TAG "NetBpfLoader"
 
 #include <errno.h>
 #include <fcntl.h>
@@ -98,14 +98,11 @@ static unsigned int page_size = static_cast<unsigned int>(getpagesize());
 constexpr const char* lookupSelinuxContext(const domain d, const char* const unspecified = "") {
     switch (d) {
         case domain::unspecified:   return unspecified;
-        case domain::platform:      return "fs_bpf";
         case domain::tethering:     return "fs_bpf_tethering";
         case domain::net_private:   return "fs_bpf_net_private";
         case domain::net_shared:    return "fs_bpf_net_shared";
         case domain::netd_readonly: return "fs_bpf_netd_readonly";
         case domain::netd_shared:   return "fs_bpf_netd_shared";
-        case domain::vendor:        return "fs_bpf_vendor";
-        case domain::loader:        return "fs_bpf_loader";
         default:                    return "(unrecognized)";
     }
 }
@@ -130,14 +127,11 @@ domain getDomainFromSelinuxContext(const char s[BPF_SELINUX_CONTEXT_CHAR_ARRAY_S
 constexpr const char* lookupPinSubdir(const domain d, const char* const unspecified = "") {
     switch (d) {
         case domain::unspecified:   return unspecified;
-        case domain::platform:      return "/";
         case domain::tethering:     return "tethering/";
         case domain::net_private:   return "net_private/";
         case domain::net_shared:    return "net_shared/";
         case domain::netd_readonly: return "netd_readonly/";
         case domain::netd_shared:   return "netd_shared/";
-        case domain::vendor:        return "vendor/";
-        case domain::loader:        return "loader/";
         default:                    return "(unrecognized)";
     }
 };

netbpfload/loader.h

@@ -1,6 +1,5 @@
 /*
- * Copyright (C) 2018 The Android Open Source Project
- * Android BPF library - public API
+ * Copyright (C) 2018-2023 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -39,27 +38,21 @@ namespace bpf {
 enum class domain : int {
     unrecognized = -1,  // invalid for this version of the bpfloader
     unspecified = 0,    // means just use the default for that specific pin location
-    platform,           //      fs_bpf               /sys/fs/bpf
     tethering,          // (S+) fs_bpf_tethering     /sys/fs/bpf/tethering
     net_private,        // (T+) fs_bpf_net_private   /sys/fs/bpf/net_private
     net_shared,         // (T+) fs_bpf_net_shared    /sys/fs/bpf/net_shared
     netd_readonly,      // (T+) fs_bpf_netd_readonly /sys/fs/bpf/netd_readonly
     netd_shared,        // (T+) fs_bpf_netd_shared   /sys/fs/bpf/netd_shared
-    vendor,             // (T+) fs_bpf_vendor        /sys/fs/bpf/vendor
-    loader,             // (U+) fs_bpf_loader        /sys/fs/bpf/loader
 };
 
 // Note: this does not include domain::unrecognized, but does include domain::unspecified
 static constexpr domain AllDomains[] = {
     domain::unspecified,
-    domain::platform,
     domain::tethering,
     domain::net_private,
     domain::net_shared,
     domain::netd_readonly,
     domain::netd_shared,
-    domain::vendor,
-    domain::loader,
 };
 
 static constexpr bool unrecognized(domain d) {

netbpfload/netbpfload.rc

@@ -3,7 +3,7 @@
 # a tad earlier.  There's no benefit to that though, since on 4.9+ P+ devices netd
 # will just block until bpfloader finishes and sets the bpf.progs_loaded property.
 #
-# It is important that we start bpfloader after:
+# It is important that we start netbpfload after:
 #   - /sys/fs/bpf is already mounted,
 #   - apex (incl. rollback) is initialized (so that in the future we can load bpf
 #     programs shipped as part of apex mainline modules)
@@ -15,9 +15,9 @@
 # considered to have booted successfully.
 #
 on load_bpf_programs
-    exec_start bpfloader
+    exec_start netbpfload
 
-service bpfloader /system/bin/bpfloader
+service netbpfload /system/bin/netbpfload
     capabilities CHOWN SYS_ADMIN NET_ADMIN
     # The following group memberships are a workaround for lack of DAC_OVERRIDE
     # and allow us to open (among other things) files that we created and are
@@ -27,28 +27,28 @@ service bpfloader /system/bin/bpfloader
     group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system
     user root
     #
-    # Set RLIMIT_MEMLOCK to 1GiB for bpfloader
+    # Set RLIMIT_MEMLOCK to 1GiB for netbpfload
     #
-    # Actually only 8MiB would be needed if bpfloader ran as its own uid.
+    # Actually only 8MiB would be needed if netbpfload ran as its own uid.
     #
     # However, while the rlimit is per-thread, the accounting is system wide.
     # So, for example, if the graphics stack has already allocated 10MiB of
-    # memlock data before bpfloader even gets a chance to run, it would fail
+    # memlock data before netbpfload even gets a chance to run, it would fail
     # if its memlock rlimit is only 8MiB - since there would be none left for it.
     #
-    # bpfloader succeeding is critical to system health, since a failure will
+    # netbpfload succeeding is critical to system health, since a failure will
     # cause netd crashloop and thus system server crashloop... and the only
     # recovery is a full kernel reboot.
     #
     # We've had issues where devices would sometimes (rarely) boot into
-    # a crashloop because bpfloader would occasionally lose a boot time
+    # a crashloop because netbpfload would occasionally lose a boot time
     # race against the graphics stack's boot time locked memory allocation.
     #
-    # Thus bpfloader's memlock has to be 8MB higher then the locked memory
+    # Thus netbpfload's memlock has to be 8MB higher then the locked memory
     # consumption of the root uid anywhere else in the system...
     # But we don't know what that is for all possible devices...
     #
-    # Ideally, we'd simply grant bpfloader the IPC_LOCK capability and it
+    # Ideally, we'd simply grant netbpfload the IPC_LOCK capability and it
     # would simply ignore it's memlock rlimit... but it turns that this
     # capability is not even checked by the kernel's bpf system call.
     #
@@ -57,29 +57,29 @@ service bpfloader /system/bin/bpfloader
     rlimit memlock 1073741824 1073741824
     oneshot
     #
-    # How to debug bootloops caused by 'bpfloader-failed'.
+    # How to debug bootloops caused by 'netbpfload-failed'.
     #
     # 1. On some lower RAM devices (like wembley) you may need to first enable developer mode
     #    (from the Settings app UI), and change the developer option "Logger buffer sizes"
     #    from the default (wembley: 64kB) to the maximum (1M) per log buffer.
     #    Otherwise buffer will overflow before you manage to dump it and you'll get useless logs.
     #
-    # 2. comment out 'reboot_on_failure reboot,bpfloader-failed' below
+    # 2. comment out 'reboot_on_failure reboot,netbpfload-failed' below
     # 3. rebuild/reflash/reboot
-    # 4. as the device is booting up capture bpfloader logs via:
-    #    adb logcat -s 'bpfloader:*' 'LibBpfLoader:*'
+    # 4. as the device is booting up capture netbpfload logs via:
+    #    adb logcat -s 'NetBpfLoad:*' 'NetBpfLoader:*'
     #
     # something like:
-    #   $ adb reboot; sleep 1; adb wait-for-device; adb root; sleep 1; adb wait-for-device; adb logcat -s 'bpfloader:*' 'LibBpfLoader:*'
+    #   $ adb reboot; sleep 1; adb wait-for-device; adb root; sleep 1; adb wait-for-device; adb logcat -s 'NetBpfLoad:*' 'NetBpfLoader:*'
     # will take care of capturing logs as early as possible
     #
-    # 5. look through the logs from the kernel's bpf verifier that bpfloader dumps out,
+    # 5. look through the logs from the kernel's bpf verifier that netbpfload dumps out,
     #    it usually makes sense to search back from the end and find the particular
-    #    bpf verifier failure that caused bpfloader to terminate early with an error code.
+    #    bpf verifier failure that caused netbpfload to terminate early with an error code.
     #    This will probably be something along the lines of 'too many jumps' or
     #    'cannot prove return value is 0 or 1' or 'unsupported / unknown operation / helper',
     #    'invalid bpf_context access', etc.
     #
-    reboot_on_failure reboot,bpfloader-failed
+    reboot_on_failure reboot,netbpfload-failed
     # we're not really updatable, but want to be able to load bpf programs shipped in apexes
     updatable