netbpfload: remove support for 'vendor'

Test: N/A Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: If088188b4832d37b084846b5ad3db06b8858d856
2023-10-02 19:39:35 -07:00
parent 0e4802df20
commit d6395205bb
3 changed files with 0 additions and 20 deletions
--- a/netbpfload/NetBpfLoad.cpp
+++ b/netbpfload/NetBpfLoad.cpp
@@ -93,14 +93,6 @@ constexpr bpf_prog_type kTetheringApexAllowedProgTypes[] = {
        BPF_PROG_TYPE_XDP,
 };

-// see b/162057235. For arbitrary program types, the concern is that due to the lack of
-// SELinux access controls over BPF program attachpoints, we have no way to control the
-// attachment of programs to shared resources (or to detect when a shared resource
-// has one BPF program replace another that is attached there)
-constexpr bpf_prog_type kVendorAllowedProgTypes[] = {
-        BPF_PROG_TYPE_SOCKET_FILTER,
-};
-

 const android::bpf::Location locations[] = {
        // S+ Tethering mainline module (network_stack): tether offload
@@ -145,14 +137,6 @@ const android::bpf::Location locations[] = {
                .allowedProgTypes = kTetheringApexAllowedProgTypes,
                .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
        },
-        // Vendor operating system
-        {
-                .dir = "/vendor/etc/bpf/",
-                .prefix = "vendor/",
-                .allowedDomainBitmask = domainToBitmask(domain::vendor),
-                .allowedProgTypes = kVendorAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kVendorAllowedProgTypes),
-        },
 };

 int loadAllElfObjects(const android::bpf::Location& location) {