netbpfload: remove support for 'vendor'

Test: N/A
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If088188b4832d37b084846b5ad3db06b8858d856

netbpfload/NetBpfLoad.cpp

@@ -93,14 +93,6 @@ constexpr bpf_prog_type kTetheringApexAllowedProgTypes[] = {
         BPF_PROG_TYPE_XDP,
 };
 
-// see b/162057235. For arbitrary program types, the concern is that due to the lack of
-// SELinux access controls over BPF program attachpoints, we have no way to control the
-// attachment of programs to shared resources (or to detect when a shared resource
-// has one BPF program replace another that is attached there)
-constexpr bpf_prog_type kVendorAllowedProgTypes[] = {
-        BPF_PROG_TYPE_SOCKET_FILTER,
-};
-
 
 const android::bpf::Location locations[] = {
         // S+ Tethering mainline module (network_stack): tether offload
@@ -145,14 +137,6 @@ const android::bpf::Location locations[] = {
                 .allowedProgTypes = kTetheringApexAllowedProgTypes,
                 .allowedProgTypesLength = arraysize(kTetheringApexAllowedProgTypes),
         },
-        // Vendor operating system
-        {
-                .dir = "/vendor/etc/bpf/",
-                .prefix = "vendor/",
-                .allowedDomainBitmask = domainToBitmask(domain::vendor),
-                .allowedProgTypes = kVendorAllowedProgTypes,
-                .allowedProgTypesLength = arraysize(kVendorAllowedProgTypes),
-        },
 };
 
 int loadAllElfObjects(const android::bpf::Location& location) {

netbpfload/loader.cpp

@@ -103,7 +103,6 @@ constexpr const char* lookupSelinuxContext(const domain d, const char* const uns
         case domain::net_shared:    return "fs_bpf_net_shared";
         case domain::netd_readonly: return "fs_bpf_netd_readonly";
         case domain::netd_shared:   return "fs_bpf_netd_shared";
-        case domain::vendor:        return "fs_bpf_vendor";
         case domain::loader:        return "fs_bpf_loader";
         default:                    return "(unrecognized)";
     }
@@ -134,7 +133,6 @@ constexpr const char* lookupPinSubdir(const domain d, const char* const unspecif
         case domain::net_shared:    return "net_shared/";
         case domain::netd_readonly: return "netd_readonly/";
         case domain::netd_shared:   return "netd_shared/";
-        case domain::vendor:        return "vendor/";
         case domain::loader:        return "loader/";
         default:                    return "(unrecognized)";
     }

netbpfload/loader.h

@@ -44,7 +44,6 @@ enum class domain : int {
     net_shared,         // (T+) fs_bpf_net_shared    /sys/fs/bpf/net_shared
     netd_readonly,      // (T+) fs_bpf_netd_readonly /sys/fs/bpf/netd_readonly
     netd_shared,        // (T+) fs_bpf_netd_shared   /sys/fs/bpf/netd_shared
-    vendor,             // (T+) fs_bpf_vendor        /sys/fs/bpf/vendor
     loader,             // (U+) fs_bpf_loader        /sys/fs/bpf/loader
 };
 
@@ -56,7 +55,6 @@ static constexpr domain AllDomains[] = {
     domain::net_shared,
     domain::netd_readonly,
     domain::netd_shared,
-    domain::vendor,
     domain::loader,
 };