-
Chenbo Feng authoredWith the new patches backported to 4.9 kernels, the bpf file system now take the same file open flag as bpf_obj_get. So system server now need read permission only for both bpf map and fs_bpf since we do not need system server to edit the map. Also, the netd will always pass stdin stdout fd to the process forked by it and do allow it will cause the fork and execev fail. We just allow it pass the fd to bpfloader for now until we have a better option. Test: bpfloader start successful on devices with 4.9 kernel. run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 74096311 Bug: 30950746 Change-Id: I747a51cb05ae495c155e7625a3021fc77f921e0dChenbo Feng authoredWith the new patches backported to 4.9 kernels, the bpf file system now take the same file open flag as bpf_obj_get. So system server now need read permission only for both bpf map and fs_bpf since we do not need system server to edit the map. Also, the netd will always pass stdin stdout fd to the process forked by it and do allow it will cause the fork and execev fail. We just allow it pass the fd to bpfloader for now until we have a better option. Test: bpfloader start successful on devices with 4.9 kernel. run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest Bug: 74096311 Bug: 30950746 Change-Id: I747a51cb05ae495c155e7625a3021fc77f921e0d