Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results

bpfloader.te

Blame
    • Chenbo Feng's avatar
      68ef8c07
      Allow netd to setup xt_bpf iptable rules · 68ef8c07
      Chenbo Feng authored
      To better record the network traffic stats for each network interface.
      We use xt_bpf netfilter module to do the iface stats accounting instead
      of the cgroup bpf filter we currently use for per uid stats accounting.
      The xt_bpf module will take pinned eBPF program as iptables rule and run
      the program when packet pass through the netfilter hook. To setup the
      iptables rules. netd need to be able to access bpf filesystem and run the
      bpf program at boot time. The program used will still be created and
      pinned by the bpfloader process.
      
      Test: With selinux enforced, run "iptables -L -t raw" should show the
      xt_bpf related rule present in bw_raw_PREROUTING chain.
      Bug: 72111305
      
      Change-Id: I11efe158d6bd5499df6adf15e8123a76cd67de04
      (cherry picked from aosp commit 5c95c168)
      68ef8c07
      History
      Allow netd to setup xt_bpf iptable rules
      Chenbo Feng authored
      To better record the network traffic stats for each network interface.
      We use xt_bpf netfilter module to do the iface stats accounting instead
      of the cgroup bpf filter we currently use for per uid stats accounting.
      The xt_bpf module will take pinned eBPF program as iptables rule and run
      the program when packet pass through the netfilter hook. To setup the
      iptables rules. netd need to be able to access bpf filesystem and run the
      bpf program at boot time. The program used will still be created and
      pinned by the bpfloader process.
      
      Test: With selinux enforced, run "iptables -L -t raw" should show the
      xt_bpf related rule present in bw_raw_PREROUTING chain.
      Bug: 72111305
      
      Change-Id: I11efe158d6bd5499df6adf15e8123a76cd67de04
      (cherry picked from aosp commit 5c95c168)