| /system/sepolicy/prebuilts/api/28.0/private/ |
| D | bpfloader.te | 1 # bpf program loader
6 # Process need CAP_NET_ADMIN to run bpf programs as cgroup filter
11 # These permission is required for pin bpf program for netd.
18 # Use pinned bpf map files from netd.
19 allow bpfloader netd:bpf { map_read map_write };
20 allow bpfloader self:bpf { prog_load prog_run };
23 neverallow { domain -bpfloader } *:bpf prog_load;
24 neverallow { domain -bpfloader -netd -netutils_wrapper} *:bpf prog_run;
27 # only system_server, netd and bpfloader can read/write the bpf maps
28 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
|
| D | netd.te | 15 allow netd bpfloader:bpf prog_run;
|
| D | netutils_wrapper.te | 26 allow netutils_wrapper bpfloader:bpf prog_run;
|
| /system/sepolicy/private/ |
| D | bpfloader.te | 1 # bpf program loader
6 # These permission is required for pin bpf program for netd.
11 # Allow bpfloader to create bpf maps and programs. The map_read and map_write permission is needed
13 allow bpfloader self:bpf { prog_load prog_run map_read map_write map_create };
20 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
21 neverallow { domain -bpfloader -netd -netutils_wrapper } *:bpf prog_run;
24 # only system_server, netd and bpfloader can read/write the bpf maps
25 neverallow { domain -system_server -netd -bpfloader} *:bpf { map_read map_write };
|
| D | netd.te | 13 allow netd bpfloader:bpf { prog_run map_read map_write };
|
| D | netutils_wrapper.te | 28 allow netutils_wrapper bpfloader:bpf prog_run;
|
| /system/sepolicy/prebuilts/api/29.0/private/ |
| D | bpfloader.te | 1 # bpf program loader
6 # These permission is required for pin bpf program for netd.
11 # Allow bpfloader to create bpf maps and programs. The map_read and map_write permission is needed
13 allow bpfloader self:bpf { prog_load prog_run map_read map_write map_create };
20 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
21 neverallow { domain -bpfloader -netd -netutils_wrapper } *:bpf prog_run;
24 # only system_server, netd and bpfloader can read/write the bpf maps
25 neverallow { domain -system_server -netd -bpfloader} *:bpf { map_read map_write };
|
| D | netd.te | 13 allow netd bpfloader:bpf { prog_run map_read map_write };
|
| D | netutils_wrapper.te | 28 allow netutils_wrapper bpfloader:bpf prog_run;
|
| /system/bpf/bpfloader/ |
| D | BpfLoader.cpp | 67 using android::bpf::BpfMapInfo;
68 using android::bpf::BpfProgInfo;
81 int ret = android::bpf::loadProg(progPath.c_str()); in loadAllElfObjects()
95 if (android::bpf::getBpfSupportLevel() != android::bpf::BpfLevel::NONE) { in main()
|
| /system/bpf/libbpf_android/ |
| D | BpfUtils.cpp | 53 namespace bpf { namespace
74 int bpf(int cmd, Slice bpfAttr) { in bpf() function
88 return bpf(BPF_MAP_CREATE, Slice(&attr, sizeof(attr))); in createMap()
99 return bpf(BPF_MAP_UPDATE_ELEM, Slice(&attr, sizeof(attr))); in writeToMapEntry()
109 return bpf(BPF_MAP_LOOKUP_ELEM, Slice(&attr, sizeof(attr))); in findMapEntry()
118 return bpf(BPF_MAP_DELETE_ELEM, Slice(&attr, sizeof(attr))); in deleteMapEntry()
128 return bpf(BPF_MAP_GET_NEXT_KEY, Slice(&attr, sizeof(attr))); in getNextMapKey()
138 return bpf(BPF_MAP_GET_NEXT_KEY, Slice(&attr, sizeof(attr))); in getFirstMapKey()
153 int ret = bpf(BPF_PROG_LOAD, Slice(&attr, sizeof(attr))); in bpfProgLoad()
171 return bpf(BPF_OBJ_PIN, Slice(&attr, sizeof(attr))); in bpfFdPin()
[all …]
|
| D | BpfLoadTest.cpp | 33 namespace bpf { namespace
46 EXPECT_EQ(android::bpf::loadProg("/system/etc/bpf/bpf_load_tp_prog.o"), 0); in SetUp()
70 android::bpf::BpfMap<uint32_t, uint32_t> m(mMapFd); in checkMapNonZero()
|
| /system/netd/server/ |
| D | TrafficController.h | 34 using android::bpf::BpfMap;
35 using android::bpf::IfaceValue;
36 using android::bpf::StatsKey;
37 using android::bpf::StatsValue;
38 using android::bpf::UidTag;
88 bpf::BpfLevel getBpfLevel();
216 bpf::BpfLevel mBpfLevel;
|
| D | ClatUtils.cpp | 66 const int fd = bpf::bpfFdGet(CLAT_INGRESS_MAP_PATH, 0); in getClatIngressMapFd()
71 const int fd = bpf::bpfFdGet( in getClatIngressProgFd()
222 const char bpf[] = BPF; in tcFilterAddDevBpf() local
224 #define ASCIIZ_LEN_BPF sizeof(bpf) in tcFilterAddDevBpf()
|
| D | FirewallController.h | 107 android::bpf::BpfLevel mUseBpfOwnerMatch;
|
| D | ClatdController.cpp | 65 using android::bpf::BpfMap;
76 if (bpf::getBpfSupportLevel() == bpf::BpfLevel::NONE) { in init()
92 if (api_level > bpf::MINIMUM_API_REQUIRED) { in init()
|
| D | ClatdController.h | 102 bpf::BpfMap<ClatIngressKey, ClatIngressValue> mClatIngressMap GUARDED_BY(mutex);
|
| /system/bpf/libbpf_android/include/bpf/ |
| D | BpfUtils.h | 67 namespace bpf {
118 : BpfMapInfo(dummyFd, android::bpf::mapRetrieve(mapPath, 0)) {} in BpfMapInfo()
169 if (android::bpf::getBpfSupportLevel() == android::bpf::BpfLevel::NONE) { \
177 if (android::bpf::getBpfSupportLevel() != android::bpf::BpfLevel::NONE) return; \
|
| /system/netd/bpf_progs/ |
| D | Android.bp | 18 // bpf kernel programs
20 bpf {
33 bpf {
|
| /system/netd/tests/benchmarks/ |
| D | bpf_benchmark.cpp | 26 using android::bpf::BpfMap;
61 int ret = android::bpf::synchronizeKernelRCU(); in BENCHMARK_DEFINE_F()
|
| /system/bpf/libbpf_android/include/ |
| D | libbpf_android.h | 25 namespace bpf {
|
| /system/netd/tests/ |
| D | bpf_base_test.cpp | 44 namespace bpf { namespace
55 if (android::bpf::getBpfSupportLevel() != android::bpf::BpfLevel::EXTENDED) { \
|
| /system/bpfprogs/ |
| D | Android.bp | 17 bpf {
|
| /system/bpfprogs/test/ |
| D | Android.bp | 17 bpf {
|
| /system/sepolicy/prebuilts/api/28.0/public/ |
| D | netd.te | 108 allow netd self:bpf { map_create map_read map_write };
135 # only netd can create the bpf maps
136 neverallow { domain -netd } netd:bpf { map_create };
|