1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 * Android BPF library - public API
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #pragma once
19
20 #include <libbpf.h>
21 #include <linux/bpf.h>
22
23 namespace android {
24 namespace bpf {
25
26 // Bpf programs may specify per-program & per-map selinux_context and pin_subdir.
27 //
28 // The BpfLoader needs to convert these bpf.o specified strings into an enum
29 // for internal use (to check that valid values were specified for the specific
30 // location of the bpf.o file).
31 //
32 // It also needs to map selinux_context's into pin_subdir's.
33 // This is because of how selinux_context is actually implemented via pin+rename.
34 //
35 // Thus 'domain' enumerates all selinux_context's/pin_subdir's that the BpfLoader
36 // is aware of. Thus there currently needs to be a 1:1 mapping between the two.
37 //
38 enum class domain : int {
39 unrecognized = -1, // invalid for this version of the bpfloader
40 unspecified = 0, // means just use the default for that specific pin location
41 platform, // fs_bpf /sys/fs/bpf
42 tethering, // (S+) fs_bpf_tethering /sys/fs/bpf/tethering
43 net_private, // (T+) fs_bpf_net_private /sys/fs/bpf/net_private
44 net_shared, // (T+) fs_bpf_net_shared /sys/fs/bpf/net_shared
45 netd_readonly, // (T+) fs_bpf_netd_readonly /sys/fs/bpf/netd_readonly
46 netd_shared, // (T+) fs_bpf_netd_shared /sys/fs/bpf/netd_shared
47 vendor, // (T+) fs_bpf_vendor /sys/fs/bpf/vendor
48 };
49
50 // Note: this does not include domain::unrecognized, but does include domain::unspecified
51 static constexpr domain AllDomains[] = {
52 domain::unspecified,
53 domain::platform,
54 domain::tethering,
55 domain::net_private,
56 domain::net_shared,
57 domain::netd_readonly,
58 domain::netd_shared,
59 domain::vendor,
60 };
61
unrecognized(domain d)62 static constexpr bool unrecognized(domain d) {
63 return d == domain::unrecognized;
64 }
65
66 // Note: this doesn't handle unrecognized, handle it first.
specified(domain d)67 static constexpr bool specified(domain d) {
68 return d != domain::unspecified;
69 }
70
domainToBitmask(domain d)71 static constexpr unsigned long long domainToBitmask(domain d) {
72 return specified(d) ? 1uLL << (static_cast<int>(d) - 1) : 0;
73 }
74
inDomainBitmask(domain d,unsigned long long v)75 static constexpr bool inDomainBitmask(domain d, unsigned long long v) {
76 return domainToBitmask(d) & v;
77 }
78
79 // BPF loader implementation. Loads an eBPF ELF object
80 int loadProg(const char* elfPath, bool* isCritical, const char* prefix = "",
81 const unsigned long long allowedDomainBitmask = 0,
82 const bpf_prog_type* allowed = nullptr, size_t numAllowed = 0);
83
84 // Exposed for testing
85 unsigned int readSectionUint(const char* name, std::ifstream& elfFile, unsigned int defVal);
86
87 } // namespace bpf
88 } // namespace android
89