1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 * Android BPF library - public API
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 #pragma once
19
20 #include <libbpf.h>
21 #include <linux/bpf.h>
22
23 #include <fstream>
24
25 namespace android {
26 namespace bpf {
27
28 // Bpf programs may specify per-program & per-map selinux_context and pin_subdir.
29 //
30 // The BpfLoader needs to convert these bpf.o specified strings into an enum
31 // for internal use (to check that valid values were specified for the specific
32 // location of the bpf.o file).
33 //
34 // It also needs to map selinux_context's into pin_subdir's.
35 // This is because of how selinux_context is actually implemented via pin+rename.
36 //
37 // Thus 'domain' enumerates all selinux_context's/pin_subdir's that the BpfLoader
38 // is aware of. Thus there currently needs to be a 1:1 mapping between the two.
39 //
40 enum class domain : int {
41 unrecognized = -1, // invalid for this version of the bpfloader
42 unspecified = 0, // means just use the default for that specific pin location
43 platform, // fs_bpf /sys/fs/bpf
44 tethering, // (S+) fs_bpf_tethering /sys/fs/bpf/tethering
45 net_private, // (T+) fs_bpf_net_private /sys/fs/bpf/net_private
46 net_shared, // (T+) fs_bpf_net_shared /sys/fs/bpf/net_shared
47 netd_readonly, // (T+) fs_bpf_netd_readonly /sys/fs/bpf/netd_readonly
48 netd_shared, // (T+) fs_bpf_netd_shared /sys/fs/bpf/netd_shared
49 vendor, // (T+) fs_bpf_vendor /sys/fs/bpf/vendor
50 loader, // (U+) fs_bpf_loader /sys/fs/bpf/loader
51 };
52
53 // Note: this does not include domain::unrecognized, but does include domain::unspecified
54 static constexpr domain AllDomains[] = {
55 domain::unspecified,
56 domain::platform,
57 domain::tethering,
58 domain::net_private,
59 domain::net_shared,
60 domain::netd_readonly,
61 domain::netd_shared,
62 domain::vendor,
63 domain::loader,
64 };
65
unrecognized(domain d)66 static constexpr bool unrecognized(domain d) {
67 return d == domain::unrecognized;
68 }
69
70 // Note: this doesn't handle unrecognized, handle it first.
specified(domain d)71 static constexpr bool specified(domain d) {
72 return d != domain::unspecified;
73 }
74
domainToBitmask(domain d)75 static constexpr unsigned long long domainToBitmask(domain d) {
76 return specified(d) ? 1uLL << (static_cast<int>(d) - 1) : 0;
77 }
78
inDomainBitmask(domain d,unsigned long long v)79 static constexpr bool inDomainBitmask(domain d, unsigned long long v) {
80 return domainToBitmask(d) & v;
81 }
82
83 struct Location {
84 const char* const dir = "";
85 const char* const prefix = "";
86 unsigned long long allowedDomainBitmask = 0;
87 const bpf_prog_type* allowedProgTypes = nullptr;
88 size_t allowedProgTypesLength = 0;
89 };
90
91 // BPF loader implementation. Loads an eBPF ELF object
92 int loadProg(const char* elfPath, bool* isCritical, const Location &location = {});
93
94 // Exposed for testing
95 unsigned int readSectionUint(const char* name, std::ifstream& elfFile, unsigned int defVal);
96
97 // Returns the build type string (from ro.build.type).
98 const std::string& getBuildType();
99
100 // The following functions classify the 3 Android build types.
isEng()101 inline bool isEng() {
102 return getBuildType() == "eng";
103 }
isUser()104 inline bool isUser() {
105 return getBuildType() == "user";
106 }
isUserdebug()107 inline bool isUserdebug() {
108 return getBuildType() == "userdebug";
109 }
110
111 } // namespace bpf
112 } // namespace android
113