1# 2025 2 36 0 0 # 25q2 sdk/api level 36.0 - Android 16 Baklava QPR0 2 3# Note: This will actually execute /apex/com.android.tethering/bin/netbpfload 4# by virtue of 'service bpfloader' being overridden by the apex shipped .rc 5# Warning: most of the below settings are irrelevant unless the apex is missing. 6service bpfloader /system/bin/false 7 # netbpfload will do network bpf loading, then execute /system/bin/bpfloader 8 #! capabilities CHOWN SYS_ADMIN NET_ADMIN 9 # The following group memberships are a workaround for lack of DAC_OVERRIDE 10 # and allow us to open (among other things) files that we created and are 11 # no longer root owned (due to CHOWN) but still have group read access to 12 # one of the following groups. This is not perfect, but a more correct 13 # solution requires significantly more effort to implement. 14 #! group root graphics network_stack net_admin net_bw_acct net_bw_stats net_raw system 15 user root 16 # 17 # Set RLIMIT_MEMLOCK to 1GiB for bpfloader 18 # 19 # Actually only 8MiB would be needed if bpfloader ran as its own uid. 20 # 21 # However, while the rlimit is per-thread, the accounting is system wide. 22 # So, for example, if the graphics stack has already allocated 10MiB of 23 # memlock data before bpfloader even gets a chance to run, it would fail 24 # if its memlock rlimit is only 8MiB - since there would be none left for it. 25 # 26 # bpfloader succeeding is critical to system health, since a failure will 27 # cause netd crashloop and thus system server crashloop... and the only 28 # recovery is a full kernel reboot. 29 # 30 # We've had issues where devices would sometimes (rarely) boot into 31 # a crashloop because bpfloader would occasionally lose a boot time 32 # race against the graphics stack's boot time locked memory allocation. 33 # 34 # Thus bpfloader's memlock has to be 8MB higher then the locked memory 35 # consumption of the root uid anywhere else in the system... 36 # But we don't know what that is for all possible devices... 37 # 38 # Ideally, we'd simply grant bpfloader the IPC_LOCK capability and it 39 # would simply ignore it's memlock rlimit... but it turns that this 40 # capability is not even checked by the kernel's bpf system call. 41 # 42 # As such we simply use 1GiB as a reasonable approximation of infinity. 43 # 44 #! rlimit memlock 1073741824 1073741824 45 oneshot 46 # 47 # How to debug bootloops caused by 'bpfloader-failed'. 48 # 49 # 1. On some lower RAM devices (like wembley) you may need to first enable developer mode 50 # (from the Settings app UI), and change the developer option "Logger buffer sizes" 51 # from the default (wembley: 64kB) to the maximum (1M) per log buffer. 52 # Otherwise buffer will overflow before you manage to dump it and you'll get useless logs. 53 # 54 # 2. comment out 'reboot_on_failure reboot,bpfloader-failed' below 55 # 3. rebuild/reflash/reboot 56 # 4. as the device is booting up capture bpfloader logs via: 57 # adb logcat -s 'bpfloader:*' 'LibBpfLoader:*' 'NetBpfLoad:*' 'NetBpfLoader:*' 58 # 59 # something like: 60 # $ adb reboot; sleep 1; adb wait-for-device; adb root; sleep 1; adb wait-for-device; adb logcat -s 'bpfloader:*' 'LibBpfLoader:*' 'NetBpfLoad:*' 'NetBpfLoader:*' 61 # will take care of capturing logs as early as possible 62 # 63 # 5. look through the logs from the kernel's bpf verifier that bpfloader dumps out, 64 # it usually makes sense to search back from the end and find the particular 65 # bpf verifier failure that caused bpfloader to terminate early with an error code. 66 # This will probably be something along the lines of 'too many jumps' or 67 # 'cannot prove return value is 0 or 1' or 'unsupported / unknown operation / helper', 68 # 'invalid bpf_context access', etc. 69 # 70 reboot_on_failure reboot,netbpfload-missing 71 updatable 72