| /system/sepolicy/prebuilts/api/28.0/private/ |
| D | bpfloader.te | 1 # bpf program loader
6 # Process need CAP_NET_ADMIN to run bpf programs as cgroup filter
11 # These permission is required for pin bpf program for netd.
18 # Use pinned bpf map files from netd.
19 allow bpfloader netd:bpf { map_read map_write };
20 allow bpfloader self:bpf { prog_load prog_run };
23 neverallow { domain -bpfloader } *:bpf prog_load;
24 neverallow { domain -bpfloader -netd -netutils_wrapper} *:bpf prog_run;
27 # only system_server, netd and bpfloader can read/write the bpf maps
28 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
|
| D | netd.te | 15 allow netd bpfloader:bpf prog_run;
|
| /system/bpf/libbpf_android/include/bpf/ |
| D | BpfUtils.h | 35 namespace bpf {
62 inline int bpf(int cmd, const bpf_attr& attr) { in bpf() function
68 return bpf(BPF_MAP_CREATE, { in createMap()
79 return bpf(BPF_MAP_UPDATE_ELEM, { in writeToMapEntry()
88 return bpf(BPF_MAP_LOOKUP_ELEM, { in findMapEntry()
96 return bpf(BPF_MAP_DELETE_ELEM, { in deleteMapEntry()
103 return bpf(BPF_MAP_GET_NEXT_KEY, { in getNextMapKey()
115 return bpf(BPF_OBJ_PIN, { in bpfFdPin()
122 return bpf(BPF_OBJ_GET, { in bpfFdGet()
150 return bpf(BPF_PROG_ATTACH, { in attachProgram()
[all …]
|
| /system/sepolicy/prebuilts/api/29.0/private/ |
| D | bpfloader.te | 1 # bpf program loader
6 # These permission is required for pin bpf program for netd.
11 # Allow bpfloader to create bpf maps and programs. The map_read and map_write permission is needed
13 allow bpfloader self:bpf { prog_load prog_run map_read map_write map_create };
20 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
21 neverallow { domain -bpfloader -netd -netutils_wrapper } *:bpf prog_run;
24 # only system_server, netd and bpfloader can read/write the bpf maps
25 neverallow { domain -system_server -netd -bpfloader} *:bpf { map_read map_write };
|
| D | netd.te | 13 allow netd bpfloader:bpf { prog_run map_read map_write };
|
| /system/netd/server/ |
| D | OffloadUtils.h | 51 const int fd = bpf::mapRetrieveRW(CLAT_EGRESS_MAP_PATH); in getClatEgressMapFd()
56 const int fd = bpf::retrieveProgram(with_ethernet_header ? CLAT_EGRESS_PROG_ETHER_PATH in getClatEgressProgFd()
62 const int fd = bpf::mapRetrieveRW(CLAT_INGRESS_MAP_PATH); in getClatIngressMapFd()
67 const int fd = bpf::retrieveProgram(with_ethernet_header ? CLAT_INGRESS_PROG_ETHER_PATH in getClatIngressProgFd()
73 const int fd = bpf::mapRetrieveRW(TETHER_INGRESS_MAP_PATH); in getTetherIngressMapFd()
78 const int fd = bpf::retrieveProgram(with_ethernet_header ? TETHER_INGRESS_PROG_ETHER_PATH in getTetherIngressProgFd()
84 const int fd = bpf::mapRetrieveRW(TETHER_STATS_MAP_PATH); in getTetherStatsMapFd()
89 const int fd = bpf::mapRetrieveRW(TETHER_LIMIT_MAP_PATH); in getTetherLimitMapFd()
|
| D | OffloadUtilsTest.cpp | 270 (android::bpf::getBpfSupportLevel() >= android::bpf::BpfLevel::EXTENDED_4_14); in checkAttachDetachBpfFilterClsactLo()
273 (android::bpf::getBpfSupportLevel() >= android::bpf::BpfLevel::EXTENDED_4_19) ? ENOENT in checkAttachDetachBpfFilterClsactLo()
|
| D | TetherController.h | 76 bpf::BpfMap<TetherIngressKey, TetherIngressValue> mBpfIngressMap;
77 bpf::BpfMap<uint32_t, TetherStatsValue> mBpfStatsMap;
78 bpf::BpfMap<uint32_t, uint64_t> mBpfLimitMap;
|
| D | ClatdController.h | 103 bpf::BpfMap<ClatEgressKey, ClatEgressValue> mClatEgressMap GUARDED_BY(mutex);
104 bpf::BpfMap<ClatIngressKey, ClatIngressValue> mClatIngressMap GUARDED_BY(mutex);
|
| /system/sepolicy/private/ |
| D | bpfloader.te | 1 # bpf program loader
10 # Allow bpfloader to create bpf maps and programs.
11 allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run };
29 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
30 neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -system_server } *:bpf prog_run;
31 neverallow { domain -bpfloader -gpuservice -netd -system_server } *:bpf { map_read map_write };
|
| D | gpuservice.te | 48 # Needed for reading tracepoint ids in order to attach bpf programs.
53 # Needed for interact with bpf fs.
57 # Needed for enable the bpf program and read the map.
58 allow gpuservice bpfloader:bpf { map_read prog_run };
60 # Needed for getting a prop to ensure bpf programs loaded.
|
| /system/sepolicy/prebuilts/api/30.0/private/ |
| D | bpfloader.te | 1 # bpf program loader
10 # Allow bpfloader to create bpf maps and programs.
11 allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run };
29 neverallow { domain -bpfloader } *:bpf { map_create prog_load };
30 neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run;
31 neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write };
|
| D | netd.te | 14 allow netd bpfloader:bpf { prog_run map_read map_write };
|
| D | netutils_wrapper.te | 28 allow netutils_wrapper bpfloader:bpf prog_run;
|
| /system/bpf/libbpf_android/ |
| D | BpfLoadTest.cpp | 33 namespace bpf { namespace
47 EXPECT_EQ(android::bpf::loadProg("/system/etc/bpf/bpf_load_tp_prog.o", &critical), 0); in SetUp()
68 android::bpf::BpfMap<uint32_t, uint32_t> m(tp_map_path); in checkMapNonZero()
|
| D | BpfUtils.cpp | 48 namespace bpf { namespace
|
| /system/netd/bpf_progs/ |
| D | Android.bp | 23 // bpf kernel programs
25 bpf {
38 bpf {
51 bpf {
|
| /system/bpf/bpfloader/ |
| D | BpfLoader.cpp | 69 int ret = android::bpf::loadProg(progPath.c_str(), &critical); in loadAllElfObjects()
83 if (!android::bpf::isBpfSupported()) return 0; in main()
|
| D | bpfloader.rc | 4 # will just block until bpfloader finishes and sets the bpf.progs_loaded property.
7 # - /sys/fs/bpf is already mounted,
8 # - apex (incl. rollback) is initialized (so that in the future we can load bpf
54 # capability is not even checked by the kernel's bpf system call.
61 # we're not really updatable, but want to be able to load bpf programs shipped in apexes
|
| /system/netd/tests/benchmarks/ |
| D | bpf_benchmark.cpp | 28 using android::bpf::BpfMap;
69 int ret = android::bpf::synchronizeKernelRCU(); in BENCHMARK_DEFINE_F()
|
| /system/bpf/libbpf_android/include/ |
| D | libbpf_android.h | 25 namespace bpf {
|
| /system/netd/tests/ |
| D | netd_test.cpp | 212 bpf::BpfMap<TetherIngressKey, TetherIngressValue> bpfIngressMap; in TEST()
213 bpf::BpfMap<uint32_t, TetherStatsValue> bpfStatsMap; in TEST()
214 bpf::BpfMap<uint32_t, uint64_t> bpfLimitMap; in TEST()
|
| /system/bpfprogs/ |
| D | Android.bp | 17 bpf {
|
| /system/bpfprogs/test/ |
| D | Android.bp | 17 bpf {
|
| /system/sepolicy/prebuilts/api/28.0/public/ |
| D | netd.te | 108 allow netd self:bpf { map_create map_read map_write };
135 # only netd can create the bpf maps
136 neverallow { domain -netd } netd:bpf { map_create };
|