Merge "Fix the trigger name for loading bpf programs." into main

    trigger post-fs-data

    # Should be before netd, but after apex, properties and logging is available.

    trigger load_bpf_programs

    trigger load-bpf-programs

    trigger bpf-progs-loaded

    # Now we can start zygote.

on property:vold.checkpoint_committed=1

    trigger post-fs-data-checkpointed

# It is important that we start bpfloader after:

#   - /sys/fs/bpf is already mounted,

#   - apex (incl. rollback) is initialized (so that we can load bpf

#     programs shipped as part of apex mainline modules)

#   - logd is ready for us to log stuff

#

# At the same time we want to be as early as possible to reduce races and thus

# failures (before memory is fragmented, and cpu is busy running tons of other

# stuff) and we absolutely want to be before netd and the system boot slot is

# considered to have booted successfully.

on load-bpf-programs

    exec_start bpfloader

on bpf-progs-loaded

    start netd

# controlling access. On older kernels, the paranoid value is the only means of

# controlling access. It is normally 3 (allow only root), but the shell user

# can lower it to 1 (allowing thread-scoped pofiling) via security.perf_harden.

on load_bpf_programs && property:sys.init.perf_lsm_hooks=1

on load-bpf-programs && property:sys.init.perf_lsm_hooks=1

    write /proc/sys/kernel/perf_event_paranoid -1

on property:security.perf_harden=0 && property:sys.init.perf_lsm_hooks=""

    write /proc/sys/kernel/perf_event_paranoid 1