Use bpf maps to store permission information
In newer kernels, we can use cgroup socket filter to control inet socket creation at run time instead of paranoid network kernel check. To achieve that, we need to get the permission information from system server when device boots or new packages are installed. This patch provides a binder interface to do that and stores the information in a bpf map. It also records the uids that have permission UPDATE_DEVICE_STATS so netd no longer needs to query that from the system server. Bug: 111560570 Bug: 111560739 Test: netd_unit_test, netd_integration_test Change-Id: I0c5919d85136feec44c4406ee0bd0028b131b942
Loading
Please register or sign in to comment