Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit bf660aae authored by Chenbo Feng's avatar Chenbo Feng
Browse files

Do not block system uid from creating inet socket

Some system uid such as root is not in the package list send to netd
when device start. But they should still have INTERNET permission. Add a
check in eBPF program to stop blocking them from creating sockets. Also
fix the name of program so it can be correctly identified. Also switch
the eBPF map from a whitelist to a blacklist, now only uids in the map
but not have PERMISSION_INTERNET bit set will get blocked. Otherwise the
eBPF map will not block the uid from creating inet/inet6 sockets.

Bug: 111560570
Bug: 128944261
Test: netd_integration_test
Change-Id: I0dd4e74a0f2b301ceea90829eda1564a4922e27a
parent bb0db5f7
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment