Firewall: Support a greater number of apps/uids
Devices with a large number of app uids, particularly those with
multiple work profiles or secondary users, may quietly experience
failures making adjustments to firewall rules, resulting in apps being
blocked from accessing the network when they should be allowed, and
becoming a noticeable problem when using Battery Saver mode.
The misleading "Argument list too long" error in logs signifies that
a BPF map (uid_owner_map in this case) has reached its maximum entries.
This patch doubles that to 4000. uid_permission_map is also affected,
and because uid_counterset_map involves uids too, we do the same there.
bpf_shared.h contains comments urging caution with regard to potential
kernel memory limits. Fortunately, BPF maps have been consolidated
since the comments were written, leaving enough room to easily make
this change without cause for concern. This patch effectively increases
the total size of BPF maps from 3643K to 4077K, which remains beneath
the 4930K used by the maps' pre-consolidation implementation.
Issue: calyxos#1249
Change-Id: I293f99ec498e4ccac98c39f298ba01ba554f2e33
Signed-off-by: Mohammad Hasan Keramat J <ikeramat@protonmail.com>
1 file changed