3c057e6b7b48bc3c2c1ef04b3536ff8460933e97 - platform_system_bpf

commit	3c057e6b7b48bc3c2c1ef04b3536ff8460933e97	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Mon Jan 27 15:32:45 2020 +0000
committer	Maciej Żenczykowski <maze@google.com>	Mon Jan 27 15:33:15 2020 +0000
tree	af1c1d62dc2656ec88172c053de0182e0adacea7
parent	77494d2b70f8cc8b08307f0dfe13d6b79b18e0f1 [diff]

Revert "Grant IPC_LOCK capability to bpfloader"

This reverts commit 77494d2b70f8cc8b08307f0dfe13d6b79b18e0f1.

This doesn't apparently work...

Kernel doesn't actually test capabilities, just blindly charges
against user's memlock limit:

//kernel/bpf/syscall.c:

static int bpf_charge_memlock(struct user_struct *user, u32 pages) {
  unsigned long memlock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;

  if (atomic_long_add_return(pages, &user->locked_vm) > memlock_limit) {
    atomic_long_sub(pages, &user->locked_vm);
    return -EPERM;
  }
  return 0;
}

Test: N/A, revert
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Icf6d6e8a36e4b9f3771a5ce80e25ef3644ff4e83

bpfloader/bpfloader.rc[diff]

1 file changed

tree: af1c1d62dc2656ec88172c053de0182e0adacea7

bpfloader/
libbpf_android/
progs/
.clang-format ⇨ ../../build/soong/scripts/system-clang-format
Android.bp
MODULE_LICENSE_APACHE2
NOTICE
OWNERS
PREUPLOAD.cfg