support per-map/prog selinux context and cross .o map sharing Tested in pieces in aosp/master and it still successfully boots. So the struct extension infrastructure works as desired. This is a sqaush of 2 aosp/master commits: 64005dd91b0cf1722ccd1767f805e0524010920e a5c641141ff74bba025a65451628308c6cbb7e0f Ignore-AOSP-First: squash of 2 aosp/master patches Bug: 218408035 Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I7136253086eaccf79cf39e7a0143b425a1019390
diff --git a/common/native/bpf_headers/include/bpf/bpf_helpers.h b/common/native/bpf_headers/include/bpf/bpf_helpers.h index 3e26028..10686a2 100644 --- a/common/native/bpf_headers/include/bpf/bpf_helpers.h +++ b/common/native/bpf_headers/include/bpf/bpf_helpers.h
@@ -137,11 +137,12 @@ ____btf_map_##name = { } /* type safe macro to declare a map and related accessor functions */ -#define DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, usr, grp, md) \ +#define DEFINE_BPF_MAP_EXT(the_map, TYPE, KeyType, ValueType, num_entries, usr, grp, md, \ + selinux, pindir, share) \ const struct bpf_map_def SECTION("maps") the_map = { \ .type = BPF_MAP_TYPE_##TYPE, \ - .key_size = sizeof(TypeOfKey), \ - .value_size = sizeof(TypeOfValue), \ + .key_size = sizeof(KeyType), \ + .value_size = sizeof(ValueType), \ .max_entries = (num_entries), \ .map_flags = 0, \ .uid = (usr), \ @@ -151,34 +152,40 @@ .bpfloader_max_ver = DEFAULT_BPFLOADER_MAX_VER, \ .min_kver = KVER_NONE, \ .max_kver = KVER_INF, \ + .selinux_context = selinux, \ + .pin_subdir = pindir, \ + .shared = share, \ }; \ - BPF_ANNOTATE_KV_PAIR(the_map, TypeOfKey, TypeOfValue); \ + BPF_ANNOTATE_KV_PAIR(the_map, KeyType, ValueType); \ \ - static inline __always_inline __unused TypeOfValue* bpf_##the_map##_lookup_elem( \ - const TypeOfKey* k) { \ + static inline __always_inline __unused ValueType* bpf_##the_map##_lookup_elem( \ + const KeyType* k) { \ return bpf_map_lookup_elem_unsafe(&the_map, k); \ }; \ \ static inline __always_inline __unused int bpf_##the_map##_update_elem( \ - const TypeOfKey* k, const TypeOfValue* v, unsigned long long flags) { \ + const KeyType* k, const ValueType* v, unsigned long long flags) { \ return bpf_map_update_elem_unsafe(&the_map, k, v, flags); \ }; \ \ - static inline __always_inline __unused int bpf_##the_map##_delete_elem(const TypeOfKey* k) { \ + static inline __always_inline __unused int bpf_##the_map##_delete_elem(const KeyType* k) { \ return bpf_map_delete_elem_unsafe(&the_map, k); \ }; -#define DEFINE_BPF_MAP(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries) \ - DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, AID_ROOT, AID_ROOT, 0600) +#define DEFINE_BPF_MAP_UGM(the_map, TYPE, KeyType, ValueType, num_entries, usr, grp, md) \ + DEFINE_BPF_MAP_EXT(the_map, TYPE, KeyType, ValueType, num_entries, usr, grp, md, "", "", false) -#define DEFINE_BPF_MAP_GWO(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, gid) \ - DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, AID_ROOT, gid, 0620) +#define DEFINE_BPF_MAP(the_map, TYPE, KeyType, ValueType, num_entries) \ + DEFINE_BPF_MAP_UGM(the_map, TYPE, KeyType, ValueType, num_entries, AID_ROOT, AID_ROOT, 0600) -#define DEFINE_BPF_MAP_GRO(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, gid) \ - DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, AID_ROOT, gid, 0640) +#define DEFINE_BPF_MAP_GWO(the_map, TYPE, KeyType, ValueType, num_entries, gid) \ + DEFINE_BPF_MAP_UGM(the_map, TYPE, KeyType, ValueType, num_entries, AID_ROOT, gid, 0620) -#define DEFINE_BPF_MAP_GRW(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, gid) \ - DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, AID_ROOT, gid, 0660) +#define DEFINE_BPF_MAP_GRO(the_map, TYPE, KeyType, ValueType, num_entries, gid) \ + DEFINE_BPF_MAP_UGM(the_map, TYPE, KeyType, ValueType, num_entries, AID_ROOT, gid, 0640) + +#define DEFINE_BPF_MAP_GRW(the_map, TYPE, KeyType, ValueType, num_entries, gid) \ + DEFINE_BPF_MAP_UGM(the_map, TYPE, KeyType, ValueType, num_entries, AID_ROOT, gid, 0660) static int (*bpf_probe_read)(void* dst, int size, void* unsafe_ptr) = (void*) BPF_FUNC_probe_read; static int (*bpf_probe_read_str)(void* dst, int size, void* unsafe_ptr) = (void*) BPF_FUNC_probe_read_str; @@ -189,8 +196,8 @@ static unsigned long long (*bpf_get_current_uid_gid)(void) = (void*) BPF_FUNC_get_current_uid_gid; static unsigned long long (*bpf_get_smp_processor_id)(void) = (void*) BPF_FUNC_get_smp_processor_id; -#define DEFINE_BPF_PROG_KVER_RANGE_OPT(SECTION_NAME, prog_uid, prog_gid, the_prog, min_kv, max_kv, \ - opt) \ +#define DEFINE_BPF_PROG_EXT(SECTION_NAME, prog_uid, prog_gid, the_prog, min_kv, max_kv, opt, \ + selinux, pindir) \ const struct bpf_prog_def SECTION("progs") the_prog##_def = { \ .uid = (prog_uid), \ .gid = (prog_gid), \ @@ -199,10 +206,16 @@ .optional = (opt), \ .bpfloader_min_ver = DEFAULT_BPFLOADER_MIN_VER, \ .bpfloader_max_ver = DEFAULT_BPFLOADER_MAX_VER, \ + .selinux_context = selinux, \ + .pin_subdir = pindir, \ }; \ SECTION(SECTION_NAME) \ int the_prog +#define DEFINE_BPF_PROG_KVER_RANGE_OPT(SECTION_NAME, prog_uid, prog_gid, the_prog, min_kv, max_kv, \ + opt) \ + DEFINE_BPF_PROG_EXT(SECTION_NAME, prog_uid, prog_gid, the_prog, min_kv, max_kv, opt, "", "") + // Programs (here used in the sense of functions/sections) marked optional are allowed to fail // to load (for example due to missing kernel patches). // The bpfloader will just ignore these failures and continue processing the next section.
diff --git a/common/native/bpf_headers/include/bpf/bpf_map_def.h b/common/native/bpf_headers/include/bpf/bpf_map_def.h index 1371668..14a0295 100644 --- a/common/native/bpf_headers/include/bpf/bpf_map_def.h +++ b/common/native/bpf_headers/include/bpf/bpf_map_def.h
@@ -111,6 +111,15 @@ // BPF wants 8, but 32-bit x86 wants 4 //_Static_assert(_Alignof(unsigned long long) == 8, "_Alignof unsigned long long != 8"); +// Length of strings (incl. selinux_context and pin_subdir) +// in the bpf_map_def and bpf_prog_def structs. +// +// WARNING: YOU CANNOT *EVER* CHANGE THESE +// as this would affect the structure size in backwards incompatible ways +// and break mainline module loading on older Android T devices +#define BPF_SELINUX_CONTEXT_CHAR_ARRAY_SIZE 32 +#define BPF_PIN_SUBDIR_CHAR_ARRAY_SIZE 32 + /* * Map structure to be used by Android eBPF C programs. The Android eBPF loader * uses this structure from eBPF object to create maps at boot time. @@ -142,14 +151,33 @@ unsigned int bpfloader_min_ver; // if missing, defaults to 0, ie. v0.0 unsigned int bpfloader_max_ver; // if missing, defaults to 0x10000, ie. v1.0 - // The following fields were added in version 0.2 + // The following fields were added in version 0.2 (S) // kernelVersion() must be >= min_kver and < max_kver unsigned int min_kver; unsigned int max_kver; + + // The following fields were added in version 0.18 (T) + // + // These are fixed length strings, padded with null bytes + // + // Warning: supported values depend on .o location + // (additionally a newer Android OS and/or bpfloader may support more values) + // + // overrides default selinux context (which is based on pin subdir) + char selinux_context[BPF_SELINUX_CONTEXT_CHAR_ARRAY_SIZE]; + // + // overrides default prefix (which is based on .o location) + char pin_subdir[BPF_PIN_SUBDIR_CHAR_ARRAY_SIZE]; + + bool shared; // use empty string as 'file' component of pin path - allows cross .o map sharing + char pad0[3]; // manually pad up to 4 byte alignment, may be used for extensions in the future }; +_Static_assert(sizeof(((struct bpf_map_def *)0)->selinux_context) == 32, "must be 32 bytes"); +_Static_assert(sizeof(((struct bpf_map_def *)0)->pin_subdir) == 32, "must be 32 bytes"); + // This needs to be updated whenever the above structure definition is expanded. -_Static_assert(sizeof(struct bpf_map_def) == 48, "sizeof struct bpf_map_def != 48"); +_Static_assert(sizeof(struct bpf_map_def) == 116, "sizeof struct bpf_map_def != 116"); _Static_assert(__alignof__(struct bpf_map_def) == 4, "__alignof__ struct bpf_map_def != 4"); _Static_assert(_Alignof(struct bpf_map_def) == 4, "_Alignof struct bpf_map_def != 4"); @@ -168,10 +196,15 @@ unsigned int bpfloader_min_ver; // if missing, defaults to 0, ie. v0.0 unsigned int bpfloader_max_ver; // if missing, defaults to 0x10000, ie. v1.0 - // No new fields in version 0.2 + // The following fields were added in version 0.18, see description up above in bpf_map_def + char selinux_context[BPF_SELINUX_CONTEXT_CHAR_ARRAY_SIZE]; + char pin_subdir[BPF_PIN_SUBDIR_CHAR_ARRAY_SIZE]; }; +_Static_assert(sizeof(((struct bpf_prog_def *)0)->selinux_context) == 32, "must be 32 bytes"); +_Static_assert(sizeof(((struct bpf_prog_def *)0)->pin_subdir) == 32, "must be 32 bytes"); + // This needs to be updated whenever the above structure definition is expanded. -_Static_assert(sizeof(struct bpf_prog_def) == 28, "sizeof struct bpf_prog_def != 28"); +_Static_assert(sizeof(struct bpf_prog_def) == 92, "sizeof struct bpf_prog_def != 92"); _Static_assert(__alignof__(struct bpf_prog_def) == 4, "__alignof__ struct bpf_prog_def != 4"); _Static_assert(_Alignof(struct bpf_prog_def) == 4, "_Alignof struct bpf_prog_def != 4");